See every transform side-by-side
Real input on the left, real protected output on the right. Outputs can vary from run to run,
so the shapes below are representative rather than exact copies of what the online tool returns.
standard 1. Name Mangling
Local identifiers (variables, parameters, function names) collapse to short, opaque tokens. Public/global names you list as reserved are left alone.
function calculateLicenseHash(productKey, accountId) {
const salt = "JSO-2026";
return productKey + ":" + accountId + ":" + salt;
}
function _0x4f2a(_0xae,_0x21){
const _0xbc="JSO-2026";
return _0xae+":"+_0x21+":"+_0xbc;
}
balanced 2. String Array (Move Strings Into Array)
Every string literal is hoisted into a single array at the top, accessed by index. Static analyzers can no longer grep the bundle for revealing strings; they have to follow the indirection.
function greet(user) {
if (user.role === "admin") {
return "Welcome, administrator!";
}
return "Hello, " + user.name;
}
var _$a=["admin","Welcome, administrator!","Hello, ","role","name"];
function _g(u){
if(u[_$a[3]]===_$a[0]){
return _$a[1];
}
return _$a[2]+u[_$a[4]];
}
balanced 3. String Encryption
The hoisted string array is hidden until the protected file runs. Searching the shipped file for "Welcome" no longer reveals the original message.
function greet(user) {
if (user.role === "admin") {
return "Welcome, administrator!";
}
return "Hello, " + user.name;
}
var _$e=["bER0aW4=","V2VsY29tZSwgYWRtaW5pc3RyYXRvciE=",
"SGVsbG8sIA==","cm9sZQ==","bmFtZQ=="];
(function(a,b){var c=function(i){return atob(a[i]);};
_$d=function(i){return c(i);};})(_$e);
function _g(u){
if(u[_$d(3)]===_$d(0))return _$d(1);
return _$d(2)+u[_$d(4)];
}
maximum 4. Control Flow Flattening (Flat Transform)
Linear code becomes a state-machine loop. Automated readers must work through that new structure before they can understand the original branches.
function sum(n) {
let total = 0;
for (let i = 1; i <= n; i++) {
total += i;
}
return total;
}
function _s(n){
var _st="3|0|4|2|1".split("|"),_i=0,_t,_x;
while(true){
switch(_st[_i++]){
case "0": _t=0; continue;
case "1": return _t;
case "2": if(_x>n){_i=4;continue;} _t+=_x; _x++; _i=2; continue;
case "3": _x=1; continue;
case "4": _i=1; continue;
}
break;
}
}
maximum 5. Dead Code Insertion
Provably unreachable branches are spliced in alongside real logic. The bundle grows; the reader gets more code paths to chase before realizing most of them are decoys.
function isPaid(user) {
return user.tier >= 2;
}
function _ip(u){
if(!![]){
return u["tier"]>=2;
}else{
var _z=function(a){return a*0x71+0x1f;};
for(var i=0;i<3;i++){_z(i);}
throw new Error("never");
}
}
maximum 6. Protect Members & Member Mapping
Object property names that don't escape the bundle (e.g. internal helpers) are renamed too. Combined with the string array, even structured access becomes opaque.
const license = {
productKey: "ABC-123",
expires: "2027-01-01",
isValid() { return Date.now() < Date.parse(this.expires); }
};
var _$m=["ABC-123","2027-01-01"];
const _l={
_0xae: _$m[0],
_0xbf: _$m[1],
_0xc1(){ return Date.now() < Date.parse(this._0xbf); }
};
maximum 7. Self-Defending Integrity Guard
A small heartbeat function checks that the protected bundle was not edited or re-formatted after shipping. Any modification — even a single whitespace change — trips the guard and the configured runtime defense action fires.
function chargeCard(amount) {
api.post("/charge", {amount});
}
(function _sd(){
var _exp="a7c9...c2";
var _f=arguments.callee.toString().replace(/[^a-z0-9]/gi,"");
var _h=0; for(var i=0;i<_f.length;i++)_h=(_h*31+_f.charCodeAt(i))>>>0;
if(_h.toString(16)!==_exp){ window.__jso_tamper(); return; }
setTimeout(_sd, 5000);
})();
function _c(_a){_api.post("/charge",{amount:_a});}
Try it on your own code
The examples above are short for readability. The online tool handles larger files, multiple presets, and the same protection choices shown here.