javascript-obfuscator
Advanced tools
The javascript-obfuscator npm package is a powerful tool for obfuscating JavaScript code, making it difficult for others to read and understand. This is useful for protecting intellectual property, preventing code tampering, and reducing the risk of reverse engineering.
Basic Obfuscation
This feature allows you to obfuscate basic JavaScript code. The example shows how to obfuscate a simple function that logs 'Hello World' to the console.
const JavaScriptObfuscator = require('javascript-obfuscator');
const obfuscatedCode = JavaScriptObfuscator.obfuscate(
`function hello() { console.log('Hello World'); }`,
{ compact: true, controlFlowFlattening: false }
).getObfuscatedCode();
console.log(obfuscatedCode);Control Flow Flattening
Control Flow Flattening is a feature that makes the control flow of the code less recognizable. The example shows how to enable this option to further obfuscate the 'hello' function.
const JavaScriptObfuscator = require('javascript-obfuscator');
const obfuscatedCode = JavaScriptObfuscator.obfuscate(
`function hello() { console.log('Hello World'); }`,
{ controlFlowFlattening: true }
).getObfuscatedCode();
console.log(obfuscatedCode);String Array Encoding
String Array Encoding encodes strings in the code to make them harder to read. The example shows how to encode strings using base64 encoding.
const JavaScriptObfuscator = require('javascript-obfuscator');
const obfuscatedCode = JavaScriptObfuscator.obfuscate(
`function hello() { console.log('Hello World'); }`,
{ stringArray: true, stringArrayEncoding: ['base64'] }
).getObfuscatedCode();
console.log(obfuscatedCode);Self-Defending
The Self-Defending feature makes the obfuscated code more difficult to modify and tamper with. The example shows how to enable this option.
const JavaScriptObfuscator = require('javascript-obfuscator');
const obfuscatedCode = JavaScriptObfuscator.obfuscate(
`function hello() { console.log('Hello World'); }`,
{ selfDefending: true }
).getObfuscatedCode();
console.log(obfuscatedCode);The obfuscator-io-metro-plugin is a Metro plugin for React Native that uses obfuscator.io to obfuscate JavaScript code. It is specifically designed for React Native projects and integrates seamlessly with the Metro bundler. Compared to javascript-obfuscator, it is more specialized for React Native environments.
UglifyJS is a JavaScript parser, minifier, compressor, and beautifier toolkit. While its primary focus is on minification and compression, it also offers some obfuscation features. Compared to javascript-obfuscator, UglifyJS is more focused on reducing file size and improving performance, with less emphasis on making the code difficult to understand.
JavaScript obfuscator for Node.js is a free alternative of js-obfuscator (which uses javascriptobfuscator.com) without any limits and sending data to a server. Compatible with ES6. Tested on Angular2 bundle. https://gist.github.com/sanex3339/ffc2876123b52e6d11ce45369fd53acf
Install the package with NPM and add it to your devDependencies:
npm install --save-dev javascript-obfuscator
var JavaScriptObfuscator = require('javascript-obfuscator');
var obfuscatedCode = JavaScriptObfuscator.obfuscate(
`
(function(){
var variable = 'abc';
console.log(variable);
})();
`,
{
rotateUnicodeArray: false
}
);
console.log(obfuscatedCode);
/*
var _0xabf1 = [
'\x61\x62\x63',
'\x6c\x6f\x67'
];
(function() {
var _0xe6fab6 = _0xabf1[0x0];
console[_0xabf1[0x1]](_0xe6fab6);
}());
*/
obfuscate(sourceCode, options)sourceCodeType: string Default: null
Any valid SourceCode.
optionsType: Object Default: null
Options for JavaScript obfuscator:
{
rotateUnicodeArray: true
// ...
}
compactType: boolean Default: true
Compact code output into one line.
debugProtectionType: boolean Default: false
Force enable debug mode in some browsers (mainly based on WebKit) on page load if Developer Tools panel is enabled. With this options using of Debug panel is impossible.
WebKit-based browsers: blocks the site window, but you still can navigate through Developer Tools panel. Firefox: does not block the site window, but you still can't use Debug panel.
debugProtectionIntervalType: boolean Default: false
Works if debugProtection is enabled.
Force enable debug mode in some browsers (mainly based on WebKit) when Developer Tools panel was enabled, even after page was loaded.
disableConsoleOutputType: boolean Default: true
Disable console.log, console.info, console.error and console.warn messages output into browser console.
encodeUnicodeLiteralsType: boolean Default: false
unicodeArray option must be enabledThis option can slightly slowdown your code speed.
All literals in unicode array becomes encoded in Base64.
To decode strings, special function will be inserted on page under unicodeArray node.
reservedNamesType: string[] Default: []
Disable obfuscation of variable names, function names and names of function parameters that match with given RegExp pattern.
Example:
{
reservedNames: [
'^someVariable',
'functionParameter_\d'
]
}
rotateUnicodeArrayType: boolean Default: true
unicodeArray option must be enabledThis option will rotate all values inside unicodeArray on a random value during obfuscation of code, and insert inside source code helper function
which will rotate array values back to their original indexes.
Keep in mind that this option affects only how the code is visually organised, since the original arrays can be easily accessed during the debug process.
It is also not recommended to enable rotateUnicodeArray for small source code, because a helper function might attract attention.
selfDefendingType: boolean Default: true
compact value to trueEnables self-defending for obfuscated code. If obfuscated compact code will be formatted, this code will not work.
unicodeArrayType: boolean Default: true
Put all literal strings into array and replace every literal string by array call.
unicodeArrayThresholdType: number Default: 0.8 Min: 0 Max: 1
unicodeArray option must be enabledProbability that the literal string will inserted into unicodeArray.
Use this option for huge source code size, because many calls to unicodeArray will slowdown code performance.
Value 0 is equals unicodeArray: false.
wrapUnicodeArrayCallsType: boolean Default: true
unicodeArray option must be enabledInstead using direct calls to unicodeArray items var t = _0x43a123[0x0],
when index 0x0 can be easily reverted to 0 with few js beautifiers, this option will wrap all calls to special function instead.
var t = _0x12a634('0x0')
Copyright (C) 2016 Timofey Kachalov.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
JavaScript obfuscator
The npm package javascript-obfuscator receives a total of 321,654 weekly downloads. As such, javascript-obfuscator popularity was classified as popular.
We found that javascript-obfuscator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
Research
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.
Research
Security News
The Socket Research Team investigates a malicious Python typosquat of a popular password library that forces Windows shutdowns when input is incorrect.