{"id":11133,"library":"javascript-obfuscator","title":"JavaScript Obfuscator","description":"JavaScript Obfuscator is a powerful, free-to-use library for transforming JavaScript and Node.js source code to make it harder to reverse engineer. The current stable version is 5.4.1. The project demonstrates an active release cadence with frequent minor and patch updates, indicating ongoing development and maintenance. Key features include VM-based bytecode obfuscation (available via the integrated Obfuscator.io Pro API), variable renaming, string extraction and encryption, dead code injection, control flow flattening, and various other code transformations. Its primary differentiator is the breadth of its obfuscation techniques, including advanced VM-based protection, making it a comprehensive solution for source code protection against tampering and intellectual property theft.","status":"active","version":"5.4.1","language":"javascript","source_language":"en","source_url":"https://github.com/javascript-obfuscator/javascript-obfuscator","tags":["javascript","obfuscator","obfuscation","uglify","crush","code protection","javascript obfuscator","js obfuscator","typescript"],"install":[{"cmd":"npm install javascript-obfuscator","lang":"bash","label":"npm"},{"cmd":"yarn add javascript-obfuscator","lang":"bash","label":"yarn"},{"cmd":"pnpm add javascript-obfuscator","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Requires Node.js runtime environment.","package":"node","optional":false}],"imports":[{"note":"While CommonJS `require` might work in some contexts, the library primarily targets modern Node.js environments (>=18.0.0) which favor ESM imports.","wrong":"const JavaScriptObfuscator = require('javascript-obfuscator');","symbol":"JavaScriptObfuscator","correct":"import JavaScriptObfuscator from 'javascript-obfuscator';"},{"note":"Importing types explicitly using `import type` is best practice for TypeScript to avoid bundling unnecessary runtime code.","symbol":"ObfuscatorOptions","correct":"import type { ObfuscatorOptions } from 'javascript-obfuscator';"},{"note":"The `obfuscate` method is a static method on the default export, not a named export directly from the package.","wrong":"import { obfuscate } from 'javascript-obfuscator';","symbol":"obfuscate","correct":"const result = JavaScriptObfuscator.obfuscate(code, options);"}],"quickstart":{"code":"import JavaScriptObfuscator from 'javascript-obfuscator';\n\nconst sourceCode = `\nfunction greet(name) {\n  const message = 'Hello, ' + name + '! Welcome to the obfuscated world.';\n  console.log(message);\n}\n\ngreet('Developer');\n\nconst secretData = {\n  apiKey: 'super-secret-key-123',\n  database: 'production-db'\n};\n\nfunction getSecret(key) {\n  return secretData[key];\n}\n\nconsole.log(getSecret('apiKey'));\n`;\n\nconst obfuscationOptions = {\n  compact: true,\n  controlFlowFlattening: true,\n  controlFlowFlatteningThreshold: 0.75,\n  deadCodeInjection: true,\n  deadCodeInjectionThreshold: 0.4,\n  debugProtection: false,\n  debugProtectionInterval: 0,\n  disableConsoleOutput: true,\n  identifierNamesGenerator: 'hexadecimal',\n  log: false,\n  numbersToExpressions: true,\n  renameGlobals: false,\n  selfDefending: true,\n  simplify: true,\n  splitStrings: true,\n  splitStringsChunkLength: 10,\n  stringArray: true,\n  stringArrayEncoding: ['base64'],\n  stringArrayIndexShift: true,\n  stringArrayRotate: true,\n  stringArrayShuffle: true,\n  stringArrayWrappersCount: 2,\n  stringArrayWrappersType: 'variable',\n  stringArrayThreshold: 0.75,\n  transformObjectKeys: true,\n  unicodeEscapeSequence: false,\n  domainLock: [\n    'example.com',\n    process.env.DOMAIN_LOCK_TEST ?? '' // Example for environment variable usage\n  ]\n};\n\ntry {\n  const obfuscatedResult = JavaScriptObfuscator.obfuscate(sourceCode, obfuscationOptions);\n  console.log('Obfuscated Code:\\n', obfuscatedResult.getObfuscatedCode());\n  // You can also get the source map if enabled in options\n  // console.log('Source Map:\\n', obfuscatedResult.getSourceMap());\n} catch (error) {\n  console.error('Obfuscation failed:', error);\n}\n","lang":"typescript","description":"This quickstart demonstrates how to import and use `javascript-obfuscator` to obfuscate a sample JavaScript code string with a comprehensive set of options."},"warnings":[{"fix":"Upgrade your Node.js runtime to version 18.0.0 or higher. For npm, run `npm install -g n` then `n stable` or `n 18`.","message":"Version 4.2.0 dropped support for Node.js versions 17 and below. Projects running on older Node.js versions must upgrade their environment or stick to an earlier `javascript-obfuscator` version.","severity":"breaking","affected_versions":">=4.2.0"},{"fix":"Upgrade to `javascript-obfuscator@5.4.1` or newer. If you must use an older version in a browser, ensure `Utils.nodeRequire` is not invoked or use a bundler that correctly shims `require`.","message":"Prior to version 5.4.1, using `javascript-obfuscator` in browser environments could lead to `ReferenceError: require is not defined` due to a non-lazy `Utils.nodeRequire` call.","severity":"gotcha","affected_versions":"<5.4.1"},{"fix":"Upgrade to `javascript-obfuscator@5.4.1` or newer. If staying on an older version, ensure all `domainLock` entries match the exact case of the target domains.","message":"Versions prior to 5.4.1 had a case-sensitive `domainLock` option. Domains provided would only match if the casing was exact, leading to unexpected bypasses.","severity":"gotcha","affected_versions":"<5.4.1"},{"fix":"Review the documentation for `Obfuscator.io` and the `apiConfig` option if you intend to use the advanced PRO features. This may involve obtaining an API key and managing API calls.","message":"Version 5.0.0 introduced support for JavaScript Obfuscator PRO via its API. While the core free obfuscation remains, advanced VM-based bytecode obfuscation and other PRO features require calling the external API, potentially changing workflow for users seeking the highest protection.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Upgrade to `javascript-obfuscator@5.4.0` or newer. If using an older version, carefully test code using classes with `reservedNames` and these obfuscation features enabled, and consider alternative preservation strategies if issues arise.","message":"Before version 5.4.0, the `reservedNames` option might not have correctly preserved class method and property names when `stringArray` or `deadCodeInjection` obfuscation features were enabled, leading to broken code.","severity":"gotcha","affected_versions":"<5.4.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Upgrade to `javascript-obfuscator@5.4.1` or newer. If running in a non-Node.js environment, ensure your build process correctly shims or polyfills Node.js-specific globals if necessary.","cause":"Attempting to use `javascript-obfuscator` in a browser environment with versions prior to 5.4.1, which had a bug related to `Utils.nodeRequire`.","error":"ReferenceError: require is not defined"},{"fix":"First, upgrade to the latest patch version (e.g., 5.4.1) as many such bugs are fixed in patch releases. If the issue persists, try isolating the problem by incrementally enabling obfuscation options to identify the problematic setting. Report the bug to the library's GitHub issues with a minimal reproducible example.","cause":"Malformation of obfuscated code, often caused by specific combinations of obfuscation options interacting incorrectly with certain JavaScript syntax, or bugs in the obfuscator itself.","error":"SyntaxError: Unexpected token"},{"fix":"Upgrade your Node.js runtime to version 18.0.0 or newer. Use a tool like `nvm` (Node Version Manager) or `n` to manage Node.js versions: `nvm install 18 && nvm use 18` or `npm install -g n && n 18`.","cause":"Attempting to install or run `javascript-obfuscator` on an unsupported Node.js version.","error":"Error: The 'javascript-obfuscator' package requires Node.js version 18.0.0 or higher. You are currently running Node.js version X.Y.Z."}],"ecosystem":"npm"}