-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Obfuscating Tailwind CSS Class Names in Production #14899
-
I'm looking for a way to obfuscate or encrypt class names in production when using Tailwind CSS. Given the utility-first approach of Tailwind, the class names can sometimes reveal a lot about the styling structure, which may not always be ideal in a production environment.
Has anyone successfully implemented a method for shortening or encrypting these class names to make the code more compact and potentially harder to reverse-engineer? I’m open to suggestions or best practices on how to set this up effectively without compromising build performance or compatibility. Any tips or tools that work well with Tailwind's setup?
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 2 comments 1 reply
-
Why? You will always be able to recover the class name from the styles applied by the selector.
Also, reverse engineering CSS? Who would do that?
Beta Was this translation helpful? Give feedback.
All reactions
-
I'm looking for a way to obfuscate or encrypt class names in production when using Tailwind CSS. Given the utility-first approach of Tailwind, the class names can sometimes reveal a lot about the styling structure, which may not always be ideal in a production environment.
Has anyone successfully implemented a method for shortening or encrypting these class names to make the code more compact and potentially harder to reverse-engineer? I’m open to suggestions or best practices on how to set this up effectively without compromising build performance or compatibility. Any tips or tools that work well with Tailwind's setup?
What exactly is the problem you're having? There's no security issue there. The only one you really put forth that might be worth consideration, is one of performance, less data having to be sent. That is a valid goal and objective worth chasing IF you're doing a lot of traffic, which I highly doubt you're doing so much that saving a kilobyte of data per request is going to save you millions of dollars across the board (ala Google).
Beta Was this translation helpful? Give feedback.
All reactions
-
I have a working solution, but it's not TailwindCSS-specific - and it doesn't need to be. This should be properly handled during production build using Webpack, Vite, or another bundler, relying on CSS modules.
Since the inline classes are unreadable and them can't be reverse-engineered, maintaining the stolen code requires significantly more time. So it's basically meant to prevent paywall bypass (for me) - of course people can still steal and violate licenses this way, and it's hard to catch everyone who does; but at least they've spent so many hours on it that it would have been just as well if they'd paid for the license.
Beta Was this translation helpful? Give feedback.