Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

swapnil__weeb's avatar

How to keep secure code of Electron when someone extract asar?

I am building an offline electron js react js and express js application. but the issue is when I build the app and extract the asar file all the code gets exposed including express js.

How can I protect express js code. How others are building offline applications with electron js. I have been searching for the solution since a week.

I tried react only but ittt does not support direct connection to the database without the backend.

so is there any way to protect backend code from electron or express and how apps like vyapar, WhatsApp, slack manage this security. ???

0 likes
5 replies
Lumethys's avatar

there is absolutely no way to secure a client-side application without a backend

all of the apps you mentioned have a backend server

martinbean's avatar

@swapnil__weeb If you don’t want people to have you code, don’t let them install it on their computer.

Unfortunately, anything you put in to someone’s hands, they can then read it and poke around in it. It’s why popular programs like Photoshop and Microsoft Office made by world-class engineers still ended up with key cracks.

1 like
jlrdw's avatar

@swapnil__weeb I suggest focus on securing data, don't worry about code.

Meaning any app you write, any knowledgeable developer would know how to duplicate what it does just from the way it works.

Take this forum for instance, a knowledgeable developer could easily duplicate how it works, even in another language like the spring framework or spring boot.

To truly protect code, you need an exe file which is tied to a computers motherboard so it will not work with another motherboard.

Autocad uses this technique.

Edit:

But @martinbean is correct, hackers can usually find a way.

martinbean's avatar

To truly protect code, you need an exe file which is tied to a computers motherboard so it will not work with another motherboard.

@jlrdw The executable can still be reversed, though.

I reverse engineer PlayStation games in my spare time, which are executables that have been compiled specifically for the PSX console hardware. It’s literally just machine code, but can easily be decompiled into pseudo C code with reverse engineering tools.

Please or to participate in this conversation.