How VM Transforms Code

Section

With vmTargetFunctionsMode: 'root' (default), VM obfuscation transforms the body of each root-level function into bytecode (depending on vmObfuscationThreshold), but keeps the function name unchanged.

// Input
function fibonacci(n) {
    if (n <= 1) return n;
    return fibonacci(n - 1) + fibonacci(n - 2);
}

// Output - function NAME is preserved, BODY is VM-transformed
function fibonacci(b) {  // name kept as-is
    return vm.call(...); // body converted to bytecode
}

This design maintains compatibility with code that calls these functions from the global scope or expects them on the global object. The function body is fully protected, but the name remains visible.

Hiding sensitive function names:

If a function name reveals what the code does (e.g., validateLicense, decryptData), use one of these approaches:

Option 1: Wrap in an IIFE (Recommended)

Place sensitive functions inside an IIFE or any other function body. Functions inside other functions are not root-level, so they get fully VM-transformed including their names.

// Wrap sensitive code in IIFE
(function() {
    function fibonacci(n) {
        if (n <= 1) return n;
        return fibonacci(n - 1) + fibonacci(n - 2);
    }
    // Use fibonacci here...
})();
// "fibonacci" name is completely hidden in output

Option 2: Rename globals + encoding (Use with caution)
Enable renameGlobals: true, vmBytecodeEncoding: true, and vmBytecodeArrayEncoding: true. This renames root-level identifiers and encrypts them in the bytecode.
Warning: renameGlobals can break code that accesses functions via the global object or uses dynamic property access. Test thoroughly before using.

VM Debug Protection

Using the NPM Package