stackoom
  简体   繁体   中英

NodeJS PKG How to exclude source code from being included in plain text

 原文  2022-05-15 17:22:14       node.js/ compilation/ exe

Question

For various reason, including protecting my source code and just a right click to execute instead of installing node, npm ci, etc... I would like to package my nodejs app into an executable.

From my research I found

I'm trying to use pkg because it felt easier to use after a first look at it. But on a sandbox project to test his capabilities, I came across an issue.

Considering :

// /src/module.js
function bar(str) {
  let tic = "another sensitive place";
  console.log(str);
}

function foo() {
  if (true) {
    return "some really important business are done and the how should";
  }
}

module.exports = {
  bar,
  foo,
};

// index.js
const mod = require("./src/module.js");
mod.bar(mod.foo());

And the pkg configuration in package.json

{
  // many lines ommited
  "bin": "index.js",
  "pkg": {
    "scripts": [
      "src/module.js",
      "index.js"
    ],
    "targets": [
      "node16-win-x64"
    ],
    "outputPath": "bin/"
  },
  // many more lines ommited
}

When opening the .exe file generated in ./bin directory by the command pkg . , I can find my code in plain text. Why ? How to make pkg only include the bytecode ? And yes, I'm aware of string being plain text even in bytecode, but at least the logic around is protected.

Screenshot of /bin/index.exe clear code in generated executable

1 answers

solution1
 0  2022-05-15 18:19:04

I figured out why my code was included in plain text and in bytecode. And I though posting the answer for futur reader might be better than deleting my question.

From the documentation of pkg , in the Other considerations section :

By default, pkg will check the license of each package and make sure that stuff that isn't meant for the public will only be included as bytecode.

I conducted more tests and if the package.json have either the property private set to true (or "true" ) or the license property set to public license (eg: ISC).

In my case, the npm init used to create my sandbox project set the license property to ISC .

Removing the licence property from package.json solved the issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Exclude files of being packaged in exe (vercel/pkg) with NodeJS / Express? How to secure my NodeJS code - no plain password and no text file if possible How to encrypt plain text in nodejs How to send plain text from Javascript to NodeJS server How to get Nodejs Source code from Google cloud How can I get source code of nodejs from running app How to build nodejs as a shared library from source code Nodejs: Getting plain text from HTML but retaining ordered and unordered lists How to pass text/plain content in axios POST request in nodejs How to allow filtering of plain-text into HTML tags in NodeJS and PUG?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM