Five protection layers, four shipping paths, one engine that has been continuously delivered since 2004. This page is the short version — for deeper detail, see the docs.
Each layer removes a different cue an attacker, an automated deobfuscator, or an LLM might use to recover the original. Higher tiers add the later layers; the earlier ones are always on.
Variables, parameters, and function names rewrite to short, meaningless tokens. Comments and original identifiers are gone for good.
Literal strings move into a runtime-decoded array. Search-by-string — the easiest way to locate logic in a bundle — stops working.
Strings and numeric constants exist only after a runtime decoder runs. Static analysis sees opaque blobs — LLMs lose their anchor points.
If/else and loops compile to a state-machine dispatch. Visual structure that pattern-matchers depend on is replaced by uniform switches.
Decoder shape, key derivation, and identifier prefix regenerate on every release. An AI deobfuscator that solves one build cannot reuse the approach.
A short license check on the left; what ships to the browser on the right after all five layers run.
function validateLicense(plan) { if (plan === 'trial') return false; return plan.expiresAt > Date.now(); }
(function(){var _0xa3=_dec(0x4a); function _0xa4(_p){var _st=0; while(_st!==-1){switch(_st){ case 0:if(_p===_dec(0x4b))return!1; _st=1;break; case 1:return _p[_dec(0x4c)]> Date[_dec(0x4d)](); }}}})();
The same engine you just saw in the code preview ships as a Windows desktop application. Drop in a folder, configure presets, and run the same Maximum-mode protection across hundreds of files in one batch — with a deterministic command line you can commit to your release pipeline.
Desktop app on Windows · Maximum-mode preset shown
The same protection logic, packaged for the constraint your release flow has — quick evaluation, on-prem source, repeatable CI, or a Node-based pipeline.
Quick before-and-after preview, single-file tests, shareable evaluation links. No install, free tier with monthly quota.
Whole-project batches, JavaScript embedded in HTML/PHP/ASP/JSP, deterministic command line for CI handoff. Source never leaves the workstation.
Hosted endpoint for any pipeline that issues HTTPS requests. Ideal when the build runs somewhere we don't — cloud-only, ephemeral runners, internal CI.
Drop-in for Node-based pipelines. npm install javascript-obfuscator, same options as the GUI, runs in any CI that runs Node.
npm install javascript-obfuscator
Paste a function into the online tool to see what Maximum mode does to it. When you're ready for a project-wide test, the desktop app processes whole directories — including JavaScript embedded in HTML, PHP, ASP, ASPX, and JSP.