I am about to begin the process of creating a Windows-based utility app to manage localized expressjs server that will utilize a graphical Windows based application to manage some of the features of this service

however before I begin I would like to speak with the community to try to get some advice Advice on how to properly protect the code since it will all be node JS bees I need to make sure it’s protected and some of my initial reading online seems to show that using electron by not be the most Safeway saw that being said how are you guys handling this to keep node JS these code protected with electron and in my case On windows environment

Any advice would be greatly appreciated much thanks

tl;dr You can and it is not worth the effort. Just pack your source into a asar file, it keeps most people away from it.

Long awnser:

• Use the asar option when building your app.
• Obfuscating the code with a uglyfier.
• Use WASM
• Language bindings to grab your data from a compiled format
  • neonjs for Rust
  • edge-js for C#
  • N-API, NAN for C/C++

Otherwise your files are scripts, all these steps only slow down a attacker (Tactic of many defenses), but they will not prevent them from accessing them. The devTools are fairly easy to get opened and people will be able to read the code in some way, shape or form. And if someone gets your Obfuscated code it is simple to reconstruct what is happening (see here for reference: https://www.youtube.com/watch?v=y6Uzinz3DRU)

If you want to protect yourself from code manipulation, there are better ways to do it. Like Hashing, Context Isolation etc. electron has a whole chapter on the matter.

https://github.com/electron/electron/blob/master/docs/tutorial/security.md