Skip to content
/ nextjs-webpack-obfuscator Public

Next.js code obfuscation setup using webpack-obfuscator – secure and protect your production builds.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0501guptanitin/nextjs-webpack-obfuscator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

🔐 Next.js Code Obfuscation using webpack-obfuscator

Obfuscating your JavaScript code adds an extra layer of protection by making the output bundle harder to understand and reverse-engineer. This guide explains how to use webpack-obfuscator in a Next.js project to secure your client-side code in production.

📦 Prerequisites

Before getting started, ensure the following are already set up:

  • Node.js (v14 or newer)
  • A Next.js project (TypeScript or JavaScript)
  • TypeScript configuration (optional but recommended)

🚀 Installation & Configuration

To begin, install webpack-obfuscator as a dev dependency by running:

npm install --save-dev webpack-obfuscator
# or
yarn add --dev webpack-obfuscator

Then, in your Next.js project root, locate or create a next.config.ts (or next.config.js for JavaScript) and add the following configuration:

// next.config.ts

const nextConfig: NextConfig = {
  webpack: (config, { dev, isServer }) => {
    if (!dev && !isServer) {
      config.plugins?.push(
        new WebpackObfuscator(
          {
            compact: true,
            controlFlowFlattening: true,
            controlFlowFlatteningThreshold: 0.75,
            deadCodeInjection: true,
            deadCodeInjectionThreshold: 0.4,
            debugProtection: true,
            debugProtectionInterval: 2000,
            disableConsoleOutput: true,
            identifierNamesGenerator: "hexadecimal",
            log: false,
            numbersToExpressions: true,
            ...//You can add more according to your needs
          },
          [
            "node_modules/**",
            ".next/**",
            "public/**"
          ]
        )
      );
    }
    return config;
  },
};

💡 Note: If you're using JavaScript, remove type annotations and replace import with require() syntax accordingly.

🏗️ Usage

Once installed and configured, you can obfuscate your code by simply running a production build:

npm run build
# or
yarn build

This will apply obfuscation to your client-side JavaScript output, which can be found in the .next/static/chunks directory. You'll notice the code is minified, encoded, and no longer human-readable.

⚠️ Important Notes

  • Obfuscation only runs in production (next build) and applies only to client-side code.
  • It does not protect server-side logic or Next.js API routes.
  • This may increase your build time and bundle size.
  • Obfuscation is not a security guarantee — do not store secrets or sensitive data in frontend code.
  • Compatible with both JavaScript and TypeScript projects.

✅ Summary

You’ve now successfully set up webpack-obfuscator to enhance the security of your frontend code in a Next.js app. While not foolproof, it adds meaningful complexity to deter casual reverse-engineering attempts.

Happy coding! 🔐

About

Next.js code obfuscation setup using webpack-obfuscator – secure and protect your production builds.

Topics

nodejs javascript security obfuscation obfuscate typescript webpack nextjs obfuscator literal client-side-security frontend-security webpack-obfuscator code-obfuscation nextjs-configuration

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published