How to sell a chrome extension without leaking the source code

Question

I developed an chrome extension I want to sell to a client, I want to charge my clients a little more if they also want to have the source code. Seems like the .zip file or .crx file I send him is not a safe way to do so, he can easily unzip it and has access to the whole source code.

I don't want to publish it to the Google Chrome Store because that mostly takes weeks to get reviewed and published.

Any solution to this?

Answer 1

Use a code obfuscator. While it's true that obfuscated code can be reverse-engineered, it requires a good amount of skill and effort, providing a basic layer of protection. Tools like javascript-obfuscator can make your code harder to read and modify.

Move critical parts of your extension's functionality to a web service if possible. This way, the sensitive logic resides on your server, which you can easily secure, and the extension only interacts with the server through API calls. This setup ensures that even if someone accesses the extension's source code, they won't have access to the core functionality.

Answer 2

Publishing on the store should not take weeks. It normally takes a few days, though.

Anything published to the Chrome Web Store can be downloaded, and the same source you would submit to the store would be available to them. They have to be available, its an interpreted language.

We haven't allowed obfuscated extensions for nearly half a decade.

I encourage you to look at the source code for any of the top extensions from the store. Here is Grammarly, for example. It is almost always more difficult to reverse engineer a modern web property than it is to remake it from scratch.

In short - you don't need to worry about "leaking the source".