PHP download

Download the PHP package globus-studio/php-obfuscator without Composer

On this page you can find all versions of the php package globus-studio/php-obfuscator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download globus-studio/php-obfuscator
More information about globus-studio/php-obfuscator
Files in globus-studio/php-obfuscator

Vendor globus-studio
Package php-obfuscator
Short Description A token-based PHP source code obfuscator with full support for PHP 8.1 through 8.5.
License MIT
Homepage https://github.com/GLOBUS-studio/PhpObfuscator

Keywords php tokenizer minify protection obfuscator obfuscate source-code

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of globus-studio/php-obfuscator

Informations about the package php-obfuscator

PhpObfuscator

A token-based PHP source code obfuscator. Renames identifiers, encodes string literals and minifies whitespace, all driven by PHP's own tokenizer rather than brittle regular expressions, so the transformed code keeps its original runtime semantics on every supported PHP version.

The obfuscator is fully tested on PHP 8.1, 8.2, 8.3, 8.4 and 8.5 in CI.

Why another obfuscator?

Most PHP obfuscators on the open web rely on regular expressions. They break on namespaced code, on complex string interpolation, on constructor property promotion and on anything that does not fit a simple textual pattern. This library walks the official PhpToken stream and rewrites identifiers using the same lexical context the engine itself uses, which makes the result predictable and safe to ship.

Features

Token-based identifier rewriting (variables, functions, classes, interfaces, traits, enums, methods, properties, class and global constants).
Constructor property promotion, readonly, enum, match, arrow functions, nullsafe operator, named arguments and attributes are all recognised.
Optional Base64 encoding of string literals (skipped automatically inside constant expressions where PHP requires literal values).
Optional comment stripping and whitespace minification driven by a second tokenizer pass, so the output is guaranteed to remain parseable.
Optional eval(base64_decode(...)) wrapping for an extra layer of protection.
Deterministic PRNG seed for reproducible builds.
Inspection of the rename table via getNameMap().
Bundled php-obfuscate CLI binary.

Installation

Quick start

The output is a self-contained <?php eval(base64_decode("...")); payload that prints Hello, Ada when executed.

Library API

`Obfuscator`

`Options`

Options is an immutable value object. All flags default to true.

Option	Default	Description
`obfuscateVariables`	`true`	Rename local variables (superglobals and `$this` are always preserved).
`obfuscateFunctions`	`true`	Rename user-defined function declarations and their call sites.
`obfuscateClasses`	`true`	Rename classes, interfaces, traits and enums and every reference to them.
`obfuscateMethods`	`true`	Rename methods (magic methods such as `__construct` are kept untouched).
`obfuscateProperties`	`true`	Rename properties, including promoted constructor parameters and static props.
`obfuscateConstants`	`true`	Rename `const`, class constants, enum cases and `define()` constants.
`encodeStrings`	`true`	Replace string literals with `base64_decode('...')` calls.
`removeComments`	`true`	Strip `//`, `#` and `/* ... */` comments.
`removeWhitespace`	`true`	Minify whitespace.
`wrapWithEval`	`true`	Wrap the final payload in `<?php eval(base64_decode('...'));`.
`minNameLength`	`6`	Minimum length of generated identifiers.
`maxNameLength`	`12`	Maximum length of generated identifiers.
`seed`	`null`	Optional PRNG seed for deterministic, reproducible output.

Selective obfuscation

CLI

Examples:

What is preserved by design

$this and every PHP superglobal ($_SERVER, $_GET, ...).
Magic methods (__construct, __toString, __invoke, ...).
Built-in PHP functions, classes, traits and interfaces. The obfuscator only renames identifiers it has previously seen declared in the input, so references to anything from the standard library or third-party packages remain untouched.
String literals appearing in constant-expression positions (class constants, enum case values, default parameter values, top-level const initializers) are never wrapped in base64_decode(...), because PHP requires those positions to be literal expressions.

Limitations

Namespaced symbol names that appear as T_NAME_QUALIFIED or T_NAME_FULLY_QUALIFIED tokens are not rewritten. If you need to obfuscate namespaced classes, the obfuscator must be applied to a single-namespace file at a time.
The obfuscator works at the source level. It is a deterrent that raises the cost of casual reverse engineering, not a cryptographic protection. Anyone able to run your code can trivially recover the runtime behaviour.

Development

The bundled CI workflow runs the test suite on Ubuntu against PHP 8.1 - 8.5.

License

MIT.

All versions of php-obfuscator with dependencies

PHP Build Version

Package Version

Version v1.0.0 Release 26. Apr 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of php-obfuscator from vendor globus-studio

Requires php Version ^8.1
ext-tokenizer Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package globus-studio/php-obfuscator contains the following files

Loading the files please wait ...