So, I was messing with a demo I exported on Node-Webkit and I noticed that the package.nw file is just a .zip with all the images/code/music/sounds inside of it.
Since C2 does a good job obfuscating the code, I'm not worried with it.. however I'm a bit worried that people can change the images of my game, put it in the "zip" file, and run it. I tested it here, and the game run perfectly, even with the modified package.nw file.
I asked this question in the node-webkit group on google, but I'll also ask here.. is there a good way to protect that file from anyone modifying it ?
Maybe check the md5 hash of the file to compare it in-game, and give an error if it doesn't match? I know there's a plugin around but I couldn't find a way to retrieve the hash out of the package.nw file at the beggining of the game to compare it..