Command line options
The JSDefender CLI supports short and long option names. The short names start with a single dash (-
), while long names start with two dashes (--
). Many options have only long names.
Basic configuration settings:
-v
,--version
: Displays the product version.-h
,--help
: Displays help information about using the CLI, including the command line options.-c
,--config
: The configuration file containing the settings. The name of the file should follow the option.-m
,--mapout
: With this option, you can specify the name and path of the map file. Or, using theoff
value, you can turn off saving the map file. The name of the file (or theoff
switch) should follow the option. See more details in the Lexical map section.--runtime
: You can specify a separate file name so that the protection engine emits the JSDefender runtime to that file.--license
: Provides the license key to run the JSDefender CLI. See Licensing to learn about alternative ways to specify the license key.--estarget
: When transforming the code, JSDefender uses the highest ECMAScript version recognized while parsing the input. With this option, you can change the ECMAScript version. The name of the ES version to apply (es5
,es2015
,es2016
,es2017
,es2018
,es2019
,es2020
) should follow the option. Setting the target ECMAScript version with--esTarget
means that JSDefender will not inject any protection code that is incompatible with the specified standard. For most of the protections this behavior does not change anything. When it changes something, we are going to describe it in the individual protection's description on the Configuration file format page's Protection Settings section. However, if your source code contains syntax with a higher ECMAScript standard, JSDefender will apply the protection but will not transpile the higher ES version parts of your code back to the older version; it will display a warning message to indicate this.-q
,--quiet
: Turns on quiet mode. In this mode, JSDefender emits only some general information, errors and warnings. Default is off.--randomseed
: Some protection techniques use randomization, so every run with the same configuration results in different outputs. The value should be a 32-bit integer number that follows the option. If it is not specified or 0, the protection uses a non-deterministic seed value.--ignore-unsafe
: JSDefender checks the source code for unsafe JavaScript constructs that may break the working code. By default, finding any unsafe element will immediately abort the protection with error messages that state the source code location of the issue. If you are sure that none of the potential unsafe elements break your working code, use this option to allow the protection process to carry on.--disable-inline
: Disables using the inline protection directives, as if they were omitted from the source code.--nocolor
: Disables using colors in the CLI output.----runtime-injection
: You can specify the injection mode of the JSDefender Runtime (firstNonModule, separateSource, all). Read more in the Configuration file format section.--glob
: Enables glob pattern matching for input paths. After enabling--glob
, you can specify your input files using the node-glob pattern rules e.g.dist/**/*.js
.--outdir
: Protected files outputted to this folder. Its value should be a valid relative or absolute path to a directory. Default:protected
.
Protection settings:
Note:
Many configuration options specify turning on or off particular protection options. Here, you find only a brief summary of command line options. To learn more about each protection technique, read Protection Techniques
-b
,--repbool
: Turns on replacing Boolean literals.-B
,--repbooloff
: Turns off replacing Boolean literals.--constarg
: Turns on constant argument obfuscation.--constargoff
: Turns off constant argument obfuscation.--conscloaking
: Turns on console cloaking obfuscation.--conscloakingoff
: Turns off console cloaking obfuscation.--datelock
: Sets a runtime date interval to test if the current date is within a particular range. The interval can have an open start or end date. The interval value should follow the option. See more details in the dateLock section.--debrem
: Turns ondebugger
statement removal.--debremoff
: Turns offdebugger
statement removal.--devtools
: Turns on DevTools blocking.--devtoolsoff
: Turns off DevTools blocking.-d
,--domainlock
: Locks the code to the domain specified in the argument following the option. See more details in the domainLock section.-e
,--extstr
: Turns on extracting string literals. For details, see the String Literal Extraction section.-E
,--extstroff
: Turns off extracting string literals.--exprseq
: Turns on expression sequence obfuscation.--exprseqoff
: Turns off expression sequence obfuscation.-f
,--flow
: Turns on control flow protection.-F
,--flowoff
: Turns off control flow protection.--funcreord
: Turns on function reordering.--funcreordoff
: Turns off function reordering.-i
,--repint
: Turns on replacing integer literals.-I
,--repintoff
: Turns off replacing integer literals.--radix
: Changes all integer literals to their representation with the specified radix. Learn more in the integerLiterals section.-l
,--localdecl
: Turns on renaming local declarations.-L
,--localdecloff
: Turns off renaming local declarations. See the localDeclarations section for details.-n
,--names
: Sets the name mangling method to use for identifiers. See the localDeclarations section for details.-p
,--propind
: Turns on property indirection. Learn more in the Property Indirection section.-P
,--propindoff
: Turns off property indirection.--propsparsing
: Turns on property sparsing. Find more details in the Property Sparsing section.--propsparsingoff
: Turns off property sparsing.-r
,--randomize
: Turns on randomization with all protection techniques that support it.-R
,--randomizeoff
: Turns off randomization.--selfdefend
: Turns on self-defending transformation. Read more details in the Self-Defending Protection section.--selfdefendoff
: Turns off self-defending transformation.--vargroup
: Turns on variable grouping transformation. Find more details in the Variable Grouping Protection section.--vargroupoff
: Turns off variable grouping transformation.--globobjhiding
: Turns on global object hiding transformation. Find more details in the Global Object Hiding section.--globobjhidingoff
: Turns off global object hiding transformation.
Default command line options
By default, JSDefender turns on string literal extraction and local declaration renaming. Assuming there is no default configuration file present, these command lines are equivalent:
jsdefender myJsBundle.js myProtectedScript.js
jsdefender myJsBundle.js myProtectedScript.js -e -l
Let's assume you intend to use only Boolean literal replacement without the default transform methods. You need to issue this command:
jsdefender myJsBundle.js myProtectedScript.js -E -L -b
Here, -E
turns off string literal extraction, while -L
turns off local declaration renaming.