Back to docs
Recipe

Tree Shaking Guide

Strip dead code from your Nimbus-protected payloads before distribution. Ship only what executes.

Why tree shake?

Every unused import, dead function, or unreachable branch increases your attack surface and inflates binary size. Nimbus loader payloads are Ed25519-signed — smaller payloads verify faster and leave less forensic residue.

Step-by-step

  1. Audit imports. Run your bundler's unused-export analyzer. Flag every symbol not reachable from your entry point.
  2. Mark side-effect-free.Add sideEffects: false in package.json so the bundler can prune aggressively.
  3. Use ESM. CommonJS dynamic requires defeat static analysis. Prefer ES module syntax throughout your payload.
  4. Verify with Nimbus.Re-sign the shaken payload and confirm the Ed25519 signature still validates. Run your integration suite.

Common pitfalls

  • Reflection-based calls hide dependencies from the bundler.
  • Polyfills marked as side-effect-free can break at runtime.
  • Over-aggressive shaking may strip Themida stub references.
← Back to docsNext: Obfuscation →