fix: Replace usage of eval to obfuscate binary path from bundlers

[timfish]

eval is not ideal because it causes Rollup to display warnings.

As per my test repo, it's reasonably easy to obfuscate paths from @vercel/nft without using eval as the evaluator can only simplify so far.

This PR adds a test to check that the binaries are not picked up by @vercel/nft.

For the purposes of demonstrating the newly added test, the first commit replaces the eval usage with path.resolve() which will cause the test to fail as the binary is picked up.

A subsequent commit will add the mildly obfuscated path generation.

[lforst]

nice 👍 (I'll hold off on merging in case somebody still has concerns about our plans)

[timfish]

I guess if this needs to be released as 1.x I should have branched off the 1.x branch!

[lforst]

I guess if this needs to be released as 1.x I should have branched off the 1.x branch!

Probably. Is it possible for you to still change the base?

[lobsterkatie]

Nice work figuring out a successful obfuscation strategy. @lforst and @Lms24 and I tried like the dickens for like an hour one day and couldn't manage to trick it.

I guess if this needs to be released as 1.x I should have branched off the 1.x branch!

P.S. Does anyone remember why the webpack plugin is stuck on sentry-cli 1.x? @kamilogorek, maybe? In any case, I think it actually needs to be merged into both 1.x and 2.x, right? Because eventually we'll upgrade, and we'll want to have it there.

[timfish]

Does anyone remember why the webpack plugin is stuck on sentry-cli 1.x?

Node.js support:

getsentry/sentry-webpack-plugin#383 (comment)

[timfish]

Nice work figuring out a successful obfuscation strategy

I have "history" with it's predecessor @vercel/webpack-asset-relocator so when nft was released I spent far too long looking through the strategies it uses and experimented with the evaluation it performs and was left suitably impressed!