Node code encryption
79 views
Skip to first unread message
rahul deshpande
Jan 12, 2015, 5:13:50 AM1/12/15
to nod...@googlegroups.com
I wanted to deploy the node js code as part of standalone installation.
I do not want anyone one to read my code.
What are option available to avoid this?
Do I need to encrypt the code or should I turn it in to executable?
Thanks
Aria Stewart
Jan 12, 2015, 9:55:10 AM1/12/15
to nod...@googlegroups.com
Fundamentally, you have a problem in that you can't make it impossible, only hard to decode.
If you encrypt, you hand an encrypted blob to the user, and the key to decrypt it so it can run. You can make it annoying, but not actually prevent decryption.
To make an executable, the javascript is merely embedded.
I'd ask what you're actually defending against: Some combination of trivial obfuscation like uglifyjs or google closure compiler may be your best bet, plus a banner on each file that reads "Copyright (C) Your Name, All Rights Reserved. Distribution without license is not permitted". The legal barrier to re-using parts of your software is likely the best way to prevent copying.
Now if you're trying to protect a proprietary algorithm where revealing it would be disastrous to your business, things get more interesting, but fundamentally has the same problems.
Aria
Buschini Edouard
Jan 12, 2015, 10:02:22 AM1/12/15
to nod...@googlegroups.com
--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/C82D2531-6227-47FC-84C6-946174A968C4%40nbtsc.org.
// Buschini Edouard :: Moon
Arunoda Susiripala
Jan 12, 2015, 10:18:51 AM1/12/15
to nod...@googlegroups.com
If your app is a server app. Try to create a docker image and distribute it.
Then, make a root password only you know and allow to configure the app via passing env vars.
Then no one can read the source of your app.
Then, make a root password only you know and allow to configure the app via passing env vars.
Then no one can read the source of your app.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAAK0_j8vLxLzM6psh6536qA5KOXJwUd4%2Btd5bFZEhYxG75y9Lw%40mail.gmail.com.
Buschini Edouard
Jan 12, 2015, 10:57:14 AM1/12/15
to nod...@googlegroups.com
Docker images are only FileSystem files. It does not encrypt the file and the image is not compiled.
So if you ship a Docker image with your Nodejs files in it, they can be fetch.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAJzNrTGtUXEHaWzsaQRmbCU1HZu6G%3DbqmRb1CYi2%3DUew1suPxQ%40mail.gmail.com.
João Andrade
Jan 12, 2015, 11:03:54 AM1/12/15
to nod...@googlegroups.com
I would give https://jscrambler.com/en/ a try. It appears to be
compliant with several Node.js frameworks as well.
Here's the client's Github repo: https://github.com/jscrambler/node-jscrambler
> https://groups.google.com/d/msgid/nodejs/CAJzNrTGtUXEHaWzsaQRmbCU1HZu6G%3DbqmRb1CYi2%3DUew1suPxQ%40mail.gmail.com.
compliant with several Node.js frameworks as well.
Here's the client's Github repo: https://github.com/jscrambler/node-jscrambler
Reply all
Reply to author
Forward
0 new messages