I'm looking to add a layer of protection to my client side code for a project I'm building. Offline mode is a huge must for this project, so there's a lot of code I simply can't port to the server. The result is a good bit of sensitive code on the client side that I'd like to avoid leaving out in the open. I've looked into the possibility of asar archives, webpack + uglify, google closure compiler, and yui compressor (among others), but with ES6 and React in the mix, it seems to complicate things a bit. Any advice/suggestions would be a huge help. The more secure the better. Thanks in advance!
Asked
Active
Viewed 997 times
7
-
2First [minify](http://refresh-sf.com/) it, then [closure compile](http://closure-compiler.appspot.com/home) it and finally [obfuscate](https://javascriptobfuscator.com/) it. You can also crush it [here](http://www.iteral.com/jscrush/) or [here](https://siorki.github.io/regPack.html), or even [completelly obfuscate it](http://www.jsfuck.com/). – Aug 30 '16 at 17:28
-
@SoftwareEngineer171: your link to "completely obfuscate" at http://www.jsfuck.com/ is outright stupid. Ignoring the bad taste for names, he told you exactly how to de-obfuscate it. – Ira Baxter Aug 30 '16 at 17:53
-
1I don't see how ES6 or React change things. You compile ES6 and ESX to regular javascript, then you obfuscate that as regular. – Bergi Aug 30 '16 at 18:02
-
2Please remember that at the end of the day there is absolutely no way for you to hide the logic of the code from someone determined to see it. If it is truly sensitive you need to find a way to put it on the server. – Matthew Herbst Aug 30 '16 at 18:39
-
@IraBaxter Yes, but he can combine different methods and obfuscators in order to create difficult-to-read script. Maybe better method to completely obfuscate it is to use WASM. – Aug 31 '16 at 23:15