This course is out of date and does not reflect our standards or industry best practices.

Check out a free preview of the full Electron Fundamentals, v2 course:
The "Obfuscating Code" Lesson is part of the full, Electron Fundamentals, v2 course featured in this preview video. Here's what you'd learn in this lesson:

Steve explains why Electron isn't built for obfuscating code, but gives workarounds to this issue.

Get Unlimited Access Now

Transcript from the "Obfuscating Code" Lesson

>> Steve Kinney: One thing I want to show you, and this is best seen on MacOS, is that if we go to Show package contents, and we go to Contents, I believe it's resources. And we see this app.
>> Steve Kinney: Hey, look at that!
>> Steve Kinney: It's my application, right? It's all of my source code.

[00:00:23] If you want to truly obfuscate your source code, Electron's not really a great choice for you. It is built for open source apps like Atom and Visual Studio Code. That's not a thing in there. However, you could theoretically write native modules that are compiled, right? You can use them.

[00:00:39] So if there is company secret code that you need to use, you just need to compile it. You probably need to compile it in a way that you can include it as a native dependency in there. And then that would be obfuscated, but like the UI code. In the same way if you send JavaScript to the browser.

[00:00:53] Same basic idea. However, sending this file directory isn't great either ,cuz there is like some file opening costs in there as well. So there is format called ASAR, A-S-A-R, which is basically, it's like a tar like archive format that supports basically, it's effectively a giant text file. But it makes random access reads and writes really a lot faster.

[00:01:14] And to do that,
>> Steve Kinney: You simply add the asar flag there.
>> Steve Kinney: Go ahead and run build now.
>> Steve Kinney: Cool.
>> Steve Kinney: Now we can do this Show package contents again. Contents, resources. Now it says app.asar file. You're like, totally, totally great. Not really. It's not gonna protect your code from anything.

[00:01:53] You can kinda see in here that the asar command line tool, you can start to see stuff that looks familiar in here. The asar command line tool is open source. You can basically un-asar anything you want. Which means if one wanted to have fun, they could take any Electron app on their computer, go ahead, let's say, Slack.

[00:02:19] And go Show Package Contents > Contents > Resources, grab that app.asar, use the command line tool to unarchive it and go read all the client side source code. I say that cuz I think Atom and Visual Studio Code are open source. But you could totally [LAUGH] take a look at anything you want in there, as well.

[00:02:40] But yeah, that is the kind of quick and easy way. Again, if you're using Electron Forge, it's built in. This is all kind of set up for you already, but it's using the same tools as we just showed, right? So there's no different black magic. It's using Electron package under the hood.

[00:02:54] Electron Forge is basically a way of taking some of these other libraries I showed you, and pulling them all together.