Usage

Executing the tool with shieldjs --help will show the following help text :

Usage:
  shieldjs [options] <source-file> <output-file>
  shieldjs --ast <source-file>
  shieldjs (-h | --help)
  shieldjs --version

Options:
  -h  --help                          Show this screen
  --version                           Show version
  --ast                               Dump the source file's parsed AST
  -f  --config-file <config-file>     Use the specified JSON config file
  -c  --copy-ignored                  Copy files ignored by config to the output folder
  --sourcemap                         Generates a source map file
  --seed=<seed>                       Seed value [default: 0]
  --stack-size=<size_mb>              Thread stack size to use in MB [default: 32]
  --disable-renaming                  Disable the renaming obfuscation (not recommended)
  --rename-globals                    Rename global symbols - normally these are not renamed
  --renaming-utf                      Use more confusing UTF-8 characters for symbols
  --tamper-callback=<callback>        Tamper callback name
  --tamper-fail-silent                Tamper fail silent
  --tamper-check-frequency=<chance>   Chance to insert integrity check per statement [default: 0.1]
  --disable-property-hiding           Disable the property hiding obfuscation
  --disable-externals-hiding          Disable the externals hiding obfuscation
  --disable-string-hiding             Disable the string hiding obfuscation
  --string-hiding-max-len=<len>       Maximum string length to hide [default: 1024]
  --disable-integer-hiding            Disable the integer hiding obfuscation
  --disable-operator-removal          Disable the operator removal obfuscation
  --disable-anti-debug                Disable the anti-debug protection
  --disable-function-shuffling        Disable the function shuffling obfuscation
  --disable-integrity-checking        Disable the integrity checking
  --disable-all                       Disable all obfuscations
  --verbose                           Output detailed pass and timing information

In general, executing with no command line options will give the best balance between performance and security, however if problems are encountered, then individual obfuscation passes can be disabled to see if that avoids the problem.

Processing Inputs

ShieldJS can process individual files or entire directories of files. In the event of multiple input files, it will use up to 4 threads to concurrently process the files.

If the source-file argument is a directory then the tool will recurse down the directory protecting all .js files and creating the same structure at the output-file location. Use the --copy-ignored command line option to additionally copy all non-javascript files to the output location.

Reporting Progress

By default, the tool outputs one line of information per file processed e.g.

[INFO] Obfuscated index.android.bundle (default config) Size: 19.0mb (1.0x)

This summary provides the filename, which config name was used, the output size and the sizing factor i.e. how many times bigger (or smaller) the output file was compared to the source file. This concise output is very useful when processing many files. For single large files which may take some time to process, you can also get a more verbose output which reports each step and the time taken e.g.

[INFO] .-----------------------------------------------------------------------.
[INFO] | ShieldJS '2.1.0'                                           |     Time |
[INFO] |-----------------------------------------------------------------------|
[INFO] | Applied parsing                                            |   1496ms |
[INFO] | Applied integrity checking                                 |    649ms |
[INFO] | Applied property hiding                                    |    671ms |
[INFO] | Applied anti-debug                                         |    667ms |
[INFO] | Applied externals hiding                                   |   1787ms |
[INFO] | Applied string hiding                                      |   2520ms |
[INFO] | Applied integer hiding                                     |   5816ms |
[INFO] | Applied operator removal                                   |   5796ms |
[INFO] | Applied function shuffling                                 |   3530ms |
[INFO] | Applied renaming                                           |  22979ms |
[INFO] | Applied reparsing                                          |  10334ms |
[INFO] | Applied integrity checking (phase 2)                       |   7494ms |
[INFO] | Applied renaming (phase 2)                                 |  19909ms |
[INFO] | Wrote 'index.android.bundle' 19.0mb (1.0x)                 |    675ms |
[INFO] |-----------------------------------------------------------------------|
[INFO] | ShieldJS finished.                                         |  84323ms |
[INFO] `-----------------------------------------------------------------------'

This output is enabled using the --verbose command line flag. When using this reporting mode, the number of threads is limited to 1 to ensure consistent output per file.