How to protect code?
I have a question on github code policy. Generally in all the environments like vercel, render, railway etc. We have auto deploy code from github repository. How do we ensure we protect the code as its public? I mean someone can fork the repo and do their own thing.
Trending on Indie Hackers
Hey akshaymattoo,
Specifically for Vercel, you can use a private repository with auto deploy. I'm not too familiar with the other environments but I imagine they can also work with a private repository.
I deployed my Newsletter site (https://generatedpress.com) from a private repo through Vercel. It has auto-deploy enabled so whenever I push to the main branch, it still works even though it's private.
I suggest trying out the environments with a private repo!
Thank you that helps. I will try that.
First, make sure your repository is private.
Moreover, make sure that no configuration's included in your code. Both have to be decoupled: you store your configuration away from your repository codebase. You can generally follow the 12 factors of best practices for modern apps.
Have a look: https://12factor.net/config
Finally, you may add a license to your project that restricts commercialization and non-allowed usage. Hope this helps.
Hey @saidaitmbarek, very good points. Would you recommend a license that fits well for solo builders? I don’t use any currently, just protect my code by private repo and decoupled secrets from code.
I am doing the same as @mateusmsouza. Please suggest steps and what license to apply on the code.
It really depends on your project and what software you're using. Assuming you use GPLv3 libraries, you must yourself release your software under the GPLv3 licence.
The most restrictive creative commons licence is the "CC-BY-NC-ND" which restricts commercialization of your software.
Just as a heads up, if you have already pushed your code into a public repo AND your code contained any keys/secrets then they have been copied by bad actors.
Reset all keys/secrets that you had in that repo and make sure you do not store those details in a repository. Ideally they are injected at build time.
Keep your repo private. Almost every hosting provider such as vercel and netlify allow you to connect your private repo and auto deploy it.
I am using render I will try that. Thank you for the response.
Tldr: you can't do it. JavaScript code needs to be available to the client. You can only make it harder and more annoying.
For node code (eg. Electron) you can use bytecode build step that will convert your code into semi-native V8 bytecode version of your code. This will already make 95% of rookie hackers go away.
You can also use this if performance hit is not w problem: https://github.com/javascript-obfuscator/javascript-obfuscator . It'll make people reverse engineering it life's a lot harder
Keep your repo private. Almost each and every web hosting issuer such as vercel and netlify enable you to join your personal repo and auto install it.
http://garagedoorrepairglenallen.net/garage-door-spring-repair/
This are some excelent tools to showcase your work and protect your code as well:
www.protegerhtml.com/en
www.protegerjavascript.com/en
www.protegerphp.com/en
www.ofuscarphp.com/en
and
www.protegerfotos.con.gt/en
We have developed all those tools at www.sabro.net/en which you can test for free directly from your browser, hope it helps
Cheers!!!
Thank you will surely take a look.
to protect code, i would highly recommend making a repository private. I would then add some gates on github that for example would require your authorization before code would be merged into your project's master branch.
Thank you very much. Will do it.