shieldmycode-cli
v0.1.0
Published
Command-line client for Shield (shieldmycode.com) — self-defending JavaScript / HTML obfuscation.
Maintainers
klvrdigitalReadme
shieldmycode-cli
Command-line client for Shield — self-defending
JavaScript & HTML obfuscation. Use it in CI, in package.json scripts, or
ad-hoc on your laptop.
Install
# project-local (recommended in CI)
npm install --save-dev shieldmycode-cli
# global
npm install -g shieldmycode-cliRequires Node 18+.
Authenticate
Create an API key at shield.shieldmycode.com/dashboard/api-keys (Business plan and up).
Export it in your shell:
export SHIELD_API_KEY=shield_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx…or in your CI's secret store. The CLI also accepts --api-key <key> per
invocation if you'd rather pass it explicitly.
Quick start
# single file -> app.shield.js
shield obfuscate app.js
# explicit output
shield obfuscate app.js -o dist/app.min.js
# overwrite in place
shield obfuscate app.js --in-place
# whole directory, mirroring layout under dist-shield/
shield obfuscate src -o dist-shield
# glob — quote it so your shell doesn't expand
shield obfuscate "src/**/*.{js,html}" -o dist-shield
# config-driven (auto-detected from shield.config.js / .shieldrc.json)
shield obfuscate srcConfig file
Drop a shield.config.js (or .cjs, .mjs, or .shieldrc.json) at your
project root and the CLI picks it up automatically:
// shield.config.js
module.exports = {
options: {
level: 'hard',
antiLlm: true,
deadCode: true,
domainLock: 'mycompany.com,app.mycompany.com',
expiresAt: '2027-01-01',
telemetryUrl: 'https://shield.shieldmycode.com/api/telemetry/abc123'
},
exclude: ['**/vendor/**', '**/*.min.js']
};You can also nest it under the shield key in your package.json:
{
"name": "myapp",
"shield": {
"options": { "level": "hard", "antiLlm": true }
}
}CI example — GitHub Actions
name: Protect production bundle
on:
push:
branches: [main]
jobs:
obfuscate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '20' }
- run: npm ci && npm run build
- run: npx shieldmycode-cli obfuscate dist -o dist-protected --recursive
env:
SHIELD_API_KEY: ${{ secrets.SHIELD_API_KEY }}
- uses: actions/upload-artifact@v4
with: { name: protected, path: dist-protected }All flags
Usage
shield obfuscate <file|dir|glob> [options]
Common
-o, --out <path> Output file or directory
--in-place Overwrite each input
--recursive Walk subdirectories (default for dir inputs)
--concurrency <n> Parallel requests, default 5, max 20
--dry-run Show what would happen; never call the API
-c, --config <path> Explicit config-file path
-k, --api-key <key> Override $SHIELD_API_KEY
--endpoint <url> Override https://shield.shieldmycode.com
--no-color Disable ANSI colors
Option overrides
-l, --level <s|m|h> soft / medium / hard (default hard)
--anti-llm Toggle anti-LLM defenses
--dead-code Toggle dead-code injection
--stealth Toggle HTML stealth mode
--integrity Toggle integrity hash
--domain-lock <list> Allowlist of hostnames
--geo-allow <list> Allowlist of ISO country codes
--expires-at <iso> Refuse to run after this date
--telemetry <url> POST tamper events hereEach obfuscated file counts as one obfuscation against your monthly quota — same as the dashboard.
License
MIT. The Shield engine itself is proprietary and runs server-side at
shieldmycode.com. The CLI in this package is just an HTTP client.
Issues, feedback, feature requests: https://shieldmycode.com/support