fix: Replace usage of eval
to obfuscate binary path from bundlers
#1374
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
eval
is not ideal because it causes Rollup to display warnings.As per my test repo, it's reasonably easy to obfuscate paths from
@vercel/nft
without usingeval
as the evaluator can only simplify so far.This PR adds a test to check that the binaries are not picked up by
@vercel/nft
.For the purposes of demonstrating the newly added test, the first commit replaces the
eval
usage withpath.resolve()
which will cause the test to fail as the binary is picked up.A subsequent commit will add the mildly obfuscated path generation.