Package Exports
- webpack-encrypt-nodejs-module
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (webpack-encrypt-nodejs-module) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
webpack-encrypt-nodejs-module
This is a webpack plugin (webpack >= 5) that creates an encrypted bundle nodejs module that will be decrypted at runtime on server using an environment variable as the desencryption key.
how to use it
add it to a webpack project
npm i webpack-encrypt-nodejs-module -Dif you are creating a webpack configuration from zero use this
npm i @babel/core @babel/preset-env babel-loader copy-webpack-plugin webpack webpack-cli webpack-obfuscator webpack-node-externals encrypt-nodejs-module-webpack-plugin -Dgenerate a password
openssl rand -base64 128then create a webpack.config.js configuration file or modify yours
const path = require("path");
const webpack = require("webpack");
const fs = require("fs");
const nodeExternals = require("webpack-node-externals");
const JavaScriptObfuscator = require("webpack-obfuscator");
const EncryptModule = require("webpack-encrypt-nodejs-module");
const CopyPlugin = require("copy-webpack-plugin");
// const HtmlWebPackPlugin = require('html-webpack-plugin');
module.exports = {
entry: {
server: "./index.js", // server is the name of your output file (server.js), and index.js your source script
},
output: {
path: path.join(__dirname, "dist"), // dist is the output dir
publicPath: "/",
filename: "[name].js", // file output name, [name] variable will take the value declared in entry, in this case [server]
},
target: "node",
node: {
// Need this when working with express, otherwise the build fails
__dirname: false, // if you don't put this is, __dirname
__filename: false, // and __filename return blank or /
},
externals: [nodeExternals()], // Need this to avoid error when working with Express
// module: {
// rules: [
// {
// // Transpiles ES6-8 into ES5
// test: /\.js$/,
// exclude: /node_modules/,
// use: {
// loader: "babel-loader",
// },
// },
// ],
// },
plugins: [
new EncryptModule({
algorithm: "aes-192-cbc", //default
keylen: 24, // default key length, this depend of algorithm
ivlen: 16, // default initialization vector length, this depend of algorithm
password:
"copy here in one line the generated password with the command -> openssl rand -base64 128", // this is used to generate a key
// password: 'r9jKFPQolKPkh1sMevkDlyHmSrcl5br1gQ8bRESC4UBBCXo4qC4O0S5PKAduodsejDW789RdOqpRQsez9I+4S0KUabHKPoYOZ3PP3ExAZiErMFs7HQqdNNBjkTG3EknH6OjkLhoHBZ3NmodBnURHkMf6CXucIrjt+dqMQoEOq1M=',
envVar: "PROTECTION_KEY", // environment varible where password will be obtained at runtime in server
}),
new JavaScriptObfuscator(
{
// obfuscate code first
unicodeEscapeSequence: true,
rotateUnicodeArray: true,
},
["excluded_bundle_name.js"]
),
new CopyPlugin({
patterns: ["package.json"],
}),
],
};to build with a command add this to your package.json
"scripts": {
"build": "webpack --mode production --config webpack.config.js",
}then run
npm run buildyou should see the final result in dist folder
To test the result execute nodejs with the password in an environment variable called varName which is by default PROTECTION KEY
PROTECTION_KEY=yourpassword node dist/server.jsthen use your selected method to upload your code to server then in your env variables add envVarName key (in this case is PROTECTION_KEY) with the value of your password
PROTECTION_KEY=content of your public key