Self Healing

Potency High
Resilience High
Cost High
Tags: rasp, tampering


The Self Healing transformation protects functions by using checksum techniques to verify their integrity, and recovers from tampering attacks to guarantee only the correct code is executed. In other words, the original behavior of the program is preserved even after attacker modifications.

If recovery is not possible, then Self Healing prevents the execution of the modified functions.

Self Healing requires a minimum block size of 4 statements to be applied.

Note: Using a Proxy of a function with the same name of that function will be considered a tamper. Example:

protectedFn = new Proxy(protectedFn, {/* handler */});

function protectedFn() {
  // my code


Code Annotation Example

// @jscrambler define selfHealing { numberOfClones: 3 } as sh
// @jscrambler enable sh

Note: At the moment, it is only possible to enable Self Healing in the top-level scope. You cannot enable it on nested functions.

Option Types

Name Required Default Value Description
numberOfClones No 1 Number of copies of each basic block of the program. High numbers of clones increase the obfuscation cost (notably in terms of code size), but also improve the self healing capabilities.
options No [] List of available options
countermeasures No {"deleteCookies": false,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures


Name Description
tolerateBenignPoisoning Blocks only malicious native function poisoning


Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 90+ 90+
Internet Explorer 9+ 8+
Microsoft Edge 116+ 116+
Safari 13.1+ 13.1+

API Parameters


  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  "applicationId": "ZZZZZZ",
  "params": [
      "name": "selfHealing",
      "options": {
        "numberOfClones": 1,
        "options": [],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false