Use E.setPassword to stop anyone logging in via the REPL
Use something like LoopbackA.setConsole() to move the REPL somewhere it can't be accessed by anyone at all
Store your JS code in flash memory as an encrypted string and then decrypt that into RAM at runtime.
Minify/obfuscate your code using standard JS tools - this is the easiest (minification is an option in the IDE) and realistically it's going to make your code very hard to reverse engineer, while also using less memory.
Make your code check getSerial() to ensure it will only run on one device
I'd suggest a combination of the them - making the REPL inaccessible, minifying your code, and checking the serial number should give you pretty good protection, and even if someone attaches a debugger and completely reads out saved code and writes it to a new device, it will still refuse to work.
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
You can:
E.setPassword
to stop anyone logging in via the REPLLoopbackA.setConsole()
to move the REPL somewhere it can't be accessed by anyone at allgetSerial()
to ensure it will only run on one deviceI'd suggest a combination of the them - making the REPL inaccessible, minifying your code, and checking the serial number should give you pretty good protection, and even if someone attaches a debugger and completely reads out saved code and writes it to a new device, it will still refuse to work.