Every artifact JSO ships, in one table. Use this page when running procurement, when scoping a JSO rollout into a new team's stack, or when answering "do you have a thing for X?". For deep documentation per artifact follow the linked rows.
Language clients
Same protect() shape across every language. See the clients reference for side-by-side code examples.
| Language | Package | Min runtime | HTTP transport | Status |
|---|
| Node | jso-protector (npm) | Node ≥18 | built-in fetch | Shipping |
| Python | jso-protector (PyPI) | Python ≥3.8 | stdlib urllib | Shipping |
| Go | jso-protector-go | Go ≥1.21 | stdlib net/http | Shipping |
| .NET | JsoProtector (NuGet) | .NET Standard 2.0 | HttpClient | Shipping |
| Ruby | jso_protector (RubyGems) | Ruby ≥2.7 | stdlib net/http | Shipping |
| PHP | javascriptobfuscator/jso-protector (Packagist) | PHP ≥7.4 | ext-curl + stream fallback | Shipping |
| Rust | jso-protector (crates.io) | Rust ≥1.70 | ureq (sync, rustls) | Shipping |
| Java | com.javascriptobfuscator:jso-protector (Maven Central) | JDK ≥11 | stdlib java.net.http.HttpClient | Shipping |
| Anything else | Wire-format spec + JSON Schema + examples/curl/protect.sh | POSIX shell | curl + jq | Reference |
IDE integrations
Right-click Obfuscate File / Obfuscate Selection from any JS/TS file. Three presets, env-var-first credentials. Same wire format as the CLI.
| Editor family | Package | Status |
|---|
| VS Code, Cursor, VSCodium | javascript-obfuscator-vscode (VS Code Marketplace) | Shipping |
| WebStorm, IDEA Ultimate, PhpStorm, PyCharm Professional, RubyMine, GoLand, Rider | com.javascriptobfuscator.jetbrains (JetBrains Marketplace) | Shipping |
Build-tool plugins (via jso-protector npm CLI)
| Bundler / framework | Entry point | Status |
|---|
| Vite | jso-protector/vite | Shipping |
| Webpack / Rspack | jso-protector/webpack, jso-protector/webpack-loader, jso-protector/rspack | Shipping |
| Rollup | jso-protector/rollup | Shipping |
| esbuild | jso-protector/esbuild | Shipping |
| Next.js | jso-protector/next | Shipping |
| Parcel | jso-protector/parcel | Shipping |
| Metro / React Native | jso-protector/metro, jso-protector/react-native | Shipping |
| Bun | jso-protector/bun | Shipping |
| Turbopack | jso-protector/turbopack | Shipping |
| Browserify, Gulp, Grunt | jso-protector/browserify, /gulp, /grunt | Shipping |
CI/CD templates
All thirteen templates ship inside node_modules/jso-protector/ci/. Every one calls --label "$COMMIT_SHA" and archives the API report. Convention enforced by a verify:ci npm script and a verify:polyglot cross-client wire-format check.
| System | Template file | Status |
|---|
| GitHub Actions | ci/github-actions.yml + composite Action | Shipping |
| GitLab CI | ci/gitlab-ci.yml | Shipping |
| CircleCI | ci/circleci.yml | Shipping |
| Jenkins | ci/Jenkinsfile | Shipping |
| Azure Pipelines | ci/azure-pipelines.yml | Shipping |
| Bitbucket Pipelines | ci/bitbucket-pipelines.yml | Shipping |
| Drone CI | ci/drone.yml | Shipping |
| Buildkite | ci/buildkite.yml | Shipping |
| Woodpecker CI | ci/woodpecker.yml | Shipping |
| Tekton Pipelines | ci/tekton.yaml | Shipping |
| TeamCity Kotlin DSL | ci/teamcity.kts | Shipping |
| GoCD | ci/gocd.yaml | Shipping |
| Argo Workflows | ci/argo-workflows.yaml | Shipping |
Kubernetes-native deployment
| Pattern | Where | Status |
|---|
| Standalone Job manifest | packages/jso-protector/examples/kubernetes/job.yaml | Shipping |
Helm chart (Job or CronJob via cron.schedule) | packages/jso-protector/examples/helm/ | Shipping |
| Tekton Task + Pipeline | ci/tekton.yaml | Shipping |
| Argo Workflows | ci/argo-workflows.yaml | Shipping |
Stack-trace symbolication
Local demangling of obfuscated stack traces. Maps stay on the customer machine. See the symbolication doc.
| Component | Detail | Status |
|---|
jso-symbolicate CLI | npm package — npx jso-symbolicate --map report.json --stack crash.txt | Shipping |
| Interactive web demo | /symbolicate-demo.aspx — paste a stack + map, browser-only demangling | Shipping |
| Sentry / Bugsnag / Rollbar / Datadog / Honeybadger / Raygun / Airbrake / AppSignal | One-line beforeSend wire-up per reporter; subpath exports off jso-symbolicate | Shipping |
Developer-hygiene tools
| Tool | What it does | Status |
|---|
eslint-plugin-jso-protector | ESLint rules: no-hardcoded-jso-credentials (catches base-64-shaped tokens + literal assignments to credential keys) and prefer-env-credentials (warns on empty-string placeholders). Both auto-fix to process.env. | Shipping |
| pre-commit hooks | jso-release-check + jso-dry-run catch config drift before commit. Ship via packages/jso-protector/.pre-commit-hooks.yaml. | Shipping |
| Polyglot CI smoke harness | packages/polyglot-smoke/smoke.js — spins up a mock server, round-trips a fixture against every available language client, asserts cross-client wire-format consistency. Wired into verify:polyglot + prepublishOnly. | Shipping |
Runtime defense + ops integration
| Capability | Where | Status |
|---|
| Debug protection, console suppression, devtools-key blocking, headless detection, session lock, fingerprint lock, challenge lock, self-defending integrity heartbeat, signed RSA envelopes, beacon callback | API options documented at /Docs/RuntimeDefense.aspx | Shipping |
jso-beacon-slack | Forwards Runtime Defense beacon webhooks to Slack + Discord. Three deployment shapes: programmatic, standalone HTTP server, AWS Lambda example. | Shipping |
| Persistent threat-monitoring dashboard | Aggregates beacon events keyed by BuildId. Roadmap. | Beta |
| VM bytecode protection | Per-function virtualization marked by // @virtualize. Corporate+ tier. | Beta |
Migration guides
Don't see a tool you need? The JSO HTTP API is small and stable; every artifact above is built on top of it. Write a thin client in your language by following the
wire-format spec or generate one from the
JSON Schema. Recipes for common build-and-release patterns live in the
Cookbook.