How would you approach this problem?
I plan to outsource the entire ui resign of my mvp to an agency. But I don’t wish to give them the source. I’m really keen to learn your approach. We are using blaze and sass. Thanks 
It’s a reasonable concern! I’m always wary of sharing code, even if it just means uploading to a PaaS. In cases where I am in the position of the agency, I write out static HTML/JS + CSS/SASS and then comment out where the code is being seperated. Also, Blaze’s handlebar + template idea is pretty easy to get a hang of, so I would recommend commenting based on that. Then, you just chop the files up and put it together.
Another option - if they are okay with Meteor - would be to just cut the server side files and wrap Meteor.call, etc to do nothing. ie
Meteor.call = function () {};
- Make sure they are a legitimate business.
- Have them sign an NDA written up by your lawyer.
- Win.
1 Like
Find a better subcontractor you can trust? I don’t know the specifics on the scale of your project/legitimacy of the agency you’re working with, but if this is a real concern, demand they sign a contract. You don’t need to be some huge enterprise or a team of lawyers to use contracts. But consider the legitimacy of organization you’re hiring, if it’s some no-name “agency” out of eastern europe, india, or wherever you might not have much legal recourse if they were to steal your code/whatever.
Nothing against those countries or some of the amazing developers that reside there. I’m just being blatantly honest; as a US dev, if something were to happen it would be quite a endeavor to track them down, let alone start some international lawsuit. Copyrights laws, vastly different legal systems and especially language barriers would make this near impossible without a team of lawyers.
OR
Define a specific api-ish standard spec for the desired functionality how they can access the data you’re feeding to ui? Would take a long time, but this is how a lot of larger projects happen when sharing source code is not an option.
OR
Give full access to a trusted third party / delegate to a subordinate (or yourself) who will coordinate what the new guys do so that it fits your into existing code. This person will have to answer a billion questions however. But depending on the projects scope, this might be a bit quicker than writing some formal spec. What @msavin suggests would be a quite reasonable way to go about this, but could quickly become infeasible depending on how intertwined your backend/frontend logic is and how much of your code you’re willing to reveal.
2 Likes
Had another idea - maybe you can connect the front-end to the production server, so they can use the application the way it would work IRL while you would get code protection. 
Lots of great ideas here. Appreciate everyone’s feedback.
Had another idea - maybe you can connect the front-end to the production server, so they can use the application the way it would work IRL while you would get code protection.
This would work well. I’m happy for the designers to have the full front end code base as the back-end is where the majority of our IP resides.
I’ve been thinking about your comment for a little while and trying to find a way to approach it. Do you have any thoughts on how you would go about it? Unless i’m missing something, it isn’t clear in the meteor docs how to run a front end only meteor locally and connect it to a hosted meteor server.
I think if your codebase separates front end and back end exclusively using server only meteor method calls then this is really clean.
Whilst a NDA is great, it would be a PITA if you ever needed to act upon one.
Not if they are a real company with real tangible assets. It would be as simple as your lawyer sending a letter.
If they are some guy in a lumberjack costume living in mom’s basement who’s only real asset is his bicycle and a bong… just as dangerous as that chinese or indian agency.
Check references. Look their office address up on google street map to make sure it’s not a actually 7-11. Due diligence is in order.
Yeah that’s very reasonable. I haven’t done it, but I think the magic lies somewhere in the DDP.connect() function
some guy in a lumberjack costume living in mom’s basement who’s only real asset is his bicycle and a bong… just as dangerous as that chinese or indian agency.
dafaq did I just read
Hey man!, You got a problem with bong-wielding, schwinn-riding, mother-colocated hipsters?!
▲ Okay that’s not me ▲
▼ but I do want this bike tho ▼ 
also I’ve got no idea what you mean by the chinese/indian agency bit lmao
1 Like