How can I prevent javascript code theft?

You cannot hide it because your browser needs it to perform it. Simple as that.

You need to understand that it is a script executed on the client side. It is not compiled (meaning it's not a binary (0 and 1 machine language)). So it is freely readable.

Nevertheless you can obfuscate it using tools like YUI compressor

Basically this kind of tools remove extra spacing, tabs line returns and rename methods (like method "a" standing for "MyShinyMethodWhoMakesNiceStuff") and variables. That makes it very difficult to read and understand code. Reverse engineering is thus harder to achieve.

Some uses some tricks like base64 or other encode and decode part of code with a function but it's only tricks and will not fool the sharp eye.

By obfuscation, you make people spend much more time in analyzing your code and stealing is thus much more complex, and takes time. Let's say you made a nice javascript plugin that makes every white background in purple (ok, not so great example but used it just for having an imaged example). Somebody might want to steal it and makes it blue instead of purple. If code is obfuscated, he might think that's easier to copy your idea and rewrites it on his own with his own code and blue background, it will takes him less time than reverse engineers and understanding wells yours, easier to maintain in the time too. In the end he will "only" "steal" your idea but not your code.

I think that in the end, it's just a matter of time.


You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.

The actual code in your example is downloaded with the jquery.js file.


On JavaScript "protection" - basically what everyone else said.

Explaining the example you provided:

Indeed, http://demos.pixelworkshop.fr/circular_countdown_cc/js/countdown.min.js appears to be empty, however the actual plugin code is appended to the jquery.js file, starting at line 58:

http://demos.pixelworkshop.fr/circular_countdown_cc/js/jquery.js


If you see it's empty, it means that it's empty. There is no way to hide your javascript code from a client that must execute the code.

Tags:

Javascript

Php