Custom app source code security

Is there any way to keep secure our source code of a custom app after publishing on a customer environment?



Would you please elaborate the ‘secure’ a bit more? The security term is so much used that it may be mean so much different in different contexts.

Hi @Saif

Well,I mean if we install a custom app to any of our customer’s environment so we’ve to install the zip file in its environment and maybe later he can access to our zip file by simply downloading the extension zip and for any further changes in our code by other agencies.


1 Like

This looks like a situation for code obfuscation, rather than security, to prevent code reuse.

One option here is to add a build step with a code minifier say using rollup or webpack or something similar that compiles code into the structure an app expects.

In a nutshell, you will want to build:

  • Using a subdirectory to stage the build, say dist/
  • 1 minified JS file for each frontend location under the dist/app/ directory
  • 1 minified HTML file for each frontend location that loads the minified JS file
  • Preferably inline any custom CSS in the HTML file
  • 1 minified JS file for serverless as the dist/server/server.js file
  • Copy over manifest.json to dist/manifest.json
  • Copy over config/*.json to dist/config/
  • Change directory to dist/ and run fdk pack to generate the app package with obfuscated and minified code.

The exact business need eludes me, because I can’t imagine why a client will agree to not get access to the source code for an app that you have built for them.

1 Like

This topic was automatically closed after 365 days. New replies are no longer allowed.