⚠️ Important ⚠️ 重要
Only obfuscate the code that belongs to you.
只混淆属于你的代码。
It is not recommended to obfuscate vendor scripts and polyfills, since the obfuscated code is 15-80% slower (depends on options) and the files are significantly larger.
不建议对供应商脚本和 polyfill 进行模糊处理,因为经过模糊处理的代码速度慢 15-80%(取决于选项),并且文件明显更大。
Installation 安装
Using Yarn or NPM
使用纱线或 NPM
Install the package with Yarn or NPM and add it to your dependencies or devDependencies:
使用 Yarn 或 NPM 安装软件包并将其添加到您的 dependencies 或 devDependencies :
$ yarn add --dev javascript-obfuscator
or 或
$ npm install --save-dev javascript-obfuscator
In a Browser 在浏览器中
From CDN: 从 CDN:
<script src="https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js"></script>
From node_modules: 从 node_modules :
<script src="./node_modules/javascript-obfuscator/dist/index.browser.js"></script>
Usage 用法
var JavaScriptObfuscator = require('javascript-obfuscator');
var obfuscationResult = JavaScriptObfuscator.obfuscate(
`
(function(){
var variable1 = '5' - 3;
var variable2 = '5' + 3;
var variable3 = '5' + - '2';
var variable4 = ['10','10','10','10','10'].map(parseInt);
var variable5 = 'foo ' + 1 + 1;
console.log(variable1);
console.log(variable2);
console.log(variable3);
console.log(variable4);
console.log(variable5);
})();
`,
{
compact: false,
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 1,
numbersToExpressions: true,
simplify: true,
stringArrayShuffle: true,
splitStrings: true,
stringArrayThreshold: 1
}
);
console.log(obfuscationResult.getObfuscatedCode());
/*
var _0x9947 = [
'map',
'log',
'foo\x20',
'bvmqO',
'133039ViRMWR',
'xPfLC',
'ytpdx',
'1243717qSZCyh',
'2|7|4|6|9|',
'1ErtbCr',
'1608314VKvthn',
'1ZRaFKN',
'XBoAA',
'423266kQOYHV',
'3|0|5|8|1',
'235064xPNdKe',
'13RUDZfG',
'157gNPQGm',
'1639212MvnHZL',
'rDjOa',
'iBHph',
'9926iRHoRl',
'split'
];
function _0x33e4(_0x1809b5, _0x37ef6e) {
return _0x33e4 = function (_0x338a69, _0x39ad79) {
_0x338a69 = _0x338a69 - (0x1939 + -0xf * 0x1f3 + 0x1 * 0x469);
var _0x2b223a = _0x9947[_0x338a69];
return _0x2b223a;
}, _0x33e4(_0x1809b5, _0x37ef6e);
}
(function (_0x431d87, _0x156c7f) {
var _0x10cf6e = _0x33e4;
while (!![]) {
try {
var _0x330ad1 = -parseInt(_0x10cf6e(0x6c)) * -parseInt(_0x10cf6e(0x6d)) + -parseInt(_0x10cf6e(0x74)) * -parseInt(_0x10cf6e(0x78)) + parseInt(_0x10cf6e(0x6a)) + -parseInt(_0x10cf6e(0x70)) + parseInt(_0x10cf6e(0x6e)) * -parseInt(_0x10cf6e(0x75)) + parseInt(_0x10cf6e(0x72)) + -parseInt(_0x10cf6e(0x67)) * parseInt(_0x10cf6e(0x73));
if (_0x330ad1 === _0x156c7f)
break;
else
_0x431d87['push'](_0x431d87['shift']());
} catch (_0x9f878) {
_0x431d87['push'](_0x431d87['shift']());
}
}
}(_0x9947, -0xb6270 + 0x4dfd2 * 0x2 + 0x75460 * 0x2), function () {
var _0x1f346d = _0x33e4, _0x860db8 = {
'ytpdx': _0x1f346d(0x6b) + _0x1f346d(0x71),
'bvmqO': function (_0x560787, _0x519b9e) {
return _0x560787 - _0x519b9e;
},
'rDjOa': function (_0x4501fe, _0x2b07a3) {
return _0x4501fe + _0x2b07a3;
},
'xPfLC': function (_0x5f3c9b, _0x434936) {
return _0x5f3c9b + _0x434936;
},
'XBoAA': function (_0x535b8a, _0x42eef4) {
return _0x535b8a + _0x42eef4;
},
'iBHph': _0x1f346d(0x65)
}, _0x346c55 = _0x860db8[_0x1f346d(0x69)][_0x1f346d(0x79)]('|'), _0x3bf817 = 0x4bb * 0x1 + 0x801 + -0xcbc;
while (!![]) {
switch (_0x346c55[_0x3bf817++]) {
case '0':
console[_0x1f346d(0x7b)](_0x4c96d8);
continue;
case '1':
console[_0x1f346d(0x7b)](_0x101028);
continue;
case '2':
var _0x65977d = _0x860db8[_0x1f346d(0x66)]('5', -0x586 + -0x2195 + -0x6 * -0x685);
continue;
case '3':
console[_0x1f346d(0x7b)](_0x65977d);
continue;
case '4':
var _0x56d39b = _0x860db8[_0x1f346d(0x76)]('5', -'2');
continue;
case '5':
console[_0x1f346d(0x7b)](_0x56d39b);
continue;
case '6':
var _0x544285 = [
'10',
'10',
'10',
'10',
'10'
][_0x1f346d(0x7a)](parseInt);
continue;
case '7':
var _0x4c96d8 = _0x860db8[_0x1f346d(0x68)]('5', 0x622 * -0x6 + 0x4a * 0x3 + 0x1 * 0x23f1);
continue;
case '8':
console[_0x1f346d(0x7b)](_0x544285);
continue;
case '9':
var _0x101028 = _0x860db8[_0x1f346d(0x6f)](_0x860db8[_0x1f346d(0x6f)](_0x860db8[_0x1f346d(0x77)], 0x6fb * 0x5 + 0x1ebf * 0x1 + -0x41a5), 0x209 * 0xa + 0x1314 + -0x276d);
continue;
}
break;
}
}());
*/
obfuscate(sourceCode, options)
Returns ObfuscationResult object which contains two public methods:
返回 ObfuscationResult 包含两个公共方法的对象:
getObfuscatedCode()– returnsstringwith obfuscated code;
getObfuscatedCode()– 返回string带有混淆代码;getSourceMap()– ifsourceMapoption is enabled – returnsstringwith source map or an empty string ifsourceMapModeoption is set asinline;
getSourceMap()– 如果选项已启用 –string如果sourceMapModesourceMap选项设置为inline;getIdentifierNamesCache()– returns object with identifier names cache ifidentifierNamesCacheoption is enabled,nulloverwise.
getIdentifierNamesCache()– 如果启用选项,则返回带有标识符名称缓存的对象,identifierNamesCachenull过度。
Calling toString() for ObfuscationResult object will return string with obfuscated code.
调用 toString() ObfuscationResult 对象将返回 string 模糊代码。
Method takes two parameters, sourceCode and options – the source code and the options respectively:
方法有两个参数, sourceCode 并且 options – 分别是源代码和选项:
sourceCode(string, default:null) – any valid source code, passed as a string;
sourceCode( , 默认值:null) – 任何有效的源代码string,作为字符串传递;options(Object, default:null) – an object with options.
options(Object, 默认值:null) – 带有选项的对象。
For available options, see options.
有关可用选项,请参阅选项。
obfuscateMultiple(sourceCodesObject, options)
Accepts sourceCodesObject that is a map which keys are identifiers of source codes and values are source codes:
接受 sourceCodesObject 这是一个映射,其中键是源代码的标识符,值是源代码:
{
foo: 'var foo = 1;',
bar: 'var bar = 2;'
}
Returns a map object which keys are identifiers of source codes and values are ObfuscationResult objects.
返回一个 map 对象,其键是源代码的标识符,值是 ObfuscationResult 对象。
getOptionsByPreset(optionsPreset)
Returns an options object for the passed options preset name.
返回传递的选项预设名称的选项对象。
CLI usage 命令行界面用法
See CLI options. 请参阅 CLI 选项。
Obfuscate single file 对单个文件进行模糊处理
Usage: 用法:
javascript-obfuscator input_file_name.js [options]
javascript-obfuscator input_file_name.js --output output_file_name.js [options]
javascript-obfuscator input_file_name.js --output output_folder_name [options]
javascript-obfuscator input_folder_name --output output_folder_name [options]
Obfuscation of single input file with .js extension.
对带有扩展名的 .js 单个输入文件进行混淆。
If the destination path is not specified with the --output option, the obfuscated file will be saved into the input file directory, with INPUT_FILE_NAME-obfuscated.js name.
如果未使用该 --output 选项指定目标路径,则经过模糊处理的文件将保存到输入文件目录中,并 INPUT_FILE_NAME-obfuscated.js 带有名称。
Some examples: 一些例子:
javascript-obfuscator samples/sample.js --compact true --self-defending false
// creates a new file samples/sample-obfuscated.js
javascript-obfuscator samples/sample.js --output output/output.js --compact true --self-defending false
// creates a new file output/output.js
Obfuscate directory recursively
递归混淆目录
Usage: 用法:
javascript-obfuscator ./dist [options]
// creates a new obfuscated files under `./dist` directory near the input files with `obfuscated` postfix
javascript-obfuscator ./dist --output ./dist/obfuscated [options]
// creates a folder structure with obfuscated files under `./dist/obfuscated` path
Obfuscation of all .js files under input directory. If this directory contains already obfuscated files with -obfuscated postfix – these files will ignored.
对输入目录下的所有 .js 文件进行模糊处理。如果此目录包含已混淆的带有后缀的文件 -obfuscated – 这些文件将被忽略。
Obfuscated files will saved into the input directory under INPUT_FILE_NAME-obfuscated.js name.
经过模糊处理的文件将保存到名称下的 INPUT_FILE_NAME-obfuscated.js 输入目录中。
Conditional comments 条件注释
You can disable and enable obfuscation for specific parts of the code by adding following comments:
您可以通过添加以下注释来禁用和启用代码特定部分的模糊处理:
- disable:
// javascript-obfuscator:disableor/* javascript-obfuscator:disable */;
禁用:// javascript-obfuscator:disable或/* javascript-obfuscator:disable */; - enable:
// javascript-obfuscator:enableor/* javascript-obfuscator:enable */.
启用:// javascript-obfuscator:enable或/* javascript-obfuscator:enable */。
Example: 例:
// input
var foo = 1;
// javascript-obfuscator:disable
var bar = 2;
// output
var _0xabc123 = 0x1;
var bar = 2;
Conditional comments affect only direct transformations of AST-tree nodes. All child transformations still will be applied to the AST-tree nodes.
条件注释仅影响 AST 树节点的直接转换。所有子转换仍将应用于 AST 树节点。
For example: 例如:
- Obfuscation of the variable’s name at its declaration is called direct transformation;
在声明变量名称时对变量名称进行模糊处理称为直接转换; - Obfuscation of the variable’s name beyond its declaration is called child transformation.
在声明之外对变量名称进行模糊处理称为子转换。
Kind of variables 变量的种类
Kind of variables of inserted nodes will auto-detected, based on most prevailing kind of variables of source code.
插入节点的变量类型将根据源代码中最常见的变量类型自动检测。
Conflicts of identifier names between different files
不同文件之间的标识符名称冲突
During obfuscation of the different files, the same names can be generated for the global identifiers between these files. To prevent this set the unique prefix for all global identifiers for each obfuscated file with identifiersPrefix option.
在对不同文件进行模糊处理期间,可以为这些文件之间的全局标识符生成相同的名称。要防止这种情况,请使用选项为每个 identifiersPrefix 模糊处理文件的所有全局标识符设置唯一前缀。
When using CLI this prefix will be added automatically.
使用 CLI 时,将自动添加此前缀。
JavaScript Obfuscator Options
JavaScript 混淆器选项
Following options are available for the JS Obfuscator:
以下选项可用于 JS 混淆器:
options: 选项:
{
compact: true,
controlFlowFlattening: false,
controlFlowFlatteningThreshold: 0.75,
deadCodeInjection: false,
deadCodeInjectionThreshold: 0.4,
debugProtection: false,
debugProtectionInterval: 0,
disableConsoleOutput: false,
domainLock: [],
domainLockRedirectUrl: 'about:blank',
forceTransformStrings: [],
identifierNamesCache: null,
identifierNamesGenerator: 'hexadecimal',
identifiersDictionary: [],
identifiersPrefix: '',
ignoreImports: false,
inputFileName: '',
log: false,
numbersToExpressions: false,
optionsPreset: 'default',
renameGlobals: false,
renameProperties: false,
renamePropertiesMode: 'safe',
reservedNames: [],
reservedStrings: [],
seed: 0,
selfDefending: false,
simplify: true,
sourceMap: false,
sourceMapBaseUrl: '',
sourceMapFileName: '',
sourceMapMode: 'separate',
sourceMapSourcesMode: 'sources-content',
splitStrings: false,
splitStringsChunkLength: 10,
stringArray: true,
stringArrayCallsTransform: true,
stringArrayCallsTransformThreshold: 0.5,
stringArrayEncoding: [],
stringArrayIndexesType: [
'hexadecimal-number'
],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 1,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 2,
stringArrayWrappersType: 'variable',
stringArrayThreshold: 0.75,
target: 'browser',
transformObjectKeys: false,
unicodeEscapeSequence: false
}
CLI options: 命令行选项:
-v, --version
-h, --help
-o, --output
--compact <boolean>
--config <string>
--control-flow-flattening <boolean>
--control-flow-flattening-threshold <number>
--dead-code-injection <boolean>
--dead-code-injection-threshold <number>
--debug-protection <boolean>
--debug-protection-interval <number>
--disable-console-output <boolean>
--domain-lock '<list>' (comma separated)
--domain-lock-redirect-url <string>
--exclude '<list>' (comma separated)
--force-transform-strings '<list>' (comma separated)
--identifier-names-cache-path <string>
--identifier-names-generator <string> [dictionary, hexadecimal, mangled, mangled-shuffled]
--identifiers-dictionary '<list>' (comma separated)
--identifiers-prefix <string>
--ignore-imports <boolean>
--log <boolean>
--numbers-to-expressions <boolean>
--options-preset <string> [default, low-obfuscation, medium-obfuscation, high-obfuscation]
--rename-globals <boolean>
--rename-properties <boolean>
--rename-properties-mode <string> [safe, unsafe]
--reserved-names '<list>' (comma separated)
--reserved-strings '<list>' (comma separated)
--seed <string|number>
--self-defending <boolean>
--simplify <boolean>
--source-map <boolean>
--source-map-base-url <string>
--source-map-file-name <string>
--source-map-mode <string> [inline, separate]
--source-map-sources-mode <string> [sources, sources-content]
--split-strings <boolean>
--split-strings-chunk-length <number>
--string-array <boolean>
--string-array-calls-transform <boolean>
--string-array-calls-transform-threshold <number>
--string-array-encoding '<list>' (comma separated) [none, base64, rc4]
--string-array-indexes-type '<list>' (comma separated) [hexadecimal-number, hexadecimal-numeric-string]
--string-array-index-shift <boolean>
--string-array-rotate <boolean>
--string-array-shuffle <boolean>
--string-array-wrappers-count <number>
--string-array-wrappers-chained-calls <boolean>
--string-array-wrappers-parameters-max-count <number>
--string-array-wrappers-type <string> [variable, function]
--string-array-threshold <number>
--target <string> [browser, browser-no-eval, node]
--transform-object-keys <boolean>
--unicode-escape-sequence <boolean>
compact
Type: boolean Default: true
类型:默认: boolean true
Compact code output on one line.
一行紧凑的代码输出。
config
Type: string Default: “
类型: string 默认:“”
Name of JS/JSON config file which contains obfuscator options. These will be overridden by options passed directly to CLI
包含混淆器选项的 JS/JSON 配置文件的名称。这些将被直接传递给 CLI 的选项覆盖
controlFlowFlattening
Type: boolean Default: false
类型:默认: boolean false
⚠️ This option greatly affects the performance up to 1.5x slower runtime speed. Use controlFlowFlatteningThreshold to set percentage of nodes that will affected by control flow flattening.
⚠️ 此选项极大地影响性能,运行时速度最多可慢 1.5 倍。用于 controlFlowFlatteningThreshold 设置受控制流扁平化影响的节点百分比。
Enables code control flow flattening. Control flow flattening is a structure transformation of the source code that hinders program comprehension.
启用代码控制流扁平化。控制流扁平化是阻碍程序理解的源代码的结构转换。
Example: 例:
// input
(function(){
function foo () {
return function () {
var sum = 1 + 2;
console.log(1);
console.log(2);
console.log(3);
console.log(4);
console.log(5);
console.log(6);
}
}
foo()();
})();
// output
(function () {
function _0x3bfc5c() {
return function () {
var _0x3260a5 = {
'WtABe': '4|0|6|5|3|2|1',
'GokKo': function _0xf87260(_0x427a8e, _0x43354c) {
return _0x427a8e + _0x43354c;
}
};
var _0x1ad4d6 = _0x3260a5['WtABe']['split']('|'), _0x1a7b12 = 0x0;
while (!![]) {
switch (_0x1ad4d6[_0x1a7b12++]) {
case '0':
console['log'](0x1);
continue;
case '1':
console['log'](0x6);
continue;
case '2':
console['log'](0x5);
continue;
case '3':
console['log'](0x4);
continue;
case '4':
var _0x1f2f2f = _0x3260a5['GokKo'](0x1, 0x2);
continue;
case '5':
console['log'](0x3);
continue;
case '6':
console['log'](0x2);
continue;
}
break;
}
};
}
_0x3bfc5c()();
}());
controlFlowFlatteningThreshold
Type: number Default: 0.75 Min: 0 Max: 1
类型:默认:最小值:最大值: number 0.75 0 1
The probability that the controlFlowFlattening transformation will be applied to any given node.
controlFlowFlattening 转换将应用于任何给定节点的概率。
This setting is especially useful for large code size because large amounts of control flow transformations can slow down your code and increase code size.
此设置对于较大的代码大小特别有用,因为大量的控制流转换可能会减慢代码速度并增加代码大小。
controlFlowFlatteningThreshold: 0 equals to controlFlowFlattening: false.
controlFlowFlatteningThreshold: 0 等于 controlFlowFlattening: false 。
deadCodeInjection
Type: boolean Default: false
类型:默认: boolean false
⚠️ Dramatically increases size of obfuscated code (up to 200%), use only if size of obfuscated code doesn’t matter. Use deadCodeInjectionThreshold to set percentage of nodes that will affected by dead code injection.
⚠️ 显著增加混淆代码的大小(最多 200%),仅当混淆代码的大小无关紧要时才使用。用于 deadCodeInjectionThreshold 设置受死代码注入影响的节点百分比。
⚠️ This option forcibly enables stringArray option.
⚠️ 此选项强制启用 stringArray 选项。
With this option, random blocks of dead code will be added to the obfuscated code.
使用此选项,随机的死代码块将被添加到混淆代码中。
Example: 例:
// input
(function(){
if (true) {
var foo = function () {
console.log('abc');
};
var bar = function () {
console.log('def');
};
var baz = function () {
console.log('ghi');
};
var bark = function () {
console.log('jkl');
};
var hawk = function () {
console.log('mno');
};
foo();
bar();
baz();
bark();
hawk();
}
})();
// output
var _0x37b8 = [
'YBCtz',
'GlrkA',
'urPbb',
'abc',
'NMIhC',
'yZgAj',
'zrAId',
'EtyJA',
'log',
'mno',
'jkl',
'def',
'Quzya',
'IWbBa',
'ghi'
];
function _0x43a7(_0x12cf56, _0x587376) {
_0x43a7 = function (_0x2f87a8, _0x47eac2) {
_0x2f87a8 = _0x2f87a8 - (0x16a7 * 0x1 + 0x5 * 0x151 + -0x1c92);
var _0x341e03 = _0x37b8[_0x2f87a8];
return _0x341e03;
};
return _0x43a7(_0x12cf56, _0x587376);
}
(function () {
if (!![]) {
var _0xbbe28f = function () {
var _0x2fc85f = _0x43a7;
if (_0x2fc85f(0xaf) === _0x2fc85f(0xae)) {
_0x1dd94f[_0x2fc85f(0xb2)](_0x2fc85f(0xb5));
} else {
console[_0x2fc85f(0xb2)](_0x2fc85f(0xad));
}
};
var _0x5e46bc = function () {
var _0x15b472 = _0x43a7;
if (_0x15b472(0xb6) !== _0x15b472(0xaa)) {
console[_0x15b472(0xb2)](_0x15b472(0xb5));
} else {
_0x47eac2[_0x15b472(0xb2)](_0x15b472(0xad));
}
};
var _0x3669e8 = function () {
var _0x47a442 = _0x43a7;
if (_0x47a442(0xb7) !== _0x47a442(0xb0)) {
console[_0x47a442(0xb2)](_0x47a442(0xb8));
} else {
_0x24e0bf[_0x47a442(0xb2)](_0x47a442(0xb3));
}
};
var _0x28b05a = function () {
var _0x497902 = _0x43a7;
if (_0x497902(0xb1) === _0x497902(0xb1)) {
console[_0x497902(0xb2)](_0x497902(0xb4));
} else {
_0x59c9c6[_0x497902(0xb2)](_0x497902(0xb4));
}
};
var _0x402a54 = function () {
var _0x1906b7 = _0x43a7;
if (_0x1906b7(0xab) === _0x1906b7(0xac)) {
_0xb89cd0[_0x1906b7(0xb2)](_0x1906b7(0xb8));
} else {
console[_0x1906b7(0xb2)](_0x1906b7(0xb3));
}
};
_0xbbe28f();
_0x5e46bc();
_0x3669e8();
_0x28b05a();
_0x402a54();
}
}());
deadCodeInjectionThreshold
Type: number Default: 0.4 Min: 0 Max: 1
类型:默认:最小值:最大值: number 0.4 0 1
Allows to set percentage of nodes that will affected by deadCodeInjection.
允许设置受 影响的 deadCodeInjection 节点百分比。
debugProtection
Type: boolean Default: false
类型:默认: boolean false
⚠️ Can freeze your browser if you open the Developer Tools.
⚠️ 如果您打开开发人员工具,可能会冻结您的浏览器。
This option makes it almost impossible to use the debugger function of the Developer Tools (both on WebKit-based and Mozilla Firefox).
此选项使得几乎不可能使用开发人员工具 debugger 的功能(在基于 WebKit 和 Mozilla Firefox 上)。
debugProtectionInterval
Type: number Default: 0
类型:默认: number 0
⚠️ Can freeze your browser! Use at own risk.
⚠️ 可以冻结您的浏览器!使用风险自负。
If set, an interval in milliseconds is used to force the debug mode on the Console tab, making it harder to use other features of the Developer Tools. Works if debugProtection is enabled. Recommended value is between 2000 and 4000 milliseconds.
如果设置,则使用以毫秒为单位的间隔在“控制台”选项卡上强制调试模式,从而更难使用开发人员工具的其他功能。如果启用,则 debugProtection 有效。建议值介于 和 4000 毫秒之间 2000 。
disableConsoleOutput
Type: boolean Default: false
类型:默认: boolean false
⚠️ This option disables console calls globally for all scripts
⚠️ 此选项禁用 console 所有脚本的全局调用
Disables the use of console.log, console.info, console.error, console.warn, console.debug, console.exception and console.trace by replacing them with empty functions. This makes the use of the debugger harder.
禁用 、 console.info console.error console.warn console.debug console.exception console.trace 和 的使用 console.log ,并将它们替换为空函数。这使得调试器的使用更加困难。
domainLock
Type: string[] Default: []
类型:默认: string[] []
⚠️ This option does not work with target: 'node'
⚠️ 此选项不适用于 target: 'node'
Allows to run the obfuscated source code only on specific domains and/or sub-domains. This makes really hard for someone to just copy and paste your source code and run it elsewhere.
允许仅在特定域和/或子域上运行经过混淆的源代码。这使得某人很难复制和粘贴您的源代码并在其他地方运行它。
If the source code isn’t run on the domains specified by this option, the browser will be redirected to a passed to the domainLockRedirectUrl option URL.
如果源代码未在此选项指定的域上运行,则浏览器将被重定向到传递 domainLockRedirectUrl 到选项 URL。
Multiple domains and sub-domains
多个域和子域
It’s possible to lock your code to more than one domain or sub-domain. For instance, to lock it so the code only runs on http://www.example.com add www.example.com. To make it work on the root domain including any sub-domains (example.com, sub.example.com), use .example.com.
可以将代码锁定到多个域或子域。例如,要锁定它,以便代码仅在 http://www.example.com 添加 www.example.com .要使其在根域(包括任何子域 (, example.com , sub.example.com )上工作,请使用 .example.com 。
domainLockRedirectUrl
Type: string Default: about:blank
类型:默认: string about:blank
⚠️ This option does not work with target: 'node'
⚠️ 此选项不适用于 target: 'node'
Allows the browser to be redirected to a passed URL if the source code isn’t run on the domains specified by domainLock
如果源代码未在指定的 domainLock 域上运行,则允许将浏览器重定向到传递的 URL
exclude
Type: string[] Default: []
类型:默认: string[] []
A file names or globs which indicates files to exclude from obfuscation.
指示要从模糊处理中排除的文件的文件名或 glob。
forceTransformStrings
Type: string[] Default: []
类型:默认: string[] []
Enables force transformation of string literals, which being matched by passed RegExp patterns.
启用字符串文本的强制转换,这些文本与传递的 RegExp 模式匹配。
⚠️ This option affects only strings that shouldn’t be transformed by stringArrayThreshold (or possible other thresholds in the future)
⚠️ 此选项仅影响不应被 stringArrayThreshold 转换的字符串(或将来可能的其他阈值)
The option has a priority over reservedStrings option but hasn’t a priority over conditional comments.
该选项的优先级高于选项,但优先级不高于 reservedStrings conditional comments 。
Example: 例:
{
forceTransformStrings: [
'some-important-value',
'some-string_\d'
]
}
identifierNamesCache
Type: Object | null Default: null
类型:默认: Object | null null
The main goal for this option is the ability to use the same identifier names during obfuscation of multiple sources/files.
此选项的主要目标是能够在混淆多个源/文件期间使用相同的标识符名称。
Currently the two types of the identifiers are supported:
目前支持两种类型的标识符:
- Global identifiers: 全局标识符:
- All global identifiers will be written to the cache;
所有全局标识符都将写入缓存; - All matched undeclared global identifiers will be replaced by the values from the cache.
所有匹配的未声明全局标识符都将替换为缓存中的值。
- All global identifiers will be written to the cache;
- Property identifiers, only when
renamePropertiesoption is enabled:
属性标识符,仅当启用选项时renameProperties:- All property identifiers will be written to the cache;
所有属性标识符都将写入缓存; - All matched property identifiers will be replaced by the values from the cache.
所有匹配的属性标识符都将替换为缓存中的值。
- All property identifiers will be written to the cache;
Node.js API 节点.js API
If a null value is passed, completely disables the cache.
如果传递了 null 值,则完全禁用缓存。
If an empty object ({}) is passed, enables the writing identifier names to the cache-object (TIdentifierNamesCache type). This cache-object will be accessed through the getIdentifierNamesCache method call of ObfuscationResult object.
如果传递了空对象 ( {} ),则启用将标识符名称写入缓存对象( TIdentifierNamesCache 类型)。此缓存对象将通过对象的方法 ObfuscationResult 调用进行 getIdentifierNamesCache 访问。
The resulting cache-object can be next used as identifierNamesGenerator option value for using these names during obfuscation of all matched identifier names of next sources.
生成的缓存对象接下来可以用作选项值, identifierNamesGenerator 以便在对下一个源的所有匹配标识符名称进行模糊处理期间使用这些名称。
Example: 例:
const source1ObfuscationResult = JavaScriptObfuscator.obfuscate(
`
function foo(arg) {
console.log(arg)
}
function bar() {
var bark = 2;
}
`,
{
compact: false,
identifierNamesCache: {},
renameGlobals: true
}
)
console.log(source1ObfuscationResult.getIdentifierNamesCache());
/*
{
globalIdentifiers: {
foo: '_0x5de86d',
bar: '_0x2a943b'
}
}
*/
const source2ObfuscationResult = JavaScriptObfuscator.obfuscate(
`
// Expecting that these global functions are defined in another obfuscated file
foo(1);
bar();
// Expecting that this global function is defined in third-party package
baz();
`,
{
compact: false,
identifierNamesCache: source1ObfuscationResult.getIdentifierNamesCache(),
renameGlobals: true
}
)
console.log(source2ObfuscationResult.getObfuscatedCode());
/*
_0x5de86d(0x1);
_0x2a943b();
baz();
*/
CLI 命令行界面
CLI has a different option --identifier-names-cache-path that allows defining a path to the existing .json file that will be used to read and write identifier names cache.
CLI 有一个不同的选项 --identifier-names-cache-path ,允许定义将用于读取和写入标识符名称缓存的现有 .json 文件的路径。
If a path to the empty file will be passed – identifier names cache will be written to that file.
如果将传递空文件的路径 – 标识符名称缓存将写入该文件。
This file with existing cache can be used again as --identifier-names-cache-path option value for using these names during obfuscation of all matched identifier names of the next files.
具有现有缓存的此文件可以再次用作选项值, --identifier-names-cache-path 以便在对下一个文件的所有匹配标识符名称进行模糊处理期间使用这些名称。
identifierNamesGenerator
Type: string Default: hexadecimal
类型:默认: string hexadecimal
Sets identifier names generator.
设置标识符名称生成器。
Available values: 可用值:
dictionary: identifier names fromidentifiersDictionarylist
dictionary:identifiersDictionary列表中的标识符名称hexadecimal: identifier names like_0xabc123
hexadecimal:标识符名称,例如_0xabc123mangled: short identifier names likea,b,c
mangled:短标识符名称,如a、bcmangled-shuffled: same asmangledbut with shuffled alphabet
mangled-shuffled:与mangled字母表相同,但带有随机字母
identifiersDictionary
Type: string[] Default: []
类型:默认: string[] []
Sets identifiers dictionary for identifierNamesGenerator: dictionary option. Each identifier from the dictionary will be used in a few variants with a different casing of each character. Thus, the number of identifiers in the dictionary should depend on the identifiers amount at original source code.
为 identifierNamesGenerator : dictionary 选项设置标识符字典。字典中的每个标识符将用于几个变体中,每个字符的大小写不同。因此,字典中标识符的数量应取决于原始源代码中的标识符数量。
identifiersPrefix
Type: string Default: ''
类型:默认: string ''
Sets prefix for all global identifiers.
设置所有全局标识符的前缀。
Use this option when you want to obfuscate multiple files. This option helps to avoid conflicts between global identifiers of these files. Prefix should be different for every file.
如果要对多个文件进行模糊处理,请使用此选项。此选项有助于避免这些文件的全局标识符之间的冲突。每个文件的前缀应不同。
ignoreImports
Type: boolean Default: false
类型:默认: boolean false
Prevents obfuscation of require imports. Could be helpful in some cases when for some reason runtime environment requires these imports with static strings only.
防止 require 混淆导入。在某些情况下,当运行时环境仅要求使用静态字符串进行这些导入时,可能会有所帮助。
inputFileName
Type: string Default: ''
类型:默认: string ''
Allows to set name of the input file with source code. This name will be used internally for source map generation. Required when using NodeJS API and sourceMapSourcesMode option has sources value`.
允许使用源代码设置输入文件的名称。此名称将在内部用于源映射生成。使用 NodeJS API 时是必需的 sourceMapSourcesMode ,并且选项具有 sources 值。
log
Type: boolean Default: false
类型:默认: boolean false
Enables logging of the information to the console.
允许将信息记录到控制台。
numbersToExpressions
Type: boolean Default: false
类型:默认: boolean false
Enables numbers conversion to expressions
启用数字到表达式的转换
Example: 例:
// input
const foo = 1234;
// output
const foo=-0xd93+-0x10b4+0x41*0x67+0x84e*0x3+-0xff8;
optionsPreset
Type: string Default: default
类型:默认: string default
Allows to set options preset.
允许设置预设的选项。
Available values: 可用值:
default;low-obfuscation;medium-obfuscation;high-obfuscation.
All addition options will be merged with selected options preset.
所有添加选项将与选定的预设选项合并。
renameGlobals
Type: boolean Default: false
类型:默认: boolean false
⚠️ this option can break your code. Enable it only if you know what it does!
⚠️ 此选项可能会破坏您的代码。仅当您知道它的作用时,才启用它!
Enables obfuscation of global variable and function names with declaration.
允许使用声明对全局变量和函数名称进行模糊处理。
renameProperties
Type: boolean Default: false
类型:默认: boolean false
⚠️ this option MAY break your code. Enable it only if you know what it does!
⚠️ 此选项可能会破坏您的代码。仅当您知道它的作用时,才启用它!
Enables renaming of property names. All built-in DOM properties and properties in core JavaScript classes will be ignored.
启用属性名称的重命名。所有内置的 DOM 属性和核心 JavaScript 类中的属性都将被忽略。
To switch between safe and unsafe modes of this option use renamePropertiesMode option.
要在此选项的模式之间 safe unsafe 切换,请使用 renamePropertiesMode 选项。
To set format of renamed property names use identifierNamesGenerator option.
要设置重命名的属性名称的格式,请使用 identifierNamesGenerator 选项。
To control which properties will be renamed use reservedNames option.
若要控制将重命名哪些属性,请使用 reservedNames 选项。
Example: 例:
// input
(function () {
const foo = {
prop1: 1,
prop2: 2,
calc: function () {
return this.prop1 + this.prop2;
}
};
console.log(foo.calc());
})();
// output
(function () {
const _0x46529b = {
'_0x10cec7': 0x1,
'_0xc1c0ca': 0x2,
'_0x4b961d': function () {
return this['_0x10cec7'] + this['_0xc1c0ca'];
}
};
console['log'](_0x46529b['_0x4b961d']());
}());
renamePropertiesMode
Type: string Default: safe
类型:默认: string safe
⚠️ Even in safe mode, renameProperties option MAY break your code.
⚠️ 即使在 safe 模式下, renameProperties 选项也可能破坏您的代码。
Specifies renameProperties option mode:
指定 renameProperties 选项模式:
safe– default behaviour after2.11.0release. Trying to rename properties in a more safe way to prevent runtime errors. With this mode some properties will be excluded from renaming.
safe– 发布后2.11.0的默认行为。尝试以更安全的方式重命名属性以防止运行时错误。使用此模式,某些属性将从重命名中排除。unsafe– default behaviour before2.11.0release. Renames properties in an unsafe way without any restrictions.
unsafe– 发布前2.11.0的默认行为。以不安全的方式重命名属性,没有任何限制。
If one file is using properties from other file, use identifierNamesCache option to keep the same property names between these files.
如果一个文件使用另一个文件中的属性,请使用选项在 identifierNamesCache 这些文件之间保留相同的属性名称。
reservedNames
Type: string[] Default: []
类型:默认: string[] []
Disables obfuscation and generation of identifiers, which being matched by passed RegExp patterns.
禁用模糊处理和标识符的生成,这些标识符与传递的 RegExp 模式匹配。
Example: 例:
{
reservedNames: [
'^someVariable',
'functionParameter_\d'
]
}
reservedStrings
Type: string[] Default: []
类型:默认: string[] []
Disables transformation of string literals, which being matched by passed RegExp patterns.
禁用字符串文本的转换,这些文本与传递的 RegExp 模式匹配。
Example: 例:
{
reservedStrings: [
'react-native',
'\.\/src\/test',
'some-string_\d'
]
}
seed
Type: string|number Default: 0
类型:默认: string|number 0
This option sets seed for random generator. This is useful for creating repeatable results.
此选项为随机生成器设置种子。这对于创建可重复的结果很有用。
If seed is 0 – random generator will work without seed.
如果种子是 0 – 随机生成器将在没有种子的情况下工作。
selfDefending
Type: boolean Default: false
类型:默认: boolean false
⚠️ Don’t change obfuscated code in any way after obfuscation with this option, because any change like uglifying of code can trigger self defending and code wont work anymore!
⚠️ 使用此选项进行混淆后,不要以任何方式更改混淆代码,因为任何更改(如代码丑化)都可能触发自我防御,并且代码将不再有效!
⚠️ This option forcibly sets compact value to true
⚠️ 此选项强制将值 true 设置为 compact
This option makes the output code resilient against formatting and variable renaming. If one tries to use a JavaScript beautifier on the obfuscated code, the code won’t work anymore, making it harder to understand and modify it.
此选项使输出代码能够灵活地抵御格式设置和变量重命名。如果有人试图在混淆的代码上使用JavaScript美化器,代码将不再工作,这使得它更难理解和修改它。
simplify
Type: boolean Default: true
类型:默认: boolean true
Enables additional code obfuscation through simplification.
通过简化实现额外的代码混淆。
⚠️ in future releases obfuscation of boolean literals (true => !![]) will be moved under this option.
⚠️ 在将来的版本中,文本的 boolean 模糊处理 ( true => !![] ) 将移至此选项下。
Example: 例:
// input
if (condition1) {
const foo = 1;
const bar = 2;
console.log(foo);
return bar;
} else if (condition2) {
console.log(1);
console.log(2);
console.log(3);
return 4;
} else {
return 5;
}
// output
if (condition1) {
const foo = 0x1, bar = 0x2;
return console['log'](foo), bar;
} else
return condition2 ? (console['log'](0x1), console['log'](0x2), console['log'](0x3), 0x4) : 0x5;
sourceMap
Type: boolean Default: false
类型:默认: boolean false
Enables source map generation for obfuscated code.
为模糊代码启用源映射生成。
Source maps can be useful to help you debug your obfuscated JavaScript source code. If you want or need to debug in production, you can upload the separate source map file to a secret location and then point your browser there.
源映射可用于帮助您调试经过混淆的 JavaScript 源代码。如果要或需要在生产环境中进行调试,可以将单独的源映射文件上传到机密位置,然后将浏览器指向该位置。
sourceMapBaseUrl
Type: string Default: “
类型: string 默认:“”
Sets base url to the source map import url when sourceMapMode: 'separate'.
在 时 sourceMapMode: 'separate' 将基本网址设置为源映射导入网址。
CLI example: 命令行示例:
javascript-obfuscator input.js --output out.js --source-map true --source-map-base-url 'http://localhost:9000'
Result: 结果:
//# sourceMappingURL=http://localhost:9000/out.js.map
sourceMapFileName
Type: string Default: “
类型: string 默认:“”
Sets file name for output source map when sourceMapMode: 'separate'.
在以下情况下 sourceMapMode: 'separate' 设置输出源映射的文件名。
CLI example: 命令行示例:
javascript-obfuscator input.js --output out.js --source-map true --source-map-base-url 'http://localhost:9000' --source-map-file-name example
Result: 结果:
//# sourceMappingURL=http://localhost:9000/example.js.map
sourceMapMode
Type: string Default: separate
类型:默认: string separate
Specifies source map generation mode:
指定源映射生成模式:
inline– add source map at the end of each .js files;
inline– 在每个.js文件的末尾添加源映射;separate– generates corresponding ‘.map’ file with source map. In case you run obfuscator through CLI – adds link to source map file to the end of file with obfuscated code//# sourceMappingUrl=file.js.map.
separate– 生成带有源映射的相应“.map”文件。如果您通过 CLI 运行混淆器 – 将指向源映射文件的链接添加到带有混淆代码//# sourceMappingUrl=file.js.map的文件末尾。
sourceMapSourcesMode
Type: string Default: sources-content
类型:默认: string sources-content
Allows to control sources and sourcesContent fields of the source map:
允许控制和 sources 源映射的 sourcesContent 字段:
sources-content– adds dummysourcesfield, addssourcesContentfield with the original source code;
sources-content– 添加虚拟字段,添加sourcesContent带有原始源代码的sources字段;sources– addssourcesfield with a valid source description, does not addsourcesContentfield. When using NodeJS API it’s required to defineinputFileNameoption that will be used assourcesfield value.
sources– 添加具有有效源描述的字段,不添加sourcessourcesContent字段。使用 NodeJS API 时,需要定义inputFileName将用作字段值的选项sources。
splitStrings
Type: boolean Default: false
类型:默认: boolean false
Splits literal strings into chunks with length of splitStringsChunkLength option value.
将文本字符串拆分为具有 splitStringsChunkLength 选项值长度的块。
Example: 例:
// input
(function(){
var test = 'abcdefg';
})();
// output
(function(){
var _0x5a21 = 'ab' + 'cd' + 'ef' + 'g';
})();
splitStringsChunkLength
Type: number Default: 10
类型:默认: number 10
Sets chunk length of splitStrings option.
设置选项的 splitStrings 区块长度。
stringArray
Type: boolean Default: true
类型:默认: boolean true
Removes string literals and place them in a special array. For instance, the string "Hello World" in var m = "Hello World"; will be replaced with something like var m = _0x12c456[0x1];
删除字符串文本并将它们放在特殊数组中。例如,中的 var m = "Hello World"; 字符串 "Hello World" 将被替换为类似 var m = _0x12c456[0x1];
stringArrayCallsTransform
Type: boolean Default: false
类型:默认: boolean false
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
Enables the transformation of calls to the stringArray. All arguments of these calls may be extracted to a different object depending on stringArrayCallsTransformThreshold value. So it makes it even harder to automatically find calls to the string array.
启用对 的 stringArray 调用的转换。这些调用的所有参数都可以根据值提取 stringArrayCallsTransformThreshold 到不同的对象。因此,它使自动查找对字符串数组的调用变得更加困难。
Example: 例:
function foo() {
var k = {
c: 0x2f2,
d: '0x396',
e: '0x397',
f: '0x39a',
g: '0x39d',
h: 0x398,
l: 0x394,
m: '0x39b',
n: '0x39f',
o: 0x395,
p: 0x395,
q: 0x399,
r: '0x399'
};
var c = i(k.d, k.e);
var d = i(k.f, k.g);
var e = i(k.h, k.l);
var f = i(k.m, k.n);
function i(c, d) {
return b(c - k.c, d);
}
var g = i(k.o, k.p);
var h = i(k.q, k.r);
}
function j(c, d) {
var l = { c: 0x14b };
return b(c - -l.c, d);
}
console[j(-'0xa6', -'0xa6')](foo());
function b(c, d) {
var e = a();
b = function (f, g) {
f = f - 0xa3;
var h = e[f];
return h;
};
return b(c, d);
}
function a() {
var m = [
'string5',
'string1',
'log',
'string3',
'string6',
'string2',
'string4'
];
a = function () {
return m;
};
return a();
}
stringArrayCallsTransformThreshold
Type: number Default: 0.5
类型:默认: number 0.5
⚠️ stringArray and stringArrayCallsTransformThreshold options must be enabled
⚠️ stringArray 并且 stringArrayCallsTransformThreshold 必须启用选项
You can use this setting to adjust the probability (from 0 to 1) that calls to the string array will be transformed.
可以使用此设置调整对字符串数组的调用将被转换的概率(从 0 到 1)。
stringArrayEncoding
Type: string[] Default: []
类型:默认: string[] []
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
This option can slow down your script.
此选项可能会减慢脚本速度。
Encode all string literals of the stringArray using base64 or rc4 and inserts a special code that used to decode it back at runtime.
对 stringArray using base64 or rc4 的所有字符串文本进行编码,并插入用于在运行时将其解码的特殊代码。
Each stringArray value will be encoded by the randomly picked encoding from the passed list. This makes possible to use multiple encodings.
每个 stringArray 值将由从传递的列表中随机选择的编码进行编码。这使得使用多个编码成为可能。
Available values: 可用值:
'none'(boolean): doesn’t encodestringArrayvalue
'none'(boolean): 不对值进行编码stringArray'base64'(string): encodesstringArrayvalue usingbase64
'base64'( ):string使用 对base64值进行编码stringArray'rc4'(string): encodesstringArrayvalue usingrc4. About 30-50% slower thanbase64, but more harder to get initial values. It’s recommended to disableunicodeEscapeSequenceoption when usingrc4encoding to prevent very large size of obfuscated code.
'rc4'(string): 使用 对rc4值进行编码stringArray。比 慢base64大约 30-50%,但更难获得初始值。建议在使用rc4编码时禁用unicodeEscapeSequence选项,以防止非常大的模糊代码。
For example with the following option values some stringArray value won’t be encoded, and some values will be encoded with base64 and rc4 encoding:
例如,使用以下选项值,某些值不会被编码,而某些 stringArray 值将使用和 rc4 编码进行 base64 编码:
stringArrayEncoding: [
'none',
'base64',
'rc4'
]
stringArrayIndexesType
Type: string[] Default: ['hexadecimal-number']
类型:默认: string[] ['hexadecimal-number']
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
Allows to control the type of string array call indexes.
允许控制字符串数组调用索引的类型。
Each stringArray call index will be transformed by the randomly picked type from the passed list. This makes possible to use multiple types.
每个 stringArray 调用索引将由传递的列表中随机选择的类型进行转换。这使得可以使用多种类型。
Available values: 可用值:
'hexadecimal-number'(default): transforms string array call indexes as hexadecimal numbers
'hexadecimal-number'(default): 将字符串数组调用索引转换为十六进制数'hexadecimal-numeric-string': transforms string array call indexes as hexadecimal numeric string
'hexadecimal-numeric-string':将字符串数组调用索引转换为十六进制数字字符串
Before 2.9.0 release javascript-obfuscator transformed all string array call indexes with hexadecimal-numeric-string type. This makes some manual deobfuscation slightly harder but it allows easy detection of these calls by automatic deobfuscators.
在发布 javascript-obfuscator 之前 2.9.0 ,使用类型转换 hexadecimal-numeric-string 了所有字符串数组调用索引。这使得一些手动去混淆稍微困难一些,但它允许自动去混淆器轻松检测这些调用。
The new hexadecimal-number type approaches to make harder auto-detect of string array call patterns in the code.
新 hexadecimal-number 类型使代码中的字符串数组调用模式更难自动检测的方法。
More types will be added in the future.
将来会添加更多类型。
stringArrayIndexShift
Type: boolean Default: true
类型:默认: boolean true
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
Enables additional index shift for all string array calls
为所有字符串数组调用启用额外的索引移位
stringArrayRotate
Type: boolean Default: true
类型:默认: boolean true
⚠️ stringArray must be enabled
⚠️ stringArray 必须启用
Shift the stringArray array by a fixed and random (generated at the code obfuscation) places. This makes it harder to match the order of the removed strings to their original place.
将数组移动 stringArray 固定和随机(在代码混淆处生成)位置。这使得将已删除字符串的顺序与其原始位置匹配变得更加困难。
stringArrayShuffle
Type: boolean Default: true
类型:默认: boolean true
⚠️ stringArray must be enabled
⚠️ stringArray 必须启用
Randomly shuffles the stringArray array items.
随机随机排列 stringArray 数组项。
stringArrayWrappersCount
Type: number Default: 1
类型:默认: number 1
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
Sets the count of wrappers for the string array inside each root or function scope. The actual count of wrappers inside each scope is limited by a count of literal nodes within this scope.
设置每个根或函数作用域内部的 string array 包装器计数。每个作用域内包装器的实际计数受此作用域内节点数 literal 的限制。
Example: 例:
// Input
const foo = 'foo';
const bar = 'bar';
function test () {
const baz = 'baz';
const bark = 'bark';
const hawk = 'hawk';
}
const eagle = 'eagle';
// Output, stringArrayWrappersCount: 5
const _0x3f6c = [
'bark',
'bar',
'foo',
'eagle',
'hawk',
'baz'
];
const _0x48f96e = _0x2e13;
const _0x4dfed8 = _0x2e13;
const _0x55e970 = _0x2e13;
function _0x2e13(_0x33c4f5, _0x3f6c62) {
_0x2e13 = function (_0x2e1388, _0x60b1e) {
_0x2e1388 = _0x2e1388 - 0xe2;
let _0x53d475 = _0x3f6c[_0x2e1388];
return _0x53d475;
};
return _0x2e13(_0x33c4f5, _0x3f6c62);
}
const foo = _0x48f96e(0xe4);
const bar = _0x4dfed8(0xe3);
function test() {
const _0x1c262f = _0x2e13;
const _0x54d7a4 = _0x2e13;
const _0x5142fe = _0x2e13;
const _0x1392b0 = _0x1c262f(0xe7);
const _0x201a58 = _0x1c262f(0xe2);
const _0xd3a7fb = _0x1c262f(0xe6);
}
const eagle = _0x48f96e(0xe5);
stringArrayWrappersChainedCalls
Type: boolean Default: true
类型:默认: boolean true
⚠️ stringArray and stringArrayWrappersCount options must be enabled
⚠️ stringArray 并且 stringArrayWrappersCount 必须启用选项
Enables the chained calls between string array wrappers.
启用包装器之间的 string array 链接调用。
Example: 例:
// Input
const foo = 'foo';
const bar = 'bar';
function test () {
const baz = 'baz';
const bark = 'bark';
function test1() {
const hawk = 'hawk';
const eagle = 'eagle';
}
}
// Output, stringArrayWrappersCount: 5, stringArrayWrappersChainedCalls: true
const _0x40c2 = [
'bar',
'bark',
'hawk',
'eagle',
'foo',
'baz'
];
const _0x31c087 = _0x3280;
const _0x31759a = _0x3280;
function _0x3280(_0x1f52ee, _0x40c2a2) {
_0x3280 = function (_0x3280a4, _0xf07b02) {
_0x3280a4 = _0x3280a4 - 0x1c4;
let _0x57a182 = _0x40c2[_0x3280a4];
return _0x57a182;
};
return _0x3280(_0x1f52ee, _0x40c2a2);
}
const foo = _0x31c087(0x1c8);
const bar = _0x31c087(0x1c4);
function test() {
const _0x848719 = _0x31759a;
const _0x2693bf = _0x31c087;
const _0x2c08e8 = _0x848719(0x1c9);
const _0x359365 = _0x2693bf(0x1c5);
function _0x175e90() {
const _0x310023 = _0x848719;
const _0x2302ef = _0x2693bf;
const _0x237437 = _0x310023(0x1c6);
const _0x56145c = _0x310023(0x1c7);
}
}
stringArrayWrappersParametersMaxCount
Type: number Default: 2
类型:默认: number 2
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
⚠️ Currently this option affects only wrappers added by stringArrayWrappersType function option value
⚠️ 目前,此选项仅影响按 stringArrayWrappersType function 选项值添加的包装器
Allows to control the maximum number of string array wrappers parameters. Default and minimum value is 2. Recommended value between 2 and 5.
允许控制字符串数组包装器参数的最大数量。默认值和最小值为 2 。建议介于 和 5 之间的 2 值。
stringArrayWrappersType
Type: string Default: variable
类型:默认: string variable
⚠️ stringArray and stringArrayWrappersCount options must be enabled
⚠️ stringArray 并且 stringArrayWrappersCount 必须启用选项
Allows to select a type of the wrappers that are appending by the stringArrayWrappersCount option.
允许选择由 stringArrayWrappersCount 选项附加的包装器类型。
Available values: 可用值:
'variable': appends variable wrappers at the top of each scope. Fast performance.
'variable':在每个范围的顶部追加变量包装器。性能快。'function': appends function wrappers at random positions inside each scope. Slower performance than withvariablebut provides more strict obfuscation.
'function':在每个作用域内的随机位置附加函数包装器。性能比 慢variable,但提供更严格的模糊处理。
Highly recommended to use function wrappers for higher obfuscation when a performance loss doesn’t have a high impact on an obfuscated application.
强烈建议在 function 性能损失对经过模糊处理的应用程序没有太大影响时使用包装器进行更高的混淆处理。
Example of the 'function' option value:
'function' 选项值示例:
// input
const foo = 'foo';
function test () {
const bar = 'bar';
console.log(foo, bar);
}
test();
// output
const a = [
'log',
'bar',
'foo'
];
const foo = d(0x567, 0x568);
function b(c, d) {
b = function (e, f) {
e = e - 0x185;
let g = a[e];
return g;
};
return b(c, d);
}
function test() {
const c = e(0x51c, 0x51b);
function e (c, g) {
return b(c - 0x396, g);
}
console[f(0x51b, 0x51d)](foo, c);
function f (c, g) {
return b(c - 0x396, g);
}
}
function d (c, g) {
return b(g - 0x3e1, c);
}
test();
stringArrayThreshold
Type: number Default: 0.8 Min: 0 Max: 1
类型:默认:最小值:最大值: number 0.8 0 1
⚠️ stringArray option must be enabled
⚠️ stringArray 必须启用选项
You can use this setting to adjust the probability (from 0 to 1) that a string literal will be inserted into the stringArray.
可以使用此设置调整字符串文本插入 . stringArray
This setting is especially useful for large code size because it repeatedly calls to the string array and can slow down your code.
此设置对于较大的代码大小特别有用,因为它会重复调用 string array 并会减慢代码速度。
stringArrayThreshold: 0 equals to stringArray: false.
stringArrayThreshold: 0 等于 stringArray: false 。
target
Type: string Default: browser
类型:默认: string browser
Allows to set target environment for obfuscated code.
允许为混淆代码设置目标环境。
Available values: 可用值:
browser;browser-no-eval;node.
Currently output code for browser and node targets is identical, but some browser-specific options are not allowed to use with node target. Output code for browser-no-eval target is not using eval.
目前 和 node target 的 browser 输出代码是相同的,但某些特定于浏览器的选项不允许与 target 一起使用 node 。目标的 browser-no-eval 输出代码未使用 eval .
transformObjectKeys
Type: boolean Default: false
类型:默认: boolean false
Enables transformation of object keys.
启用对象键的转换。
Example: 例:
// input
(function(){
var object = {
foo: 'test1',
bar: {
baz: 'test2'
}
};
})();
// output
var _0x4735 = [
'foo',
'baz',
'bar',
'test1',
'test2'
];
function _0x390c(_0x33d6b6, _0x4735f4) {
_0x390c = function (_0x390c37, _0x1eed85) {
_0x390c37 = _0x390c37 - 0x198;
var _0x2275f8 = _0x4735[_0x390c37];
return _0x2275f8;
};
return _0x390c(_0x33d6b6, _0x4735f4);
}
(function () {
var _0x17d1b7 = _0x390c;
var _0xc9b6bb = {};
_0xc9b6bb[_0x17d1b7(0x199)] = _0x17d1b7(0x19c);
var _0x3d959a = {};
_0x3d959a[_0x17d1b7(0x198)] = _0x17d1b7(0x19b);
_0x3d959a[_0x17d1b7(0x19a)] = _0xc9b6bb;
var _0x41fd86 = _0x3d959a;
}());
unicodeEscapeSequence
Type: boolean Default: false
类型:默认: boolean false
Allows to enable/disable string conversion to unicode escape sequence.
允许启用/禁用字符串转换为 unicode 转义序列。
Unicode escape sequence increases code size greatly and strings easily can be reverted to their original view. Recommended to enable this option only for small source code.
Unicode 转义序列大大增加了代码大小,字符串可以轻松地恢复到其原始视图。建议仅对小型源代码启用此选项。
Preset Options 预设选项
High obfuscation, low performance
高混淆,低性能
The performance will be much slower than without obfuscation
性能会比没有混淆要慢得多
{
compact: true,
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 1,
deadCodeInjection: true,
deadCodeInjectionThreshold: 1,
debugProtection: true,
debugProtectionInterval: 4000,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
numbersToExpressions: true,
renameGlobals: false,
selfDefending: true,
simplify: true,
splitStrings: true,
splitStringsChunkLength: 5,
stringArray: true,
stringArrayCallsTransform: true,
stringArrayEncoding: ['rc4'],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 5,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 5,
stringArrayWrappersType: 'function',
stringArrayThreshold: 1,
transformObjectKeys: true,
unicodeEscapeSequence: false
}
Medium obfuscation, optimal performance
中等混淆,最佳性能
The performance will be slower than without obfuscation
性能将比没有混淆时慢
{
compact: true,
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 0.75,
deadCodeInjection: true,
deadCodeInjectionThreshold: 0.4,
debugProtection: false,
debugProtectionInterval: 0,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
numbersToExpressions: true,
renameGlobals: false,
selfDefending: true,
simplify: true,
splitStrings: true,
splitStringsChunkLength: 10,
stringArray: true,
stringArrayCallsTransform: true,
stringArrayCallsTransformThreshold: 0.75,
stringArrayEncoding: ['base64'],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 2,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 4,
stringArrayWrappersType: 'function',
stringArrayThreshold: 0.75,
transformObjectKeys: true,
unicodeEscapeSequence: false
}
Low obfuscation, High performance
低混淆,高性能
The performance will be at a relatively normal level
性能将处于相对正常的水平
{
compact: true,
controlFlowFlattening: false,
deadCodeInjection: false,
debugProtection: false,
debugProtectionInterval: 0,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
numbersToExpressions: false,
renameGlobals: false,
selfDefending: true,
simplify: true,
splitStrings: false,
stringArray: true,
stringArrayCallsTransform: false,
stringArrayEncoding: [],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 1,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 2,
stringArrayWrappersType: 'variable',
stringArrayThreshold: 0.75,
unicodeEscapeSequence: false
}
Default preset, High performance
默认预设,高性能
{
compact: true,
controlFlowFlattening: false,
deadCodeInjection: false,
debugProtection: false,
debugProtectionInterval: 0,
disableConsoleOutput: false,
identifierNamesGenerator: 'hexadecimal',
log: false,
numbersToExpressions: false,
renameGlobals: false,
selfDefending: false,
simplify: true,
splitStrings: false,
stringArray: true,
stringArrayCallsTransform: false,
stringArrayCallsTransformThreshold: 0.5,
stringArrayEncoding: [],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 1,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 2,
stringArrayWrappersType: 'variable',
stringArrayThreshold: 0.75,
unicodeEscapeSequence: false
}
Frequently Asked Questions
常见问题
What javascript versions are supported?
支持哪些 JavaScript 版本?
es3, es5, es2015, es2016, es2017, es2018, es2019 and partially es2020
es3 、、 es2015 、 es2016 es2017 es2018 es2019 es5 和部分 es2020
I want to use feature that described in README.md but it’s not working!
我想使用中 README.md 描述的功能,但它不起作用!
The README on the master branch might not match that of the latest stable release.
主分支上的自述文件可能与最新稳定版本的自述文件不匹配。
Why CLI command not working?
为什么 CLI 命令不起作用?
Try to run npm link javascript-obfuscator command or install it globally with npm i -g javascript-obfuscator
尝试运行 npm link javascript-obfuscator 命令或全局 npm i -g javascript-obfuscator 安装
Online version? 在线版本?
JSX support? JSX 支持?
No. JSX support isn’t planned.
不。JSX 支持没有计划。
How to change kind of variables of inserted nodes (var, let or const)?
如何更改插入节点的变量种类( var , let 或 const )?
See: Kind of variables 看: Kind of variables
Why I got null value instead of BigInt number?
为什么我得到 null 的是值而不是 BigInt 数字?
BigInt obfuscation works correctly only in environments that support BigInt values. See ESTree spec
BigInt 模糊处理仅在支持 BigInt 值的环境中才能正常工作。查看 ESTree 规范
I enabled renameProperties option, and my code broke! What to do?
我启用了 renameProperties 选项,我的代码坏了!怎么办?
Try renamePropertiesMode: 'safe' option, if it still doesn’t work, just disable this option.
尝试 renamePropertiesMode: 'safe' 选项,如果仍然不起作用,只需禁用此选项。
