Your VM-obfuscated code throws at runtime - it may be a RangeError: Invalid array length, but the same checklist applies to other unexpected errors that only show up after obfuscation. Work through the steps below in order. The first one catches the overwhelmingly most common cause; the rest narrow down a genuine bug.

Step 1 - Check the runtime against the target option

The single most common cause of Invalid array length and similar errors is a mismatch between the target option and the environment the code actually runs in, combined with vmSelfDefending: true.

Environments where this fires:

• Node.js (running the obfuscated bundle directly via node)
• Headless Chrome / Chromium, PhantomJS
• Puppeteer, Playwright, Cypress, Selenium / ChromeDriver, Nightmare
• jsdom and other server-side DOM emulations
• Any environment where native browser builtins have been hooked or replaced

If your runtime is on that list, the error is the protection working as designed, not a bug. Pick the resolution that matches your case:

• Running in Node.js on purpose (server-side script, CLI tool, Electron main process): set target: 'node' when obfuscating. The self-defending layer will calibrate itself for Node instead of the browser.
• Running automated tests / E2E against an obfuscated build (Cypress, Playwright, Puppeteer, Selenium): produce a separate test build with vmSelfDefending: false. The option is designed to break automation; it cannot be whitelisted for individual tools. See VM Self Defending for the full list of incompatible environments.
• Running in a real browser but still seeing the error: confirm no extension, devtools script, or wrapper page is hooking native builtins (Array, Function.prototype, JSON, etc.). Reproduce in a clean profile before treating it as a bug.

Step 2 - Narrow down to a single function

If Step 1 didn't resolve it, the error is in a specific piece of transformed code. Switch to vmTargetFunctionsMode: 'comment' and add /* javascript-obfuscator:vm */to one function at a time until the error reappears. The function you marked when the error came back is the culprit - that's the minimal repro you'll send to support.

Step 3 - Send a bug report

Once you've confirmed it's not a target/self-defending mismatch and have a narrowed-down function, email support@obfuscator.io. The more of the following you include, the faster we can fix it:

• Full error stack trace, exactly as it appears in the console - not a paraphrase.
• Obfuscator options as JSON. Copy the entire options object you used (or the preset name plus any overrides). Subtle interactions between options are common, so we need the exact set.
• Obfuscator version - shown in the bottom-right corner of the editor.
• Environment - browser + version, Node.js version, OS, anything unusual about the runtime (extensions, polyfills, custom builtins).
• Minimal reproduction - ideally the single function from Step 2, plus whatever call site is needed to trigger the error.
• The original (pre-obfuscation) source, where possible. The obfuscated output is opaque on our side too; without the input we're reverse-engineering our own bytecode.