Secure distribution of NodeJS applications
Yes it is possible, use this branch(based on 0.8.18) and any js code you put in 'deps/v8/src/extra-snapshot.js' will be ahead-of-time compiled to machine code and embedded in v8 as part of the normal builtin object initialization. You will need to build nodejs for each platform you intend to deploy your product.
The snapshotted code runs very early in the v8 initialization and you cannot access builtin objects in the 'module body'. What you can do is put all your code inside a global initialization function to be called later. Ex:
// 'this' points to the same as the object referenced by
// 'global' in normal nodejs code.
// at this point it has nothing defined in it, so in order to use
// global objects a reference to it is needed.
var global = this;
global.initialize = function() {
// You have to define all global objects you use in your code here;
var Array = global.Array;
var RegExp = global.RegExp;
var Date = global.Date;
// See ECMAScript v5 standard global objects for more
// Also define nodejs global objects:
var console = global.console;
var process = global.process;
// Your code goes embedded here
};
Also, this assumes your entire code is defined in a single file, so if your project uses nodejs module system(require) you need to write a script that will combine all your files in one and wrap each file in a closure that will trick your code into thinking it is a normal nodejs module. Probably each module closure would expose a require function, and this function would have to decide when to delegate to the standard 'global.require' or return exports from your other embedded modules. See how javascript module systems are implemented for ideas(requirejs is a good example).
This will make your code harder to debug since you wont see stack traces for native code.
UPDATE:
Even using v8 snapshots the code gets embedded in the node.js binary because v8 prefers lazy compilation. See this for more information.
Yes you can create a binary format. V8 allows you to pre-compile JavaScript. Note that this might have a bunch of weird side-effects on assumptions made by node core.
Distributing source code means clients can easily steal our solution and stop paying licensing fees.
Just because you distribute the binary doesn't protect you againsts theft. They can still steal the binary code or disassemble it. This is protection through obscurity which is no protection at all.
It's better to give them a thin client app that talks to your server and keep your server code secure by not giving it away.