Change Log
- Improved rename of
deadCodeInjection
dead code identifiers. Fixed javascript-obfuscator#708 - Reverted
TaggedTemplateLiteral
obfuscation. javascript-obfuscator#716
- Fixed obfuscation of literals of
ExportNamedDeclaration
andExportAllDeclaration
nodes
- Feature: Optional chaining support!
- Added
TaggedTemplateLiteral
obfuscation. javascript-obfuscator#696 - Improved
disableConsoleOutput
template. javascript-obfuscator#691
- Improved obfuscation of destructured variables. javascript-obfuscator#688
- Fixed runtime error
Uncaught SyntaxError: yield is a reserved identifier
whendeadCodeInjection
is enabled
domainLock
option patterns with leading dot character (.example.com
) now cover root domains (example.com
) in addition to all sub-domains (sub.example.com
). javascript-obfuscator#640
simplify
option now affects all block statements. Improved variable declarations merging.
- New option:
numbersToExpressions
enables numbers conversion to expressions
- Prevented mutation of the name sequences of
mangled
identifier name generators
- Fixed runtime error when
IfStatement
contains only singlelet
orconst
variable declaration whensimlify
option enabled. javascript-obfuscator#661 - Fixed wrong
source-map: 'inline'
encoding after1.3.0
- New
mangled-shuffled
identifier names generator based onmangled
identifier names generator
- New option:
simplify
enables additional code obfuscation through simplification
- Improvements of
stringArrayEncoding
:base64
andrc4
- CLI: added config file extension validation (it still supports
.js
and.json
extensions) - Fixed javascript-obfuscator#499
- Fixed performance regression of
Initializing
stage after1.2.0
- Support of old browsers when
selfDefending
is enabled. javascript-obfuscator#615
- Conditional comments will be removed from the code after obfuscation. javascript-obfuscator#641
- New option:
renameProperties
enables renaming of property names
- Fixed .d.ts typings. javascript-obfuscator#623
- Looks like obfuscator is ready for the first stable release
- Fixed error during code generation for
ObjectPattern
with singleRestElement
. javascript-obfuscator#607
- Added correct
self-defending
code fortarget: 'browser-no-eval'
. javascript-obfuscator#610
- Removed memory leak with
identifierNamesGenerator: 'mangled'
- Fixed change of kinds of variables for dead code with
deadCodeInjection
option
- Removed
acorn-import-meta
package
- Added BigInt support. javascript-obfuscator#588
- Fixed javascript-obfuscator#554
- Fixed identifiers prefix generation for
obfuscateMultiple
method
- Dependencies update, fixed https://www.npmjs.com/advisories/1488
- Feature: new method
obfuscateMultiple
to obfuscation of multiple source codes
- Internal: new code transformers mechanism
- Supported obfuscation of files with hashbang operator, javascript-obfuscator#471
- Additional fixes of javascript-obfuscator#550
- Improved
mangled
identifier names generator logic - Improved
selfDefending
helper logic - Fixed a bunch of conflicts between generated identifier names. Fixed javascript-obfuscator#550. Fixed javascript-obfuscator#549
- Prevented transformation of object keys in sequence expression that has
super
call - Support of output directory paths with a dot symbol
- Changed
--output
logic. Now--output
value can describe if it's a file or a directory path. Check README.md for more info
- Fixed support of exponentiation operator. Fixed javascript-obfuscator#534
- Added file path to the error message during directory obfuscation. Fixed javascript-obfuscator#513
- Fixed rc4 encoded value collision: javascript-obfuscator#538
- Reverted validation errors under
node
target forsourceMap*
options
- Internal refactoring: completely new mechanism to rename variable names
- Dynamic import and
import.meta
support. Fixed javascript-obfuscator#505 - Now usage of some browser-related options with
target: 'node'
will cause a validation error - Increased
identifierNamesGenerator: 'mangled
speed - CLI: a file path will be displayed on obfuscation error. Fixed javascript-obfuscator#513
- Fixed many
transformObjectKeys
runtime errors - Fixed
Maximum call stack size exceeded
error on large strings whensplitString
option is enabled - Fixed javascript-obfuscator#516
- Fixed javascript-obfuscator#512
- Fixed javascript-obfuscator#496
- Internal: switched from
awesome-typescript-loader
onts-loader
- Fixed javascript-obfuscator#475
- Fixed javascript-obfuscator#326
- New option:
shuffleStringArray
randomly shuffles string array items - Fixed javascript-obfuscator#494
- Internal change: switched AST parser from
espree
onacorn
- Internal refactoring: refactoring of string array storage and related things
- Fixed
TypeError: Assignment to constant variable
when auto-detection of kind of variables is insertedconst
variables forcontrolFlowStorage
nodes
- Breaking: auto-detection of kind of variables of inserted nodes, based on most prevailing kind of variables of source code
- Fixed javascript-obfuscator#486
- Fixed conditional comments in some rare cases
- Improved
transformObjectKeys
transformation to cover more cases - Fixed javascript-obfuscator#406
- Fixed javascript-obfuscator#387
- Fixed javascript-obfuscator#333
- Fixed javascript-obfuscator#328
- Fixed typings. Now string values correctly assignable to enum-like options
- Fixed
for-await-of
statement: javascript-obfuscator#419
- Fixed javascript-obfuscator#442
- Fixed javascript-obfuscator#468
- Added funding button
- Internal dependencies update, Happy New Year 2020!
- Fixed identifier names generations for
mangled
anddictionary
identifier names generators - Fixed combination of
identifierNamesGenerator: dictionary
anddebugProtection
options seed
option now acceptsstring
andnumber
values
- Breaking: dropped support of Node 8 because of end of maintenance support
- New option value:
identifierNamesGenerator
now allows to set newdictionary
identifier names generator - New option:
identifiersDictionary
sets identifiers dictionary foridentifierNamesGenerator: dictionary
option
Thanks to our contributors!
- Fixed
reservedNames
option
Thanks to our contributors!
- The
splitStrings
option now correctly works withtransformObjectKeys
option - Internal
TransformersRunner
rework to support topological sort of node transformers
- The
splitStrings
option now correctly splits strings inside objects
- The
splitStrings
option now affects template literal strings
- New option:
splitStrings
splits literal strings into chunks with length ofsplitStringsChunkLength
option value - New option:
splitStringsChunkLength
sets chunk length ofsplitStrings
option
Thanks to our contributors!
- Breaking: require Node.js 8 after dependencies update
- Fixed javascript-obfuscator#321
Thanks to our contributors!
Thanks to our contributors!
Thanks to our contributors!
- Fixed javascript-obfuscator#320
- Fixed javascript-obfuscator#319
- New option:
reservedStrings
disables transformation of string literals, which being matched by passed RegExp patterns - Fixed javascript-obfuscator#313
- Fixed javascript-obfuscator#309
- Fixed javascript-obfuscator#307
- Fixed javascript-obfuscator#303
- Fixed javascript-obfuscator#302
- Fixed javascript-obfuscator#293
- Fixed javascript-obfuscator#289
- Fixed javascript-obfuscator#288
- Browser version: Added browser version dist
- New Node API option:
inputFileName
allows to set name of the input file with source code. This name will used internally, for example, for source map generation. - #274
domainLock
now will work in SVG.
Fixed javascript-obfuscator#273 - Fixed javascript-obfuscator#271
- Fixed javascript-obfuscator#264
- Fixed javascript-obfuscator#260
- Fixed javascript-obfuscator#252
- Fixed javascript-obfuscator#247
- Correct obfuscation of object rest and spread properties
- Fixed javascript-obfuscator#243
- Internal change: switched AST parser from
esprima
onespree
- Breaking change: dropped
node@4
andnode@5
support. - Breaking change: renamed
extension
value oftarget
option onbrowser-no-eval
. - Breaking change: disabled generation of identifiers, which being matched by
reservedName
option. Fixed javascript-obfuscator#216 - New CLI option:
exclude
allows to exclude specific files or directories from obfuscation. - Correct obfuscation of
import
andexport
declarations. - Fixed javascript-obfuscator#231
- Fixed javascript-obfuscator#217
- Fixed javascript-obfuscator#210
- Internal: refactoring of many things.
- Fixed javascript-obfuscator#195
- Added code preview to
esprima
error messages.
- Temporary fixed javascript-obfuscator#181
- New option:
identifiersPrefix
sets prefix for all global identifiers. - New option:
transformObjectKeys
enables object keys transformation and obfuscation. - New feature:
eval
expressions obfuscation. - Breaking change: Now CLI obfuscating directory recursively. Fixed javascript-obfuscator#157
- Fixed runtime errors when
deadCodeInjection
is enabled andidentifierNamesGenerator
is set tomangled
. - Fixed javascript-obfuscator#171
- Fixed javascript-obfuscator#166
- Fixed javascript-obfuscator#156
- Fixed javascript-obfuscator#159
- Breaking change:
mangle
option was removed. - New option:
identifierNamesGenerator
allows to set identifier names generator (hexadecimal
ormangled
). - Breaking change: all CLI options were renamed to
kebab-case
format (--disableConsoleOutout
->--disable-console-output
). - Implemented custom
mangle
option algorithm withoutesmangle
; fixed javascript-obfuscator#110 - Comments with
@license
and@preserve
words won't be removed from obfuscated code. - Fixed javascript-obfuscator#147
- Fixed javascript-obfuscator#149
- Fixed javascript-obfuscator#129
- Fixed javascript-obfuscator#125 (dead code injection and await expression)
- Fixed javascript-obfuscator#123
- Fixed javascript-obfuscator#121
- Fixed javascript-obfuscator#119
- New option:
target
allows to set target environment for obfuscated code. - Added ability to disable and enable obfuscation for specific parts of the code by adding conditional comments.
- Added obfuscation of
es2015
class names. - CLI: added directory obfuscation.
- Fixed javascript-obfuscator#98
- Fixed javascript-obfuscator#94
- New option:
log
enables logging of the information to the console. - New option:
renameGlobals
allows to enable obfuscation of global variable and function names with declaration.
- Fixed javascript-obfuscator#78
- Fixed javascript-obfuscator#76
- New option:
deadCodeInjection
. With this option random blocks of dead code will add to the obfuscated code. - New option:
deadCodeInjectionThreshold
allows to set percentage of nodes that will affected bydeadCodeInjection
. - New option:
mangle
enables mangling of variable names. - New CLI option:
--config
allows to set config file with obfuscator options. - Breaking change:
disableConsoleOutput
option now disabled by default. - Breaking change:
escapeUnicodeSequence
option now disabled by default. controlFlowFlattening
now affects string literal nodes.- Increased runtime performance with
rc4
stringArrayEncoding
. - Added support for async functions
- Fixed javascript-obfuscator#71
- Fixed javascript-obfuscator#65
- Fixed javascript-obfuscator#60
- Fixed javascript-obfuscator#59
- Fixed javascript-obfuscator#54
- Fixed javascript-obfuscator#57
- Fixed javascript-obfuscator#58
- Fixed javascript-obfuscator#58
- Switched from
escodegen
toescodegen-wallaby
, fixed javascript-obfuscator#50
- Removed coverage dir from npm package
- Fixed javascript-obfuscator#37
- Breaking change: dropped
node@0.10
andnode@0.12
support. - New option:
controlFlowFlattening
allows to enable/disable Control Flow flattening. Control flow flattening is a structure transformation of the source code that hinders program comprehension. - New option:
controlFlowFlatteningThreshold
allows to set percentage of nodes that will affected bycontrolFlowFlattening
. - Significantly increased obfuscation performance.
- Huge internal refactoring.
- Better
es2015
support: correct obfuscation ofTemplateLiteral
,ArrayPattern
,AssignmentPattern
nodes. - Switched from
npm
toyarn
internally. - Various bug fixes.
- Increased performance
- Fixed very rare
Cannot read property 'type' of undefined
error, whenRandomGeneratorUtils.getMathRandom()
returned incorrect value1
.
- Increased performance
- Breaking change: dropped
node@0.10
andnode@0.12
support. - Switched from
npm
toyarn
internally.
- Transformers refactoring
- New option:
controlFlowFlattening
allows to enable/disable Control Flow flattening. Control flow flattening is a structure transformation of the source code that hinders program comprehension. - New option:
controlFlowFlatteningThreshold
allows to set percentage of nodes that will affected bycontrolFlowFlattening
. - Better
es2015
support: correct obfuscation ofTemplateLiteral
,ArrayPattern
,AssignmentPattern
nodes. - Obfuscation performance boost.
- Huge internal refactoring.
- Various bug fixes.
- Additional fixes for javascript-obfuscator#29
- Fixed javascript-obfuscator#29
selfDefending
option now disabled by default.
- New option
seed
sets seed for random generator. This is useful for creating repeatable results. - IE8 runtime error fix.
disableConsoleOutput
option now replacesconsole.xxx
functions on empty function instead of infinity loop.
- Breaking options change:
unicodeArray
option has been renamed tostringArray
. - Breaking options change:
unicodeArrayThreshold
option has been renamed tostringArrayThreshold
. - Breaking options change:
encodeUnicodeArray
option has been renamed tostringArrayEncoding
and now accepts following values:true|false|'base64'|'rc4'
. - Breaking change: option
wrapUnicodeArrayCalls
was removed and now all calls tostringArray
are always wrapped by special wrapper function. - New option
unicodeEscapeSequence
allows to enable/disable strings conversion to unicode escape sequence. - New option
domainLock
locks the obfuscated source code so it only runs on specific domains and/or sub-domains. - New option
sourceMapBaseUrl
sets base url to the source map import url whensourceMapMode: 'separate'
. - Custom nodes like
selfDefendingNode
orconsoleOutputNode
now inserted into deepest stack trace function call. - Fixed obfuscation of global variables and function names in some cases.
- Fixed wrong obfuscation of labels.
- Rewrite of many custom nodes.
- CLI missing polyfill fix #17
- IE error fix #14
- Obfuscator now returns an empty string instead of obfuscated code if source code is empty
- Fix of incorrect
Utils.decToHex
method
- Breaking API change: now
obfuscate(sourceCode, options)
returnsObfuscationResult
object insteadstring
.ObfuscationResult
object contains two public methods:getObfuscatedCode()
andgetSourceMap()
. - CLI. Now any code can be obfuscated through CLI
javascript-obfuscator
command. SeeREADME.md
for available options. - New option
sourceMap
enables source map generation for obfuscated code. - New option
sourceMapMode
specifies source map generation mode.