What is the best solution to obfuscate Angular JS controller code

gulp obfuscation minify uglifyjs source-code-protection
Mishi picture Mishi · Jan 19, 2017 · Viewed 9.7k times · Source

I want to Obfuscate + Minify my Angular JS code in order to not make it public and if someone tries to decode it, then make it a hurdle. Code is running up on the server.

Note: In future we are planning to shift http to https.

I have seen a lot of options like Gulp, Google Closure Compiler, UglifyJS etc and many tool which a user can download and obfuscate the code like jsob, javascript obfuscate etc.

I need a suggestion and have few questions.

  1. What is the more better approach apart from encryption?
  2. If I shift to https shall I still require obfuscations?
  3. What are the better and easy approaches with pros and cons?
  4. If I use a tool like JavaScript obfuscate, then what will be its pros and cons? Am I able to get It back, I mean decode?
  5. Or If someone is able to look into gulp file will it be easy to get my code?

Answer

user7366409 picture user7366409 · Jan 19, 2017

1 - It really depends on what you are trying to achieve. If you really want to protect your code to hide your business logic, you should go for a resilient solution, instead of relying on a minification or obfuscation tool per se which is far too easy to defeat.

2 - Https simply means that the communication between your browser and website is encrypted. Https can also be decrypted, so it would make sense to apply other protection mechanisms

4 - JavaScript Obfuscator and several other tools do not protect the code, they are simple obfuscators and so they can be easily reversed in minutes and that's why some people think it's not worth protecting code on the client-side. In fact, you can get most of the original code using a simple JS optimizer. ClosureCompiler and UglifyJS have precisely this different approach, they reduce the size of the code and optimize it, they do not offer code protection.

3, 5 - I found this blog post from js13kGames competition creator quite useful for my case. He suggests a solution that seems to be more appropriate - Jscrambler. IMO you should give it a try as it combines code transformations with anti-debugging and anti-tampering features. You can also lock your code to a predefined list of domains or set an expiry date to deliver expirable demos, for example. Maybe it could be a fit for your case too as it supports Angular.

Related questions

Stylesheet not loaded because of MIME-type

I'm working on a website that uses gulp to compile and browser sync to keep the browser synchronised with my changes. The gulp task compiles everything properly, but on the website, I'm unable to see any style, and the console …

Read More
How to fix ReferenceError: primordials is not defined in node

I have installed node modules by npm install, then I tried to do gulp sass-watch in command prompt. After that I got the below response. [18:18:32] Requiring external module babel-register fs.js:27 const { Math, Object, Reflect } = primordials; ^ ReferenceError: primordials is not …

Read More
gulp command not found - error after installing gulp

I've installed gulp both globally and locally using npm install gulp npm install gulp -g npm install gulp-util npm install gulp-util -g When try to run gulp i get 'gulp' is not recognized as an internal or external command, operable …

Read More