Protect JavaScript Source Code

The JavaScript source code of your application can be protected by compiling to native code and loaded by NW.js. You only have to distribute the compiled code with your app for production.


JS source code is compiled to native code with the tool nwjc , which is provided in the SDK build.

To use it:

nwjc source.js binary.bin

The *.bin file is needed to be distributed with your application. You can name it whatever you want.

Load the Compiled JavaScript

nw.Window.get().evalNWBin(frame, 'binary.bin');

The arguments of the win.evalNWBin() method are similar with the Window.eval() method, where the first parameter is the target iframe (null for main frame), and the 2nd parameter is the binary code file.

Load Compiled JavaScript from Remote

Compiled JavaScript can be fetched from remote (e.g. with AJAX) and executed on the fly.

var xhr = new XMLHttpRequest();
xhr.responseType = 'arraybuffer'; // make response as ArrayBuffer'GET', url, true);
xhr.onload = () => {
  // xhr.response contains compiled JavaScript as ArrayBuffer
  nw.Window.get().evalNWBin(null, xhr.response);


The compiled code is executed in Browser Context. You can use any Web APIs (such as DOM) and access NW.js API and Node API like other scripts running in browser context.

Known Issues

The compiled code runs slower than normal JS: ~30% performance according to v8bench. Other non-compiled JS source code will not be affected.

The compiled code is not cross-platform nor compatible between versions of NW.js. So you’ll need to run nwjc for each of the platforms when you package your application.