Free JavaScript Obfuscator
JavaScript Obfuscator transforms your readable JavaScript source code into a functionally identical version that is significantly harder for humans to read, copy, or reverse-engineer. We built six obfuscation utilities into one workspace so you can run a full protection pipeline, apply individual techniques selectively, or reverse basic obfuscation on third-party scripts. Paste your code into the editor, upload a file from your computer, or drag and drop it onto the workspace. Your code stays on your device because all processing happens locally in your browser.
JavaScript Obfuscator
Runs a full obfuscation pipeline with three protection levels: Light, Medium, and Heavy, each adding more transformation layers.
Variable Rename
Replaces all declared variable and parameter names with short, meaningless identifiers while preserving JavaScript keywords and APIs.
String Encode
Converts double-quoted string literals into hexadecimal escape sequences that JavaScript interprets identically but humans cannot read.
Control Flatten
Rewrites if/else blocks as ternary expressions inside IIFEs, obscuring the original branching logic.
Dead Code Inject
Inserts realistic-looking decoy declarations throughout the file that never interact with your real code.
Deobfuscate
Reverses hex and unicode string encoding and removes known dead code patterns to make obfuscated scripts readable.
Online JavaScript Obfuscator with Protection Levels
Client-side JavaScript is inherently visible to anyone who opens browser developer tools. If your code contains proprietary algorithms, API keys embedded in requests, or business logic you want to protect from casual copying, obfuscation makes it significantly harder for someone to understand what your code does. Our JavaScript Obfuscator provides three levels of protection that you can switch between instantly using the Shield Bar, which also shows the size impact of each level.
Light Protection: Variable Renaming and String Encoding
Light mode applies two fundamental obfuscation techniques. Variable Rename scans your code for all declared names and function parameters, then replaces every occurrence with a short identifier like _0, _1, _2. JavaScript keywords, built-in objects, and browser APIs are never touched. String Encode converts double-quoted string values into hex escape sequences, turning "hello" into "\x68\x65\x6c\x6c\x6f". Both transformations preserve identical runtime behavior.
Medium Protection: Control Flow Flattening
Medium mode adds control flow flattening on top of variable renaming and string encoding. If/else blocks are rewritten as ternary expressions wrapped in immediately invoked function expressions (IIFEs). This obscures the original branching structure so someone reading the source cannot easily follow the logical flow of decisions.
Heavy Protection: Dead Code Injection
Heavy mode adds dead code injection to all previous techniques. Realistic-looking variable declarations, self-invoking functions, and object literals are inserted throughout the file at regular intervals. These decoy blocks execute harmlessly but make it much harder for someone to distinguish real code from noise when analyzing the file.
Apply Individual Obfuscation Techniques
Sometimes you want to apply a single obfuscation technique without the full pipeline. Each transformation is available as a standalone tool. Use Variable Rename when you only want to obscure identifier names. Use String Encode when you want to hide string content like API endpoints or configuration values. Use Control Flatten to obscure branching logic without changing names. Use Dead Code Inject to add noise without modifying your existing code structure.
Reverse Obfuscation with the Deobfuscator
The Deobfuscate tool reverses common obfuscation patterns. It decodes hex escape sequences back to readable characters, converts unicode escapes to their original form, and removes dead code blocks that match known patterns. This is useful for understanding obfuscated third-party scripts, analyzing production bundles, or auditing code that has been through an obfuscation step.
Your JavaScript Stays Private in Your Browser
We process everything locally using standard JavaScript string operations and regular expressions. No server requests, no cookies, no account required. This is especially important for obfuscation tools because the code you want to protect is the code you least want to transmit to a third-party server. Your source stays on your device at all times.
Related JavaScript and Code Tools
If you work with JavaScript regularly, these tools complement what you can do here:
- JS Beautifier -- beautify, format, minify, and validate JavaScript code
- JavaScript Compress -- compress, strip comments, and remove console calls
- JSON Formatter -- format, minify, validate, and transform JSON data
- CSS Obfuscator -- obfuscate CSS class names and selectors
- HTML Obfuscator -- obfuscate HTML markup and attributes
- Code Formatter -- format code across multiple programming languages