See every transform side-by-side

Real input on the left, real protected output on the right. Outputs can vary from run to run, so the shapes below are representative rather than exact copies of what the online tool returns.

standard 1. Name Mangling

Local identifiers (variables, parameters, function names) collapse to short, opaque tokens. Public/global names you list as reserved are left alone.

Source 102 bytes

function calculateLicenseHash(productKey, accountId) {
    const salt = "JSO-2026";
    return productKey + ":" + accountId + ":" + salt;
}

Protected 87 bytes

function _0x4f2a(_0xae,_0x21){
    const _0xbc="JSO-2026";
    return _0xae+":"+_0x21+":"+_0xbc;
}

balanced 2. String Array (Move Strings Into Array)

Every string literal is hoisted into a single array at the top, accessed by index. Static analyzers can no longer grep the bundle for revealing strings; they have to follow the indirection.

Source 141 bytes

function greet(user) {
    if (user.role === "admin") {
        return "Welcome, administrator!";
    }
    return "Hello, " + user.name;
}

Protected 208 bytes

var _$a=["admin","Welcome, administrator!","Hello, ","role","name"];
function _g(u){
    if(u[_$a[3]]===_$a[0]){
        return _$a[1];
    }
    return _$a[2]+u[_$a[4]];
}

balanced 3. String Encryption

The hoisted string array is hidden until the protected file runs. Searching the shipped file for "Welcome" no longer reveals the original message.

Source 141 bytes

function greet(user) {
    if (user.role === "admin") {
        return "Welcome, administrator!";
    }
    return "Hello, " + user.name;
}

Protected 312 bytes

var _$e=["bER0aW4=","V2VsY29tZSwgYWRtaW5pc3RyYXRvciE=",
         "SGVsbG8sIA==","cm9sZQ==","bmFtZQ=="];
(function(a,b){var c=function(i){return atob(a[i]);};
 _$d=function(i){return c(i);};})(_$e);
function _g(u){
    if(u[_$d(3)]===_$d(0))return _$d(1);
    return _$d(2)+u[_$d(4)];
}

maximum 4. Control Flow Flattening (Flat Transform)

Linear code becomes a state-machine loop. Automated readers must work through that new structure before they can understand the original branches.

Source 126 bytes

function sum(n) {
    let total = 0;
    for (let i = 1; i <= n; i++) {
        total += i;
    }
    return total;
}

Protected 298 bytes

function _s(n){
    var _st="3|0|4|2|1".split("|"),_i=0,_t,_x;
    while(true){
        switch(_st[_i++]){
            case "0": _t=0; continue;
            case "1": return _t;
            case "2": if(_x>n){_i=4;continue;} _t+=_x; _x++; _i=2; continue;
            case "3": _x=1; continue;
            case "4": _i=1; continue;
        }
        break;
    }
}

maximum 5. Dead Code Insertion

Provably unreachable branches are spliced in alongside real logic. The bundle grows; the reader gets more code paths to chase before realizing most of them are decoys.

Source 62 bytes

function isPaid(user) {
    return user.tier >= 2;
}

Protected 214 bytes

function _ip(u){
    if(!![]){
        return u["tier"]>=2;
    }else{
        var _z=function(a){return a*0x71+0x1f;};
        for(var i=0;i<3;i++){_z(i);}
        throw new Error("never");
    }
}

maximum 6. Protect Members & Member Mapping

Object property names that don't escape the bundle (e.g. internal helpers) are renamed too. Combined with the string array, even structured access becomes opaque.

Source 155 bytes

const license = {
    productKey: "ABC-123",
    expires: "2027-01-01",
    isValid() { return Date.now() < Date.parse(this.expires); }
};

Protected 196 bytes

var _$m=["ABC-123","2027-01-01"];
const _l={
    _0xae: _$m[0],
    _0xbf: _$m[1],
    _0xc1(){ return Date.now() < Date.parse(this._0xbf); }
};

maximum 7. Self-Defending Integrity Guard

A small heartbeat function checks that the protected bundle was not edited or re-formatted after shipping. Any modification — even a single whitespace change — trips the guard and the configured runtime defense action fires.

Source 66 bytes

function chargeCard(amount) {
    api.post("/charge", {amount});
}

Protected 320 bytes

(function _sd(){
    var _exp="a7c9...c2";
    var _f=arguments.callee.toString().replace(/[^a-z0-9]/gi,"");
    var _h=0; for(var i=0;i<_f.length;i++)_h=(_h*31+_f.charCodeAt(i))>>>0;
    if(_h.toString(16)!==_exp){ window.__jso_tamper(); return; }
    setTimeout(_sd, 5000);
})();
function _c(_a){_api.post("/charge",{amount:_a});}

Try it on your own code

The examples above are short for readability. The online tool handles larger files, multiple presets, and the same protection choices shown here.

Open the live demo Read the full docs ›