Rollup Plugin
A Rollup plugin for running JSDefender on all chunks in a Rollup session. It uses a number of hooks to integrate JSDefender into the Rollup build process.
Installation
Install the plugin in your project:
npm install <package-directory>/preemptive-jsdefender-core-{version}.tgz <package-directory>/preemptive-jsdefender-rollup-plugin-{version}.tgz --save-dev
OR
yarn add file:<package-directory>/preemptive-jsdefender-core-{version}.tgz file:<package-directory>/preemptive-jsdefender-rollup-plugin-{version}.tgz --dev
@preemptive/jsdefender-core
as its peerDependency, this is why you must also install it.
Usage
import JSDefenderRollupPlugin from '@preemptive/jsdefender-rollup-plugin';
// -- JSDefender configuration
const jsdConfig = {
// Optional path to the configuration file, if any
// default: jsdefender.config.json
configurationFile: "jsdefender.config.json",
// If false all log messages will be displayed,
// otherwise only the JSDefender header information and ending message,
// as well as the errors and warnings
// default: false
quietMode: false,
// If false the protection will be skipped in non-production modes,
// otherwise it will run in every mode
// default: false
enableInDevelopmentMode: false,
// The chunk names that should be protected
// default: every chunk is included
includeChunks: [ 'app', 'util' ],
// The chunk names that should not be protected
// default: nothing is excluded
excludeChunks: [ 'vendor', 'util' ],
/*
Other JSDefender options
e.g. `settings: { booleanLiterals: true, stringLiterals: true }` etc.
can also be provided here
*/
};
export default {
plugins: [
JSDefenderRollupPlugin(jsdConfig),
],
};
enableInDevelopmentMode
option of the plugin to true
.
booleanLiterals: true
provided in the configuration file and booleanLiterals: false
provided directly in the plugin's constructor, then the final value is going to be booleanLiterals: false
.
includeChunks
and excludeChunks
then the exclusion takes precedence.
production
. You can also forward settings via the --environment
option. Example: --environment BUILD:production
Configuration
The JSDefender Rollup plugin accepts the same configuration object as the JSDefender configuration file. You can learn more about it at the documentation home. The plugin uses a default configuration just as the JSDefender CLI does. This can be overridden by explicitly specifying a configuration for the plugin.
configurationFile
is present, its individual configuration lines will be overwritten by the JSDefender configuration directly passed to the JSDefenderRollupPlugin
function in the rollup.config.js
or other, explicitly set, Rollup configuration file. For example, if you set booleanLiterals: true
in the object directly passed to JSDefendeRollupPlugin
but there is a configurationFile
which has booleanLiterals: false
, then the first will take precedence, so the final value will be booleanLiterals: true
.
Interoperation with Rollup
Quiet Mode
The quietMode
option for JSDefender disables [Info] leveled messages excluding the header information and protection done message. To suppress warnings coming from JSDefender, use the --silent
option in the Rollup CLI.
Protecting Code coming from the Standard Input
JSDefender can protect code coming from the Rollup CLI as well. See the following example:
rollup -i ./input.js -f es -p @preemptive/jsdefender-rollup-plugin
OR
echo "export const foo = 42;" | rollup -f es -p @preemptive/jsdefender-rollup-plugin
While using the Rollup CLI options this way, the behavior of JSDefender can only be set through the implicit configuration file: jsdefender.config.json
.