3

Recently, i have made a chrome ext, but anyone can read its source code by rename the crx to zip and extract it, how i secure my SC ?

cdxf
  • 5,501
  • 11
  • 50
  • 65
  • possible duplicate of [Encrypt Chrome-extension?](http://stackoverflow.com/questions/4426132/encrypt-chrome-extension) – bzlm Dec 25 '10 at 18:59

3 Answers3

8

The only way to prevent anyone with your extension from seeing the logic is to move it out of the extension that runs on a user computer and into a web service that the extension accesses.

Since this will slow down the works quite a bit, you should only do this for the really valuable parts of your code.

Ben Voigt
  • 277,958
  • 43
  • 419
  • 720
5

The best (and only?) way would be to obfuscate your JavaScript.

edit: Chrome Webstore does not allow you to obfuscate your JavaScript code. You can read it in the Chrome Webstore program policies

Code Readability Requirements:

Developers must not obfuscate code or conceal functionality of their extension. This also applies to any external code or resource fetched by the extension package. Minification is allowed, including the following forms:

  • Removal of whitespace, newlines, code comments, and block delimiters
  • Shortening of variable and function names
  • Collapsing files together
Weetz
  • 81
  • 10
Neeme Praks
  • 8,956
  • 5
  • 47
  • 47
2

You can use Google Firebase API and related other storage services for write secure/safe business logic, because your google extension code is always open to show for every one....

:::: Example for your more help ::::

key-value from extension JS code ----- Transfer to Server ----> Firebase API perform your logics ---- send back to ----> extension JS code

FireBase is Free and light weight and perfect for business logic

Shantanu Sharma
  • 666
  • 6
  • 21