{"id":16402,"library":"js-confuser","title":"JS-Confuser: JavaScript Obfuscation Tool","description":"JS-Confuser is an active JavaScript obfuscation tool designed to make code difficult to read and analyze, thereby protecting intellectual property and deterring reverse engineering. The current stable version is 2.0.1, which builds upon a significant 2.0.0 rewrite implemented with Babel, introducing a revamped API and enhanced obfuscation capabilities. The project maintains an active release cadence with frequent updates, bug fixes, and feature additions across minor and patch versions. Key differentiators include robust control flow obfuscation, advanced string concealing with randomized charsets, anti-tampering protection against runtime modifications, and anti-tooling measures designed to defeat common deobfuscators. It also offers features like variable renaming, function obfuscation, and integrity checks to detect unauthorized source code changes. The primary API, `obfuscate()`, is promise-based and returns an object containing the obfuscated code.","status":"active","version":"2.0.1","language":"javascript","source_language":"en","source_url":"https://github.com/MichaelXF/js-confuser","tags":["javascript","obfuscator","obfuscation","uglify","code protection","javascript obfuscator","js obfuscator","typescript"],"install":[{"cmd":"npm install js-confuser","lang":"bash","label":"npm"},{"cmd":"yarn add js-confuser","lang":"bash","label":"yarn"},{"cmd":"pnpm add js-confuser","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Since v2.0.0, `obfuscate` is the primary named export for ESM. Attempting to use a default import `JsConfuser` in ESM for direct API access is incorrect for modern usage.","wrong":"import JsConfuser from 'js-confuser'; JsConfuser.obfuscate(...)","symbol":"obfuscate","correct":"import { obfuscate } from 'js-confuser';"},{"note":"For CommonJS environments, `require` is the correct way to import the module. The `obfuscate` function is then accessed as a property of the imported `JsConfuser` object (e.g., `JsConfuser.obfuscate`). Using `import` syntax will cause errors in CJS-only environments.","wrong":"import JsConfuser from 'js-confuser';","symbol":"JsConfuser","correct":"const JsConfuser = require('js-confuser');"},{"note":"TypeScript users can import the `ObfuscateOptions` interface to ensure type-safety and benefit from autocompletion when defining obfuscation configuration objects.","symbol":"ObfuscateOptions","correct":"import type { ObfuscateOptions } from 'js-confuser';"}],"quickstart":{"code":"import { obfuscate } from 'js-confuser';\n\nconst originalCode = `\n  function calculateFibonacci(n) {\n    let a = 0, b = 1, temp;\n    for (let i = 2; i <= n; i++) {\n      temp = a + b;\n      a = b;\n      b = temp;\n    }\n    return b;\n  }\n\n  const result = calculateFibonacci(10);\n  console.log('Fibonacci(10):', result);\n`;\n\nobfuscate(originalCode, {\n  target: 'browser', // Or 'node' depending on your target environment\n  preset: 'high',     // Choose a preset like 'low', 'medium', 'high', 'extreme'\n  stringEncoding: true,\n  // es5: true,       // Uncomment if targeting older JavaScript environments\n})\n.then(result => {\n  console.log('--- Obfuscated Code ---');\n  console.log(result.code);\n  // To execute the obfuscated code (use with caution, especially with untrusted code):\n  // try {\n  //   eval(result.code);\n  // } catch (e) {\n  //   console.error('Error executing obfuscated code:', e);\n  // }\n})\n.catch(error => {\n  console.error('Obfuscation failed:', error);\n});","lang":"typescript","description":"Demonstrates how to import and use the promise-based `obfuscate` function with a simple code snippet, showcasing a typical configuration and how to access the resulting obfuscated code from the resolved object."},"warnings":[{"fix":"Update your code to correctly handle the Promise and access the `code` property. Use `const { code } = await obfuscate(...)` or `obfuscate(...).then(result => result.code)`.","message":"Version 2.0.0 introduced a complete rewrite of the library, resulting in significant API changes. The `JSConfuser.obfuscate()` function (or the named `obfuscate` export) now returns a Promise that resolves to an object with a `code` property (`{ code: string }`), rather than directly returning the obfuscated code string.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"If preserving `Function.prototype.length` is essential for your application's functionality, explicitly set `preserveFunctionLength: true` in your obfuscation options.","message":"As of version 2.0.1, the `preserveFunctionLength` option is disabled by default. This change means that the `length` property of obfuscated functions may no longer reflect their original arity, which can break applications relying on `Function.prototype.length` for reflection or runtime checks.","severity":"gotcha","affected_versions":">=2.0.1"},{"fix":"Always ensure the `target` option accurately matches the environment where your obfuscated code will be executed. Review the generated code if you encounter runtime parsing or execution errors.","message":"The `target` option (e.g., 'node', 'browser') is critical for generating JavaScript code compatible with your intended runtime environment. An incorrect `target` can lead to syntax errors or unexpected behavior in the obfuscated output.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Carefully balance obfuscation strength with performance requirements. Conduct thorough testing with different presets and options to find an optimal configuration for your specific application without introducing unacceptable overhead.","message":"While powerful, aggressive obfuscation presets (e.g., `preset: 'high'`, `preset: 'extreme'`) or certain options like `stringEncoding: true` can significantly increase the size of the generated code and potentially degrade runtime performance, especially for large codebases.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"It is strongly recommended to disable `Tamper Protection`, `selfDefending`, and similar high-security features during development and debugging phases. Only enable them for production builds after extensive testing.","message":"Features such as `Tamper Protection` and `selfDefending` introduce runtime integrity checks that can make debugging obfuscated code extremely challenging, even during development. They are designed to prevent analysis but also hinder legitimate debugging efforts.","severity":"gotcha","affected_versions":">=1.6.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"For ESM projects, use `import { obfuscate } from 'js-confuser';`. For CommonJS, use `const JsConfuser = require('js-confuser');` and then call `JsConfuser.obfuscate(...)`.","cause":"This typically occurs when attempting to use a CJS `require` statement in an ESM context, or conversely, using a default import for a named export, leading to the `obfuscate` function not being correctly resolved.","error":"TypeError: JsConfuser.obfuscate is not a function"},{"fix":"Ensure you `await` the `obfuscate` function or chain a `.then()` call, then access `result.code`. Example: `const { code } = await obfuscate(...);` or `obfuscate(...).then(result => console.log(result.code));`","cause":"This error signifies that the result of the `obfuscate()` call is not an object with a `code` property, which often happens when the Promise returned by `obfuscate` is not correctly awaited or handled with `.then()` (a breaking change in v2.0.0).","error":"TypeError: Cannot read properties of undefined (reading 'code')"},{"fix":"Change your import statement to use ESM syntax: `import { obfuscate } from 'js-confuser';`. If you must use CommonJS in an ESM project, consider using dynamic `import()` or configuring your build tool accordingly.","cause":"This error indicates that you are attempting to use the CommonJS `require()` function within an ECMAScript Module (ESM) file or environment.","error":"ReferenceError: require is not defined"},{"fix":"Verify that the `target` option (e.g., 'es5', 'browser', 'node') matches the environment where the obfuscated code will run. If using modern JavaScript features in your input, consider setting `es5: true` in options if targeting older runtimes, or ensure your target environment supports the generated syntax.","cause":"The generated obfuscated code contains syntax incompatible with the JavaScript engine executing it. This is usually due to an incorrect `target` option in the obfuscation configuration, or the input code using modern features not transpiled for the target.","error":"SyntaxError: Unexpected token '...' (or similar parsing errors in obfuscated code)"}],"ecosystem":"npm"}