Instead of trying to villify the poster (because a few posters here who are saying that securely boxing applications is useless appear to have little understanding of how some companies operate, and the fact that even though its theoretically possible to reverse engineer something, its practically impossible to reverse engineer an obfuscated C binary to a usable state as compared to some of the other languages listed), the better answer is to simply say that this kind of distribution is not possible with node.js simply because of the language javascript
Javascript is a fully dynamic language which has things like eval() and toString(). These things essentially mean that you cannot guarantee, 100% of the time, that your binary distribution of node.js (if you could do this) would work. There is code out there for example, which relies on toString() actually working properly, for the code to work (such as getting function names). Most static languages do not have these kinds of properties, and hence it is possible to completely transform the code into an obfuscated binary This is unfortunately the downside of languages like Javascript and Ruby. The distribution methods are just boxing the application up with a VM that runs your packed source (and obviously you can obfuscate the source, something like Google Closure Compiler does) however thats far from distributing it as a binary. I am pretty sure that someone can create binary distributions of the node.js applications with a disclaimer that it may break your code, but there is very little demand for a such a feature :) On Friday, 24 February 2012 02:56:43 UTC+11, Jeremy Rudd wrote: > > *What:* Can NodeJS apps be distributed as binary? ie. you compile the .js > app via V8 into its native binary, and distribute the binary to our > clients? ... or is minifying the code all you can do? > > *Why:* We build serverside applications in NodeJS for clients, that have > often to be hosted on the client's servers. Distributing source code means > clients can easily steal our solution and stop paying licensing fees. This > opens up the possibility of easy reverse-engineering or reuse of our apps > without our awareness. > > *Shamelessly cross posted on*: > http://stackoverflow.com/questions/9413123/secure-distribution-of-nodejs-applications > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
