0

I wrote a node application which will be embedded in the client. I would like to protect my code so the client will not be able to modify it (license check for example).

I already read (and try) this one but obfuscation (and minification) can be reversed and I can't move critical code to an external service (the node application may not have external internet connections).

Is there a (native) mechanism to sign a node application? Something which will prevent the app to run if the code is changed?

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
ThomasThiebaud
  • 11,331
  • 6
  • 54
  • 77

1 Answers1

1

There is not a native mechanism to sign JavaScript code. This has been attempted in the past but scrapped quickly.

Checkout this question and its answers on how difficult this is. User Mason Wheeler sums it up well:

It's been tried. Many, many times. There's an entire sub-industry dedicated to attempting to use encryption to keep users from accessing a program as they see fit. And it never works.

If you want to attempt this anyways, I recommend a commercial product like jscrambler.com for trying to 'defend' your code with encryption and self-defense techniques. There are so many drawbacks to doing this yourself that it isn't worth it.

Also - keep in mind that for every change you make to your code (minify, obfuscate, encryption, etc.), you increase the possibility that your code will not function properly. One more reason to avoid it and/or use an commercial/supported product.

Community
  • 1
  • 1
Ben Rondeau
  • 2,983
  • 1
  • 15
  • 21