Compressing Code Files Dec 17 2025
I discovered a serious problem: since my app is developed using H5 with the Capacitor framework, when the app is packaged, the source code is not compiled into binary. Users can directly view the source code when inspecting the package contents. I don't want to open-source this app, so I decided to find a way to prevent users from seeing my original source code. However, JavaScript, being a frontend language, cannot be directly compiled into binary. So I thought of obfuscating my JS files—for example, replacing all variable and function names with simple ones like a, b, and compressing thousands of lines of code into a single line. This not only increases the difficulty for others to understand the code, but also significantly reduces the file size after removing comments and complex naming. It also greatly reduces the time it takes to load the JS code.
However, I encountered another problem: since there's no way to restore the code to exactly the same state after compression, how do I recover it? My solution was to write a script that automatically moves the current source code to a temporary folder before building, then compresses the files in the main folder. After compression is complete, the build process runs, and after the build is finished, the files from the temporary folder replace the compressed code in the main folder. The main implementation code is:
"build": "npm run copy-ionicons && npm run exclude-backend && npm run obfuscate-all && npx cap sync && npm run restore-backend && npm run restore-assets",
"build:android": "npm run copy-ionicons && npm run exclude-backend && npm run obfuscate-all && npx cap sync android && npm run restore-backend && npm run restore-assets && npx cap build android",
"build:ios": "npm run copy-ionicons && npm run exclude-backend && npm run obfuscate-all && npx cap sync ios && npm run restore-backend && npm run restore-assets && npx cap build ios"My logic for JS compression is:
const result = await minify(code, {
compress: {
drop_console: false,
drop_debugger: true,
pure_funcs: [],
passes: 2,
},
mangle: {
toplevel: false,
properties: false,
reserved: ['Capacitor', 'window', 'document', 'navigator'],
},
format: {
comments: false,
},
sourceMap: false,
});Additionally, besides JS, I also applied similar obfuscation principles to HTML and CSS.
Now, while I can't say my app is impossible to crack (even compiled binaries can be reverse-engineered), I have significantly increased the difficulty for others to view my source code. Moreover, this also optimized the code execution speed.