[Vuejs]-Are vue/angular/react exposed?

6👍

This is a fundamental fact of writing rich client-side behavior, it’s nothing to do with the frameworks. It’s to do with having client-side logic. The same issue exists for sites that use, for instance, jQuery, or that manipulate the DOM directly. The primary protection of your work isn’t obscurity (hiding your code), it’s copyright law.

The fact that the code is client-side has several ramifications:

  • Regardless of any rich behavior you implement on the client, you must validate all actions and inputs on the server as well.
  • If there are business processes or calculations or similar that are trade secrets or proprietary, you must not implement them client-side, because whether you obfuscate the code or not, it is visible and can be seen by others.
  • And yes, it means that anyone can steal the client-side parts of your application. The only thing preventing that is your copyright.

But again, that has nothing to do with the frameworks. It has to do with implementing part of your app client-side.


A side note about frameworks: It’s becoming more and more popular to enable server-side rendering (SSR) of code written for frameworks like Vue.js, React, Svelte, etc. So using one of these frameworks doesn’t necessarily mean you’re writing client-side code: You could use it only for server-side rendering.


There is one interesting thing that’s happened recently that’s potentially making it much harder to reverse-engineer client-side code, though: WebAssembly. With WebAssembly, what’s delivered to the client isn’t JavaScript code, it’s WebAssembly bytecode. Like Java bytecode, you can reassemble source code from bytecode, but it’s a very messy process and the results are very hard to use. So, like really thorough obfuscation, it raises the bar, makes it harder for someone to take your work and reuse it. But it only raises the bar, it doesn’t prevent it. (This is a side benefit of WebAssembly, not at all its main point. The great thing about WebAssembly is that it can be the output of compiling any number of other languages, including C, C++, Rust…)

-1👍

JavaScript codes are compact and dirty .
This makes access to the source code difficult and sometimes impossible

Leave a comment