Obfuscator.io
A powerful JavaScript Obfuscator with VM obfuscation
Start new thread
Timofei Kachalov

Obfuscator.io - JS VM obfuscation with advanced anti-LLM countermeasures

by
Obfuscator.io - transform your JS code into custom bytecode that runs on a JS virtual machine - now with advanced Self Defending, Debug Protection, and anti-LLM countermeasures.

Add a comment

Replies

Best
Timofei Kachalov
Maker
📌
Hey Product Hunt! Six months ago I launched Obfuscator.io in beta - and the feedback from this community shaped a lot of what's in today's release. For those new here: Obfuscator.io is the Pro version of the open-source javascript-obfuscator (16k+ stars on GitHub), which I've been maintaining for years. It transforms your JavaScript into obfuscated code that's hard to read, hard to tamper with, and hard to reverse-engineer. The reality in 2026: classic obfuscation techniques - string arrays, identifier renaming, control flow flattening - have become weak. An LLM can deobfuscate that kind of output in a single prompt. The Pro version steps up with VM-based obfuscation: your functions are compiled into bytecode executed by a custom virtual machine embedded in the output. Reverse engineers can't just read your logic - they have to decrypt the bytecode and reverse-engineer the VM first. But modern agents like Claude Code can reverse-engineer even VM code given enough time. That's why the main focus over the past 6 months was advanced anti-LLM defenses. With them, the bar for LLMs goes up dramatically - in my own tests, Claude Code couldn't crack the bytecode even after 6 hours of work. Advanced anti-LLM defenses include: - VM Self-Defending - multi-layered tamper detection, anti-hooking, and anti-reverse-engineering protection baked into the VM runtime. - VM Debug Protection - multi-layered anti-debugging, anti-analysis, and anti-LLM defenses baked into the VM runtime. What else? - A huge round of bug fixes to make the VM runtime match the JS spec as closely as possible. It's now covered by ~15k Test262 spec tests plus ~4k of our own tests. - Experimental obfuscation of JS code in HTML files. - New features, e.g. VM Domain Lock, new obfuscation targets and more. New features on the Obfuscator.io site itself: - Team management for Team / Business plans. - Improved documentation, including recipes for the most common issues. - A lot of UI polish across the whole site. One thing worth flagging: VM obfuscation isn't for everyone. Bytecode execution is at least 10x slower than regular JS, so it's not meant to wrap your entire bundle. Use it selectively on the functions that actually need protection, or on code where performance doesn't matter. Happy to answer any questions!