Change Log - Version 2.0.0 Preview - Release Date July 06, 2020

Global changes

PJSD now has a new name, JSDefender, so we changed the pjsd- prefix of the package names to jsdefender-. There is also a new configuration file format, new protection transforms, and several other major changes since version 1.3. We have released an Upgrade Guide to help migration from PJSD 1.3 to JSDefender 2.0. We have also updated the full User Guide.

Features

  • jsdefender-cli
    • You can protect multiple files in a single protection session (https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_multi_file.html).
    • The CLI has new command line options: --constarg, --constargoff, --datelock, --exprseq, --exprseqoff, --propsparsing, --propsparsingoff, --selfdefend, --selfdefendoff, --vargroup, --vargroupoff, --estarget, --randomseed, --ignore-unsafe, and --disable-inline.
    • The CLI does not support these options anymore: --inclusive, -s/--scope, --idprefix, --id-map, --id-map-in, --id-map-out, -a/- anns, -A/- annsoff, and --es5.
    • See details here: https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_options.html
    • The -m,--mapout option is turned on by default. You should use -m off or --mapout off to disable generating lexical maps.
    • The old map file format is not used anymore. The new format uses JSON. Learn more here: https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_lexical_maps.html
    • The CLI checks the current working folder for an implicit configuration file, jsdefender.config.json, unless an explicit configuration file is specified.
  • jsdefender-core
    • The JSDefender engine can process multiple source scripts (coming from multiple files) in a single protection session.
    • There are new protection transforms available: constantArgument, dateLock, expressionSequence, propertySparsing, selfDefending, and variableGrouping.
    • The engine recognizes Browserify and Webpack bundles, applies enhanced stringLiterals and selfDefending protection transforms for the modules within the bundle.
    • The protection flow builds semantic trees lazily to provide better performance.
    • You can force the protection engine to skip unsafe constructs.
    • Inline protection directives use the @jsdefender tag, though the obsolete @pjsd tag can still be used.
    • Inline protection directives allow using named protection sets.
    • DomainLockTransform now accepts multiple domain name patterns separated by semicolons.
    • When the protection detects an unsafe construct, it displays the source code locations of the issue.
    • IntegerLiteralTransform now has two new optional configuration settings, lower, and upper, to set the range of numeric literals to obfuscate.
  • jsdefender-webpack-plugin
    • The plugin looks for an implicit configuration file in the root of the project called jsdefender.config.json by default, just as the CLI does. You can set the name of the configuration file in the plugin options, if it has a different name or location.
    • The plugin uses the new configuration file format.
  • jsdefender-metro-plugin
    • The plugin looks for an implicit configuration file in the root of the project called jsdefender.config.json by default, just as the CLI does. You can set the name of the configuration file in the plugin options, if it has a different name or location.
    • The plugin uses the new configuration file format.

Fixes

  • jsdefender-core
    • Cloaked identifier resolution bug in LocalDeclarationTransform is fixed.
    • IntegerLiteralTransform bug with lower and upper values between 0x8000 and 0xffff is fixed.