Skip to content

SECURITY.md

Latest commit

 

History

History
84 lines (62 loc) · 3 KB

SECURITY.md

File metadata and controls

84 lines (62 loc) · 3 KB

🔒 Security Distribution Strategy

⚠️ IMPORTANT: Source Code Protection

The source code is NOT included in this public repository for security reasons. Only the following files are shared:

📁 Public Files (Safe to Share)

  • package.json - Dependencies and build scripts
  • webpack.config.js - Build configuration (obfuscation settings)
  • README.md - Public documentation
  • LICENSE - MIT license
  • .gitignore - Git ignore rules
  • GITHUB_SETUP.md - GitHub setup guide

🔐 Private Files (NEVER Share)

  • src/ folder - Original source code
  • background.js, content.js, popup.js - Root source files
  • README_PRIVATE.md - Implementation details
  • BUILD.md - Detailed build instructions
  • dist/ folder - Built extension (generated locally)

🛡️ Security Measures Implemented

  1. Source Code Hidden: Original code is not pushed to GitHub
  2. Always Obfuscated: All builds use obfuscation (even dev builds)
  3. No Source Maps: Source maps are disabled for security
  4. Build-Only Distribution: Users must build their own copy
  5. Credential Protection: No hardcoded credentials or sensitive data

🚀 Distribution Process

For Public Release:

  1. Build locally: npm run build
  2. Test thoroughly: Verify extension works
  3. Create release package: Zip the dist folder
  4. Upload to GitHub Releases: Provide pre-built ZIP for users

For Developers:

  1. Clone repository (only gets build files)
  2. Run npm install to get dependencies
  3. Source code must be obtained separately (private repo/direct sharing)
  4. Build with npm run build

🔧 Repository Structure (Public)

easyerp-autologin/
├── 📄 package.json            # ✅ Public
├── 📄 webpack.config.js       # ✅ Public (build config only)
├── 📄 README.md               # ✅ Public (generic info)
├── 📄 LICENSE                 # ✅ Public
├── 📄 .gitignore              # ✅ Public
├── 📄 GITHUB_SETUP.md         # ✅ Public
├── 📄 SECURITY.md             # ✅ Public (this file)
└── 📁 node_modules/           # ❌ Ignored

MISSING (Private):
├── 📁 src/                    # 🔐 Private source code
├── 📄 README_PRIVATE.md       # 🔐 Implementation details
└── 📄 BUILD.md                # 🔐 Detailed build guide

⚡ Quick Setup for End Users

  1. Download release from GitHub Releases
  2. Extract ZIP file
  3. Load in Chrome extensions page
  4. No building required - ready to use!

🎯 Benefits of This Approach

  • Source code protected from reverse engineering
  • Easy distribution via GitHub releases
  • Still open source (build process is transparent)
  • Security through obscurity combined with obfuscation
  • Professional approach for sensitive extensions

🔒 This security model ensures that while the extension remains usable and the build process is transparent, the actual implementation details and logic remain protected.