npm CLI · CI · Hosted API

Use JavaScript Obfuscator in npm scripts, CI, and modern build pipelines.

jso-protector is the lightweight Node.js CLI and API wrapper for teams that already ship JavaScript through npm, bundlers, and release automation. It keeps JavaScript Obfuscator in the same hosted SaaS model as the website, but adds a developer-native workflow for release folders, bundler outputs, and CI jobs.

Download .tgz Full npm CLI Docs
Fast Positioning

Not a new server. Not a replacement for the desktop app.

jso-protector is a client-side workflow tool. It runs on a developer machine or CI runner, reads built JavaScript, sends selected files to the JavaScript Obfuscator hosted API, and writes protected output to a release folder.

WebsiteBest for quick browser-based protection and settings review.
DesktopBest for GUI setup, mixed files, and local/manual project workflows.
jso-protectorBest for npm scripts, Vite/Webpack builds, and CI release automation.
What It Is

jso-protector is the developer workflow for the hosted JavaScript Obfuscator service

The website and desktop app already solve the product side of JavaScript protection. jso-protector solves the release-engineering side: how to run the same hosted obfuscation service from package scripts, CI jobs, build pipelines, and automated deploy flows without asking developers to open the browser or desktop GUI every release.

What it does

It scans generated JavaScript files, builds a hosted API request, sends the selected files to HttpApi.ashx, then writes protected output into a separate release folder.

What it does not do

It is not the obfuscation engine itself, not a server-side replacement, and not a new SaaS backend. The protection still happens on the JavaScript Obfuscator hosted service.

Why it exists

Modern teams want JavaScript protection to be a repeatable release step just like tests, bundling, and deploys. jso-protector gives them that shape without changing your billing, entitlement, or server trust model.

How It Fits

One product, three entry points

The right way to position jso-protector is as part of the same JavaScript Obfuscator product family. Users choose the entry point that matches their workflow, but the hosted protection service, account plans, and API credentials stay centralized.

Workflow Best For What The User Does
Online tool Quick samples, setting review, product evaluation, small manual jobs. Paste or upload JavaScript in the browser, tune settings, inspect output, and validate the protection profile.
Desktop app GUI-driven batch jobs, mixed-file projects, local-only workflows, larger manual release projects. Open the desktop app, configure protection visually, process larger projects, and use command generation when needed.
jso-protector npm scripts, CI pipelines, Vite/Webpack/Rollup/esbuild builds, Node-based release automation. Install the package, add config to the repository, run it after the build, and publish the protected output folder.
Hosted API request shape
{
  "APIKey": "dashboard-api-key",
  "APIPwd": "dashboard-api-password",
  "Name": "release-job",
  "MixedServer": false,
  "Items": [
    {
      "FileName": "app.js",
      "FileCode": "..."
    }
  ],
  "OptimizationMode": "Web",
  "EncodeStrings": true
}
Trust Model

The server still owns the sensitive parts

  • Plan limits, billing, and account enforcement stay on the server.
  • Dashboard API credentials stay required for real protection jobs.
  • The hosted API decides whether a request succeeds or fails.
  • The local CLI only packages files, credentials, and selected options into a request.
Why Teams Want It

The benefit is release automation, not a different protection engine

Teams ask for an npm/CI client when protection needs to happen every build, not occasionally by hand. jso-protector lets them keep JavaScript Obfuscator inside the same release process as testing, bundling, packaging, and deployment.

npm-native releases

Protection becomes another package script instead of a separate manual task.

CI/CD compatibility

Teams can run protected builds in GitHub Actions, GitLab CI, Azure Pipelines, or internal build runners.

Framework fit

It integrates after Vite, Webpack, Rollup, Next.js, Metro, Browserify, or esbuild have already produced normal JavaScript.

Separate release artifacts

Protected output can be written into its own folder with copied assets and a release manifest for later verification.

What It Supports

Built for real JavaScript release pipelines

CLI workflow

Protect a folder, a single file, or stdin/stdout streams. Use dry-run, validation, release-check, manifests, and size budgets before a release goes live.

Node API workflow

Call the wrapper from custom scripts through protectFiles, planProtection, obfuscate, and compatibility translation helpers.

Bundler integration

Use first-party entry points for Vite, Webpack, Webpack loader, Rspack, Rollup, esbuild, Browserify, Gulp, Grunt, Next.js, and Metro/React Native.

See npm CLI commands See build integration guidance See modern JavaScript compatibility
Typical release script
{
  "scripts": {
    "build": "vite build",
    "preflight": "jso-protector --config jso.config.json --release-check --json",
    "protect": "jso-protector --config jso.config.json --manifest dist-protected/jso-manifest.json",
    "release": "npm run build && npm run preflight && npm run protect && npm run smoke"
  }
}
Typical install path
npm install --save-dev https://javascriptobfuscator.com/download/jso-protector/jso-protector-0.1.1.tgz
npx jso-protector --init
npx jso-protector --config jso.config.json --release-check --json
Security And Processing

Designed for teams that want preflight checks before source is sent

One of the common concerns with hosted protection is operational safety. jso-protector addresses that by giving teams validation and planning commands before they submit a real protection request.

Validate config

Check config shape, endpoint, credentials presence, path settings, option names, and budget values without sending source code to the API.

Dry run and release-check

See which files will be protected, how many API items the request will contain, and whether HTML or conditional-comment transforms will split any files first.

Protected output manifests

Write a JSON manifest with protected file sizes and hashes, then verify release artifacts later against the manifest when needed.

Security and Processing Compatibility Validation Options and Presets
Desktop vs npm CLI

When to choose the desktop app instead

The desktop app remains the better entry point when a team wants a visual workflow, local-only operation, or mixed-file processing with more manual review. The CLI is better when protection should happen automatically as part of the build itself.

Need Use Desktop App Use jso-protector
Visual setup and local review Best fit
Choose options in a GUI, review projects, and work without npm knowledge.		 Possible, but not the primary experience.
Package scripts and CI Possible through generated commands, but not the most natural entry point. Best fit
Designed for scripts, CI jobs, and release automation.
Mixed files and embedded JavaScript Best fit
Desktop workflows remain stronger for larger mixed-file/manual review jobs.		 Supports marked HTML/template protection in controlled workflows, but the desktop path remains the broader mixed-file solution.
Local-only policy Best fit
Use the desktop/local workflow when source cannot leave the build machine.		 Best when hosted API use is acceptable under team policy.
Install Options

What users can download from this site

The main artifact for developers is the tarball. It installs directly into a project as a dev dependency. The zip is available for teams that need direct file distribution or internal server-side handoff without going through a public registry.

npm tarball

The standard developer download. Install it directly into a project and use it from npm, npx, or CI.

npm install --save-dev https://javascriptobfuscator.com/download/jso-protector/jso-protector-0.1.1.tgz

Zip package

Useful for teams that want the package contents as a direct download, internal archive, or server-side file handoff.

/download/jso-protector/jso-protector-0.1.1-server-upload.zip
Bottom Line

Offer jso-protector when your users want SaaS protection in a developer-native release workflow.

It does not replace the website or the desktop app. It extends the same JavaScript Obfuscator service into the npm/CI world, which makes the product easier to adopt for engineering teams that ship JavaScript through automated pipelines.

  • Keep the hosted API as the protection backend.
  • Keep the desktop app as the GUI and local/manual workflow.
  • Use jso-protector as the npm, CI, and bundler-native entry point.
  • Let users choose the workflow that matches how they already ship software.
Download jso-protector Read npm CLI Docs See All Downloads