Regardless of how you obfuscate the code, anyone can replicate what you are doing just by seeing it. It might take a little longer to write it from scratch, but there's not much you can do about that.

不管你如何混淆代码，任何人都可以通过看到它来复制你正在做的事情。从头开始编写它可能需要更长的时间，但是您对此无能为力。

Your only true options for protection involve copyrighting the code and, potentially, filing a patent. If what you are doing is truly different, then a patent is probably the best way to go.

您唯一真正的保护选择涉及对代码进行版权保护，并可能申请专利。如果您正在做的事情确实不同，那么专利可能是最好的方法。

Typically the value in your application is really going to be in the support area. In other words, people will buy it if they feel that you will be around long enough to support it. Be aware of this as you price it.

通常，您的应用程序中的价值实际上将在支持区域中。换句话说，如果人们觉得你会支持它的时间足够长，他们就会购买它。定价时请注意这一点。

You're going to find that there will be some that will simply steal your code and reuse it. Don't worry too much about them as they weren't going to be paying customers anyway. Instead, make it easy for your own customers to buy and use your stuff. Make sure you provide support; that's where the real value is going to come from.

你会发现有些人会简单地窃取你的代码并重用它。不要太担心他们，因为无论如何他们都不会成为付费客户。相反，让您自己的客户可以轻松购买和使用您的产品。确保您提供支持；这就是真正价值的来源。

Do the exact opposite, release your code as opensource with an MIT/GPL license. Attach your (business) name to the code and be known as the first to create application X. Reputation gets you much farther then futile attempts to "protecting your code".

做完全相反的事情，使用 MIT/GPL 许可证将您的代码作为开源发布。将您的（企业）名称附加到代码中，并成为第一个创建应用程序 X 的人。与“保护您的代码”的徒劳尝试相比，声誉使您走得更远。

1. JS/Html/CSS is usually quite easy to backward engineer, they don't need to look at your code at all.
2. Chances are, your JS inovations already exists and was written in 2001 by someone else.
3. The more complex the code, the harder it is to steal the intellectual property, especially if you opensource it.

1. JS/Html/CSS 通常很容易进行反向工程，他们根本不需要查看您的代码。
2. 很有可能，您的 JS 创新已经存在并且是由其他人在 2001 年编写的。
3. 代码越复杂，窃取知识产权的难度就越大，尤其是如果你开源的话。

There's really no sane reason to protect your codewhere JS/CSS/HTML is concerned, the best you can do is protect your business logic by keeping that on the backend.

在涉及 JS/CSS/HTML 的地方保护您的代码确实没有合理的理由，您能做的最好的事情就是通过将其保留在后端来保护您的业务逻辑。

Prime example, I could write my own implementation of CKEditor (a lot of people do just that) but it's a heck of a lot easier to just use CKEditor and everyone knows what it is, who wrote it etc.

主要示例，我可以编写自己的 CKEditor 实现（很多人就是这样做的），但是仅使用 CKEditor 就容易多了，而且每个人都知道它是什么，谁编写的等等。

Or take google maps as example, there are a lot of clones around, but there's only one real google maps. Heck, others had written a maps implementation before google, but google maps is more reknowned.

或者以谷歌地图为例，周围有很多克隆，但只有一个真正的谷歌地图。哎呀，其他人在 google 之前已经编写了一个地图实现，但 google maps 更知名。

I could go on with lots of examples why trying to protect your codeis not only silly, but actually not smart... Protecting business logic is one thing, but you actually have more to gain by going public with fancy smancy frontend code...

我可以继续举出很多例子，为什么试图保护你的代码不仅愚蠢，而且实际上并不聪明......保护业务逻辑是一回事，但实际上你可以通过使用花哨的前端代码获得更多收益。 .

No you cannot do that.

不，你不能那样做。

Everything is going to the browser (the client). You may obfuscate uglify, minify or whatnot with it, but at the end it's an easy shot to "encrypt" that again.

一切都将进入浏览器（客户端）。你可以用它来混淆丑化、缩小或诸如此类的东西，但最后很容易再次“加密”它。

You can't hide it either, because you want the browser to receive of all you sources. So even if you do some funky move like, "loading javascript with dynamic script tag insertion and remove the script tags afterwards". Well that might work for some unexperienced users, but using a tool like Fiddlerwill show the truth again.

您也无法隐藏它，因为您希望浏览器接收所有来源。所以即使你做了一些时髦的动作，比如“加载带有动态脚本标签插入的 javascript 并在之后删除脚本标签”。好吧，这可能适用于一些没有经验的用户，但使用类似的工具Fiddler会再次证明真相。

You simply can't do that. Obfuscating your javascript and CSS with a minimizer is probably the closest you can get.

你根本不能那样做。用最小化器混淆你的 javascript 和 CSS 可能是你能得到的最接近的。

Well, the popular answer is going to be "don't put it on the web". However, you can obfuscate your javascript so much that, typically, no one will bother stealing it. Removing function and variable names and the like goes a long way. Generally it will be easier to start from scratch.

嗯，流行的答案是“不要把它放在网上”。然而，你可以混淆你的 javascript，通常情况下，没有人会费心去窃取它。删除函数和变量名称等有很长的路要走。一般来说，从头开始会更容易。

You can either not put it on the internet, or keep it accessible only via an intranet; but there's no way to reliably prevent the client from accessing the html/css/JS, without preventing them from accessing the site itself.

您可以不将其放在 Internet 上，也可以仅通过 Intranet 访问；但是没有办法可靠地阻止客户端访问 html/css/JS，而不阻止他们访问站点本身。

Obfuscation will deter casual attempts, and curiosity-browsing, but won't prevent a determined attacker/browser since it's all implemented on the client-side.

混淆将阻止随意尝试和好奇心浏览，但不会阻止确定的攻击者/浏览器，因为它都是在客户端实现的。

Minifying your HTML, CSS, and JavaScript will help a small bit, but people can always reformat those. Your best bet is if the contents sent down to the clients aren't the same as the original contents that you're working with.

缩小您的 HTML、CSS 和 JavaScript 会有所帮助，但人们总是可以重新格式化它们。您最好的选择是发送给客户的内容是否与您正在使用的原始内容不同。

That can be achieved by:

这可以通过以下方式实现：

• generating your HTML from some framework
• generating your CSS via SASS/LESS, etc.
• using a JavaScript compileron your scripts (i.e. Google's Closure Compiler)

• 从一些框架生成你的 HTML
• 通过SASS/ LESS等生成 CSS 。
• 在您的脚本上使用 JavaScript编译器（即 Google 的Closure Compiler）

However, with all of those, there's only so far that you can go. Compiling your JavaScript will make it harder to follow your original intentions, but probably not difficult enough if someone sets their mind to reverse-engineering it.

然而，有了所有这些，你只能走这么远。编译你的 JavaScript 会让你更难遵循你的初衷，但如果有人下定决心对它进行逆向工程，这可能还不够困难。

You can use a JavaScript obfuscator. It will make the code difficult to read. They can still "rip it off", but it would be very difficult to understand it and therefore modify it. There is no way you can hide the code completely.

您可以使用 JavaScript 混淆器。这会使代码难以阅读。他们仍然可以“撕掉它”，但是很难理解它并因此修改它。您无法完全隐藏代码。

I've thought about this problem a lot and, frankly, there isn't much which can be done. The best I've ever come across is using a JS compiler.

这个问题我想了很多，坦率地说，能做的并不多。我遇到的最好的方法是使用 JS 编译器。

Theoretically, and I've never actually done this but I do know that it is possible, it might be possible to load your js through a 1x1 pixel swf which was in turn sent through a scrambler. It is still possible to get around that, but it becomes farmore annoying. Then, you would be able to send aes encrypted code through to the swf, decrypt it client side (using as3crypt libraries), and then write it to the browser. That said, unless you were using the swf for a series of callbacks, you'd still have the problem of the fact that it would still need to be written to the browser. Firebug and the other browsers' js consoles would let the user get the "compiled" js. Of course, it is possible to script AS3 to register the series of callbacks...

从理论上讲，我从来没有真正这样做过，但我知道这是可能的，可能可以通过 1x1 像素的 swf 加载您的 js，而 swf 又通过加扰器发送。它仍然有可能得到解决这个问题，但它变得远远更恼人。然后，您将能够将 aes 加密代码发送到 swf，在客户端对其进行解密（使用 as3crypt 库），然后将其写入浏览器。也就是说，除非您将 swf 用于一系列回调，否则您仍然会遇到仍然需要将其写入浏览器的问题。Firebug 和其他浏览器的 js 控制台会让用户获得“编译”的 js。当然，可以编写AS3脚本来注册一系列回调......

As I've said, this is more hypothetical than not and while I've no doubt that it could work in idyllic situations, Flash is limited and you'd need knowledge of AS3. The benefit, of course, is that this is a way to get js to the browser without the user being able to read it easily.

正如我所说，这更像是假设性的，虽然我毫不怀疑它可以在田园诗般的情况下工作，但 Flash 是有限的，您需要了解 AS3。当然，好处是这是一种让 js 进入浏览器的方法，而用户无法轻松阅读它。

I don't really believe it's possible to hide JavaScript code from the end user, JavaScript is done client side not server side meaning the better it is viewing the source code in plain text or having a third party program intercept the browser, end user, requires the code to complete the task.

我真的不相信向最终用户隐藏 JavaScript 代码是可能的，JavaScript 是在客户端而不是服务器端完成的，这意味着以纯文本形式查看源代码或让第三方程序拦截浏览器、最终用户、需要代码才能完成任务。

Even if it's encrypted, at some point in time it is going to have to be un-encrypted for the browser to complete and show the task, where the end user will obtain the code, unless you have complete and total control over the end user's computer hiding any code which is executed client side would be impossible.

即使它是加密的，在某个时间点它也必须是未加密的，浏览器才能完成并显示最终用户将在其中获取代码的任务，除非您完全控制了最终用户的计算机隐藏任何在客户端执行的代码是不可能的。