🔒

JavaScript Obfuscator

Make JavaScript code harder to read and reverse-engineer by encoding strings, renaming variables, and scrambling identifiers.

⚠️ Obfuscation is not encryption. Determined attackers can still reverse obfuscated code. Use this to raise the bar, not as a security guarantee. Never obfuscate code containing real secrets — move those server-side.

Rename variables Encode string literals Encode numbers as hex Add dead code

Input JavaScript

Obfuscated JavaScript

Original: — Obfuscated: — Variables renamed: —

About JavaScript Obfuscator

JavaScript obfuscation transforms readable code into a functionally equivalent but harder-to-read version. Common techniques include renaming meaningful variable and function names to meaningless identifiers, encoding string literals as hex or unicode escapes, and inserting dead code to confuse analysis.

Techniques Used

Variable renaming — Replaces variable and function names with short, meaningless identifiers like _0x1a2b.
String encoding — Encodes string literals as Unicode escape sequences.
Number encoding — Replaces numeric literals with their hex equivalents.
Dead code insertion — Adds unreachable code blocks to confuse static analysis.

FAQ

Yes — obfuscation raises the effort required but does not prevent reverse engineering. Any JavaScript running in a browser can be deobfuscated by a skilled developer using browser DevTools and de-obfuscation tools. It is a deterrent, not a guarantee.

The variable renaming uses a scoped approach that tracks identifiers it has renamed, so the code should remain functionally identical. That said, always test obfuscated code before deploying it. Dynamic patterns like eval and with are not obfuscated.

No. All obfuscation runs entirely in your browser. Your JavaScript is never transmitted anywhere.