node.js code protection - how to cause a node.js deployment to be recoverable only in V8 assembler

Question

Let's suppose that for some particular reason, I want a robust node.js code protection, i.e. to force a node.js deployment with javascript source code to only be analyzable via v8 assembler language entirely, making it painfully difficult / almost impossible to reconstruct the original source code.

In other words, if someone were to hypothetically get their hands on the node.js program somehow in an unauthorized way (i.e. assume the node.js program in question is supposed to stay on the server, and not distributed to clients directly - assume that the server is secured from client breach, etc. but let's say the server is not to be 100% trusted e.g. cloud server, can't be 100% sure nobody gets their hands on it if they really wanted to for some reason), that the code would contain only V8 assembler and not contain any of the original js source code. And I mean not uglified, minified, encrypted, or the "source-is-still-hidden-in a string" V8 snapshotted js source etc. - but simply no js source code whatsoever, only the "optimized assembler" - and to be done for the entire source code in such a way that the source code is to be gone and not included in this node.js instance - not encrypted, not minified - just not there, period. Any performance penalty if applicable is not a concern in this case, only that source js is not recoverable other than through tedious poring over the entirety of the hardware-specific optimized V8 assembly.

An idea that comes to mind first is somehow forcing the V8 to optimize ALL of the node.js source js code to a "hardware specific" assembler somehow (yet the "hardware" would be in a thin VM of some sort), and then to somehow remove the source code that the JIT keeps carrying around (if possible), and to rely on just this optimized assembler. Then, the thin VM will contain no reference to any of the source code, and will continue to run the program only with the generated V8 assembler. I'm not really sure how to go about it in this case though.

Probably would prefer something that can work on Linux, but if only possible in Windows - will consider it as well.

Answer 1

This is impossible without heavy modifications inside V8 because it relies on the ability to recompile functions from source code in multiple places (as an example: lazy compilation, Crankshft optimization pipeline, code flushing during major GC). Also it is impossible to produce good optimized code without actually running your application across production-like data because V8 has no other means of gathering type information about your code except for inline caches.

Answer 2

PHP has many obfuscators. All popuplar PHP obfuscators have deobsfucators. The result is in more readable form then what google closure gives. You may use google closure Do not use cloud hosting if you do not trust it. Most apps with byte code is very easy to decompile. (Java, Android, .NET)

In short do not waste time on obfuscation. It is often easier to decompile then obfuscate and debug all problems that it coursed. I say it because I obfuscated many apps in Java and .NET