JavaScript Obfuscator
Scramble and lightly protect your JavaScript code online, right in your browser.
This runs entirely in your browser. Your code is never uploaded anywhere.
How to use this tool
Paste the JavaScript you want to obfuscate into the box at the top. Choose
whether to strip extra whitespace first (this shrinks the source before it is
encoded) and whether the generated loader should run the code automatically or
simply hand back the decoded string. Click Obfuscate code and
the scrambled version appears below. From there you can copy it, download it as a
.js file, or clear everything and start over. Everything happens
client-side, so nothing you paste ever leaves your machine.
How this JavaScript obfuscator works
This is a deliberately light obfuscator. It takes your readable source, optionally
removes line breaks and indentation, and then Base64-encodes the whole thing using
the browser's native btoa function. The encoded text is wrapped in a
tiny loader that calls atob to decode it back to a string and then
eval to execute it (or, in "return" mode, hands the decoded string
back to you). Because the readable logic is now a single long Base64 blob, a casual
reader cannot skim it and immediately understand what it does. Non-ASCII characters
are handled with encodeURIComponent so emoji-free Unicode source still
survives the round trip.
Be clear about what this is and is not. This is a JavaScript code scrambler for discouraging casual copying and tidy-looking source, not a security measure. Anyone determined can paste the Base64 string into a decoder, or simply log the decoded value, and recover your original code in seconds. Never rely on obfuscation to hide secrets, API keys, or licensing logic. Treat anything that ships to the browser as public.
A real example
Say you start with this source: alert('Hello, NexMinds');. With
whitespace stripping on and the loader set to run automatically, the tool
Base64-encodes the source to YWxlcnQoJ0hlbGxvLCBOZXhNaW5kcycpOw== and
wraps it as eval(atob("YWxlcnQoJ0hlbGxvLCBOZXhNaW5kcycpOw==")). Dropping
that one line into a page produces the exact same alert as the original, but the
plain text of your code is no longer sitting in view. A 25-character original turned
into a longer, less readable blob that still behaves identically.
Common questions
Is this real security for my JavaScript?
No. This is light obfuscation meant to discourage casual reading and copying. The original code can be recovered by anyone who decodes the Base64 string, so never use it to protect passwords, keys, or anything sensitive.
Will the obfuscated code still run the same way?
Yes. The decoded string is your exact source, so it behaves identically when executed. The only change is readability, plus a tiny bit of size and runtime overhead from the decode-and-eval step.
Does my code get uploaded to a server?
No. Everything runs in your browser using native functions like btoa, atob, and encodeURIComponent. Nothing you paste is sent anywhere, which is why the tool also works offline once the page has loaded.
Why does the output use eval, and is that safe?
The loader uses eval to run the decoded source. Since the input is your own code, it is as safe as running that code normally. If you only want the decoded text back instead of running it, switch the loader behavior to "return".
Can I obfuscate the same code more than once?
You can paste an already-obfuscated result back in and encode it again, which nests the loaders. This adds layers but also grows the file and slows it down, with very little extra protection, so a single pass is usually enough.