Lock Your
FILES to Your Domain

Deter Javascript Theft.  |  Your JS runs only on your site.

Enter Your Domain Name

What Is This?

DomainLock JS is a free-to-use script generator which deters script theft by domain-locking Javascript files to your website domain-name.

Simply enter your website address to generate the code snippet. Then strategically copy/paste the code snippet inside any other js file used on your website.

The script will throw hard-to-trace Javascript errors in unrelated functions when used on an unauthorized domain.

Is this a fullproof protective measure? No. It's Javascript -- so by definition it can be circumvented with enough work. But it is a good deterrent to casual code theft and use of unlicensed javascript.

  • Protect javascript source code
  • Lock javascript to your URL
  • Creates errors on unauthorized domains
  • Hard to trace
  • Super lightweight (<2k)
  • Deters script copying
  • Deters script hotlinking
  • Simple cut-and-paste install
  • Doesn't pollute the global namespace
  • Spyware / adware free
  • Remains inactive on .local
  • Useful for software licensing
  • Simple copy-protection for .js files

This site is CoffeeWare. If you find this script generator useful, please buy me a cup of coffee with the donate button below.


Does this script play nicely with ___________ framework?

The script creates no global variables and runs on execution. It's small and runs extremely fast. While it hasn't been tested with all frameworks, it's unlikely to experience compatibility issues as it has no dependencies and doesn't pollute the global namespace.

Can I lock to a subdomain?

No. DomainLockJS locks strictly to the primary domain. It cannot be used to lock javascript to a specific subdomain.

Should I drop the snippet in more than one file?

Typically one important .js file should be enough, but the snippet can be added to more than one file if necessary.

Can this be circumvented?

Any skilled / senior developer can debug *any* Javascript issue with enough time. If you need strict security, please don't rely on this or any other client side script. That said, the goal is to make theft sufficiently difficult.

Right, but can't I just see the error in the console and remove that line of code?

With a more sophisticated trace, yes. But the errors generated by DomainLockJS are not generated within the code snippet itself. So tracing the error isn't straightforward. Errors are generated inside other, existing page functions.

Why would I use this if a skilled programmer can circumvent it?

If you license javascript add-ons or license javascript applications on a per site basis, DomainLockJS is a good deterrent to those who would steal javascript code. Your javascript runs only on your website.

Unsophisticated users (which is most users) will simply attempt to copy and paste unlicensed javascript into a website directory. If the stolen script works it works, if it doesn't they'll remove it. DomainLockJS is not a fullproof preventative measure.

It's a difficult to debug deterrent to javascript code theft. It's one additional layer of javascript copy protection for code licensing and the prevention of code stealing.

Contact Me