Now production-ready · v2.3

What You Build
Should Belong to You

BoltHash protects your software from theft, reverse engineering, and unauthorized redistribution while giving you full licensing control, so you can charge what you're worth.

Ed25519 signed
~50ms license check
Tamper-proof runtime
Self-hostable
License verified
Integrity OK
~50ms
Tampering blocked
Heartbeat 3s ago
Protection Status
BoltHash · Node.js Runtime
Obfuscation
97%
Integrity
100%
License auth
100%
Heartbeat
94%
All checks passed
Active
Why BoltHash

The problem no one talks about

You have spent months building. Then someone pirates it, strips the license, and redistributes it free. It happens every day.

Without BoltHash
  • Source ships in plaintext — anyone can read it
  • License checks are trivially patched with a text editor
  • No way to revoke access once a key leaks
  • Fork and redistribute: zero barrier for pirates
  • No visibility into who is running your software
  • Agencies resell your work — you see none of that revenue
With BoltHash
  • Source is obfuscated and integrity-hashed at build time
  • Licenses are Ed25519-signed — cryptographically unforgeable
  • Revoke any key instantly from the dashboard
  • Hardware fingerprinting, IP and device limits per license
  • Real-time heartbeat: know every machine running your app
  • Seat-based licensing locks in recurring revenue
Use Cases

Built for every Node.js business model

Pick your scenario. BoltHash has a package for it.

On-Premise Licensing
Sell perpetual or subscription licenses for software deployed in your customer's infrastructure, with cryptographic enforcement.
Agency Delivery Lock
Deliver client projects that can only run for the paying client. Prevent resale, repurposing, or unauthorized deployment.
API Monetization
Wrap your Node.js API behind metered licensing. Charge per request, per seat, or per project — enforced server-side.
Plugin and Runtime Distribution
Distribute paid VSCode extensions, Electron apps, or CLI plugins with hardware-bound license keys that cannot be shared.
Enterprise Private Deployment
Give enterprise customers an air-gapped license for offline environments with configurable offline grace periods.
AI Tool Monetization
Protect and license Node.js AI orchestration layers, prompt engines, or inference wrappers with usage-based billing.
How It Works

Deploy in 4 steps

No proprietary runtime. No vendor lock-in. Works with any Node.js app.

1
Install & Configure
Free: npm i -g @realboltopen/bolt-hash
Premium: download the bolt binary from your dashboard. Run bolt init to configure.
→ Set up protection in under 2 minutes
2
One Command: bolt protect
Auto-detects your project type — Node.js server, React, Vue, Angular, Next.js, Nuxt, or any SPA — then obfuscates source and embeds tamper-proof signatures. No extra flags needed.
→ One command protects everything — server & SPA alike
3
Issue Licenses
Generate signed license keys from your dashboard. Set limits, expiry, and device caps per customer.
→ Control exactly who can run your software
4
Ship & Monitor
Run bolt start to launch with license verification, heartbeat, and integrity checks. Monitor real-time usage and revoke instantly from your dashboard.
→ Spot abuse and revoke access in seconds
your-app/index.js 
# One-time setup
$ bolt set license BH-XXXX-XXXX-XXXX-XXXX


# Protect & ship
$ bolt protect --yes         # obfuscate + sign + hash (Node.js app)
$ bolt start
✔ License verified    (~50ms)
✔ Integrity OK        all 47 files
✔ Server running      http://localhost:3000
Performance

Overhead so small you won't notice

Security should not cost performance. Here are real numbers.

OperationTimeCost per 1M callsNotes
License verify (online)~~50ms~$0Cached after first check
License verify (offline cache)<0.05 ms~$0Ed25519 verify, CPU-only
Integrity hash on startup~12 msone-timeSHA-256, runs once at import
Obfuscated module load+2-5 msone-timevs unprotected, per process start
Memory overhead~1.2 MB-Runtime libs, resident after boot

Benchmarked on Node.js 20 LTS, AWS t3.medium, avg over 10,000 iterations.

What developers say

Trusted by builders who ship

★★★★★

"We found a pirated copy of our SaaS backend 3 weeks after launch. After switching to BoltHash, zero incidents in 8 months. The license revenue alone paid for the upgrade."

MK
Marcus K.
CTO, logistics SaaS
★★★★★

"I sell Electron plugins. Before BoltHash, half my customers were sharing 1 key among 10 people. Device locking fixed that immediately. Revenue up 3x in 2 months."

JR
Jamie R.
Independent developer
★★★★★

"The self-hosted option was the dealbreaker for our enterprise clients. We run the license server on our own infra - full control, zero dependency on a third-party SaaS."

SL
Sara L.
Head of Engineering, agency
FAQ

What it protects.
What it can't.

BoltHash protects against: source code reading, license bypassing via patching, unauthorized redistribution, key sharing beyond device limits, and post-delivery modification. It significantly raises the cost and skill required to pirate your software.
No tool provides 100% protection. A determined attacker with full access to a running process can still extract logic through dynamic analysis or memory inspection. BoltHash dramatically raises the bar. Use it as one layer in a defense-in-depth strategy alongside server-side logic and API gating.
Yes. BoltHash supports Node.js 18+, CommonJS, ESM, and TypeScript. Works with NestJS, Express, Fastify, Electron, CLI tools, and standalone scripts.
BoltHash has configurable offline grace periods. Licenses are verified online periodically and the last-verified state is cached locally. If the server is unreachable, your software continues working for the configured grace window (default: 72 hours). Offline-only mode is available on Enterprise plans.
bolt-hash (OSS, free forever) covers Node.js and TypeScript with local integrity and obfuscation - no server required. Premium plans (Starter $10/mo, Professional $29/mo, Enterprise $99/mo) add online licensing, SPA support, device fingerprinting, and BGit version control. See the pricing page for full details.
Yes. Self-hosting is available on Professional and Enterprise plans. You get the full server source to deploy on your own infrastructure - popular with enterprise customers who cannot send license pings to external servers.
Get started today

Start protecting your code

Free plan. No credit card. Up and running in 10 minutes.

Enterprise

Need a custom deployment?

Air-gapped licensing, custom integrations, SLA, and dedicated support.