Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/z0ffy/vite-plugin-bundle-obfuscator

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/z0ffy/vite-plugin-bundle-obfuscator

v1.8.0
Source
Go
Version published
Created
Source
vite-plugin-bundle-obfuscator logo

vite-plugin-bundle-obfuscator

JavaScript obfuscator plugin for Vite environments

awesome-vite

Changelog · Report Bug · Request Feature

English | 中文

⭐️ Features

  • ✅ ⚡ Supports JavaScript obfuscation in Vite projects.
  • ✅ 🚀 Multi-threading support for better performfance.
  • ✅ ⚙️ Customizable obfuscator options to fit your needs.
  • ✅ 🛡️ Auto-excludes node_modules.
  • ✅ 📦 Support the node_modules split chunk.

⚠️ Notice

  • If a memory overflow occurs, modify the packaging command to "build": "cross-env NODE_OPTIONS=--max-old-space-size=8192 vite build", where max-old-space-size is set according to the configuration.
  • When setting up node_modules split chunk, please place the accurate package name at the front. For example: ["vue-router", "vue"], "vue" can match both "vue" and "vue-router" at the same time.

🌐 Online

Vite - VanillaVite - VueVite - ReactVite - PReactVite - litVite - SvelteVite - SolidVite - Qwik ✦ ...

📦 Installation

# Using npm
npm install vite-plugin-bundle-obfuscator -D

# Using pnpm
pnpm add vite-plugin-bundle-obfuscator -D

# Using yarn
yarn add vite-plugin-bundle-obfuscator -D

👨‍💻 Usage

  • Install the plugin using your preferred package manager.
  • Register the plugin in vite.config.js
  • Customize the obfuscator configuration or use the default options.

Example:

import vitePluginBundleObfuscator from 'vite-plugin-bundle-obfuscator';

// All configurations
const allObfuscatorConfig = {
  excludes: [],
  enable: true,
  log: true,
  autoExcludeNodeModules: true,
  // autoExcludeNodeModules: { enable: true, manualChunks: ['vue'] }
  threadPool: true,
  // threadPool: { enable: true, size: 4 }
  options: {
    compact: true,
    controlFlowFlattening: true,
    controlFlowFlatteningThreshold: 1,
    deadCodeInjection: false,
    debugProtection: false,
    debugProtectionInterval: 0,
    disableConsoleOutput: false,
    identifierNamesGenerator: 'hexadecimal',
    log: false,
    numbersToExpressions: false,
    renameGlobals: false,
    selfDefending: true,
    simplify: true,
    splitStrings: false,
    ignoreImports: true,
    stringArray: true,
    stringArrayCallsTransform: true,
    stringArrayCallsTransformThreshold: 0.5,
    stringArrayEncoding: [],
    stringArrayIndexShift: true,
    stringArrayRotate: true,
    stringArrayShuffle: true,
    stringArrayWrappersCount: 1,
    stringArrayWrappersChainedCalls: true,
    stringArrayWrappersParametersMaxCount: 2,
    stringArrayWrappersType: 'variable',
    stringArrayThreshold: 0.75,
    unicodeEscapeSequence: false,
  }
};

export default {
  plugins: [
    vitePluginBundleObfuscator(allObfuscatorConfig)
  ]
};

// Simplified configurations
const minimizeObfuscatorConfig = {
  autoExcludeNodeModules: true,
  // autoExcludeNodeModules: { enable: true, manualChunks: ['vue'] }
  threadPool: true,
  // threadPool: { enable: true, size: 4 }
};

export default {
  plugins: [
    vitePluginBundleObfuscator(minimizeObfuscatorConfig)
  ]
};

// Default configurations
export default {
  plugins: [
    vitePluginBundleObfuscator()
  ]
};

🚀 Performance Comparison

With 7000+ modules and 400+ bundles on a 4C 8G machine:

  • ThreadPool Enabled : 🟩🟩🟩⬜⬜⬜⬜⬜⬜ (About 30 seconds)
  • ThreadPool Disabled : 🟥🟥🟥🟥🟥🟥🟥🟥🟥 (About 90 seconds)

🛠️ Options

Property NameDescriptionTypeDefaultVersion
threadPoolConfiguration for the thread pool.boolean | ({ enable: true; size: number } | { enable: false })falsev1.2.0
applyApply the plugin only for serve or build, or on certain conditions.'serve' | 'build' | ((this: void, config: UserConfig, env: ConfigEnv) => boolean)buildv1.1.0
autoExcludeNodeModulesEnable auto exclude node_modules.boolean | ({ enable: true; manualChunks: string[] } | { enable: false })falsev1.0.9 (originally boolean, extended to current type in v1.3.0)
logShow or hide log output.booleantruev1.0.4
enableEnable or disable the obfuscator.booleantruev1.0.1
excludesBundle names to be excluded. Starting from v1.0.8, RegExp is supported.(RegExp | string)[][]v1.0.0
optionsOptions for the JavaScript obfuscator.ObfuscatorOptionsdefaultObfuscatorConfigv1.0.0

📄 License

MIT License Copyright (c) 2024-present, Zoffy

FAQs

Package last updated on 10 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

Security News

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.

By Sarah Gooding  -  Aug 08, 2025
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

Research

/

Security News

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.

By Kirill Boychenko  -  Aug 07, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.