haxejs: Can Haxe generate minified or obfuscated JavaScript code?

[Leff Ivanov]

Is there any compile time flag or define to make Haxe compiler generate minified JavaScript?
And also can I somehow get obfuscated JavaScript code from Haxe compiler?

[Juraj Kirchheim]

Using a lot of abstracts, macros, enums and inlining tends to yield output that pretty hard to read ;)

But for actual minification Google Closure is a good choice. If you avoid reflection, you can run it in advanced mode.

Best,

Juraj

On Thu, Aug 20, 2015 at 12:09 PM, Leff Ivanov <droid...@gmail.com> wrote:

Is there any compile time flag or define to make Haxe compiler generate minified JavaScript?
And also can I somehow get obfuscated JavaScript code from Haxe compiler?

--
To post to this group haxe...@googlegroups.com
http://groups.google.com/group/haxelang?hl=en
---
You received this message because you are subscribed to the Google Groups "Haxe" group.
For more options, visit https://groups.google.com/d/optout.

[Confidant]

I often use an Ant task to do compilation, and have it run a minifyer after the compile. I've used Closure with good results.

[Brennan Kinney]

Just to be clear, obfuscating JS doesn't really help protect it much more than minification(assuming variables and the like get renamed). Some code output by obfuscation tools might look like they've done the job but are easily reversed.

You could use Prepros or other gui based apps for handling minification(and obfuscation too maybe), else cli based or gulp(node.js) is pretty easy to get going where it will automatically minify and whatever else you want to your js file(s) when they've been modified.

[Cristian Baluta]

How do you reverse a variable a123 in something meaningful? I've done this once http://lib.haxe.org/legacy/p/jsscramble

--

To post to this group haxe...@googlegroups.com
http://groups.google.com/group/haxelang?hl=en
---
You received this message because you are subscribed to the Google Groups "Haxe" group.
For more options, visit https://groups.google.com/d/optout.

--

Băluță Cristian
http://ralcr.com
http://imagin.ro

[der Raab]

Hi, I would recommend using these compiler flags:

# flatten package namespaces to single variables
-D js_flatten
# remove all unused code
-dce full
# remove all traces
--no-traces

The Haxe output is then ready to be minified afterwards.

We use these flags and the Reflect-API within our code to be compatible to Google Closure Compiler. In advanced mode it delivers the best minification result. And if it's important to you - it's quite hard to read too.

Just to give you an idea how good the minification results are here some figures of one of our complex runtimes:

application-debug.js   (565KB - 74KB gzip) (raw Haxe output)

application-uglify.js  (244KB - 52KB gzip)

application-closure.js (156KB - 42KB gzip)

Notice that gzipped savings aren't that big - but since we can't assume every server supports it and is set up correctly - we use closure compiler.

Our Haxe codebase is quite big so we don't minify during development but before testing. Maybe this info helps a little...

[Brennan Kinney]

@Cristian variable renaming like a123 is something you can get from minification. I was stating that obfuscating JS code beyond what minification can do is usually not of value; It's called 'Security through Obscurity". I then said that some obfuscation tools are easily reversed, http://www.jsfuck.com/ for example looks very well obfuscated to me visually. But to a machine it's not obfuscated at any better at all, in fact all you have to do is append a .toString() to get the entire code state prior to obfuscation, hence that tool and a few others like it are easily reversible and provide no actual security from those who would want you code. These tools also bloat filesize and decrease performance if I remember right, just stick with minification for JS.

[Juraj Kirchheim]

FIY I just published this little helper: http://lib.haxe.org/p/closure/

As far as obfuscation goes, with advanced compilation turned on, closure does generate code that is practically unsalvageable. Without, it's still quite effective, as all that stays are method names.

Hope this helps.

Best,

Juraj

[Mark Knol]

Neat Juraj! I checked the source, I didn't ever thought about calling actual applications in/after a build. But this (of course) is possible since you're in macro context right?

[Juraj Kirchheim]

Yes, exactly ;)

On Tue, Nov 24, 2015 at 8:22 PM, Mark Knol <mark...@gmail.com> wrote:

Neat Juraj! I checked the source, I didn't ever thought about calling actual applications in/after a build. But this (of course) is possible since you're in macro context right?

--

[Atul Kumar]

you can also simply call applications form the build.hxml right after building. Here is an excerpt from my hxml where I call  a minifier for a release build:

...

-js output.js

-cmd uglifyjs output.js -c -o output.min.js 

Where "uglifyjs" is a node application which I installed via npm: "npm install uglifyjs -g"

[Juraj Kirchheim]

Yes, this library is purely about comfort. About not having to install npm and uglify or closure (although you will need java preinstalled, but my hope is that most haxe developer have that). About not having to remember the wacky CLI parameters or whatnot (for closure, those are really horrible). And about not having to put together the command for each build. You can even do something like this:

-lib closure

-cp src

--each

-js app1.js

-main App1

--next

-js app2.js

-main App2

Again, in the end it is all about convenience. But it seems that people care about that a lot ;)

Best,

Juraj

--

[Jonathan Commins]

Could anybody share some tips on how to get Flambe working with the Google Closure Compiler "Advanced" mode?

I tried the following:

1. Created new Flambe project via: flambe new test

2. Changed directory to the new project: cd test

3. Built the game: flambe build html

4. Tested that the game runs OK at: ./build/web/index.html?flambe=html

5. Ran main-html.js through the compiler (with Advanced checked) at: http://closure-compiler.appspot.com/

6. Re-tested the game with the new main-html.js

7. An error occurs, screenshot here: http://i.imgur.com/dlu2XFc.png