Skip to main content

1. Home
2. Questions
3. AI Assist
4. Tags
5. Challenges
6. Chat
7. Articles
8. Users
9. Companies
11. Communities for your favorite technologies. Explore all Collectives
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Bring the best of human thought and AI automation together at your work. Learn more

Timeline for node.js - Code Protection?

Current License: CC BY-SA 3.0

17 events

when toggle format	what	by	license	comment
Jun 10, 2018 at 11:37	comment	added	kostas ch.		@PawelSledzikowski little bit late😀😀 but your code works like harm. I did some modifications in order to work with nan. Thx a lot for your project!
May 2, 2016 at 7:05	history	edited	Salketer	CC BY-SA 3.0	deleted 8 characters in body
Jan 26, 2015 at 16:49	comment	added	dlongley		@JohnyJose, hmm, yeah, that might prevent toString() access at some level. You may still be able to print it out another way, though, I haven't put a lot of thought into it. The right solution is still licensing, but that's an interesting idea.
Jan 26, 2015 at 11:27	comment	added	Johny Jose		@dlongley Won't storing your function source inside a closure and returning a publicly accessible method that calls the internal private method in the closure prevent the actual code from being accessible by simply using toString() ?
Nov 6, 2014 at 0:49	comment	added	Pawel Sledzikowski		I've wrapped @Chris T idea into a working github repo if anyone is interested. However, be aware that this is still a locking the front door and leaving the key under the outdoor rug - looks like it's locked but actually not really.
May 3, 2014 at 20:55	comment	added	Christopher Tarquini		@Tracker1 Right but this doesn't answer the question. Ideally you'd never have to do this but he wanted a way to encrypt not obfuscate
Jan 15, 2014 at 0:53	comment	added	Tracker1		@ChrisT It isn't always about practicalities.. generally speaking, running through uglify before distribution is enough, and even with a JS beautifier, you won't get comments or the original variable names, which really makes it harder to reverse engineer something. --- Even then, anyone that could get that far, could probably have written it themselves.
Jan 10, 2014 at 19:30	comment	added	Christopher Tarquini		@Tracker1 Anything in JS land will be trivially defeated by something like JSBeautifier. Using node's native decryption is a no-go as well because you can just change it to print the decrypted source instead of evaling it. Really when it comes down to it you're not going to get very far with code protection with node, especially since V8 uses the source code at runtime and needs the AST in memory
Jan 10, 2014 at 19:28	comment	added	Christopher Tarquini		Quick note: @dlongley Don't quote me on this but I believe if you have your decryption method written in a native node extension you can prevent `Function.prototype.toString` from working on the code you compile and add to the runtime in C++ land.
Dec 31, 2012 at 20:27	comment	added	Tracker1		You don't need a custom native extension for encryption/decryption, this makes deployments convoluted. I would suggest using the native to node decryption combined with a min/obfuscation option like closure, or uglify. If your original source is coffeescript, that's another layer...
Aug 15, 2012 at 1:42	comment	added	Mark		Isn't there any open source library/extension/project for this?
Jun 13, 2012 at 12:33	comment	added	Christopher Tarquini		^ Well he only needs to make his boss happy ;). Obviously there's no way to solve this problem in a language like javascript. The "most secure" way I can think of would be ustom node-binary bundled with your scripts that only runs them (load them in RAM perhaps? Which might require modifying the `require` function to check the apps resources before checking for files).
Jun 7, 2012 at 3:49	comment	added	dlongley		This is not secure. It doesn't matter that the key is hidden in the binary module. Once the client decrypts and loads your module, they can simply call console.log(yourmodule.yourmethod.toString()) and print out your source code.
Feb 7, 2012 at 15:44	comment	added	Christopher Tarquini		Keep in mind that the native extension also has to use v8 to convert the source into a javascript object for node to use. You can also use `m._compile(MyNativeExtensions.decrypt(..))` but then all anyone has to do change your source is change `m._compile` to `console.log`
Feb 7, 2012 at 15:29	comment	added	Christopher Tarquini		No problem, let me know how it goes, I'm planning on using this method on one my projects as well. Someone should develop a library for this sort of thing
Feb 7, 2012 at 10:14	vote	accept	Van Coding
Feb 6, 2012 at 16:33	history	answered	Christopher Tarquini	CC BY-SA 3.0