# Var Name Mangler

**MCP Tool:** `var_name_mangler`  
**Tier:** Tier 2 — Differentiated  
**Category:** obfuscators  
**Endpoint:** https://obfus.link/mcp  
**Price:** $0.015 / call  
**Verification:** ✓ TDD verified  

> Obfuscate variable names in JS, TS, and Python with Devcore mode

## Atomic Answer

Var Name Mangler obfuscates variable, function, and class names in JavaScript, TypeScript, and Python source. It supports hex, phonetic, random, incremental, and themed Devcore strategies with cyberpunk, noir, vaporwave, and glitch vocabularies. Scope-aware AST mangling targets a specific function or class. Reverse mode restores names from a saved mapping.

## Description

Mangles variable, function, and class names using hex, phonetic, random, incremental, or Devcore (themed vocabulary) strategies. Scope-aware AST mangling targets a specific function or class. Reverse mode restores original names from a saved mapping for round-trip pipelines.

## Agentic Reasoning

USE THIS WHEN: (1) You need to protect IP before distributing source code in a constrained environment where a full minifier is unavailable. (2) You are generating CTF challenge code and need themed variable names via Devcore mode. (3) You want a reversible obfuscation mapping to attach to build artifacts. DO NOT USE WHEN: full dead-code elimination is the goal — use tree_shaking_analyzer. OVER ALTERNATIVES: prefer this over UglifyJS name mangling (no themed modes, no mapping export) and manual find-replace (not AST-safe, breaks dynamic property access).

## MCP Description

Obfuscates identifiers in source code using AST parsing. USE WHEN: you need to protect IP before distribution, generate CTF challenge code, or run round-trip obfuscation through an untrusted pipeline. INPUT: source code, language, strategy. OUTPUT: mangled code, mapping table, optional scope report. EDGE CASES: dynamic property access (obj[varName]) may break with random strategy — use preserveExports to keep public API names. COST: 1 unit.

## Input Schema

| Field | Type | Required | Description |
|-------|------|----------|-------------|
| `code` | `string` | yes |  |
| `mode` | `mangle` \| `reverse` | no |  |
| `language` | `javascript` \| `typescript` \| `python` | yes |  |
| `strategy` | `hex` \| `phonetic` \| `random` \| `incremental` \| `devcore` | no |  |
| `scopeTarget` | `string` | no |  |
| `devcoreTheme` | `cyberpunk` \| `noir` \| `vaporwave` \| `glitch` | no |  |
| `mappingInput` | `object` | no |  |
| `preserveExports` | `boolean` | no |  |

## Output Schema

| Field | Type | Required | Description |
|-------|------|----------|-------------|
| `mangled` | `string` | no |  |
| `mapping` | `object` | yes |  |
| `restored` | `string` | no |  |

## How To Use

1. **Paste source code** — Drop in your JavaScript, TypeScript, or Python source.
2. **Choose language** — javascript, typescript, or python — controls AST parser dialect.
3. **Pick strategy** — hex, phonetic, random, incremental, or devcore (themed vocabulary).
4. **Configure options** — Toggle preserveExports, set scopeTarget for partial mangling, choose Devcore theme.
5. **Run and copy** — Click Run. Copy mangled output and the mapping table for reverse-mode round trips.

## FAQs

**What is Devcore mode?**

Strategy: "devcore" replaces identifiers with themed vocabulary (cyberpunk: _neon_, _chrome_, _void_; noir: _shadow_, _smoke_; vaporwave: _aesthetic_, _pastel_; glitch: _err_, _corrupt_). Produces obfuscated code that is still culturally legible to humans in the relevant subculture.

**What does preserveExports do?**

When true, exported identifiers (export const, export function, module.exports.x) are kept with their original names. The internal implementation is mangled but the public API stays intact — useful when consumers depend on specific export names.

**Is the output deterministic?**

For hex, incremental, and devcore strategies: yes. The same input produces the same mangled output. For phonetic and random: a new mapping is generated each call. Use the mapping output with reverse mode to restore original names.

**Can I use this tool via the MCP API?**

Yes. The tool is registered on the obfus.link MCP server at https://obfus.link/mcp. Call it from any MCP-compatible agent with a Shared Payment Token. The MCP tool name matches the snake_case slug shown in the integration snippet.

## Tags

`obfuscate` · `mangle` · `minify` · `javascript` · `typescript` · `python` · `privacy`

---

*obfus.link — A Subether Labs Infrastructure Project*  
*Canonical URL: https://obfus.link/tool/var-name-mangler*  
*JSON view: https://obfus.link/tool/var-name-mangler/json*