Jscrambler Tutorials

Publish Your Scrambled Code Through npm

September 19th, 2014 | By José Magalhães | 2 min read

Let's start publishing your scrambler code through npm now that Jscrambler fully supports Node.js. In other words, it is time to start publishing our obfuscated libraries through npm.

In this article, we’ll create a simple Express Hello World application with a build process that obfuscates all your code, ready to publish, while preventing your source code from being published. We will use Grunt, the JavaScript Task Runner, to set up all of our fancy tasks.

Build process to obfuscate code through npm

First, we create our application’s package.json:

    "name": "jscrambler-node-example",
    "version": "0.0.0",
    "private": true,
    "main": "index"

Notice that we’re setting private to true to avoid publishing the source code by mistake when using npm publish. Through the shell, let’s install our only non-development dependency:

npm install express--save

Now let's get to the application logic inside index.js:

var app = require('express')();
app.get('/', function(req, res) {
    res.send('Hello world!');

It’s a pretty useful application, isn’t it? What really matters is to set up our build tasks inside Gruntfile.js, but first, we’ll install our development dependencies:

npm install grunt grunt - jscrambler grunt - contrib - clean grunt - replace--save - dev

exports = module.exports = function(grunt) {
        clean: {
            dist: ['dist/']
        jscrambler: {
            main: {
                options: {
                    keys: grunt.file.readJSON('jscrambler_keys.json'),
                    deleteProject: true
                params: {
                    "whitespace": "%DEFAULT%",
                    "rename_local": "%DEFAULT%",
                    "dot_notation_elimination": "%DEFAULT%",
                    "function_outlining": "%DEFAULT%",
                    "dead_code_injection": "%DEFAULT%",
                    "string_splitting": "%DEFAULT%",
                    "literal_duplicates": "%DEFAULT%",
                    "literal_hooking": "%DEFAULT%",
                    "dead_code_elimination": "%DEFAULT%",
                    "self_defending": "%DEFAULT%"
                files: [{
                    src: ['**', '!node_modules/**'],
                    dest: 'dist/'
        replace: {
            dist: {
                options: {
                    patterns: [{
                        match: /"private": true/g,
                        replacement: '"private": false'
                files: [{
                    src: ['dist/package.json'],
                    dest: 'dist/package.json',
                    cwd: '.'


    grunt.registerTask('default', ['build']);
    grunt.registerTask('build', ['clean', 'jscrambler', 'replace']);


The build task obfuscates all the source code into a folder named dist and sets private to false inside the distributable version of package.json.

Finally, to build and publish, just type grunt && cd dist && npm publish on the shell.

Publishing scrambled code through npm: the benefits

With this approach, there are many benefits:

  1. Deobfuscated code will never be published by mistake

  2. Obfuscating the code is pain-free

  3. Publishing the code only takes one extra step prior to npm publish

Time to let those Rubik’s nodes out!

Why Jscrambler?

Jscrambler's Code Integrity solution gives security teams tools to make JavaScript code resilient, fit the build process with zero overhead, and protect every version of code you deploy on every screen.

It is also the most compliant JavaScript protection solution on the market.

Read our comprehensive guide about JavaScript obfuscation to get answers to the what, why, and how questions. You can also explore our Infographic for a better understanding of how JS can be obfuscated.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next


We Got You Covered with Jscrambler 3.7

New version of JScrambler 3.7 released with support for all the main JavaScript and HTML5 libraries and frameworks

January 14, 2015 | By Jscrambler | 2 min read

Application Security

Addressing OWASP MASVS-R with Jscrambler

In this post, we will address the role of OWASP’s MASVS-R, and how we can address it with Jscrambler.

July 28, 2022 | By Jscrambler | 4 min read

Section Divider

Subscribe to Our Newsletter