JavaScript Obfuscator
Protect your JavaScript from copying and reverse-engineering with industry-grade obfuscation. Paste your code, tune the protection options, and click — everything runs on your device, nothing is sent to a server. (To pretty-print code, use the Formatter.)
Everything runs in your browser. Your code is never sent to our servers.
Example
Example Input
function greet(name) {
const msg = "Hello, " + name;
return msg;
}Example Output
var _0x3a8f=['Hello,\x20'];function greet(_0x1d2e){const _0x52c1=_0x3a8f[0x0]+_0x1d2e;return _0x52c1;}How to Use
- 1Paste your JavaScript code into the Input field.
- 2Tune the protection level in the "Obfuscation options" panel as needed.
- 3Click the Obfuscate button (or press Ctrl+Enter). The result appears in the Output field.
- 4Click Copy to copy the result. To pretty-print code, use the Formatter.
About the JavaScript Obfuscator
The JavaScript Obfuscator transforms your source into a functionally identical but far less readable version. It renames variables and functions to meaningless tokens, moves every string literal into an encoded "string array" (Base64 or RC4), and can scramble control flow (control flow flattening) and inject dead code to disguise the original logic.
Obfuscation raises the cost of reverse-engineering — it is not encryption. Obfuscated code still runs exactly the same in the browser; only its readability changes. Anti-tamper options like Self Defending and Debug Protection make the code harder to re-format or step through with a debugger, while Disable Console Output suppresses unwanted console logging.
Use it for public widgets, license code, or client-side logic you want to protect. Obfuscation is a one-way street by design: the original names, strings, and structure are deliberately destroyed and cannot be recovered. If you only need to pretty-print (beautify) code, use the Formatter.
FAQ
What are Control Flow Flattening and Dead Code Injection?
Control Flow Flattening restructures the program into a state-machine (switch) so the order of logic is hard to follow. Dead Code Injection adds fake, never-executed blocks to confuse readers. Both raise protection but slightly increase size and slow execution — enable them as needed.
What's the difference between obfuscating and minifying JavaScript?
Minifying only shrinks size (removes whitespace/comments) but stays easy to reverse. Obfuscating deliberately makes code HARD to read and reverse-engineer — renaming, disguising strings, and altering flow — while still running the same. For plain beautify/minify, use the Formatter.
Is there a deobfuscate mode for JavaScript?
No. The JavaScript Obfuscator is one-way — there is no deobfuscate mode. True deobfuscation requires executing the code (eval) to unpack the rotated string array, which this site deliberately forbids for security (a strict CSP). To simply pretty-print code, use the Formatter (JavaScript).
Is my code sent to a server?
No. JavaScript is processed entirely in your browser using JavaScript/WebAssembly. Your code never leaves your device.