For various reason, including protecting my source code and just a right click to execute instead of installing node, npm ci, etc... I would like to package my nodejs app into an executable.
From my research I found
I'm trying to use pkg
because it felt easier to use after a first look at it. But on a sandbox project to test his capabilities, I came across an issue.
Considering :
// /src/module.js
function bar(str) {
let tic = "another sensitive place";
console.log(str);
}
function foo() {
if (true) {
return "some really important business are done and the how should";
}
}
module.exports = {
bar,
foo,
};
// index.js
const mod = require("./src/module.js");
mod.bar(mod.foo());
And the pkg configuration in package.json
{
// many lines ommited
"bin": "index.js",
"pkg": {
"scripts": [
"src/module.js",
"index.js"
],
"targets": [
"node16-win-x64"
],
"outputPath": "bin/"
},
// many more lines ommited
}
When opening the .exe
file generated in ./bin
directory by the command pkg .
, I can find my code in plain text. Why ? How to make pkg only include the bytecode ? And yes, I'm aware of string being plain text even in bytecode, but at least the logic around is protected.
Screenshot of /bin/index.exe
clear code in generated executable
I figured out why my code was included in plain text and in bytecode. And I though posting the answer for futur reader might be better than deleting my question.
From the documentation of pkg , in the Other considerations
section :
By default, pkg will check the license of each package and make sure that stuff that isn't meant for the public will only be included as bytecode.
I conducted more tests and if the package.json
have either the property private
set to true
(or "true"
) or the license
property set to public license (eg: ISC).
In my case, the npm init
used to create my sandbox project set the license property to ISC
.
Removing the licence
property from package.json
solved the issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.