🔒

JavaScript Obfuscator

Make JavaScript code harder to read and reverse-engineer by encoding strings, renaming variables, and scrambling identifiers.

⚠️ Obfuscation is not encryption. Determined attackers can still reverse obfuscated code. Use this to raise the bar, not as a security guarantee. Never obfuscate code containing real secrets - move those server-side.

Rename variables Encode string literals Encode numbers as hex Add dead code

Input JavaScript

Obfuscated JavaScript

Original: - Obfuscated: - Variables renamed: -

About JavaScript Obfuscator

JavaScript obfuscation transforms readable code into a functionally equivalent but harder-to-read version. Common techniques include renaming meaningful variable and function names to meaningless identifiers, encoding string literals as hex or unicode escapes, and inserting dead code to confuse analysis.

Techniques Used

Variable renaming - Replaces variable and function names with short, meaningless identifiers like _0x1a2b.
String encoding - Encodes string literals as Unicode escape sequences.
Number encoding - Replaces numeric literals with their hex equivalents.
Dead code insertion - Adds unreachable code blocks to confuse static analysis.

How to Use

Paste your JavaScript code into the input area.
Select obfuscation options: rename variables, encode strings, control flow flattening.
Click Obfuscate - the transformed code appears in the output.
Click Copy to copy the obfuscated JavaScript.

How It Works

The tool applies transformations: variable and function names are replaced with short meaningless identifiers, string literals are encoded as unicode escapes or hex, and control flow is restructured to make the logic harder to follow. The code remains functionally identical.

Example

A function function calculateDiscount(price, rate) { return price * rate; } becomes something like var _0x1a2b=function(_0x3c4d,_0x5e6f){return _0x3c4d*_0x5e6f;}; - readable only to a machine.

FAQ

Yes - obfuscation raises the effort required but does not prevent reverse engineering. Any JavaScript running in a browser can be deobfuscated by a skilled developer using browser DevTools and de-obfuscation tools. It is a deterrent, not a guarantee.

The variable renaming uses a scoped approach that tracks identifiers it has renamed, so the code should remain functionally identical. That said, always test obfuscated code before deploying it. Dynamic patterns like eval and with are not obfuscated.

No. All obfuscation runs entirely in your browser. Your JavaScript is never transmitted anywhere.