Create closed source npm package

Question

I'd like to publish an NPM package, but closed source. I'm well aware of private packages, but that's not what I am looking for. I'd like to publish an package that everyone can use, but not everyone can inspect the code from.

I want to first build my code as a closed-source library, and then publish it to npm. How can I achieve such a thing?

I looked into uglyfying my code first, but will that obfuscate it enough?

It would be really nice to just package it like pkg does, but that does not allow packaging as an npm module.

Answer 1

I don't know of a native way of doing this, unfortunately. However, you can try to make your production code horrible -- such that it would be faster for someone to rebuild the code from scratch than to try to adapt your npm package's code.

I don't know of any good tools to do this automatically, but there are some ideas on this quora thread. The essence is to defy every best practice in the industry. For example, remove all documentation comments, then find and replace all variables with unhelpful names like "r", "l" or "t". You could also add a few random blocks of code that do nothing.

Answer 2

As far as I know there's no real way to do this in the way you want. Code can be de-uglified easily.

You can write the code in a separate language like C, then compile it and write a javascript wrapper around it using native modules.

You can also put a really restrictive license on it which is displayed on the npm website when people view your module. But the code can still be viewed and it would be up to you to go after any people that break your license.

But since javascript isn't a compiled language there's no easy way to do this at the moment.