jsencrypt icon indicating copy to clipboard operation
jsencrypt copied to clipboard

Published 20 hours ago verified publisher icon travist

3.2.0 release contains bogus jsencrypt/bin/jsencrypt.js

Open jeremiegirault opened this issue 4 years ago • 4 comments

The code is evaluated by evals and the following header is printed at the top of the file :

/*
 * ATTENTION: The "eval" devtool has been used (maybe by default in mode: "development").
 * This devtool is neither made for production nor for readable output files.
 * It uses "eval()" calls to create a separate source file in the browser devtools.
 * If you are trying to read the output file, select a different devtool (https://webpack.js.org/configuration/devtool/)
 * or disable the default devtool with "devtool: false".
 * If you are looking for production-ready output files, see mode: "production" (https://webpack.js.org/configuration/mode/).
 */

jeremiegirault avatar May 06 '21 15:05 jeremiegirault

@jeremiegirault hi there, What particular issues it brings? Just wondering... or that's just a bad Webpack configuration for prod build?

bobrosoft avatar May 31 '21 13:05 bobrosoft

@travist hi, can you confirm that you used correct production mode to build final files before pushing to NPM? Thx

bobrosoft avatar May 31 '21 13:05 bobrosoft

It's a bad webpack configuration on your side that i'm reporting. I'm not pushing this package to NPM. Look at the code generated: https://github.com/travist/jsencrypt/blob/master/bin/jsencrypt.js#L29

jeremiegirault avatar May 31 '21 13:05 jeremiegirault

there is es6 syntax in eval.

EggTronic avatar Jan 19 '22 11:01 EggTronic