One product, every build pipe

JavaScript Obfuscator's protection runs through one HTTP API. Everything below is a wrapper around that API tuned to a specific surface — IDEs, CI systems, error reporters, build tools. The wire format stays in lockstep; pick the integration that matches where your release lives.

The release flow at a glance

Build → protect → ship → symbolicate. Same shape regardless of which tools you choose at each step.

1. Your build emits JavaScript into dist/.
2. jso-protector (CLI, build plugin, or IDE action) POSTs dist/ to HttpApi.ashx. The API returns the protected code and the identifier map.
3. Your CI archives the API report (jso-report.json) alongside the protected dist. The build is tagged with --label "$COMMIT_SHA" so the audit log groups by commit.
4. Production runs the protected code. Crashes carry the build's BuildId back to your reporter (Sentry, Bugsnag, Rollbar, Datadog, etc).
5. jso-symbolicate — via npm or via the reporter's beforeSend hook — demangles the stack against the saved report. Done locally; the trace never uploads anywhere it wasn't already going.

IDE integrations

Right-click obfuscate file or selection without leaving the editor. Same three presets and same wire format as the npm CLI.

IDE

VS Code extension

Obfuscate File / Selection commands. Editor and file-explorer context menus. Three presets, env-var-first credentials.

v0.1.0 · Marketplace listing IDE

JetBrains plugin

WebStorm, IDEA Ultimate, PhpStorm, PyCharm Professional, RubyMine, GoLand, Rider. Same three actions, same wire format.

v0.1.0 · Plugin marketplace CLI

jso-protector npm CLI

Run JSO from package scripts, --dry-run, --release-check, --label, --report. Used under the hood by every other surface on this page.

v0.2.0 · npm

Build-tool plugins

Slot protection into your existing bundler. Each plugin reads the same jso.config.json the CLI uses.

Vite

jso-protector/vite — Plugin runs after Vite emits dist/.

Webpack / Rspack

jso-protector/webpack + jso-protector/webpack-loader; jso-protector/rspack.

Rollup

jso-protector/rollup — Plugin slot in the output phase.

esbuild

jso-protector/esbuild — Standalone plugin for the bundler's plugin API.

Next.js

jso-protector/next — Wraps the post-build phase.

Parcel

jso-protector/parcel — Standard Parcel reporter plugin.

Metro / React Native

jso-protector/metro + jso-protector/react-native.

Bun

jso-protector/bun — Same flag surface as the Node CLI.

Non-Node language clients

When your build pipeline isn't Node-native — Python / Bazel / scripted releases, Go-based DevOps tooling — use a same-shape client library that hits the same HTTP API. No need to drag Node into the build environment.

CLI

Python: jso-protector (PyPI)

Pure stdlib — urllib + json, zero deps. protect() returns a ProtectResult dataclass with files, build_id, polymorphism_fingerprint, report. Three presets, env-var-first credentials.

v0.1.0 · PyPI · Python ≥3.8 CLI

Go: jso-protector-go

Pure stdlib — net/http + encoding/json, zero deps. jso.Protect(ctx, req) returns a *Result with the same shape as the Python and Node surfaces. Mockable via Request.HTTPClient for tests.

v0.1.0 · Go ≥1.21 CLI

.NET: JsoProtector (NuGet)

HttpClient-injectable for IHttpClientFactory and Polly. System.Text.Json. ProtectOptions + OptionOverrides. JsoProtectorException with Type/ErrorCode. Built clean under TreatWarningsAsErrors=true.

v0.1.0 · .NET Standard 2.0 CLI

Ruby: jso_protector (RubyGems)

Pure stdlib — net/http + json, zero deps. JsoProtector.protect(files:, preset:, ...) kwargs API. Result object with files, build_id, polymorphism_fingerprint. Rails-shop integration.

v0.1.0 · Ruby ≥2.7 CLI

PHP: javascriptobfuscator/jso-protector

Composer package, PHP ≥7.4 with typed properties. ext-curl when present; stream-context fallback. Client + Result + Exception namespaced. Laravel/Symfony-friendly.

v0.1.0 · Packagist · PHP ≥7.4 CLI

Rust: jso-protector (crates.io)

Sync HTTP via ureq, no async runtime. Client::protect(ProtectRequest) returns Result<ProtectResult, Error> with typed error enum. thiserror-derived.

v0.1.0 · Rust ≥1.70 CLI

Java: jso-protector (Maven Central)

JDK 11+. Uses built-in java.net.http.HttpClient — no third-party HTTP dependency. ProtectOptions.builder() fluent API. Jackson for JSON. Constructor-injectable HttpClient.

v0.1.0 · Maven Central · JDK ≥11 Spec

Anything else: the wire format spec

Protocol-level documentation of the HTTP API. JSON request/response shape, preset constants, error model. Reference examples/curl/protect.sh included — the smallest possible compliant client (~100 lines bash + curl + jq).

Updated 2026-05-20 · Docs/WireFormat.aspx Docs

All seven clients in one place

Side-by-side matrix and "same protect() in seven languages" code examples. The reference doc when picking which client to bring into a polyglot pipeline.

Updated 2026-05-20 Hook

pre-commit hooks

jso-release-check and jso-dry-run run against staged JS before every commit. Catches config drift before CI. Deliberately doesn't POST source on every commit — that's CI's job.

v0.2.0 · .pre-commit-hooks.yaml

CI templates

Drop-in templates in node_modules/jso-protector/ci/ after install. Each tags every run with the commit SHA via --label and archives the API report for later symbolication.

CI

GitHub Actions

ci/github-actions.yml — or the composite @jso GitHub Action with step outputs.

CI

GitLab CI

ci/gitlab-ci.yml — Single protected-release job, artifacted dist.

 CI

CircleCI

ci/circleci.yml — cimg/node:22.4, workflow at the bottom.

 CI

Jenkinsfile

ci/Jenkinsfile — Declarative pipeline, NodeJS 22 tool, credentials() bindings.

 CI

Azure Pipelines

ci/azure-pipelines.yml — ubuntu-latest pool, NodeTool@0.

 CI

Bitbucket Pipelines

ci/bitbucket-pipelines.yml — Node 22 image, repository-variable credentials.

 CI

Drone CI

ci/drone.yml — Docker pipeline, secrets via from_secret.

 CI

Buildkite

ci/buildkite.yml — Step-graph pipeline with agent-hook credentials.

 CI

Woodpecker CI

ci/woodpecker.yml — Forgejo / Gitea-friendly, scoped Woodpecker secrets.

 CI

Tekton Pipelines

ci/tekton.yaml — Kubernetes-native Task + Pipeline, secret-backed credentials.

 CI

TeamCity

ci/teamcity.kts — Kotlin DSL, password parameters, artifactRules-based archive.

 CI

GoCD

ci/gocd.yaml — yaml-config-plugin format, secure_variables, multi-stage pipeline.

Error-reporter integrations

Each error reporter has a one-line jso-symbolicate wire-up. Demangling happens client-side; the identifier map never leaves the customer machine. See the symbolication doc.

Reporter

Sentry

createSentryEventProcessor. Walks frames + threads + breadcrumbs + context_line.

 Reporter

Bugsnag

createBugsnagOnError. Rewrites errorClass, errorMessage, stacktrace[].method.

 Reporter

Rollbar

createRollbarTransform. Walks trace, trace_chain, message, telemetry breadcrumbs.

 Reporter

Datadog

createDatadogBeforeSend. Browser RUM + Logs SDK.

 Reporter

Honeybadger

createHoneybadgerBeforeNotify. Both raw-string and structured backtrace shapes.

 Reporter

Raygun

createRaygunBeforeSend. Raygun4JS + Raygun4Node payload shapes.

 Reporter

Airbrake

createAirbrakeFilter. Errors, backtrace, inline source-context.

 Reporter

AppSignal

createAppSignalDecorator. Action, error fields, backtrace strings, tags.

Moving from somewhere else?

Two guided migration paths, both opinionated and one-page.

From the OSS javascript-obfuscator npm package

Option mapping table, "what JSO adds on top," and a step-by-step checklist.

From Jscrambler

Feature mapping, honest gap list (PCI v4 third-party tags, hosted threat-monitoring dashboard), pricing comparison.

Try symbolication in your browser

Paste a map and a stack, see the demangling happen client-side. Nothing leaves the page.