Domain Lock

Potency Medium
Resilience Medium
Cost Medium
Tags: domain, lock, IP, code lock


Domain Lock locks code to a specific domain name or IP address. This is a good transformation to avoid someone stealing the protected code and running it on their own domain or locally. This is also a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code runs in any other domain/IP.

Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:

Input Examples

  • - Code will break if not running inside the domain
  •, - Code will break if not running inside either or
  •, * - Code will break if not running inside or all of its sub-domains
  • 192.168.* - Code will break if not running in an IP inside the 192.168. network
  • file://Users/you/* - Code will break if not running inside your user directory

Code Annotation Example

// @jscrambler define domainLock {domains: [], countermeasures: {breakApplication: 1, customCallback: report.callbackFunction}} as dl1

Option Types

Name Required Default Value Description
domains Yes N/A List of domains/IPs where the code is allowed to run (Supports wildcard to match sub-domains, IP network, and IP host range).
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false} List of available countermeasures


Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "domainLock",
      "options": {
        "domains": [
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false