How do you enforce software license in javascript?

javascript licensing
11,956

Solution 1

There is no way to "encrypt" JavaScript code other than obfuscating it so yes, it's true there is no way to reliably copy-protect a commercial JavaScript product.

They are still worth offering because

  • Most corporate customers in western countries will not dare risk steal software due to the risk of getting caught and sued for vast amounts of money - if not through the code, then maybe through a disgruntled intern blowing the whistle

  • Different from pirated office software, the theft is publicly just as visible and accessible as the original piece of JavaScript - you never know what techniques may exist (or come up) to find stolen JavaScript code using an algorithmic approach.

  • The real loss of business is probably not as heavy as one might think: People cheap enough to steal a JavaScript widget would simply fall back to a free one if that one wouldn't be available to steal. Commercial JavaScript widgets usually don't offer any unique functionality - popular things tend to get cloned quickly - their selling point is usually that they do what dozens of Open Source solutions do too, but extremely well, fast, cleanly, and well-documented.

Solution 2

There's always obfustication tools: http://www.javascriptobfuscator.com/default.aspx

This so question throughly hashes out (pun intended) the pros AND cons of obfustication practices

Solution 3

You cannot enforce the license, I suppose.
Perhaps they rely on honesty on the part of the companies planning to use their product...

After all, you have some open source projects with dual license: GPL for free / open projects, commercial otherwise (iText, for example, IIRC). The same reasoning applies for these projects.

Beside, you can make public a crippled version of the software. Of course, if you find a site of somebody using it and having paid to have the full version, it is easy to steal it too.

Often, like most open source softwares sold by companies, they rely on services around the software to make money: you buy their software, you get premium support, like fast fixes and updates, customizations, etc.

Solution 4

  1. There's no such thing as a "compiled project" in JavaScript.
  2. You do not have to "break into a system unauthorized to get the source code". As soon as your page has loaded, you have access to every bit of JavaScript the page is using.
  3. Copyrights offer a marginal amount of protection. If you find a piece of JavaScript on the net that is of interest, you're completely free to go through it and rewrite it in your own style. If you only copy and paste copyrighted code then you may have some potential liability but it's unlikely.
  4. The only true protection is through a patent but there's no protection without litigation.

Solution 5

That's the result of conflict between the web being an open technology, where all client side data is open to be viewed by anyone, conflicted with the proprietary and monetary interests of businesses and profiteering individuals, and the result is, attempts at obfuscation.

All obfuscation ultimately is securty through obscurity, so it's important to reiterate if it's on the web, someone can pick it apart, just depends if they can be bothered or not. The more valuable your software is, the more likely this is to be so.

A lot of businesses and individuals seem fearful that their software will be stolen, and this is usually misguided as more than often they are grossly over estimating the uniqueness of their software which unfortunately isn't a special snowflake most of the time.

The only way you can protect your Javascript is through obfuscation really, there are lots of online tools for this, one of the best being Google's Closure Compiler. Obfuscation goes some way to remove semantics from the code, for example useful variable names, and some such as the closure compiler actually can change the logic of the code. But, the code is still code, it's still logical, and someone can figure out what it does.

Share:
11,956

Related videos on Youtube

CQM
Author by

CQM

Updated on October 15, 2020

Comments

  • CQM
    CQM over 3 years

    I was looking at a javascript framework that looks pretty cool. I like the demos, when I looked at the page source and the attached .js file, I noticed the file has this "testing and evaluation purposes only, protected by copyright, this software is not free and is licensed to you for testing only"

    but right under that, the entire code is there (because it is javascript). I could see if you had a compiled project and someone would have to break into a system unauthorized to get the source code, but how would you even begin to enforce a plain text language like this?

    After removing their comments, find+replace renaming of the variables, re-arranging the functions, it would be impossible to even know if someone was using it with a web spider. Thats a 5 second way to lose business.

    I am genuinely curious because this product seems to be their entire business plan, but all their trade secrets are available in plain within the demo. The country does not provide for adequate remedies for this sort of thing so the burden is on the creator to protect it (I mean if that is their business plan after all)

    Do you have any insight into this? Solutions I completely overlooked? I am little perplexed on why someone would devote so much effort into something that they don't intend to be free, but are giving it away for free.

  • gen_Eric
    gen_Eric almost 13 years
    These can be easily undone: jsbeautifier.org
  • gen_Eric
    gen_Eric almost 13 years
    Also, obfuscators can be easily undone with tools like jsbeautifier.org
  • Michael Jasper
    Michael Jasper almost 13 years
    Yes, but with the architecture of client-side interpreted scripting languages, thats the closest you will ever come.
  • Tom Gullen
    Tom Gullen almost 13 years
    @Rocket that's not really correct, beautifiers can beautify the code. The indentation and layout of the code is probably the most minor form of obfuscation out there.
  • CQM
    CQM almost 13 years
    There's always deobfustication tools: gosu.pl/decoder , and yes the beautifiers, from there again, simple find and replace of the variables is a simple matter, especially with regex
  • Raynos
    Raynos almost 13 years
    obfuscation is only useful to stop competitors stealing your high level code structure. It doesnt stop actual code theft.
  • CQM
    CQM almost 13 years
    re #1 #2 #3 that was an example regarding source code woes in general

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to get javascript console.log in flutter webview
Call javascript from dart native/flutter
How to integrate flutter web build inside react app for specific route?
while clicking local push notification how to navigate and reload a page in flutter
Flutter webview with custom javascriptInterfaceAdapter or invoke JS using webview controller
checkbox list does not update in flutter getx
Dart "encrypt" library gives unreadable string after encryption
Write elements to textarea using jQuery
Unable to remove zoom in and zoom out in my flutter web
How To Run a Flutter Web Application Offline?