Cheers.I realize I'm late the party here, but I wanted to add my $0.02Having a good solution for source code protection is cool and probably necessary for certain commercial softwares, but we don't have such plan in Electron, and apparently all major users of Electron don't have needs for that.IMO that's a bit of a co-out answer, particularly the "all major users... don't have needs for that". Since the integrity check could be integrated in the electron binary itself, there would not be an overload in the javascript code. Very disappointing. Until that changes, our answer on this is going to continue to be the same.If people want to continue discussing this, methods of implementation, options or alternatives, please feel free to do so (civilly) on Thanks everyone for your dedication to Electron and for all the feedback!Successfully merging a pull request may close this issue.
For sensitive parts of the application you usually write custom addons in a compiled language like C/C++, as suggested above.It might be worth exploring writing the code in C/C++ and then using a tool like Anything can be disassembled / unobfuscated with enough effort. apparently attacker could get my API key&secret. These logic has to run on client side but I don't want my competitors to get it. This project is amazing, and we really appreciate the work you are putting into it -- but I really think it's misguided to dismiss this option as something people don't want.I realize this is a free and open-source project, but let's not pretend that security isn't something everyone should care about. "These type of posts appear on Electron and NW.js forums constantly.
So even if we don't include a devtools shortcut, you can still pass the Snapshots are generated by V8, which means its format is documented - this isn't "protection".From what I understand, this is not the case. Cross Platform Compatible with Mac, Windows, and Linux, Electron apps build and run on three platforms. Very disappointing. I wish i had the time to put in so i can come up with my own solution for this. Is there a reason for protecting the code that copyright / licensing doesn't cover?My 2 cents here, NW seem to solve the problem of v8 snapshotsI came across this article from nwjs, "compiled binary code now run as fast as JS source code without performance overhead" which was 30% previously, and it will be turned on by default in the later release of NW.It's too uncomfortable for developers. and I would get a massive bill from Google. Writing your code in JavaScript and having it included in the ASAR would keep the majority of people out. You can extract their app.asar and access the source code. hours that are being spent not making Electron better), I am willing to concede the first point, though I still believe it's "good enough" for the vast majority of people interested in Electron.
Electron is an open source project maintained by GitHub and an active community of contributors. I tried JxCore and it does not protect source. As in "want the source restricted". Give up and switch to NW...I would like to share other node.js project which use code protection in very elegant way: Maybe there is hope for source protection in Electron?In addition to using C++ for some parts, you can also minify and I believe this is possible by building your JS apps with webpack or SPA framework like angular2/4/6 or vuejs2.