afterpack-cli — v1.0.0$ npx afterpack ./dist
./dist694kb(+28%)✓ Processed
├──index.html3kb(−12%)
├──main.js198kb(+39%)✓ Protected
├──main.js.map312kb✓ Created
├──main.backup.js142kb✓ Created
├──utils.js52kb(+37%)✓ Protected
├──utils.js.map89kb✓ Created
└──utils.backup.js38kb✓ Created
✓ Build complete in 847ms
Build for the Modern Edge
Next.jsCloudflareViteRemixBun
What are you building?
Readable code is vulnerable code.
AI scrapers, security scanners, copycats, IP theft, human mistakes — AfterPack seals every door with one command.
1
Block Security Scanners
Vulnerability scanners can't map your attack surface when the code is unreadable.
2
Defeat AI Code Analysis
GPT-4 explains minified code in seconds. AfterPack output? Total silence.
3
Stop Crackers & Pirates
License checks and anti-cheat become impossible to bypass when logic is irreversible.
4
Catch Secrets Before They Leak
Even if your code contains secrets, they stay hidden — unreadable to bots, scrapers, and analyzers.
5
Protect Your Business Logic
Feature flags, pricing algorithms, proprietary formulas — sealed, not served.
6
Hide Your Tech Stack
Prevent tools from identifying frameworks and versions that reveal vulnerabilities.
7
Block Copycat Apps
Competitors can't replicate what they can't read. Your roadmap stays private.
8
Stop AI Data Harvesting
Prevent crawlers from using your site as LLM training data. Your patterns remain yours.
Why do you need a JS obfuscator?
See What Anyone Can Find in Your Website's Code
Scan any website for exposed secrets, source maps, readable code, and security misconfigurations. Free, instant results.
Leaked SecretsSource MapsTech StackCode Readability
Example Reports
Don't compromise Performance.
Most obfuscators bloat your bundle and slow down your build. AfterPack is built in Rust to be invisible in your pipeline, output much smaller but more protected artifacts.
| Feature | AfterPack | Obfuscator.io | JScrambler | JSDefender | js-confuser |
|---|---|---|---|---|---|
Pricing | Free & Paid | Free & Paid | Quote-based | Quote-based | Free |
Reversibility | Irreversible* | Easy* | Hard | Medium | Easy* |
Speed (100 files) | <5 sec | >10 min | >5 min | Unverified | >10 min |
Code Inflation | 0.9x-Infinite | 1.4x–17.8x | ~3-5x | High | ~2-4x |
CSP Compliant | Partial | ||||
Source Maps | Free | Partial | Enterprise | ||
Polymorphic Logic | Paid only | ||||
Browser API Locking | Native | Some | Some | ||
React / Vite / Next.js | First-class | Wrappers | Post-build | Plugin | Webpack only |
Runtime Overhead | Near-Zero (Start-up) | 15–1000+% | Variable (API) | Variable (API) | High |
React Native | Supported | Broken | Complex | Supported | Unknown |
Setup Complexity | Zero Config | High (API) | Enterprise | High (API) | Manual |
Edge Compatible | |||||
Network Obfuscation | With DataUnlocker |
protected.js
Unreadable
By Design
Estimated values based on planned release targets. This preview highlights the design goals for the upcoming V1 release.
One Command. Sealed Code.
Integrates into your existing CI/CD pipeline in seconds. No complex config required.
01
Build Your App
$ npm run build
Run your standard build command (Next.js, Vite, etc). Your workflow stays exactly the same.
02
Protect
$ npx afterpack
One command. Auto-detects your framework and applies polymorphic protection. Locally, for FREE.
03
Ship Sealed Code
$ npm run deploy
Deploy as normal. Users get optimized code. Attackers get unreadable noise.
.github/workflows/deploy.yml
# Your deployment pipeline
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: npm install
# 1. Build your app
- run: npm run build
+# 2. Protect with AfterPack
+- run: npx afterpack
# 3. Deploy safe artifacts
- run: npx vercel deploy
Security Should Be Standard
The Standard
FREE
$0
Production-ready protection for any projects.
- MIT-Licensed Binary
- Unlimited Builds
- All Basic Transforms
- Source Maps
- Framework Presets
- Deterministic Builds
- Runs at the Edge
- Per-File Obfuscation
MAXIMUM SECURITY
Pro
$127/mo
For growing teams and SaaS products.
What's Included:
- 25,000 files/mo included
- then $6 per 1,000 files
- Max file size: 10MB
- Cross-Module Obfuscation
- FlowMorph Transforms
- Browser API Locking
- Managed Source Maps
- Private Pro Runtime
- Network ObfuscationSoon
- Priority Email (8h)
Organizations
Enterprise
Custom
For organizations with strict compliance needs.
- Everything in Pro Studio
- Dedicated Success Team
- Isolated Enterprise Runtime
- SLA Guarantee
- Audit Logs & Compliance
- Custom MSA / SOW
Core protection is free, forever. No caps, no catches. Pro takes it to the next level.
Need a custom setup? Let's talk.
What describes you best?
Frequently Asked Questions
Everything you need to know about protecting your JavaScript with AfterPack.
AfterPack is a Rust-powered, post-build JavaScript protection tool. Unlike traditional obfuscators that apply sequential, reversible transforms, AfterPack uses irreversible, hash-like transformations that destroy semantic meaning while preserving runtime behavior. It ships as a free, MIT-licensed CLI with unlimited builds, plus Pro cloud plans starting at $49/mo for advanced protection.
Yes. The CLI is MIT-licensed with unlimited builds and files — no credit card, no caps. Pro plans ($49–$299/mo) unlock cross-module obfuscation, FlowMorph transforms, managed source maps, and other advanced features for teams that need maximum protection.
Minification preserves your code's structure and semantics — GPT-4 can read and explain minified code in seconds. AfterPack applies 250+ irreversible transformations that destroy semantic meaning, making the output computationally infeasible to reverse while preserving identical runtime behavior.
Traditional obfuscators apply sequential transforms that can be reversed one by one. AfterPack combines modern and novel approaches — VM-like transforms, code entanglement, and inflation techniques — running 250+ transformations pseudorandomly until a configurable inflation threshold is reached (from 0.8x to infinity). This means AfterPack can actually minify already-minified code further by simplifying it, reusing literals and strings, and removing dead code, while also being able to inflate and entangle it with hundreds of transformations. The result is incredibly effective, performant, and computationally infeasible to reverse — without meaningfully slowing down the original application.
Yes. AfterPack is built specifically for the AI era. It destroys the semantic patterns that LLMs rely on to understand code. With Pro's FlowMorph transforms, deobfuscation complexity increases by 1000x or more, making automated analysis impractical even for the most advanced AI models.
Traditional obfuscators use sequential, reversible transforms. AfterPack is fundamentally different — it uses non-linear, hash-like transforms with no inverse function. Even AfterPack itself cannot reverse its own output. The transformation is one-way by design.
No. AfterPack is fully CSP-compliant and never uses eval() or Function(). This makes it safe for banking apps, healthcare platforms, and any environment with strict Content Security Policies. Most competing obfuscators rely on eval().
The CLI processes everything locally on your machine — we never see your code. For Pro cloud features, code is encrypted in transit, processed ephemerally, and never stored. Your code is never used for AI training or any purpose beyond providing the obfuscation service.
AfterPack works with virtually any JavaScript or TypeScript project: web apps, SaaS platforms, web games (HTML5, Canvas, WebGL, PixiJS, Phaser, Three.js), Electron/Tauri/NW.js desktop apps, React Native/Capacitor/Cordova mobile apps, browser extensions, Chrome extensions, VS Code extensions, Node.js backends, serverless functions (AWS Lambda, Cloudflare Workers), npm packages, PWAs, distributed commercial software, and more. If it runs JavaScript, AfterPack can protect it.
AfterPack processes 100 files (~300KB each) in under 5 seconds, powered by Rust and SWC. This is fast enough to run on every build, not just releases. Competing tools typically take 5–10+ minutes for the same workload.
Your Code Deserves Protection
Start with the free tier today. Upgrade when you're ready. No credit card required to start shipping secure builds.
No eval() usage
CSP Compliant
Source Maps Included
Works Offline