A Rollup plugin for running JSDefender on all chunks in a Rollup session. It uses a number of hooks to integrate JSDefender into the Rollup build process.
Installation
Install the plugin in your project:
npm install <package-directory>/preemptive-jsdefender-core-{version}.tgz <package-directory>/preemptive-jsdefender-rollup-plugin-{version}.tgz --save-dev
OR
yarn add file:<package-directory>/preemptive-jsdefender-core-{version}.tgz file:<package-directory>/preemptive-jsdefender-rollup-plugin-{version}.tgz --dev
@preemptive/jsdefender-core as its peerDependency, this is why you must also install it.Usage
import JSDefenderRollupPlugin from '@preemptive/jsdefender-rollup-plugin';
// -- JSDefender configuration
const jsdConfig = {
// Optional path to the configuration file, if any
// default: jsdefender.config.json
configurationFile: "jsdefender.config.json",
// If false all log messages will be displayed,
// otherwise only the JSDefender header information and ending message,
// as well as the errors and warnings
// default: false
quietMode: false,
// If false the protection will be skipped in non-production modes,
// otherwise it will run in every mode
// default: false
enableInDevelopmentMode: false,
// The chunk names that should be protected
// default: every chunk is included
includeChunks: [ 'app', 'util' ],
// The chunk names that should not be protected
// default: nothing is excluded
excludeChunks: [ 'vendor', 'util' ],
/*
Other JSDefender options
e.g. `settings: { booleanLiterals: true, stringLiterals: true }` etc.
can also be provided here
*/
};
export default {
plugins: [
JSDefenderRollupPlugin(jsdConfig),
],
};
enableInDevelopmentMode option of the plugin to true.booleanLiterals: true provided in the configuration file and booleanLiterals: false provided directly in the plugin's constructor, then the final value is going to be booleanLiterals: false.includeChunks and excludeChunks then the exclusion takes precedence.production. You can also forward settings via the --environment option. Example: --environment BUILD:production
Configuration
The JSDefender Rollup plugin accepts the same configuration object as the JSDefender configuration file. You can learn more about it at the documentation home. The plugin uses a default configuration just as the JSDefender CLI does. This can be overridden by explicitly specifying a configuration for the plugin.
configurationFile is present, its individual configuration lines will be overwritten by the JSDefender configuration directly passed to the JSDefenderRollupPlugin function in the rollup.config.js or other, explicitly set, Rollup configuration file. For example, if you set booleanLiterals: true in the object directly passed to JSDefendeRollupPlugin but there is a configurationFile which has booleanLiterals: false, then the first will take precedence, so the final value will be booleanLiterals: true.Interoperation with Rollup
Quiet Mode
The quietMode option for JSDefender disables [Info] leveled messages excluding the header information and protection done message. To suppress warnings coming from JSDefender, use the --silent option in the Rollup CLI.
Protecting Code coming from the Standard Input
JSDefender can protect code coming from the Rollup CLI as well. See the following example:
rollup -i ./input.js -f es -p @preemptive/jsdefender-rollup-plugin
OR
echo "export const foo = 42;" | rollup -f es -p @preemptive/jsdefender-rollup-plugin
While using the Rollup CLI options this way, the behavior of JSDefender can only be set through the implicit configuration file: jsdefender.config.json.