How to protect source code in electron project

It's impossible to fully protect the code, no matter how you package it, in order for it to be run it has to be accessible and decrypted which means the key has to be stored locally.

Consider this scenario;

The authors of the electron system and asar file format implement encryption similar to a password protected zip, and give you the ability to specify the archive password at compile time so that it is 'safely' stored inside the .exe and the asar file can't be opened/read without it.

A hacker could still figure out the key by compiling electron themselves with some test keys, for instance AAAA and AAAB, then comparing the resultant binary file to determine the location of the key string inside it. Once they know how to extract the key from the exe it's game over.

I guess the strongest protection you can make is if you modify the electron source code yourself to store and retrieve the key, but even then an attacker can decompile the code, compare it with a decompiled standard version of electron, figure out where your code modifications start and reverse engineer it until they figure out how you are storing the key.

Again, the moment they have the key, it's game over, and in order for electron to run any code it has to be able to read it which means it has to have the key available locally. Catch 22.

There is no official way to copy-protect your code at the moment, sorry - if you want to do this, you'll have to invent your own way (or just not worry about it)