Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 15:15
    sokra auto_merge_enabled #13399
  • 15:14
    sokra auto_merge_enabled #13401
  • 15:14
    sokra edited #13401
  • 15:14
    webpack-bot labeled #13401
  • 15:14
    sokra opened #13401
  • 15:12

    sokra on pascal-readonly-array

    fix types: accept a readonly ar… Update lib/webpack.js Co-autho… Merge branch 'master' into pasc… and 1 more (compare)

  • 15:05
    sokra reopened #13399
  • 15:05
    sokra closed #13399
  • 15:05
    sokra auto_merge_disabled #13399
  • 14:56
    webpack-bot labeled #13400
  • 14:56
    sokra opened #13400
  • 14:54

    sokra on use-after-free

    fixes #13330 (compare)

  • 14:01
    sokra synchronize #13399
  • 14:01

    sokra on resume-watching

    update typings (compare)

  • 13:01
    webpack-bot labeled #13399
  • 12:26
    sokra auto_merge_enabled #13399
  • 12:26
    webpack-bot labeled #13399
  • 12:26
    sokra opened #13399
  • 12:23

    sokra on resume-watching

    add test cases from #12897 and … improve test case fix collecting of changed files… (compare)

  • 10:48

    sokra on master

    respect multi compiler `depende… Merge pull request #13395 from … (compare)

James Bromwell
@thw0rted
I tried type: asset/inline first, which is supposed to be a drop-in replacement for url-loader, but for some reason that gave me "TypeError: webpack_modules[moduleId].call is not a function" -- I looked it up and the relevant __webpack_modules__ entry was just false, which I've never seen before. (I don't even know how to Google for that one...)
Lakshya
@lakshsyal123
Hey

Does anyone know how we can minify JS file like this

https://appsolve.io/assets/js/bundle.js?v=123456&shop=lolas-co.myshopify.com

Open the above URL andd search O21:{url:p.d37
That seems like an ajax call syntax but they have somehow able to minify it like this and its working as well
shehi
@shehi
can someone plz kick me from this room? been trying to leave for hours now.
Fahad Mansoor
@fahadm
Hey guys, does anyone know how to get resolved url for static resources which had hashes added to them during runtime ? (I also asked this question here :https://stackoverflow.com/questions/67012583/how-to-access-the-actual-name-path-url-of-a-static-resource-hashed-during-copy-w)
Luke Abby
@DavidArchibald
This message was deleted
@thw0rted I'm not entirely sure why it's getting called without a reproducing repository of code but false shows up whenever a separate file isn't emitted, I believe that's relevant here.
Luke Abby
@DavidArchibald
@lakshsyal123 That looks more like an obfuscator than minifier. I'm not able to identify which one off the top of my head, mostly because they look rather similar to me in unreadableness. I'd find an obfuscation you like and find a plugin like this: https://github.com/javascript-obfuscator/webpack-obfuscator
@fahadm I made an answer for you
image.png
@shehi you can leave the room by clicking on the vertical sliders button to the left of your profile picture in the top right. Here's an image of the button above, click on the second to last to leave.
Fahad Mansoor
@fahadm
Hey @DavidArchibald is it also possible to do jn webpack 4? ( Haven't migrated to webpack 5 ye
t)
Luke Abby
@DavidArchibald
To do jn? Could you explain the acronym.
Luke Abby
@DavidArchibald
If you mean do asset stuff in Webpack 4 you can use equivalent loaders. The documentation goes over it but to repeat it you can use file-loader: see this and this. You have to install it like you would any other dependency.
The replacement rule might look like this:
{
    test: /data\/json\/.+\.json$/
    loader: 'file-loader',
    options: {
        // Look at https://webpack.js.org/configuration/output/#template-strings to see additional template strings.
        name: '[path][name].[hash:6][ext]'
    }
 }
I've also edited my Stack Overflow answer to include that and suggested a Webpack 4 tag.
Fahad Mansoor
@fahadm
Thanka alot!
Thanks*
Lakshya
@lakshsyal123
@DavidArchibald : Thank you the information about obfuscator I always saw that obfuscator change variables like _0xef14 So I didn't think that they used obfuscator. Do you think we can tell obfuscator to not convert anything like _0xef14 as browser sometime things that this is virus code.
Luke Abby
@DavidArchibald
consider approving my edit to your question (just to add webpack 4) and accepting my answer for other's clarity @fahadm
Luke Abby
@DavidArchibald
@lakshsyal123 different obfuscators have different strategies, some might simply change it to be a, b, c, etc. What you shared could theoretically label itself a minifier as the lines sometimes are blurred.
First and foremost I'd suggest not obfuscating your code unless you have a reason to do so already. Generally a good minifier will shorten the file length more than an obfuscator because the obfuscator also intends to make the code complicated to reverse engineer. This sort of thing lends itself towards browser suspicion but you'll probably have to play around with the options to see what fixes it. Specifically for preventing hexadecimal name mangling, that's really up to the individual obfuscator and its options. The first obfuscator I found under the keywords "Javascript Obfuscator" has exactly the option you're looking for here: https://github.com/javascript-obfuscator/javascript-obfuscator/tree/52358aba2659c1fb16c3594efee8e3d9b74b1e3a#identifiernamesgenerator
Lakshya
@lakshsyal123
I am building a 3rd party script that would inject to other users website and I don't want my compitators to copy the logic easily so I want to use obfuscator. I'll do play with this Javascript Obfuscator and if I get anyfurther question I'll come back to ask. Thank you very much for all your answers it was really helpful for me @DavidArchibald :)
Luke Abby
@DavidArchibald
Well that's fair. I'll just warn you now though, no matter how much you obfuscate your program reversing it is basically be definition possible (as it has to run that code in the browser eventually)
Lakshya
@lakshsyal123
Okay, I'll check both cases as final outoput I want is that my users could get the best from my script.
cddsgtc
@cddsgtc
hello there
There is a problem
How to hide the output file to hide the server address during lazy loading
微信截图_20210409172824.png
Luke Abby
@DavidArchibald
What's the use case? I'd expect that you could deduce the server address regardless unless I'm misunderstanding.
oh would you just like the stdout output to be cleaner and shorter?
cddsgtc
@cddsgtc
replace that words with full internet address
James Bromwell
@thw0rted
Honestly, you almost certainly don't need to hide your code
It almost certainly does not do anything so amazing that your "competitors" would be advantaged by stealing it
and if it does you should perform that operation on the server instead
ideally behind authentication, because your algorithm is so special
(it probably isn't)
Luke Abby
@DavidArchibald
Yeah exactly that most likely
James Bromwell
@thw0rted
The correct amount of obfuscation for 99.9% of browser JS is to not ship sourcemaps
(actually that's for like 1%, the remaining 98.9% should also ship sourcemaps)
cddsgtc
@cddsgtc
that‘s my explain,but the boss don't think so.😭
Is there any opt for it in webpack,
James Bromwell
@thw0rted
I'm confused what you're trying to (further) obfuscate. Your image highlighted Webpack console output? Or is that in the browser console? (It shouldn't include a build pathname in runtime logging)
cddsgtc
@cddsgtc
That screenshot shows the static server path, that's not safe.
Luke Abby
@DavidArchibald
is that actually bundled into the code in any way...? That seems to just be referring to an uglify loader anyways. I don't think anything like that would be bundled in production mode (development mode definitely has comments saying where the file came from for ease of use though)
I'm asking because I honestly cannot see how developers seeing locations of their files on a system they can ostensibly control would be a problem unless it's bundled and clients could see it on code execution or something (even that is rather tenuous)
James Bromwell
@thw0rted
yeah again, to be clear, is the screenshot of the command line when Webpack is running, or of the browser console when the (production) site is loaded by a client?
It looks like the output of npm install
which is doing a webpack build during postinstall, which... I can't think of a reason that would ever be a good idea or make sense