All geek questions in one place

How to prevent confidential data from being included in WebPack packages

I am concerned that, without omitting, modules containing secrets, such as database passwords or session keys, may be included in WebPack or Browserify packages.

Even if I do not import these modules directly, I could accidentally import them indirectly from the client module of the entry point.

Is there a way to blacklist such files so that these bundles refuse to link them? Wishing that someone could follow the best methods that could avoid such problems, it would be nice to have such a security system.

+4
source share
1 answer

loaders , include exclude. RegEx .

JavaScript , ./secret.

 var path = require('path');
        module.exports = {
          // Configuration omitted for brevity
          module :{
            loaders : [
                { 
                  test: /\.js$/, 
                  loader: "script",
                  exclude : path.resolve(__dirname, './secret')  // Exclude secret directory
                },
                { 
                  test: /\.css$/, 
                  loader: "style!css" 
                }
            ]
          }
        };

./secret , src, .

var path = require('path');
var blackList = [ path.resolve(__dirname, './secret') ];
var whiteList = [ /src/ ]; // Allow only directories containing "src"

var config = { 
...
/// Webpack configuration
};

// Apply whitelisting and blacklisting for all loaders
config.module.loaders.forEach(function(loader)
{
   loader['exclude'] = [...(loader['exclude'] || []), ...blackList];
   loader['include'] = [...(loader['include'] || []), ...whiteList];
});

module.exports = config;

, , . , , / .

:

, , . , sqlconnections.js, sqlconnections.confidential.js. RegEx /\.confidential\.js$/ . , .

+3

Source: https://habr.com/ru/post/1649949/

More articles:


All Articles