Having a similar constellation as in ScriptDb in Library accessed by WebApp, and also the answer given there applies to this question too:
When a published WebApp ( accessible by everybody and running as the accessing user) is using a Library, then this library needs to be shared to the public (to people having the link), otherwise there is the error
"You do not have access to library ..., used by your script, or it has been deleted."
So that means, that everybody having the link to my library can see all that precious source-code. The question is now, can somebody guess that link, which looks like
https://script.google.com/a/macros/..../d/Mmov_2Lg8BnmygsjmTBZMqKFZSw7a2n3o/edit?template=default
or is this link neither contained in the web-content delivered to the one using the WebApp nor can it be derived easily from a (guessed) name of the library? That would be the case, if that string in the above link starting with Mmov_2Lg8B somehow is an encoded name and version-number of the library, and the algorithm works in both directions.
To summarize: The source code of a published WebApp is not visible to the user, but all libraries used by that App can be seen by everybody having the link to them. Is this link easily guessable? Or is there even a completely different way to keep the source-code of libraries private?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…