JavaScript Obfuscator
Protect your JavaScript code from reverse engineering. All processing happens in your browser — your code never leaves your device.
Important Limitations
- · Obfuscation ≠ encryption. A determined reverse engineer can still deobfuscate your code.
- · Control flow flattening and dead code injection significantly increase file size and can slow execution.
- · For sensitive secrets, never put them in client-side JavaScript — obfuscated or not.
What each option does
- · Rename Variables — replaces readable names like
userNamewith_0x1a2b3c. - · String Encryption — moves strings into an encoded lookup array, decoded at runtime.
- · Control Flow Flattening — converts linear code into a state-machine loop to obscure logic.
- · Dead Code Injection — adds random unreachable code blocks to confuse analysis tools.
Frequently Asked Questions
Does obfuscated code still work normally?
Yes — obfuscated code is semantically identical to the original. It runs exactly the same way in the browser, just in a form that is much harder for humans to read and understand.
Is my code sent to a server?
No. All obfuscation happens entirely in your browser using the javascript-obfuscator library. Your code never leaves your device.
Why does the obfuscated file get larger?
Obfuscation adds overhead — string arrays, decoder functions, and (optionally) dead code. Rename Variables alone adds minimal overhead; enabling Control Flow Flattening and Dead Code Injection can double or triple the file size.
Can I obfuscate minified code?
Yes, but it's best to obfuscate first, then minify (or let the obfuscator's compact mode handle it). Applying obfuscation to already-minified code can sometimes cause issues with variable name collisions.