How to Hide Your JavaScript Source Code (Don’t!)

By | March 7, 2014

Just don’t. If you are trying to focus on hiding your trade secret sauce that you’ve written into your new single-page JavaScript application you’re just wasting your time. If you’ve coded the entire framework and all your libraries by hand then no one will be able to understand your code enough to steal pieces, they will do an entire copy of your website. The odds are however that you’ve leaned on some existing libraries, that more of the code in your final product was written by someone else entirely. That’s completely okay! For years now as developers we’ve stood on the shoulders of giants to create our finished work. Great libraries like jQuery, frameworks like AngularJS, layout frameworks like Bootstrap all give us a great and well tested path of least resistance to launch.

The idea that you’re able to protect your code through minification or obfuscation isn’t new. ActionScript decompilers started coming out much to the dismay of Flash developers and shortly after that the ActionScript obfuscators hit the market. Minification is the process of removing all extra spacing and lines from a file or set of files for the reason of saving space. Obfuscation is the process of making your code illegible, even going so far as to encode strings that are later decoded. Obfuscation can lead to introducing hard to debug issues, and only protects your strings from a first glance as it is simple enough to unencode the entire document and retrieve said strings.

It’s the strings that can allow anyone to see in your code what your trade secret sauce is. What combination of libraries you used in a project help make it unique, but the interconnecting code that brings them together is what make it a product. Each library has a certain set of strings in them that act as markers, version numbers, unique variable names that will allow those libraries to be identified even in a minified state. You can’t hide the recipe for your JavaScript application. So stop trying! There are also restrictions on certain libraries that ask for attribution, or that they remain as part of open source projects.

View source is the spirit of the web, being able to look at how the documents and applications are structure is part of how the World Wide Web became so popular. That low barrier to curiosity where you could simply inspect the client side code being delivered to you allowed for a generation of tinkerers to be born. Those same tinkerers went on to build the libraries that you have now brought together to make your application. Don’t focus on hiding what you’ve created. Focus on making the best product possible and be proud of the libraries and frameworks you’ve used to create your product. Without a herculean effort, no one will be able to discern a gem of code that you’ve wrote, pull it out and then profit off it. Stop worrying and get back to making sweet JavaScript applications.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.