@feasibleone/aegis
v1.1.1
Published
Aegis code protection
Downloads
37
Readme
Aegis code protection
Aegis is a code protection tool that helps you protect node.js applications from reverse engineering and tampering. It is designed to be easy to use and integrate into your existing projects.
Features
- Code Encryption: Aegis encrypts your code to make it difficult to reverse engineer.
- Code Obfuscation: Aegis obfuscates your code by compiling it to bytecode.
- License Management: Aegis allows you to manage licenses for your applications.
Usage
Aegis currently supports the following node.js
versions:
16.20.2
, also likely other 16.x versions
To use Aegis, you need to install the package from npm:
npm @feasibleone/aegis
General Usage
Aegis works by requiring the package at the files you want to protect.
Protecting files
Aegis will generate protected versions of the files upon process exit when the
AEGIS_BUILD
environment variable is set. The encryption parameters for protecting the files can be set via the following environment variables:AEGIS_CIPHER
- The encryption algorithm to use. The default isaes-256-cbc
.AEGIS_KEY
- The encryption key to use. If not set, a built-in key is used.AEGIS_IV
- The initialization vector to use. If not set, a built-in IV is used.
Naming of output files
By default Aegis does not overwrite the original files, instead it creates new files by adding
.cjs
extension to the original file name. This is done to prevent accidental loss of source code files at developer machines.Usually Aegis will run in a CI job, where it can be configured to overwrite the original source code file by setting the
AEGIS_OVERWRITE
environment variable.
[!WARNING] Aegis will overwrite any existing files without a warning. Even if you have not set
AEGIS_OVERWRITE
, be careful if you have.js.cjs
files that match names of.js
files.
Obfuscating Code
To obfuscate your code, require aegis at the top of each file you want to obfuscate, as shown below:
require('@feasibleone/aegis')(module);
Obfuscating code has some side effects, such as loosing line numbers from call stack for the files that were obfuscated. This is because the code is compiled to bytecode and the original source code is not available.
Encrypting Code
If you only want to encrypt your code, without obfuscating it, you can pass an additional parameter, as shown below:
require('@feasibleone/aegis')(module, 'js');
Checking Licenses
Aegis returns an object, which can be used to check licenses. This
object has a property named active
which is a function. This function
returns an object, that gives information about the licensed features.
This object always has a property named expires
which holds the
timestamp of the license expiration date. If the license has expired
this function will throw an error with code AEGIS_EXPIRED
and
type aegis.expired
. In addition to the expires
property, the
returned object can have other properties, depending on the license.
Example usage:
const license = require('@feasibleone/aegis')(module);
// log the license information for the feature 'test'
console.log(license.active('test'));
In addition to checking the license information, you can also write logic, which depends on the license data:
const license = require('@feasibleone/aegis')(module);
console.log(`You have a license for ${license.active('test').users} users`)
Generating a license
Aegis allows you to generate licenses for your applications.
The license contains the license terms and the cryptographic
parameters needed to load the protected files.
Be sure to set the same values (or defaults) for AEGIS_CIPHER
,
AEGIS_KEY
and AEGIS_IV
as you used to protect the files.
To generate a license, you can use the aegis
command line tool. The tool is
installed with the package and can be used as shown below:
AEGIS='{
"terms":{
"expires":2208988800000
},
"features":{
"test":{
"aegis":true
}
}
}' aegis
Generating is also possible via the API:
console.log(require('@feasibleone/aegis')({
terms: {
expires: 2208988800000
},
features: {
test: {
users: 10
}
}
}));
The license is a string, which can be saved to a file or a database.
Loading a license
Loading the license should happen early in the application, before loading any of the protected files. The license is loaded as shown below:
require('@feasibleone/aegis')('license string');
Reading license details
require('@feasibleone/aegis').info('license string');