Self Defending

Potency High
Resilience High
Cost High
Tags: rasp, tampering, debugging


Self Defending protects functions and object literals concealing their logic, blocking code tampering attempts with anti-tampering techniques, and detecting debuggers to trigger defenses that thwart reverse engineering attempts. Countermeasures can be specified (optionally) to be executed when someone tries to debug or tamper with the code.

Code Annotation Example

// @jscrambler define selfDefending {threshold: 10480, options: [tolerateMinification], countermeasures: {deleteCookies: 1, redirect: /logout}} as sd

Option Types

Name Required Default Value Description
threshold No 10240 Minimum size (in bytes) that a function / object literal must have to be targeted by the transformation.
options No [] List of available options
countermeasures No {"deleteCookies": false,"realTimeNotifications": false} List of available countermeasures


Name Description
tolerateMinification Prevents minification transformations from being detected as tampering attempts
tolerateBenignPoisoning Blocks only malicious native function poisoning


Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
realTimeNotifications Sends a notification when a violation occurs.

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "selfDefending",
      "options": {
        "threshold": 10240,
        "options": [],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "realTimeNotifications": false