How To Obfuscate Javascript to Unreadable, but Valid

Question

I'm soon releasing my paid Electron application. I have worked for many months on it now, and i need protection on my source code.

i have 2 files, 1. file 5000 lines, and 2. file around 4000 lines. I need very good obfuscation on this, so it can't be read, and cant be cracked easily.

I'm willing to pay a little bit for a good obfuscator, if anyone knows any good ones that isn't free.

I have tried some different online javascript obfuscators, and most isn't very good, and is easily to read afterwards.

Thank you.

Answer 1

The short and sweet is: what you're looking for does not exist.

At its core, electron is very little but a repackaged webview executing javascript/html/css. The moment you execute your application, the said webview has to have full, concurrent access to the files required by it.

This means your code is there, open, unencrypted, and the only defense you have against somebody peeking is obfuscation. Which, let's admit one thing, falls short pretty quickly when the person digging into the code knows javascript.

If you were using a framework for your app that allowed purely native code, you could write a DRM-esque toolchain for it, but sadly, that's not even an option. Beyond uglifying your code and moving as much of it towards WASM as possible, there's no real other option, just compromises and trade-offs.