I have an electron app to record certain data. App.asar file is generated after building my electron app. Security concern is that "app.asar" file is being de-obfuscated, and main.js file is modifiable.
I need to protect my app.asar file to get extracted by any external tool or be modifiable.
I am unsure of code signing my windows app and implement the same. Can anybody suggest me free and simple way to protect my app.asar file so I can fix this vulnerability?
I am unsure of trying code signing because code signing for windows electron app seems tricky, also ASAR integrity check is only available for MacOS.
Was thinking of openSSL selfsigned certificates but that is not acceptable at security level. Looking for a simple way to fix the ASAR dependency without breaking my app.
Due to the usage technique of the app.asar file, extra protection cannot be provided. However, you can protect your source code with libraries such as Javascript Obfuscator (https://obfuscator.io). Or you can use your basic functions as modules by writing them in C++ using node-addon(https://nodejs.org/api/addons.html).