Hide Node js application source code - node.js

I'm developing a private web application for a company and they ask me to use their server to host it. I would like to prevent them the access to the source code. How can i do that? Their server is running debian and they have the root access..
I found some solution like packaging the application in one executable file but the application have lot's of dependency and I'm using loopback.io framework; this make packaging very difficult..
Any different solution?

The answer is no, you cannot prevent them from seeing the source-code. If they own the source-code, then it is even unethic to want something like this. If you own the source-code, then minify it. But before you do that, think about it. Will it raise the trust of your client in you? Even binary source-codes can be reverse-engineered. With interpreted languages, like Javascript, you cannot even do that. If you are afraid they will not pay you unless you protect the source-code, then implement the project on a local server and create a video to back up your claim that the project is completed. Although, everything depends on the actual agreement, which, you understandably will not share with us.

You can't prevent them from seeing the source code, but you can make it harder to read with browserify and uglifyjs:
browserify index.js --no-bundle-external --node | uglifyjs -c > bundle.js
This unfortunately won't preserve the original stack trace of errors and will make it harder to debug.

Related

Make a Nest.JS project executable but without the source code exposed

If we want to deploy our NEST.js sever on the customer's environment, how can we hide our source code preventing from the plagiarism?
Unfortunately it is impossible to completely hide your package implementation. What you can (and should) do is using Webpack to create a bundle and minify your exported code. With that, it is pretty hard for someone to reverse engineer your code, but it is still doable.
Since Javascript is not compiled to binary, the executable of your code will always be Javascript, therefore it could be reverse engineered.

How do I run my node.js application on a client's server without sharing the codebase with them?

We are using Angular for front end and Node.js for backend. We are in conversation with a client to run our application on their local server, hence if we could use a package executable of the application, it would not give them access to our source code. We want to know if there are any robust tools that can help us do this or if there is any other way in which we can allow them to use all our application's offerings without giving them any idea of how the application works technically.
I think you have next options
compiles your backend part into a single executable file nexe
encode your critical parts to weird format weird
run your backend part in docker after minifier/compressor tool minifier
compiles modules to binary format binary
mix all options

Server side programming language/framework that support hot-reload

Is there any other server side language (with or without frameworks) that support hot-reload or live-coding, so when we develop, all we need is:
Start the web server
Edit the source code
Try on the browser (without having to restart the server)
Similar to PHP
Some other language that I know able to do this:
ruby/sinatra
sinatra-reloader gem (sometimes not working)
rerun (*
nodejs
nodules module
node-supervisor module
nodemon (*
(* automatically restart server when there are changes, not really hot-reload
Is there any other language that are able to do this? and if possible, showing the error (filename and line number, or the full stack trace) on the browser (not in the terminal/console), so I don't have to switch from code-editor then to browser and then to console to see the error.
You can try Perl with the Mojolicious framework: http://mojolicio.us/ (using the morbo server).
Can also be achived with Groovy/Java using the Grails framework: http://grails.org
You can use Erlang to work as a web server, which is designed to allow you to hot swap whole modules of code while the program is up and running. Though, the functional programming paradigm does take a little while to get used to...
How to write a simple webserver in Erlang?
I hope this helps...
I think what you ask for is actually called live-reload, hot-reload is something I believe only Erlang can truly accomplish.
By configuring and adding plugins to Grunt or Gulp, you can watch for changes in any list / kinds of files and describe any action to be initiated. Here is a plugin for Grunt. With this method, any language can gain such ability.
As a side note, Django (Python) has auto-restart as well. But that does not mean Python language has it built-in, Django uses a Grunt-like trick to restart its dev-server.
Revel for Go could do this, or Beego, the difference is Revel only recompile when there are changes on the source code and on new request (so it's more efficient), Beego recompile every time there are source code changes.
EDIT: Beego 1.3.0 remove its hot reload feature T__T

securing the source code in a node-webkit desktop application

first things first , i have seen nwsnapshot. and its not helping.
i am building an inventory management system as a desktop app using node-webkit . the project being built is using compoundjs (mvc javascript library). which have a definite folder structure (you know mvc) and multiple javascript files inside them.
the problem is nwsnapshot allows the app to have only a single snapshot file but the logic of application is spread over all the folders in different javascript files.
so how do i secure my source code before shipping it to client? Or any other work-around Or smarter way (yes, i know about obfuscating).
You can use nodewebkit command called nwsnapshot to compile the javascript code into binary which will be loaded into the app without specifying any js file
nwsnapshot --extra-code application.js application.bin
in your package.json add this:
snapshot: 'application.bin'
It really depends on what you mean by "secure".
You can obfuscate your javascript code fairly well (as well as potentially improve performance) by using the Google Closure Compiler.
I'm not aware of any off-the-shelf solutions to encrypt/decrypt your javascript, and honestly I would question the need for that.
Some people think they need to make it impossible to view their source code, because they're used to dealing with compiled languages where you only ship binaries to users. The fact is, reverse-engineering that binary code was never as difficult as some people think it is, so if there's any financial incentive, there is practically no difference between shipping source code and the traditional shipping of binaries.
Some languages have offered genuine encryption of deployed assets, such as Microsoft's SLPS. It seems to me that the market for this was so small that Microsoft gave it to a partner (just my view). The truth is that most customers are not interested in taking your source code; they're far more interested in your ability to service and support that code in an efficient manner, while they get on with their job.
You may consider to merge the JS files into one in the build process and compile it.

packaging node.js modules with more than code

I'm putting together a module I'd like to release, but am a bit stuck on how best to go about packaging it up. In addition to server side javascript, the module will need things like an admin screen, and client side javascript files. That is, it needs to serve out a fixed set of static html/css/js files. (I may have the node-static module as a dependency)
I'm curious what is the best way to handle this. I'd like to make this simple to install and integrate into apps, without forcing the user to dig through a long README. Basically they should be able to NPM the module, then add a line or two of code in the relevant place, and have it "just work". I don't want them to have to download other stuff, tell the module where to find the static files, etc.
Also, I'd like to make sure it can be included in both simple apps (i.e. one step from the standard "hello world") as well as complex apps using frameworks etc like Express, without undue hassle.
Is this possible, or is this beyond the scope of what the module system is designed to handle?
Once your package in installed with npm install mypackage -g you can use __dirname inside your executable to find the directory it's running in.
Likely /usr/local/lib/node_modules/mypackage/bin/mypackage
With your assets in /usr/local/lib/node_modules/mypackage/assets
so __dirname + '../assets' + myasset should correctly find your asset

Resources