Shield.
Self-defending obfuscation

JavaScript that
fights back.

Wrap your code in layered self-defense — integrity hashing, debugger traps, DevTools detection, and a self-destruct that fires the moment someone tampers. SEO-safe by default.

Paste 5 KB in your browser, see Shield-protected output in milliseconds · No signup, no credit card

Your source
const SECRET = "platinum-key-7741";
function unlock(code) {
  if (code === SECRET) {
    document.body.classList.add("premium");
    return true;
  }
  return false;
}
Shield
Protected output
(function(){"use strict";var _0x9c="aRU5Vi4XCAYrQmAY"+
"VQE9QGALUipcBSJvegUtSm08URF0XSgAT0NzfmI3Tit"+
"YLxAqdDk7BXBBTUsMEnkOPjEHGGJUBBddFTsEBxR5"+
"cn8MByEUI3EsEAM5B2xaaQlsVAZ8FBkc...";
var _0xH="ba8bce83";var _0xK="Hdxh77@Ut56b";
if(_fnv(_0x9c)!==_0xH)_burn("integrity");
debugger;
(new Function(_dec(_0x9c,_0xK)))();})();
What's inside

Defense, layered into every byte

An AST-based engine rewrites your code; runtime defenses arm the moment it loads; access locks gate by time, geography, network, and device — every feature on every plan.

AST-rewritten code

Scope-aware identifier rename, control-flow flattening into state-machine switches, dead-code injection, and function-body wrapping. Linear logic becomes unreadable dispatch tables.

Anti-LLM by default

Misleading identifier names like validateJwtToken and computeKeyFingerprint poison the semantic anchors that GPT-class models use to deobfuscate. On for every build.

Tamper-proof

FNV-1a integrity hash over the encoded payload. Any byte change trips an immediate self-destruct. Polymorphic launcher structure differs on every build.

Anti-debugger & DevTools

debugger statement timing, heartbeat watchdog on resume, window-size delta, console getter side-channel, Function.toString tamper check. Five independent signals.

Anti-automation

Detects Puppeteer, Playwright, Selenium, PhantomJS, and headless Chrome. Catches the easy scrapers and decoder farms.

Access locks (every plan)

Domain, time-expiry, geo, browser, OS, and IP — six independent gates. Restrict where, when, and on what your code runs. Available on free, pro, business, and enterprise.

SEO-safe + stealth

Meta, JSON-LD, and semantic HTML untouched by default. Stealth mode hides body HTML inside the encoded payload.

Threat-intel dashboard

Every defense fires a beacon to your built-in telemetry endpoint. Visualized as bar charts, reason breakdowns, and an event feed — see attacks as they happen.

GitHub round-trip

Connect a personal access token, pick a repo and file, obfuscate, and commit the protected output back — same branch, new branch, or new path. One click.

Build-tool integration

Official CLI, Webpack 5 plugin, and Vite plugin. Drop a few lines into your config and every npm run build ships protected. Zero manual steps from now on.

Polymorphic per build

The launcher's defense checks are Fisher-Yates shuffled before emission. Two obfuscations of the same source come out structurally different, defeating signature-based deobfuscators.

Single-session security

Strict anti-account-sharing: one device signed in at a time. New logins kick the old device out. 10-minute idle auto-logout. Protects your seat from being resold.

npm install --save-dev shieldmycode-cli shieldmycode-webpack-plugin shieldmycode-vite-plugin
CLI for CI · Webpack 5 plugin · Vite / Rollup plugin · all three on Business+
How it works

Three steps. No build pipeline.

1

Paste or upload

Drop an HTML page or JS file in. The dashboard accepts both.

2

Pick your strictness

Soft for testing, hard for production. Toggle which defenses to layer on.

3

Download protected output

Drop it into your site. Defenses arm themselves the moment the page renders.

Pricing

Honest, simple pricing.

Start free. Upgrade or cancel any time from the billing portal.

Free
$0/month

3 obfuscations · up to 50 KB/file

  • 3 obfuscations / month
  • Up to 50 KB per file
  • All strictness levels (soft / medium / hard)
  • All access locks (domain, time, geo, browser, OS, IP)
  • Anti-LLM reverse-engineering defenses
  • API + CLI + Webpack / Vite plugins
  • Threat-intel telemetry
  • Limited email support
Most popular
Pro
$39/month

1,000 obfuscations · up to 5 MB/file

  • 1,000 obfuscations / month
  • Up to 5 MB per file
  • All Free features
  • API + CLI + Webpack / Vite plugins
  • GitHub round-trip integration
  • Threat-intel dashboard
  • History & audit log
  • Email support
Business
$119/month

10,000 obfuscations · up to 50 MB/file

  • 10,000 obfuscations / month
  • Up to 50 MB per file
  • All Pro features
  • ZIP batch upload (HTML + JS bundles)
  • Priority obfuscation queue
  • Priority support
Contact sales
Enterprise
Let’s talk

Custom volume & file size · dedicated infrastructure on request

  • Custom monthly volume
  • Up to 500 MB per file
  • All Business features
  • ZIP batch upload
  • Sign in with GitHub (OAuth)
  • Dedicated infrastructure (on request)
  • Custom SLA & DPA (on request)
  • Priority support
Features
Free
$0/mo
Pro
$39/mo
Business
$119/mo
Enterprise
Contact us
Volume & limits
Obfuscations per month
3
1,000
10,000
Custom
Maximum file size
50 KB
5 MB
50 MB
Up to 500 MB
Self-destruct strictness
Soft (log + continue)
Medium (kill network + redirect)
Hard (DOM wipe + halt)
Configurable tamper response (redirect / blank / silent)
AST code transforms
Scope-aware identifier rename
String array (XOR + base64)
Numeric expression replacement
Control-flow flattening
Dead code injection (toggle)
Performance mode (skip flattening for speed)
Polymorphic launcher (varies per build)
Anti-LLM reverse engineering
Semantic decoy rename (~110-name pool)
Function body IIFE wrapping
Runtime defenses
Integrity hash check (FNV-1a)
Debugger trap (timing, re-checks on focus)
DevTools detection (console side-channel)
toString tamper check
Headless browser detection
Access locks
Domain lock
Time-lock / expiry date
Geo allowlist
Browser blocklist
Operating-system blocklist
IP address blocklist
HTML output
Inline <script> handling
SEO-safe <noscript> fallback
Stealth mode (hide body in payload)
Platform
Threat-intel dashboard
Telemetry callback URL
History & audit log
Single-session anti-account-sharing
Automation & scale
Programmatic API + personal keys
Official CLI (shieldmycode-cli)
Webpack 5 plugin
Vite / Rollup plugin
Sign in with GitHub (OAuth)
GitHub round-trip integration
ZIP batch upload (HTML + JS)
Priority obfuscation queue
Dedicated infrastructure option
On request
Custom DPA & SLA
On request
Support
Email support
Limited
Priority response

Every plan ships the same self-defending engine, every strictness level, every access lock, the full anti-LLM defense pass, and the REST API + CLI + Webpack / Vite plugins. Higher tiers buy you volume, file size, GitHub round-trip, ZIP batch upload, and priority support.

No long-term commitment

Cancel any time from the Stripe billing portal. Pro-rated refunds where applicable.

Same engine, every plan

Free and Pro get the same self-defending output. Plans differ only in quota and strictness levels.

Need higher limits?

Email us — Business is the public ceiling. Custom enterprise quotas are negotiable.

Ready to arm your code?

Free tier ships with all detection signals enabled. Upgrade only when you outgrow the quota.

Shield — Self-Defending JavaScript Obfuscation