Webpack Integration
Webpack Version Compatibility
For Webpack 4.x: Use @bytehide/webpack4-shield package instead of @bytehide/webpack-shield. See the Webpack 4 section below for details.
ByteHide Shield provides a dedicated Webpack plugin that allows you to seamlessly protect your JavaScript code during the build process. This guide explains how to install and configure the Shield Webpack plugin.
Installation
Webpack 5.x (Recommended)
Install the ByteHide Shield Webpack plugin from npm:
npm install --save-dev @bytehide/webpack-shield
Or with yarn:
yarn add --dev @bytehide/webpack-shield
Webpack 4.x
For Webpack 4 compatibility, install the dedicated package:
npm install --save-dev @bytehide/webpack4-shield
Or with yarn:
yarn add --dev @bytehide/webpack4-shield
Basic Setup
Webpack 5.x Setup
Add the Shield plugin to your Webpack configuration:
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = {
// ... your webpack configuration ...
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token', // Required: Get this from your ByteHide account
})
]
};
Webpack 4.x Setup
For Webpack 4, use the dedicated plugin:
const ByteHideShieldPlugin = require('@bytehide/webpack4-shield');
module.exports = {
// ... your webpack configuration ...
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token', // Required: Get this from your ByteHide account
})
]
};
With this minimal configuration, Shield will apply default protections to your bundled code.
Webpack 4 Compatibility
If you're using Webpack 4.x, you need to use the dedicated @bytehide/webpack4-shield package. This version has been specifically adapted for Webpack 4 compatibility.
Key Differences from Webpack 5 Version
This version has been specifically adapted for Webpack 4 compatibility:
API Changes
- Plugin Registration: Uses
compiler.plugin('emit', ...)instead ofcompiler.hooks.emit.tapAsync() - Asset Creation: Uses function-based asset objects compatible with Webpack 4
- Promise Handling: Adapted async handling for Webpack 4's callback-based system
Webpack 4 Specific Features
- Compatible with Webpack 4.0.0 and above
- Uses legacy plugin API for maximum compatibility
- Optimized for Webpack 4's asset processing system
Requirements for Webpack 4
- Node.js: >= 8.0.0
- Webpack: ^4.0.0
- Webpack CLI: ^3.3.12
- Webpack Dev Server: ^3.11.3
Migration from Webpack 5
If you're downgrading from Webpack 5 or need Webpack 4 compatibility:
- Install this package:
npm install @bytehide/webpack4-shield - Update your webpack config to require this package instead
- No configuration changes needed - all options remain the same
Webpack 4 vs 5 Comparison
| Feature | Webpack 4 | Webpack 5 |
|---|---|---|
| Plugin API | compiler.plugin() | compiler.hooks.emit.tapAsync() |
| Asset Objects | Function-based | Arrow function syntax |
| Node.js Support | >= 8.0.0 | >= 10.13.0 |
| Package Name | @bytehide/webpack4-shield | @bytehide/webpack-shield |
Configuration Options
The Webpack plugin accepts the following options:
| Option | Type | Default | Description |
|---|---|---|---|
projectToken | string | Required | Your ByteHide project token |
replace | boolean | false | Whether to replace original files with obfuscated versions |
obfuscatedExtension | string | '.obf' | File extension for obfuscated files (when replace is false) |
exclude | string[] | [] | Files or patterns to exclude from obfuscation |
config | Object | {} | ByteHide Shield configuration options |
include | string[] | ['.js', '.mjs', '.cjs', '.jsx'] | File extensions to process |
Advanced Configuration
For more advanced use cases, you can provide additional Shield protection options:
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = {
// ... your webpack configuration ...
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token',
replace: false,
obfuscatedExtension: '.obf',
exclude: ['vendor.js', 'polyfills.js'],
include: ['.js', '.mjs', '.cjs', '.jsx'],
config: {
controlFlowFlattening: true,
debugProtection: true,
devtoolsBlocking: true,
stringArray: true,
stringArrayEncoding: ['base64'],
selfDefending: true,
identifierNamesGenerator: 'hexadecimal'
}
})
]
};
Environment-Specific Configuration
You can apply different protection settings based on the environment:
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = (env, argv) => {
const isProd = argv.mode === 'production';
return {
// ... your webpack configuration ...
plugins: [
// Only apply Shield in production builds
isProd && new ByteHideShieldPlugin({
projectToken: process.env.BYTEHIDE_PROJECT_TOKEN,
replace: true,
config: {
// More aggressive settings for production
controlFlowFlattening: true,
debugProtection: true,
devtoolsBlocking: true
}
})
].filter(Boolean) // Filter out falsy plugins
};
};
File Exclusions
You can exclude specific files from obfuscation using the exclude option:
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = {
// ... your webpack configuration ...
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token',
exclude: [
'node_modules/**/*.js', // Exclude all node_modules
'src/vendor/**/*.js', // Exclude vendor files
'src/polyfills.js' // Exclude specific file
]
})
]
};
Features
The Webpack plugin for ByteHide Shield provides the following features:
- Advanced Obfuscation: Implements various obfuscation techniques to protect your code
- JavaScript file protection: Compatible with .js, .mjs, .cjs, and .jsx files
- Build-time obfuscation: Integrate protection directly into your build process
- Watermarking for protected files: Add watermarks to identify protected code
Complete Example
Here's a complete example of a Webpack configuration with Shield:
const path = require('path');
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
const TerserPlugin = require('terser-webpack-plugin');
module.exports = (env, argv) => {
const isProd = argv.mode === 'production';
return {
entry: './src/index.js',
output: {
path: path.resolve(__dirname, 'dist'),
filename: 'bundle.js'
},
module: {
rules: [
{
test: /\.jsx?$/,
exclude: /node_modules/,
use: {
loader: 'babel-loader',
options: {
presets: ['@babel/preset-env', '@babel/preset-react']
}
}
}
]
},
optimization: {
minimize: isProd,
minimizer: [
new TerserPlugin({
terserOptions: {
format: {
comments: false,
},
},
extractComments: false,
}),
],
},
plugins: [
isProd && new ByteHideShieldPlugin({
projectToken: process.env.BYTEHIDE_PROJECT_TOKEN || 'your-project-token',
replace: true,
exclude: ['vendor/**/*.js'],
config: {
controlFlowFlattening: true,
debugProtection: true,
devtoolsBlocking: true,
stringArray: true,
stringArrayEncoding: ['base64'],
selfDefending: true,
identifierNamesGenerator: 'hexadecimal',
reservedNames: [
'^React$', '^useState$', '^useEffect$',
'^render$', '^Component$'
]
}
})
].filter(Boolean),
devtool: isProd ? false : 'source-map'
};
};
Example Output
If you have an index.js file with this content:
console.log("Hello, world!");
The processed result will include a unique marker and the obfuscated code:
// _0xBHSHLD_<uniqueId>_marker
console.log(_0x123456("Hello, world!"));
Troubleshooting
Common Issues
Network Error
If you encounter network errors during the build process:
- Ensure you have an active internet connection as the plugin uses a remote service for code obfuscation
- Check if your network firewall is blocking requests to the ByteHide service
Invalid Token
If you see an error about an invalid token:
- Verify that your project token is valid and correctly typed
- Make sure the token has permissions for JavaScript projects
Next Steps
- Get your project token
- Learn about protection options
- Configure exclusions and reserved items