Aegis is a code protection tool that helps you protect node.js applications from reverse engineering and tampering. It is designed to be easy to use and integrate into your existing projects.
- Code Encryption: Aegis encrypts your code to make it difficult to reverse engineer.
- Code Obfuscation: Aegis obfuscates your code by compiling it to bytecode.
- License Management: Aegis allows you to manage licenses for your applications.
Aegis currently supports the following node.js versions:
-
16.20.2, also likely other 16.x versions
To use Aegis, you need to install the package from npm:
npm @feasibleone/aegisAegis works by requiring the package at the files you want to protect.
-
Protecting files
Aegis will generate protected versions of the files upon process exit when the
AEGIS_BUILDenvironment variable is set. The encryption parameters for protecting the files can be set via the following environment variables:-
AEGIS_CIPHER- The encryption algorithm to use. The default isaes-256-cbc. -
AEGIS_KEY- The encryption key to use. If not set, a built-in key is used. -
AEGIS_IV- The initialization vector to use. If not set, a built-in IV is used.
-
-
Naming of output files
By default Aegis does not overwrite the original files, instead it creates new files by adding
.cjsextension to the original file name. This is done to prevent accidental loss of source code files at developer machines.Usually Aegis will run in a CI job, where it can be configured to overwrite the original source code file by setting the
AEGIS_OVERWRITEenvironment variable.
[!WARNING] Aegis will overwrite any existing files without a warning. Even if you have not set
AEGIS_OVERWRITE, be careful if you have.js.cjsfiles that match names of.jsfiles.
To obfuscate your code, require aegis at the top of each file you want to obfuscate, as shown below:
require('@feasibleone/aegis')(module);Obfuscating code has some side effects, such as loosing line numbers from call stack for the files that were obfuscated. This is because the code is compiled to bytecode and the original source code is not available.
If you only want to encrypt your code, without obfuscating it, you can pass an additional parameter, as shown below:
require('@feasibleone/aegis')(module, 'js');Aegis returns an object, which can be used to check licenses. This
object has a property named active which is a function. This function
returns an object, that gives information about the licensed features.
This object always has a property named expires which holds the
timestamp of the license expiration date. If the license has expired
this function will throw an error with code AEGIS_EXPIRED and
type aegis.expired. In addition to the expires property, the
returned object can have other properties, depending on the license.
Example usage:
const license = require('@feasibleone/aegis')(module);
// log the license information for the feature 'test'
console.log(license.active('test'));In addition to checking the license information, you can also write logic, which depends on the license data:
const license = require('@feasibleone/aegis')(module);
console.log(`You have a license for ${license.active('test').users} users`)Aegis allows you to generate licenses for your applications.
The license contains the license terms and the cryptographic
parameters needed to load the protected files.
Be sure to set the same values (or defaults) for AEGIS_CIPHER,
AEGIS_KEY and AEGIS_IV as you used to protect the files.
To generate a license, you can use the aegis command line tool. The tool is
installed with the package and can be used as shown below:
AEGIS='{
"terms":{
"expires":2208988800000
},
"features":{
"test":{
"aegis":true
}
}
}' aegisGenerating is also possible via the API:
console.log(require('@feasibleone/aegis')({
terms: {
expires: 2208988800000
},
features: {
test: {
users: 10
}
}
}));The license is a string, which can be saved to a file or a database.
Loading the license should happen early in the application, before loading any of the protected files. The license is loaded as shown below:
require('@feasibleone/aegis')('license string');