Available Protections
ByteHide Shield provides multiple layers of protection to secure your JavaScript code. This page provides a reference for all the protection options available in Shield.
Core Protection Types
Shield's protections are grouped into the following categories:
1. Code Transformations
These protections change the structure and flow of your code to make it difficult to understand.
| Protection | Description | Default |
|---|---|---|
| Control Flow Flattening | Transforms the control flow of your code into a state machine format | Disabled |
| Dead Code Injection | Adds meaningless code that's difficult to distinguish from real code | Disabled |
| Split Strings | Splits string literals into chunks to hide their meaning | Disabled |
| Numbers to Expressions | Converts numeric literals to complex expressions | Disabled |
| Object Transformations | Obfuscates object keys and property access patterns | Disabled |
2. String Protection
These protections specifically target string literals in your code.
| Protection | Description | Default |
|---|---|---|
| String Array | Moves string literals to a special array and replaces them with references | Enabled |
| String Encoding | Applies various encoding algorithms to strings in the string array | None |
| Unicode Escapes | Converts strings to unicode escape sequences | Disabled |
3. Identifier Protection
These protections focus on variable, function, and parameter names.
| Protection | Description | Default |
|---|---|---|
| Identifier Renaming | Renames local variables, function names, and parameters | Hexadecimal |
| Property Renaming | Renames object properties throughout your code | Disabled |
| Identifier Prefix | Adds a custom prefix to all renamed identifiers | None |
4. Anti-Debug Protections
These protections prevent debugging and tampering with your code.
| Protection | Description | Default |
|---|---|---|
| Self Defending | Makes code resistant against modifications and formatting | Disabled |
| Debug Protection | Prevents using browser debugging tools | Disabled |
| Console Disable | Disables console logging statements | Disabled |
| Domain Lock | Restricts code execution to specific domains | None |
Protection Presets
Shield offers predefined presets to quickly configure multiple protections:
| Preset | Description |
|---|---|
default | Balanced protection with minimal performance impact |
Optimized | Basic protection focusing on speed and compatibility |
Balance | Balanced protection suitable for most applications |
Maximum | Maximum protection with increased code size and complexity |
Use a preset by setting the optionsPreset field:
{
"optionsPreset": "balance"
}
You can also extend presets with your own custom options:
{
"optionsPreset": "balance",
"domainLock": ["example.com"],
"selfDefending": true
}
Protection Compatibility
Not all protections can be used together. Here are some important compatibility notes:
- Self Defending is incompatible with source maps and pretty-formatted code
- Control Flow Flattening can significantly increase code size
- Debug Protection with interval may affect performance
- Property Renaming in unsafe mode may break your application if not configured carefully
Performance Considerations
Protections have different impacts on performance, bundle size, and load time:
High Impact
- Control Flow Flattening
- Dead Code Injection
- Debug Protection with Interval
Medium Impact
- String Array with multiple encoding layers
- Property Renaming
- Self Defending
Low Impact
- Identifier Renaming
- String Array (basic)
- Domain Lock
- Console Disable
Protection Strategy
For the best balance of security and performance, consider this layered approach:
For all code:
- Basic identifier renaming
- String Array protection
For sensitive functions:
- Control Flow Flattening (with moderate threshold)
- String Encoding (preferably base64)
- Numbers to Expressions
For production only:
- Self Defending
- Debug Protection
- Domain Lock (if applicable)
Configuration Examples
Basic Protection
{
"compact": true,
"controlFlowFlattening": false,
"deadCodeInjection": false,
"stringArray": true,
"stringArrayEncoding": ["base64"],
"identifierNamesGenerator": "hexadecimal"
}
Maximum Protection
{
"compact": true,
"controlFlowFlattening": true,
"controlFlowFlatteningThreshold": 0.7,
"deadCodeInjection": true,
"deadCodeInjectionThreshold": 0.4,
"stringArray": true,
"stringArrayEncoding": ["rc4"],
"stringArrayThreshold": 0.8,
"stringArrayIndexShift": true,
"selfDefending": true,
"identifierNamesGenerator": "hexadecimal",
"numbersToExpressions": true,
"debugProtection": true,
"renameProperties": true,
"renamePropertiesMode": "safe",
"transformObjectKeys": true
}
Balanced Approach
{
"compact": true,
"controlFlowFlattening": true,
"controlFlowFlatteningThreshold": 0.5,
"deadCodeInjection": false,
"stringArray": true,
"stringArrayEncoding": ["base64"],
"stringArrayThreshold": 0.75,
"selfDefending": false,
"identifierNamesGenerator": "hexadecimal",
"numbersToExpressions": false,
"debugProtection": true,
"domainLock": ["example.com"]
}
Next Steps
- Create your protection configuration file
- Learn about exclusions and reserved items
- Set up source maps for easier debugging