Documentation

Guides for protecting production JavaScript

Reference guides for release workflows, command-line usage, cross-file protections, and the desktop app.

Build And Release Workflows Download Desktop

Inside The Docs

Practical guides, not placeholder pages.

How-to guides Start with release sequencing and command-line usage, then move into feature-specific references.

Advanced protection Browse cross-file controls like Replace Globals and Protect Members when a build spans multiple scripts.

Compatibility checker — preview

StatusPreview · deterministic regex-based today
LLM-backedShips 2026-Q3 with JSO AI Basic
DataRuns entirely in your browser. Nothing sent anywhere.

Paste a JavaScript snippet, click Scan, see which patterns are likely to break under Maximum-mode obfuscation. Today the findings come from the same regex rule engine the server-side /v1/ai/compat-check.ashx endpoint uses in preview mode (eight categories: dynamic-eval, reflective property access, framework runtime, explicit-keep pragmas, inline HTML, source-map references, debug-leak). From 2026-Q3, the LLM-backed compat checker reasons about the surrounding code context and surfaces issues this rule engine misses.

Preview only. The rules below are the same ones that ship server-side today. The real value of the LLM-backed version is reasoning about which patterns are actually risky in your code's context — the rule-based version flags eval as a finding regardless of whether the surrounding code makes it safe. Join the AI Basic waitlist for the production version.

Paste JavaScript

Up to ~256KB. The scanner runs on every Scan click; nothing is sent over the network.

Findings

no scan yet

Click Scan to see the report.

What the rule engine catches today

Category	Severity	What it flags
`dynamic-eval`	error	`eval(...)`, `new Function(...)`. Will not survive renaming if the evaluated string references locals.
`reflective`	warning	Dynamic property access by string concatenation. Add to `MemberExclusion`.
`framework-rt`	warning	Webpack symbols (`__webpack_require__`), React class lifecycle, Vue hooks. Add to `VariableExclusion` or exclude the file.
`explicit-keep`	info	Pragma comments (`// jso-keep`, `// @jso-keep`). Confirm the matching exclusion entry exists.
`inline-html`	warning	`document.write`, `.innerHTML =` . Template-string contents may reference renamed identifiers.
`source-map`	warning	`//# sourceMappingURL=`. Shipping a source map alongside protected code undoes the protection.
`debug-leak`	info / error	`console.log` (info) and `debugger;` (error). The latter halts under DevTools.

How the LLM-backed version improves on this

Context-aware eval verdicts. A static dispatch table looks like eval but is actually safe. The rule-based version flags both equally; the LLM reasons about whether the evaluated string references locals that get renamed.
Framework version inference. Today componentDidMount is always flagged as a React lifecycle method. The LLM reads imports / decorators / surrounding patterns and can tell whether it's a class component (where the name must be preserved) vs a method-named-after-a-lifecycle-method-but-not-in-a-class (where it doesn't matter).
Bundle-wide cross-referencing. When the customer passes multiple files (Phase 2), the LLM can correlate — "you have eval(name + '()') at line 12 of a.js and function calculateLicenseHash in b.js; if those are linked, the rename will break the eval."

Next step: read the compat-check API reference for the wire format / curl examples, or join the waitlist to be notified when the LLM-backed version ships.