Jscrambler Webpack Plugin

raw JSON →
8.5.3 verified Sat Apr 25 auth: no javascript

Webpack plugin (v8.5.3) that integrates Jscrambler Code Integrity to protect JavaScript bundles via obfuscation, anti-tampering, and self-defensive capabilities. Active development with frequent releases tied to Jscrambler API changes. Keys: supports chunk-based protection, bundle/module-level obfuscation, SRI compatibility, and webpack 5 via processAssets hook. Differentiators: enterprise-grade protection with polymorphic transformations, vs free tools like UglifyJS or terser that only minify. Ships TypeScript types.

Common errors

error Error: Jscrambler is not defined
cause Using import { JscramblerWebpack } instead of the default export
fix
Use import JscramblerWebpack from 'jscrambler-webpack-plugin' or const JscramblerWebpack = require('jscrambler-webpack-plugin')
error JSCRAMBLER_ERROR: Application not found or inactive
cause Invalid applicationId or application is deactivated
fix
Check applicationId in .jscramblerrc or plugin options, and verify application is active in Jscrambler dashboard
error TypeError: JscramblerWebpack is not a constructor
cause Importing as named export instead of default
fix
Use const JscramblerWebpack = require('jscrambler-webpack-plugin').default for ESM or default import
error Error: Invalid hook 'processAssets', webpack 4 does not support this hook
cause Using obfuscationHook: 'processAssets' with webpack 4
fix
Use obfuscationHook: 'emit' for webpack 4, or upgrade to webpack 5
error Error: Cannot find module 'jscrambler-webpack-plugin'
cause Package not installed
fix
Run npm install jscrambler-webpack-plugin

Warnings

breaking Version 6.0.0 requires Jscrambler >= 7.2. Using older plugin with newer Jscrambler causes failures
fix Ensure Jscrambler version >= 7.2 or use plugin <= 5.x.x for Jscrambler <= 7.1
gotcha Setting obfuscationLevel to 'module' disables source maps. Source maps will not be generated.
fix If source maps are needed, use obfuscationLevel: 'bundle' (default)
gotcha webpack-subresource-integrity plugin must run after JscramblerWebpackPlugin, otherwise SRI hashes will mismatch
fix Ensure SubresourceIntegrityPlugin is added after JscramblerWebpack in the plugins array
deprecated The obfuscationHook: 'emit' option is deprecated in webpack 5. Use 'processAssets' instead.
fix Remove obfuscationHook 'emit' or set to 'processAssets'
gotcha Chunks option requires exact chunk names from entry. Misspelled chunk names silently protect no chunks.
fix Verify chunk names match your webpack entry names exactly
breaking JscramblerAccessToken replacement: old tokens stop working after migration, causing authorization errors
fix Regenerate tokens in Jscrambler dashboard and update .jscramblerrc
gotcha Plugin requires network access to Jscrambler API at build time. Offline builds will fail.
fix Ensure CI/CD runners have outbound HTTPS access to api.jscrambler.com

Install

npm install jscrambler-webpack-plugin
yarn add jscrambler-webpack-plugin
pnpm add jscrambler-webpack-plugin

Imports

Quickstart

Minimal webpack config with Jscrambler, using env vars for credentials and protecting the main chunk.

// webpack.config.js
const JscramblerWebpack = require('jscrambler-webpack-plugin');
const path = require('path');

module.exports = {
  mode: 'production',
  entry: './app/index.js',
  output: {
    filename: 'bundle.js',
    path: path.resolve(__dirname, 'dist')
  },
  plugins: [
    new JscramblerWebpack({
      enable: true,
      chunks: ['main'],
      params: [
        { name: 'accessKey', value: process.env.JSCRAMBLER_ACCESS_KEY ?? '' },
        { name: 'secretKey', value: process.env.JSCRAMBLER_SECRET_KEY ?? '' },
        { name: 'applicationId', value: process.env.JSCRAMBLER_APPLICATION_ID ?? '' }
      ]
    })
  ]
};
last verified Sat Apr 25
next check Fri Jul 24