The framework currently supports encryption for both the main process and frontend code, enhancing software security. There are two code encryption schemes: Bytecode Encryption and Compression Obfuscation Encryption.

Command

# You must build first before using code encryption
ee-bin encrypt

See: The Build section in Quick Start Tutorial.

Encryption Configuration File

File ./cmd/bin.js

frontend: {
  // Supported: none - no encryption, confusion - compression obfuscation encryption
  type: 'none',
  // File matching
  // The ! symbol at the beginning means filter/exclude
  files: [
    './public/dist/**/*.(js|json)',
  ],
  // File extensions to encrypt, only supports js
  fileExt: ['.js'],
  cleanFiles: ['./public/dist'],
  // Obfuscation encryption configuration
  confusionOptions: {
    // Compress to one line
    compact: true, 
    // Remove string literals and place them in a special array     
    stringArray: true,
    // Encode all string literals in stringArray, values: 'none' | 'base64' | 'rc4'
    stringArrayEncoding: ['none'],
    // Inject dead code, note: affects performance
    deadCodeInjection: false, 
    // Dead code ratio
    deadCodeInjectionThreshold: 0.1,  
    // All call arguments can be extracted into different objects
    stringArrayCallsTransform: true,
    // Convert numbers to expressions
    numbersToExpressions: true,
    target: 'browser',
  },
  // Suppress the javascript-obfuscator promotional banner during obfuscation
  silent: true,
},
electron: {
  // none - no encryption
  // confusion - compression obfuscation encryption
  // bytecode - bytecode encryption
  // strict - obfuscation encryption first, then bytecode encryption 
  type: 'confusion',
  files: [
    './public/electron/**/*.(js|json)',
  ],
  fileExt: ['.js'],
  cleanFiles: ['./public/electron'],
  // bridge.js is the BrowserWindow preload script and must remain in a readable format,
  // so it is specifically listed to use obfuscation encryption rather than bytecode encryption.
  specificFiles: ['./public/electron/preload/bridge.js'],
  // The Electron package entry must remain as main.js; in bytecode/strict mode,
  // it becomes a tiny bytenode loader shell that requires main.jsc.
  entryFiles: ['./public/electron/main.js'],
  encryptDir: './',
  // Hide the javascript-obfuscator promotional banner during obfuscation encryption
  silent: false,
  confusionOptions: {
    compact: true,      
    stringArray: true,
    stringArrayEncoding: ['rc4'],
    deadCodeInjection: false,
    stringArrayCallsTransform: true,
    numbersToExpressions: true,
    target: 'node',
  },
  bytecodeOptions: {
    electron: true,
  },      
}

type

• none: no encryption
• bytecode: bytecode encryption
• confusion: compression obfuscation encryption
• strict: obfuscation encryption first, then bytecode encryption

files

File matching for encryption. More powerful, explanation:

files: [
  'electron/**/*.(js|json)', // Match js|json files in the electron directory
  '!electron/xxx.json' // Exclude the electron/xxx.json file
],

confusionOptions

This configuration item is only effective when the type is confusion.

Method 1: Bytecode Encryption - bytecode

What is bytecode encryption?

Bytecode is an intermediate representation after source code compilation, similar to assembly, and is the instruction set executed by the virtual machine. The difficulty of reverse (de)compilation is comparable to that of traditional compiled languages.

(Deprecated) Code Requirements

In v5, it is no longer necessary to write string representations in class files.

Controller and service layer code previously required adding a toString() method to identify encrypted .jsc (class) modules.

For example: ExampleController

# Add a toString() method, returning the string representation of the class
ExampleController.toString = () => '[class ExampleController]';

# Export the module
module.exports = ExampleController;

Build Requirements

• If cross-built software has runtime errors, build it on the corresponding platform as follows:
• Build on Windows 32-bit OS: npm run build-w (32-bit)
• Build on Windows 64-bit OS: npm run build-w-64 (64-bit)
• Build on MacOS amd: npm run build-m
• Build on MacOS arm: npm run build-m-arm64 (M1 chip architecture)
• Linux has many distributions, please test on your own

Method 2: Compression Obfuscation Encryption - confusion

Configuration

# cmd/bin.js

confusionOptions: {
  compact: true, // Compress code to 1 line        
  stringArray: true, // Remove string literals and place them in a special array
  stringArrayEncoding: ['none'], // Encode stringArray with 'none', 'base64', 'rc4' for increased security
  stringArrayCallsTransform: true, // All call arguments may be extracted into different objects
  deadCodeInjection: false, // Whether to inject dead code, increases code size.
  deadCodeInjectionThreshold: 0.3, // Dead code injection threshold, default 0.3
  numbersToExpressions: true, // Convert numbers to expressions
  target: 'node', // Set the runtime environment
}

Build Requirements

• You can build both 32-bit and 64-bit applications on a Windows 64-bit OS.
• Other requirements are as described above.

Note

If the encrypted generated code cannot run, please execute npm run encrypt multiple times.

Reason: After encryption, the code is heavily obfuscated and may trigger certain keywords or character encodings, causing the code to fail to read properly.

Method 3: Compression Obfuscation Encryption strict

First apply compression obfuscation encryption, then bytecode encryption, making the code more secure.

Note

Same issue as above