Nanopak NPM | npm.io

Please visit Nanopak.co for more comprehensive documenation.

We've just launched! If you have any questions, requests or special requirements, please don't hesitate to contact Alex, our customer lead at: alex@nanopak.co

Nanopak

Nanopak encrypts Node.js modules (and other files) and integrates them into native, binary modules ('Addons' in Node.js terminology), which can then be deployed as they would normally, with the exception that the JavaScript code and other contents are not visible or inspectable by users of the module, thereby creating a high degree of protection for your JavaScript code and other content, which is otherwise plainly readable by anyone.

Nanopak supports two kinds of packaging schemes; 'packs' which are Node.js JavaScript modules packaged into encrypted modules, and 'bundles', which are files of differing types (i.e. images, .json files, .txt files etc.) packaged into password-protected modules such that the packaged files can be extracted at runtime.

How It Works

Nanopak is a Node.js command-line tool that takes as input Node.js module files, and for each input file producess a 'facade module' of the same name, and a 'libs' folder containing runtime binaries. The 'facade modules', along with the 'libs' folder are then deployed in lieu of the original module.

The process is entirely transparent to users of the module - the 'facade module' is used just as the original; all behaviour, imports and exports etc. remain identical, and there are no dependencies. In effect, the encrypted version of the module is a perfect 'drop-in replacement' for the original.

For example: using nanopak to pack 'mymodule.js' produces a 'facade module' with the same name ('mymodule.js') and a 'libs' folder. Users of the module simply require('mymodule.js') - the 'facade module' - just as they would the original.

'Under the hood', the original module is decrypted and loaded into the V8 virtual machine directly from binary code.

Non-JavaScript assets such as images, text, json can also be packed into bundles, and exctracted at runtime in a similar manner.

Requirements

Nanopak is commerical software which requires a license for production usage, but it is possible to pack small modules (<1k) without a license.

To obtain a license vist: Nanopak.co

The Nanopak command line interface does interact with our service to create packed content, however, none of the JavaScript or other content files leave the machine upon which the command is executed.

Modules packed using Nanopak will run on Linux and Mac platforms - x86 architectures and Node.js versions 4.0.0 and later, and similarly on Windows platforms, on node 5.0.0 and later.

Note: We can support 32-bit (i.e. x86) architectures for Linux and Windows upon request. We may possibly support AMD platforms and earlier versions of Node.js. If this is a busines requirement, please contact us at alex@nanopak.com.

Installation

Nanopak is an npm module that will run as a script, so make sure to install it globally using the -g flag.

npm install -g nanopak

Packing Modules

To pack a small module called 'mymodule.js' (under 1K):

nanopak pack mymodule.js

This will create a 'packed' directory containing a 'facade module' called 'mymodule.js', and a 'libs' directory.

Simply use the newly created 'mymodule.js', just as you would the original. Be sure that the 'libs' folder is always deployed alongside the newly created 'mymodule.js' in the same folder.

Visit Nanopak.co for more comprehensive information on command line flags and configuration files, which can enable the packaging of multiple modules in a single command.

Bundling Content

To pack the files 'hello.txt' and 'logo.png' into an encrypted binary bundle, provide the license (bundling requires a license), a bundle name, a password (optional), and paths to the files:

nanopak bundle -l a_license -n mybundle -p a_password hello.text logo.png

This will create a 'packed' directory containing a module called 'mybundle.js' and a 'libs' directory. Deploy this module ensuring that the 'libs' directory is located in the same directory as 'mybundle.js'.

To extract content a runtime, simply 'require' the created module, and call the 'load' function with the name of the content to be extracted, and the password.

(The 'load' function returns a Buffer, which can be translated into whatever relevant format is required.)

var bundle = require('mybundle.js);
var text = bundle.load('hello.txt','a_password').toString('utf8');
var image = bundle.load('logo.png','a_password');

Encryption

Nanopak uses AES-256-CBC enryption within libraries and binaries, and only standard and widely recognized implementations are used. Though there are added layers of security, the actual encryption and decryption algorithms are not modified in any way.

For Electron

Nanopak is the perfect solution for protecting sensitive modules and content inside Electron-based applications; custom modules can be encrypted as necessary, while Open Sourced platform modules and supported code can be left as-is. Please see Nanopak documentation for specific deails.