jscrambler
Advanced tools
You may put your access and secret keys into a config file if found in these directories. Besides simplifying the command entry, this has the added benefit of not logging your JScrambler credentials.
Here's an example of what your .jscramblerrc file should look like:
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "XXXXXX"
},
"params": {
"self_defending": "%DEFAULT%"
}
}
Replace the XXXXXX fields with your values of course. :)
npm install -g jscrambler
Usage: jscrambler [source files] [options]
Options:
--help output usage information
-V, --version output the version number
-c, --config [config] JScrambler configuration options
-o, --output [output] Output directory. If not specified the output is printed.
-a, --access-key <accessKey> Access key
-s, --secret-key <secretKey> Secret key
-h, --host [host] Hostname
-p, --port [port] Port
-v, --api-version [apiVersion] Version
--asserts-elimination [assertsElimination] Remove function definitions and function calls with a given name.
--browser-os-lock [browserOsLock] Locks a JavaScript application to run only on a specific Browser or Operating System.
--constant-folding Simplifies constant expressions at compile-time to make your code faster at run-time.
--dead-code Randomly injects dead code into the source code.
--dead-code-elimination Removes dead code and void code from your JavaScript.
--debugging-code-elimination [debuggingCodeElimination Removes statements and public variable declarations used to control the output of debugging messages that help you debug your code.
--dictionary-compression further shrink your source code
--domain-lock [domainLock] Locks your project to a list of domains you specify.
--dot-notation-elimination Transforms dot notation to subscript notation.
--exceptions-list [exceptionsList] list of exceptions that will never be replaced or used to create new declarations
--expiration-date [expirationDate] Sets your JavaScript to expire after a date (YYYY/MM/DD) of your choosing.
--function-outlining Turns statements into new function declarations.
--function-reorder Randomly reorders your source code's function declarations.
--ignore-files [ignoreFiles] Define a list of files (relative paths) that JScrambler must ignore.
--literal-hooking [literalHooking] Replaces literals by a randomly sized chain of ternary operators.
--literal-duplicates Replaces literal duplicates by a symbol.
--member-enumeration Replaces Browser and HTML DOM objects by a member enumeration.
--mode [mode] protection mode starter|mobile|html5|nodejs
--name-prefix [namePrefix] Set a prefix to be appended to the new names generated by JScrambler.
--rename-all Renames all identifiers found at your source code.
--rename-local Renames local names only.
--self-defending thwarting code tampering attempts by using anti-tampering and anti-debugging techniques.
--string-splitting [stringSplitting] split strings based on percentage of occurence in the source code input
--whitespace enable whitespace
When making API requests you must pass valid secret and access keys, through the command line or by having a .jscramblerrc file. These keys are each 40 characters long, alpha numeric strings, and uppercase. You can find them in your jscramber web dashboard under My Account > Api access. In the examples these are shortened to XXXX for the sake of readability.
jscrambler input.js -a XXXX -s XXXX > output.js
jscrambler input1.js input2.js -o dest/ -a XXXX -s XXXX
jscrambler "lib/**/*.js" -o dest/ -a XXXX -s XXXX
jscrambler input.js -s XXXX -a XXXX -c ./config.json > output.js
where config.json is an object optionally containing any of the JScrambler options listed here.
npm install jscrambler
var fs = require('fs-extra');
var jScrambler = require('jscrambler');
var client = new jScrambler.Client({
keys: {
accessKey: '', // not needed if you have it on your `.jscramblerrc`
secretKey: '' // not needed if you have it on your `.jscramblerrc`
}
});
jScrambler
.uploadCode(client, {
files: ['index.js'],
// Node.js obfuscation settings
rename_local: '%DEFAULT%',
whitespace: '%DEFAULT%',
literal_hooking: '%DEFAULT%',
dead_code: '%DEFAULT%',
dot_notation_elimination: '%DEFAULT%',
dead_code_elimination: '%DEFAULT%',
constant_folding: '%DEFAULT%',
literal_duplicates: '%DEFAULT%',
function_outlining: '%DEFAULT%',
string_splitting:'%DEFAULT%'
})
.then(function (res) {
return jScrambler.downloadCode(client, res.id);
})
.then(function (res) {
fs.outputFileSync('dist.zip', res);
});
The following options are passed to the JScrambler services through the CLI config file or some API methods. More information about them can be found here.
Type: String
name1;name2;... - assert function names
Remove function definitions and function calls with a given name.
Type: String
Locks a JavaScript application to run only on a specific Browser or Operating System.
available values:
firefoxchromeiexplorerlinuxwindowsmac_ostizenandroidiosType: String
%DEFAULT% - enable constant folding
Simplifies constant expressions at compile-time to make your code faster at run-time.
Type: String
%DEFAULT% - enable dead code
Randomly injects dead code into the source code.
Type: String
%DEFAULT% - enable dead code elimination
Removes dead code and void code from your JavaScript.
Type: String
name1;name2;... - debugging code names
Removes statements and public variable declarations used to control the output of debugging messages that help you debug your code.
Type: String
%DEFAULT% - enable dictionary compression
Dictionary compression to shrink even more your source code.
Type: String
domain1;domain2;... - your domains
Locks your project to a list of domains you specify.
Type: String
%DEFAULT% - enable dot notation elimination
Transforms dot notation to subscript notation.
Type: String
name;name1;name2;... - list of exceptions that will never be replaced or used to create new declarations
There are some names that should never be replaced or reused to create new declarations e.g. document, toUpperCase. Public declarations existing in more than one source file should not be replaced if you submit only a part of the project where they appear. Therefore a list of irreplaceable names and the logic to make distinction between public and local names already exists on JScrambler to avoid touching those names. Use this parameter to add your own exceptions.
Type: String
date - date format YYYY/MM/DD
Sets your JavaScript to expire after a date of your choosing.
Type: String
%DEFAULT% - enable function outlining
Turns statements into new function declarations.
Type: String
%DEFAULT% - enable function reordering
Randomly reorders your source code's function declarations.
Type: String
filename;filename1 - List of files (relative paths) to be ignored
Define a list of files (relative paths) that JScrambler must ignore.
Type: String
min;max[;percentage] - min and max predicates in ternary operator and percentage chance of replacement
Replaces literals by a randomly sized chain of ternary operators. You may configure the minimum and maximum number of predicates per literal, as the occurrence probability of the transformation. This allows you to control how big the obfuscated JavaScript grows and the potency of the transformation.
Type: String
%DEFAULT% - enable duplicate literals
Replaces literal duplicates by a symbol.
Type: String
%DEFAULT% - enable member enumeration
Replaces Browser and HTML DOM objects by a member enumeration.
Type: String
starter - Standard protection and optimization behavior. Enough for most * JavaScript applicationsmobile - Transformations are applied having into account the limitations and needs of mobile deviceshtml5 - Protects your HTML5 and Web Gaming applications by targeting the new HTML5 featuresnodejs - Protects your Node.js applicationType: String
Set a prefix to be appended to the new names generated by JScrambler.
Type: String
%DEFAULT% - enable rename all
Renames all identifiers found at your source code. By default, there is a list of JavaScript and HTML DOM names that will not be replaced. If you need to add additional exceptions use the exceptions_list parameter.
Type: String
%DEFAULT% - enable rename local
Renames local names only. The best way to replace names without worrying about name dependencies.
Type: String
%DEFAULT% - enable self defending
Obfuscates functions and objects concealing their logic and thwarting code tampering attempts by using anti-tampering and anti-debugging techniques. Attempts to tamper the code will break its functionality and using JavaScript debuggers will trigger defenses to thwart analysis.
Type: String
occurrences[;concatenation]
occurrences - Percentage of occurrences. Accepted values between 0.01 and 1. concatenation - Percentage of concatenation occurrences. Accepted values between 0 and 1 (0 means chunks of a single character and 1 the whole string).
Type: String
%DEFAULT% - enable whitespace
Shrink the size of your JavaScript removing unnecessary whitespaces and newlines from the source code.
FAQs
Jscrambler API client.
The npm package jscrambler receives a total of 5,844 weekly downloads. As such, jscrambler popularity was classified as popular.
We found that jscrambler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.