Skip to content

Security: DIPESHGOEL27/EasyERP

Security

SECURITY.md

πŸ”’ Security Distribution Strategy

⚠️ IMPORTANT: Source Code Protection

The source code is NOT included in this public repository for security reasons. Only the following files are shared:

πŸ“ Public Files (Safe to Share)

  • package.json - Dependencies and build scripts
  • webpack.config.js - Build configuration (obfuscation settings)
  • README.md - Public documentation
  • LICENSE - MIT license
  • .gitignore - Git ignore rules
  • GITHUB_SETUP.md - GitHub setup guide

πŸ” Private Files (NEVER Share)

  • src/ folder - Original source code
  • background.js, content.js, popup.js - Root source files
  • README_PRIVATE.md - Implementation details
  • BUILD.md - Detailed build instructions
  • dist/ folder - Built extension (generated locally)

πŸ›‘οΈ Security Measures Implemented

  1. Source Code Hidden: Original code is not pushed to GitHub
  2. Always Obfuscated: All builds use obfuscation (even dev builds)
  3. No Source Maps: Source maps are disabled for security
  4. Build-Only Distribution: Users must build their own copy
  5. Credential Protection: No hardcoded credentials or sensitive data

πŸš€ Distribution Process

For Public Release:

  1. Build locally: npm run build
  2. Test thoroughly: Verify extension works
  3. Create release package: Zip the dist folder
  4. Upload to GitHub Releases: Provide pre-built ZIP for users

For Developers:

  1. Clone repository (only gets build files)
  2. Run npm install to get dependencies
  3. Source code must be obtained separately (private repo/direct sharing)
  4. Build with npm run build

πŸ”§ Repository Structure (Public)

easyerp-autologin/
β”œβ”€β”€ πŸ“„ package.json            # βœ… Public
β”œβ”€β”€ πŸ“„ webpack.config.js       # βœ… Public (build config only)
β”œβ”€β”€ πŸ“„ README.md               # βœ… Public (generic info)
β”œβ”€β”€ πŸ“„ LICENSE                 # βœ… Public
β”œβ”€β”€ πŸ“„ .gitignore              # βœ… Public
β”œβ”€β”€ πŸ“„ GITHUB_SETUP.md         # βœ… Public
β”œβ”€β”€ πŸ“„ SECURITY.md             # βœ… Public (this file)
└── πŸ“ node_modules/           # ❌ Ignored

MISSING (Private):
β”œβ”€β”€ πŸ“ src/                    # πŸ” Private source code
β”œβ”€β”€ πŸ“„ README_PRIVATE.md       # πŸ” Implementation details
└── πŸ“„ BUILD.md                # πŸ” Detailed build guide

⚑ Quick Setup for End Users

  1. Download release from GitHub Releases
  2. Extract ZIP file
  3. Load in Chrome extensions page
  4. No building required - ready to use!

🎯 Benefits of This Approach

  • βœ… Source code protected from reverse engineering
  • βœ… Easy distribution via GitHub releases
  • βœ… Still open source (build process is transparent)
  • βœ… Security through obscurity combined with obfuscation
  • βœ… Professional approach for sensitive extensions

πŸ”’ This security model ensures that while the extension remains usable and the build process is transparent, the actual implementation details and logic remain protected.

There aren’t any published security advisories