Categories: Protection

AxProtector JavaScript

JavaScript can look back on a long and storied history as a script language, originally for in-browser use or client-side processes, but now matured for complex frameworks for Rich Internet Applications (RIA). JavaScript also made the leap onto the server side several years ago and is now regularly used as a language for scripting applications, relying on Node.js or Electron as the development platforms that underlie many popular software packages like Visual Studio Code or Slack.

Wibu-Systems introduced the ability to encrypt JavaScript applications with Version 10.80 of CodeMeter Protection Suite.

The mechanism

AxProtector JavaScript operates just like its counterpart for Python: It encrypts functions directly in the source code, which does not need to be changed in any way. Simply by integrating AxProtector JavaScript in the build system, the original code can be encrypted and placed into a JavaScript file ready for execution.

This can take any one of three forms:

  • Either the complete JavaScript application is encrypted, with license checks added automatically (basic configuration)
  • The JavaScript application is encrypted in individual modules, allowing individual features to be activated by the user (custom licensing)
  • or AxProtector JavaScript is used only as protection against reverse engineering without the user needing any license at all (IP Protection Mode).

The software developer can choose exactly which functions and classes are to be encrypted by means of a simple configuration file.

Secure execution

The functions are encrypted and signed in the script files created as part of the protection process. The new CodeMeter Protection Suite Runtime (CPSRT) is included to check these during runtime, decrypt, and execute the code in the machine’s memory, and then remove it again for added security.

The newest AxProtector technology is used to stop would-be attackers from tampering with the native components, making it virtually impossible on the script and CPSRT library’s side to manipulate the protected software before it is executed.

One great advantage of encrypting the source code itself is its ability to work on different operating systems: Encrypted scripts can be run, without any modification, on Windows, Linux, or macOS. The CPSRT is currently available for Windows, macOS, and Linux for x86 platforms, with further platforms to be added in the future.

The certificate chain used for signing is based on the infrastructure first introduced for our Universal Firm Code (Firm Codes above 6.000.000).


AxProtector JavaScript comes with all the security features on board that you will be familiar with from AxProtector for native and .NET applications.

AxProtector JavaScript supports the two licensing systems Universal Firm Code and IP Protection with their code encryption, runtime checks, anti-debugging, integrity protection, and class or function level protection capabilities included. With Universal Firm Code Licenses, you also have a choice of adding modular encryption (IxProtector), automatic license checks, and hidden traps as an added layer of security. Code protected with AxProtector Javascript can be used with all common CodeMeter container types: CmDongles, CmActLicenses, and CmCloudContainers.

CodeMoving, our clever feature for running encrypted code in especially protected environments, will be available for CmDongles and CmCloudContainers from Version 11.0 of CodeMeter Protection Suite. AxProtector JavaScript is included as part of the CodeMeter Protection Suite installer package.


To protect JavaScript code, you need a license for AxProtector JavaScript. Contact sales(at) to receive a free trial license.

System requirements

The following operating systems and platforms are currently supported: Windows x86, Windows x86_64, Linux x86, Linux x86_64, macOS x86_64.

Applications protected with AxProtector JavaScript can be used with the following CodeMeter container types: CmDongles with Universal Firm Code, CmActLicenses with Universal Firm Code, and CmCloudContainers. A runtime environment based on Node API (e.g. node.js, Electron) is required.

Item no. Item Description
1336-1800 AxProtector JavaScript (Subscription)
1336-1801 AxProtector JavaScript – Modular Licensing (Subscription)
1336-1802 AxProtector JavaScript – IP Protection (Subscription)
1336-1803 AxProtector JavaScript – CodeMoving (Subscription)
1336-1800-T60 AxProtector JavaScript (60-day test version)
1336-1801-T60 AxProtector JavaScript – Modular Licensing (60-day test version)
1336-1802-T60 AxProtector JavaScript – IP Protection (60-day test version)
1336-1803-T60 AxProtector JavaScript – CodeMoving (60-day test version)


KEYnote 42 – Edition Fall 2021

To top