0

I developed a Node.js Application that I would to like to sell to my clients on monthly charges.

I'm looking for solutions to:

  1. Keep my source code safe
  2. Easy client installation
  3. Serial code solution for activation
  4. Application update method

Any advise will be appreciated.

Similar Question: Secure distribution of NodeJS applications

Hypothesis
  • 1,208
  • 3
  • 17
  • 43
Dean Jansen
  • 37
  • 9
  • Your question is **too broad** and answers will be **primarily opinion-based**, therefore it is [off-topic](https://stackoverflow.com/help/on-topic) for Stack Overflow. However, I'd recommend you to check [other websites of the stack exchange network](https://stackexchange.com/sites) - some of them are more fitted for software recommendations and high-level software design. – Nino Filiu May 07 '19 at 10:24

1 Answers1

2

Your goals

Keep my source code safe

The only way you can do it is by making it a Web application that is used as a service instead of being distributed to the client. Don't trust anyone who tells you about code obfuscation or encryption as this is inherently impossible.

Easy client installation

Nothing easier than a Web application.

Serial code solution for activation

For a Web application you don't even need that. And for any application that you distribute to the client it will be trivial to circumvent and there is no way around it.

Application update method

Web application is always up to date. For a distributed application you can take a look at the Electron auto updater.

Any advise will be appreciated.

General advice

My general advice would be to keep in mind that any Node application that is distributed to the client will be very easy to analyze the source code and to circumvent any activation features that you implement. The only thing you can rely on in that case is law, not technology. Make sure that the licence is enforceable and the terms are clear. Distributing the source code doesn't mean that it has to be open source. The license is what's important, not the visibility of the code.

Your options

Depending on what the application does and how the interface looks like, something that you said nothing about in your question, you have few options:

  1. Distribute the application as is and rely on the license to protect you but understand that anyone could be able to analyze your source code no matter what you do. Here you need to manage updates for every change. People will be able to circumvent your activation code feature.
  2. Make it a web application and keep its inner workings completely to yourself. Here you have no updates problems or source code visibility. No need for activation code, you can give access only to paying customers.
  3. Make it a service and keep all the important logic in your backend API and distribute only a thin client that uses that API. You only need to manage auto updates of the client, the backend code is always up to date. You don't need to implement activation codes, people can just log in to the account on your system in the client program and your backend will know who is a paying customer and who's not. The only source coude visible to the client is the client side code which can be minimal and doesn't have to include any critical logic.

Of course it all depends on the nature of your application which you said nothing about.

rsp
  • 107,747
  • 29
  • 201
  • 177