Invisible · Survives obfuscation · Forensic-grade
Trace leaked code
back to the buyer.
Embed an invisible fingerprint — buyer email, order ID, anything — using zero-width Unicode characters. The bytes hide inside a normal string literal, survive minifiers, and round-trip through obfuscators. When a copy leaks, paste it here and recover the original buyer info.
Original code
Watermarked· 152 invisible chars added
/* Just Obfuscate watermark — do not remove */ (globalThis.__jo_wm = (globalThis.__jo_wm || "") + "");
function greet(name) {
console.log("Hello, " + name + "!");
return { ok: true };
}
greet("world");How it works
01 Encode
Your buyer payload is encoded as a frame of zero-width characters (U+200B / U+200C) with a magic prefix and length header.
02 Inject
The frame is placed inside a string literal assigned to
globalThis. Dead-code elimination can't drop a side effect on a global.03 Trace
If the code leaks, paste it on the Extract tab — even after obfuscation. The frame's magic header makes it locatable.
What it survives
| Transform | Survives? | Notes |
|---|---|---|
| Terser (mangle + compress) | ✓ Yes | String literal preserved verbatim. |
| esbuild / SWC minify | ✓ Yes | Both preserve string contents. |
| Just Obfuscate (maximum) | ✓ Yes | Recover after one decode-deep pass. |
| Prettier / dprint formatting | ✓ Yes | Zero-width chars are valid string content. |
| Manual rename of identifiers | ✓ Yes | Doesn't touch string literals. |
| Hand-stripping all comments | ✓ Yes | Watermark lives in a string, not a comment. |
| Re-typing every line by hand | ⚠ No | Adversary must transcribe invisible chars. |