3

My team and I have a cloud based web app; however one client wants to use our app on premise which means we will install the app on the client’s infrastructure which they control.

Does anyone out there have any suggestions on the best way to protect the app source code so that it is not readable? Some level of encryption maybe?

Interested in your thoughts.

Thank you

James

AustJamesL
  • 69
  • 3
  • see [Secure distribution of NodeJS applications](https://stackoverflow.com/questions/9413123/secure-distribution-of-nodejs-applications) and [node.js - Code Protection?](https://stackoverflow.com/questions/5951302/node-js-code-protection), one comment mentioned about [zeit/pkg](https://github.com/zeit/pkg) – Eric Wong Feb 15 '19 at 10:04

1 Answers1

2

I see two options for you, the PKG library and the bytenode library

1.PKG:

This command will wrap your nodeJS file and its dependencies into an executable on MacOS, Windows or Linux. If your application is complicated, this may not work.

https://www.npmjs.com/package/pkg

2.Bytenode:

This command line converts your JS files into binary files so that no one can read the code.

  • You convert JS files in plain text into binary files
  • You create a master JS file in plain text
  • You load the bytenode library in a clear JS file using "require"
  • You load binary files containing your code using "require"

bytenode is fully integrated with Nodejs. Rather that using "require" to call a JS file in plain text, you use "require" to call a binary file (.JSC with bytenode). You only convert the target files that you want to convert. However, a little warning. In this case, your regular JS modules are in plain text.

https://www.npmjs.com/package/bytenode

Nicolas Guérinet
  • 2,086
  • 1
  • 29
  • 38