Any plans on big security/deploy updates before v1.0.0?


#1

So I know that there is no way to obfuscate HTML, CSS, JavaScript effectively.
Current release of Electron, allows to stop entire website in .asar file (which then can be easily extracted). Unfortunately that’s not enough for making full-release application as it is.

Yes, I know, there’s no way to protect applications for 100%, let’s skip that extremely obvious part.

This isn’t topic of being: “omagherd, wai u no implimimnt, dis is gud, u bed”.

I was just simply wondering if developer community behind Electron have in plans making the application more release-richer-and-friendly. Where user of the said application could create standalone executable (for all three platforms) with it’s own meta-data. While having the website code, obfuscated on software level. So not plain text, or basic obfuscation, or archive compression. But baked into executable and obfuscated as Electron’s source-code just like Electron’s executable.

I know there’s lots of Linux applications, I’ve visited about 4 of them, but all they did was what Application-Distrubtion.md told to do. So there’s no greater usage (except making it 25 seconds or less shorter). While your application is already amazing and great, I think that improvements upon deploy and security of files would really hit the spot. Heck I would even make monthly payments for this (I know it’s open-source, but just trying to sharpen the edge of the attitude).

Once again, I’m sorry if it sounds like rant. I’d just like to know. If there will be any extremely viable security and deploy upgrades between now and Electron v1.0.0


#2

I hope I’m allowed to bump after a month. Still would like to hear the answer?


#3

I think it is unclear what you’re really asking. Are you asking:

  • If GitHub has any plans for what you’re looking for?
  • If the developer community has any plans for what you’re looking for?
  • What is it you’re looking for?
    • It sounds like you’re asking about a way to compile JavaScript (and other resources) into a binary. But you mention security too and compilation isn’t security (note the easy availability of decompilers for pretty much everything).
    • You also mention “deploy” but you don’t make clear what your expectations are there.

I can’t guarantee that you’ll get any more responses but being more clear about your questions could help.


#4

I think it is unclear what you’re really asking. Are you asking:
Okay.

If GitHub has any plans for what you’re looking for?
No. Since GitHub isn’t developing Electron, community of developers does.

If the developer community has any plans for what you’re looking for?
Yes. Implementation of compiling the data.

What is it you’re looking for?
Able to make editing source of program harder, than just extracting .asar file or just plainly editing the files in sub-directories.

It sounds like you’re asking about a way to compile JavaScript (and other resources) into a binary. But you mention security too and compilation isn’t security (note the easy availability of decompilers for pretty much everything).
Yes, indeed. But it’s still harder to decompile and read, a compiled program, than to read and modify source-code in default-app folder.

You also mention “deploy” but you don’t make clear what your expectations are there.
Deploy, meaning, compile the data and attach custom common meta-data to it. Make it look more like a program.

I can’t guarantee that you’ll get any more responses but being more clear about your questions could help.
Welp, I’m trying to, if you’ll keep asking questions of my questions (question-ception), I’ll gladly answer them if that anyhow brings it closer to answer.


#5

have you found the answer?