[oldandtired]

Seriously, if you are wanting to protect client side js, you are closing the barn after the horse has bolted.

Even with obfuscation, if the code is worth copying (for any reason, including money), it will be copied. It is irrelevant if it closed or open source.

Even with it server side, any mistakes on your part and the code is available to whoever really wants it.

Your friends would be better off finding out who was sold the code and letting those people know where the code actually came from. Do it pleasantly and your friends may find themselves some new customers.

The one thing they do need to be careful about is not coming across vindictively. The potential clients may find that attitude less than favourable. Your friends could even do reviews on the Fiverr site with humorous comments about how good the people were at copying other peoples code and selling it as their own. Be funny about it and let the culprits lose it. It will pay off in the end.

I have come across others who have had their work copied and then sold. The best way to handle this is NOT to get angry, but to use it as a means of advertising yourself. Your work is so good that people want copy it and pretend that it is their own work. How good a recommendation is that?

There are different ways to handle this, be inventive, be pleasant and be smart.

[martin_hnuid]

I know this is a tough one. I'm trying to understand what the options might be while fully understanding that JS is, in the end, not protectable.

Say you develop a site that offers a very specialized CAD package unique to an industry. The entire thing has to be client side JS and it could take a year or more to develop. Theft of code in a case like that could be catastrophic.

Frankly, I'm surprised nobody has come up with a real solution for this.

[oldandtired]

The problem here is that you are making a choice to use someone else's facilities to run your system. Once you do that, you have given up the control over what they do with it once it is on their facilities.

The first question I would ask you is why does it have to be client side? The second is why does it have to be in javascript?

As I said above, in using javascript you have forced the horse to bolt and then you close the barn doors.

Javascript requires you to send them the source. If you use it, then that is the fundamental choice you are making at the outset. You cannot complain about someone copying your source code if the choice you make is for them to have to copy the source code to be able to use the application you have so painstakingly built.

If you don't want them to have the source code then you give them a binary blob that has everything appropriately encrypted.

The other point, I want to highlight is that having a copy of something is not theft. You can only steal something when you remove it from the control of the person you are stealing from. Not any copies, the actual object itself. These objects can be intangible such as your reputation, but that is another subject.

It is an unfortunate fact of our society that this very important distinction has been lost. Theft only applies when the item being obtained is unique and belongs to someone else.

Once you share something, whether it be code or an idea or anything else that can be treated as an infinitely copiable, intangible object and it is copied, it no longer is uniquely yours. Any copies that are made that are not made by you are not morally yours, irrespective of any monopoly rights granted to you by the reigning government over you. Governments do not deal with morally, they dictate law, which is a completely different thing.

So in this case being discussed, you freely (irrespective of any form of payment you might receive) have given away the source code because of the underlying architecture you are using. If you don't want this happen then you have to choose some other architecture for the dissemination of your application.

As I have said elsewhere, any copies created that have not been authorised by you under any monopoly rights that you have been given by some governing body can be used as free advertising but you cannot cry theft as a moral consequence.

These days, I work on free projects and so I freely give away my work. This is the hope that when I actually need to do paid work, I'll be able to show my previous work and they will see that I am worth having on board.

[martin_hnuid]

> Theft only applies when the item being obtained is unique and belongs to someone else. ... > Once you share something ... > Any copies that are made that are not made by you are not morally yours

Sorry, that's a really twisted view of reality. Let me use a hypothetical example to illustrate this:

You hire a bunch of developers and invest a cool million dollars to develop code for an amazing new online browser-based CAD tool. It's a membership site. Members can use this CAD tool behind a login. The tool, which took the bulk of one million dollars to develop is nearly all client side JS based because that's the only choice available.

Again, it took you and your team a whole year and a million dollars. Let's spice this up and say that you had to sell your home to raise a big chunk of that money and have been homeless for a whole year. You've been sleeping on friend's couches during this time.

A year and a monumental effort later you launch this site and start signing-up free and paid users. The site is featured in all CAD-related blogs. It's going great.

Now someone gains access to your site through one of the free promotions and proceeds to copy 100% of your JS code. They use that to then launch a competing site within a couple of months. They charge 1/4 of what you charge because, after all, they just spent a few thousand dollars spinning-up their site because they STOLE the million dollar effort you made in the form of a CAD tool written in JS.

The code wasn't "shared". It is the operating code for an online business. Nobody says "Hey world, I share my code code freely. Here's a pink unicorn to go with that. Enjoy!". No, in fact, there will probably be terms of service as well as comments within the code establishing copyright. The code isn't given away for anyone to copy and launch their own business bypassing all of the effort, financial and time investment. That's ludicrous.

So, your site/service goes down in flames. You have no money to bring legal action. You can't, they are in China. It's impossible. You are broke. Lost all your money. Lost your home and now have no business.

And, yeah, nobody wants you on their couch any more.

In what alternate reality is that not theft?