Web Security

Full-stack JavaScript Source Code Protection

September 8th, 2014 | By Pedro Fortuna | 4 min read

Good news for the Node.js aficionados! Jscrambler now officially supports protecting the source of Node.js apps. If you have been paying attention, Node.js has undoubtedly risen.

Perhaps you are already using it! In the last two years, we have received numerous requests from Node.js developers to support Node.js obfuscation. Woohoo! We are now delivering.

Developing support for Node.js was fun and had quite an impact on our development team.

After getting our knees deep in Node.js development, we decided to switch from PHP + Zend to Node.js. Node.js brings tons of advantages.

We are happy to announce that JScrambler is the first Full-stack JavaScript source code protection in the market.

We already supported protecting client-side JS.

Now, all source code transformations work with Node.js. To support Node.js, one of the necessary steps was to work on the source code transformations that injected DOM objects in the protected code (e.g., window).

The exceptions are Domain Lock, Browser, and OS lock – these source code transformations are meant for the client-side code only and do not make sense on the backend code. When you select the Node.js application mode, these transformations will be unavailable.

Jscrambler 3.6

Jscrambler 3.6 now supports Node.js source code protection. Of course, not everyone will need to protect Node.js apps, but there are two scenarios where it makes sense:

You are delivering your Node.js code to others

Perhaps you custom-develop applications for other companies.

Naturally, you probably have invested in a codebase for every customer to speed up the development and offer competitive prices.

With time that common codebase will have a lot of time and money invested in. In that case, you may consider protecting your sources to reduce the risk of this code leaking out.

Leaked code may fall into the hands of competitors, which may inspect your code to learn about your code, and perhaps some business details. Or it may encourage new competitors to open up a store on the other side of the street without the initial investment (i.e., developing your codebase).

Neither want to build upon it. Most developers will react badly when they need to do something on top of a bad developer’s work. Imagine building on top of heavily obfuscated code. Existing or new competitors, protecting your code might be able to prevent you from getting into IP legal disputes.

Protecting your codebase will also discourage your clients from hacking your code. Be it to unlock features, or to pirate it, you’ll want to stop them from violating your license agreement.

You deploy Node.js apps to the Cloud / shared hosting

The cloud has done immensely for the Web.

You can deploy your Web Apps to a virtual server and not spend a minute worrying about server outages. However, we all felt a bit nervous about putting our code in a server you don’t know who has access to it and how firmly the security policies are being followed.

By protecting your sources, you’ll get an extra layer of security in case your code ends up being accessed by others.

In summary, by protecting your code you can reduce the risk of:

  • your code leaking out and giving out details of your work to existing competitors

  • your code leaking out and being used to bootstrap new competitors

  • your code is being hacked by your clients to unlock features

  • your code being leaked onto the Internet and pirated

  • your license agreement is being violated

  • your code being accessed by others in Cloud / shared hosting environments

  • dealing with IP legal disputes

To test the compliance of Jscrambler with Node.js, we used the unit tests from the most used npm libraries, such as Express, Koa, etc. We passed all of them.

Jscrambler integration, plans, and pricing

If you don't know where to start, you’ll need a Jscrambler account.

Just register a trial account at Jscrambler. If you are just interested in minifying or compressing your code, you may be glad to hear that Jscrambler is free for that purpose. You can use the API too. If you need the protection, you’ll have to subscribe to one of the existing plans.

Jscrambler provides several resources for integration in your build process.

It’s very easy to integrate Jscrambler in your Node.js build environment as it already supports both Grunt and Gulp. If you use neither, you can grab the API client and customize it to fit your needs. And if that still does not work for you, you can always use the API CLI executable that you can run from your scripts or your IDE.

To configure any of the API clients, you just need to grab your API keys and write a config.json file listing the source code transformations you want to use. It’s simple. Check all available documents to use and learn.

That’s it. If you are doing Full-stack JavaScript Web Apps, and you want to secure its code, give Jscrambler a try.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next


How to Protect Your Source Code With GitLab and Jscrambler

In this tutorial, we will guide you through implementing client-side protection in your GitLab instance using the integration with Jscrambler.

September 10, 2021 | By Pedro Fortuna | 5 min read

Application Security

The Importance Of Protecting Your App’s Source Code

In this post, we'll explore the importance of protecting your apps' source code to reduce the attack surface.

October 14, 2021 | By Jscrambler | 3 min read

Section Divider

Subscribe to Our Newsletter