Private dependencies - where source code is not exposed?

,

I know right, I am wondering the same.

Yes, you’re right. But some of my dependencies are actually stateless machine and have non-heavy workload. Do you think it is overkill to make it isolate completely from the main source code in order to build an independent server?

I wonder if I can do that,


def private_organization(), do: "https://my_domain/hex"

def deps() do
  [
    {:private_dep_1, "~> 2.1.0"},
    ...
  ]
end

You can have a private Hex repo as I already mentioned above.

Take a look at this:

or

But no self-hosted version?

The escript and archives solution looks cool, why nobody desires it to be locally?

see my previous edit:

2 Likes

I can’t afford a lawyer. The only thing I want to do is to avoid these problems as much as I can.
Most of the devs didn’t take seriously on decompile / reverse-engineering (beam files and erlang VM), it reduce like 90% chance of ppl cracking my work. Thats why I like to deploy compiled code.

the easiest and most cost-effective way

def deps() do
  [
    [{:foobar, git: "https://myprivaterepo/foobar.git", tag: "0.1"}]  
  ]
1 Like

You’re better off making a SaaS out of your thing then. Any serious and dedicated enough actor can and will reverse-engineer your code.

I mean, the new CoD game was out for only like a week before various cheats and aimbots appeared. And they have a dedicated team working on anti-cheats. What chance do you think your software has?

Obfuscating your code an arms race that you’ll never win in the face of a dedicated bad actor. Not only that, if you are shipping code to people for them to run in their own system then there are trust issues and your code shouldn’t be obfuscated.

If people are paying for software and running it in their own application then they have a right to audit it—nobody should have Bitcoin mining or tracking injected into their app.

I realize this isn’t how plenty of commercial software works. It’s different when it is a package you are running that has full access to your application.

3 Likes