@feasibleone/aegis

Aegis code protection

Aegis is a code protection tool that helps you protect node.js applications from reverse engineering and tampering. It is designed to be easy to use and integrate into your existing projects.

Features

• Code Encryption: Aegis encrypts your code to make it difficult to reverse engineer.
• Code Obfuscation: Aegis obfuscates your code by compiling it to bytecode.
• License Management: Aegis allows you to manage licenses for your applications.

Usage

Aegis currently supports the following node.js versions:

• 16.20.2, also likely other 16.x versions

To use Aegis, you need to install the package from npm:

npm @feasibleone/aegis

General Usage

Aegis works by requiring the package at the files you want to protect.

• Protecting files

  Aegis will generate protected versions of the files upon process exit when the AEGIS_BUILD environment variable is set. The encryption parameters for protecting the files can be set via the following environment variables:

  • AEGIS_CIPHER - The encryption algorithm to use. The default is aes-256-cbc.
  • AEGIS_KEY - The encryption key to use. If not set, a built-in key is used.
  • AEGIS_IV - The initialization vector to use. If not set, a built-in IV is used.

• Naming of output files

  By default Aegis does not overwrite the original files, instead it creates new files by adding .cjs extension to the original file name. This is done to prevent accidental loss of source code files at developer machines.

  Usually Aegis will run in a CI job, where it can be configured to overwrite the original source code file by setting the AEGIS_OVERWRITE environment variable.

[!WARNING] Aegis will overwrite any existing files without a warning. Even if you have not set AEGIS_OVERWRITE, be careful if you have .js.cjs files that match names of .js files.

Obfuscating Code

To obfuscate your code, require aegis at the top of each file you want to obfuscate, as shown below:

require('@feasibleone/aegis')(module);

Obfuscating code has some side effects, such as loosing line numbers from call stack for the files that were obfuscated. This is because the code is compiled to bytecode and the original source code is not available.

Encrypting Code

If you only want to encrypt your code, without obfuscating it, you can pass an additional parameter, as shown below:

require('@feasibleone/aegis')(module, 'js');

Checking Licenses

Aegis returns an object, which can be used to check licenses. This object has a property named active which is a function. This function returns an object, that gives information about the licensed features. This object always has a property named expires which holds the timestamp of the license expiration date. If the license has expired this function will throw an error with code AEGIS_EXPIRED and type aegis.expired. In addition to the expires property, the returned object can have other properties, depending on the license.

Example usage:

const license = require('@feasibleone/aegis')(module);

// log the license information for the feature 'test'
console.log(license.active('test'));

In addition to checking the license information, you can also write logic, which depends on the license data:

const license = require('@feasibleone/aegis')(module);

console.log(`You have a license for ${license.active('test').users} users`)

Generating a license

Aegis allows you to generate licenses for your applications. The license contains the license terms and the cryptographic parameters needed to load the protected files. Be sure to set the same values (or defaults) for AEGIS_CIPHER, AEGIS_KEY and AEGIS_IV as you used to protect the files.

To generate a license, you can use the aegis command line tool. The tool is installed with the package and can be used as shown below:

AEGIS='{
    "terms":{
        "expires":2208988800000
    },
    "features":{
        "test":{
            "aegis":true
        }
    }
}' aegis

Generating is also possible via the API:

console.log(require('@feasibleone/aegis')({
    terms: {
        expires: 2208988800000
    },
    features: {
        test: {
            users: 10
        }
    }
}));

The license is a string, which can be saved to a file or a database.

Loading a license

Loading the license should happen early in the application, before loading any of the protected files. The license is loaded as shown below:

require('@feasibleone/aegis')('license string');

Reading license details

require('@feasibleone/aegis').info('license string');