@dacely/toildefender 0.1.4 → 0.1.6

package/README.md

@@ -99,6 +99,12 @@ the bytecode into encrypted BigInt streams, and executes it through a generated
 runtime VM. Instead of exposing readable JavaScript logic, your code becomes
 numeric program data consumed by a randomized virtual machine.
 
+The compiler also fuses selected hot stack patterns into semantic
+superinstructions, so common operation boundaries such as constant-key property
+reads are not always emitted as separate primitive VM opcodes.
+Constants are wrapped in access-bound cells, so encoded strings and references
+are decoded lazily when bytecode reads them instead of during VM call setup.
+
 Original logic disappears from the output bundle. Attackers no longer reverse
 plain JavaScript; they must recover the VM, decode the bytecode format,
 reconstruct the instruction set, and emulate the protected program.
@@ -195,19 +201,20 @@ protections: {
 
 The complete beautified generated output is committed at
 [docs/all-modes-output.demo.js](./docs/all-modes-output.demo.js). It is a real
-961-line artifact from the current generator and executes to:
+1019-line artifact from the current generator and executes to:
 
 Output excerpt:
 
 ```js
 (function () {
-  function a(f, j) {
-    var b = new Array(105);
+  function a(f, k) {
+    var b = new Array(109);
     ;
     var c = arguments;
+    var i;
     while (true) try {
       switch (f) {
-        case 8455:
+        case 24210:
           b[11] = c[11];
           b[12] = c[10];
           b[13] = c[9];
@@ -218,42 +225,43 @@ Output excerpt:
           b[18] = c[4];
           b[19] = c[3];
           b[20] = c[2];
-          b[21] = e(a, 739, b, c[1]);
-          b[22] = e(a, 22884, b, c[1]);
-          b[23] = e(a, 24756, b, c[1]);
-          b[24] = e(a, 11593, b, c[1]);
-          b[25] = e(a, 5522, b, c[1]);
-          b[26] = e(a, 21472, b, c[1]);
-          b[27] = e(a, 16279, b, c[1]);
-          b[28] = e(a, 17195, b, c[1]);
-          b[29] = e(a, 27528, b, c[1]);
-          b[30] = e(a, 23881, b, c[1]);
-          b[31] = e(a, 14569, b, c[1]);
-          b[32] = e(a, 21646, b, c[1]);
-          b[33] = e(a, 2482, b, c[1]);
-          b[34] = e(a, 15554, b, c[1]);
-          b[35] = BigInt(b[19]);
-          b[36] = [1n];
-          b[37] = c[1][10][1];
+          b[21] = e(a, 16503, b, c[1]);
+          b[22] = e(a, 16827, b, c[1]);
+          b[23] = e(a, 28881, b, c[1]);
+          b[24] = e(a, 27718, b, c[1]);
+          b[25] = e(a, 26046, b, c[1]);
+          b[26] = e(a, 11984, b, c[1]);
+          b[27] = e(a, 10989, b, c[1]);
+          b[28] = e(a, 10700, b, c[1]);
+          b[29] = e(a, 18606, b, c[1]);
+          b[30] = e(a, 22347, b, c[1]);
+          b[31] = e(a, 28683, b, c[1]);
+          b[32] = e(a, 11069, b, c[1]);
+          b[33] = e(a, 8443, b, c[1]);
+          b[34] = e(a, 27840, b, c[1]);
+          b[35] = e(a, 21656, b, c[1]);
+          b[36] = BigInt(b[19]);
+          b[37] = [1n];
           b[38] = c[1][10][1];
+          b[39] = c[1][10][1];
           if (b[11]) {
-            b[37] = c[1][4](b[11], b[19], b[18], b[17], b[16], b[12]);
-            b[38] = b[11][c[1][10][24]] >>> c[1][10][1];
+            b[38] = c[1][4](b[11], b[19], b[18], b[17], b[16], b[12]);
+            b[39] = b[11][c[1][10][24]] >>> c[1][10][1];
           }
-          b[39] = c[1][10][1];
-          b[40] = b[17] >>> c[1][10][1];
-          while (b[39] < b[18]) {
-            b[41] = b[32](b[39]);
-            b[40] = b[33](b[40], b[41], b[39]);
-            b[39] += c[1][10][5];
+          b[40] = c[1][10][1];
+          b[41] = b[17] >>> c[1][10][1];
+          while (b[40] < b[18]) {
+            b[42] = b[33](b[40]);
+            b[41] = b[34](b[41], b[42], b[40]);
+            b[40] += c[1][10][5];
           }
-          if (b[40] >>> c[1][10][1] !== b[16] >>> c[1][10][1]) throw new Error(c[1][10][29]);
-          b[42] = c[1][10][1];
-          b[43] = b[17] >>> c[1][10][1];
-          b[44] = b[17] & c[1][10][5];
-          b[45] = b[44] ? c[1][10][30] : [];
-          b[46] = b[44] ? c[1][10][30] : [];
-          b[47] = b[44] ? h([
+          if (b[41] >>> c[1][10][1] !== b[16] >>> c[1][10][1]) throw new Error(c[1][10][29]);
+          b[43] = c[1][10][1];
+          b[44] = b[17] >>> c[1][10][1];
+          b[45] = b[17] & c[1][10][5];
+          b[46] = b[45] ? c[1][10][30] : [];
+          b[47] = b[45] ? c[1][10][30] : [];
+          b[48] = b[45] ? g([
             /* encoded layout keys */
           ], [
             [],
@@ -262,30 +270,31 @@ Output excerpt:
 
           /* 900+ more generated lines:
              dispatcher cases, encoded literals, streaming VM token reads,
-             seed-selected stack/local storage, BigInt program blobs,
-             randomized opcode tables, and Hash-Mesh unwrap */
-
-        case 11593:
-          if (c[1][49] < c[2][10][1] || c[1][49] >= c[1][18]) throw new Error(c[2][10][45]);
-          b[1] = c[1][30](c[1][49]);
-          c[1][49] += c[2][10][5];
+             lazy constant cells, seed-selected stack/local storage, BigInt program blobs,
+             semantic superinstructions, randomized opcode tables,
+             and Hash-Mesh unwrap */
+
+        case 27718:
+          if (c[1][50] < c[2][10][1] || c[1][50] >= c[1][18]) throw new Error(c[2][10][46]);
+          b[1] = c[1][31](c[1][50]);
+          c[1][50] += c[2][10][5];
           return b[1];
-        case 5206:
+        case 30063:
           b[1] = '';
-          b[1] += d(86, 101);
-          b[1] += d(105, 108, 109);
+          b[1] += d(86, 101, 105);
+          b[1] += d(108, 109);
           b[1] += d(97, 114, 107);
           return b[1];
       }
     } catch (a) {
-      veilmark$tobethrown = null;
+      i = null;
       switch (f) {
         default:
           throw a;
       }
     }
   }
-  a(17701, {});
+  a(20498, {});
 })();
 ```
 
@@ -398,12 +407,26 @@ Main options:
 | `code` | Entry source code. |
 | `modulesCode` | Map of dependency filename to source code. |
 | `features` | Feature switches for the classic pipeline. |
+| `babel` | Defaults to `false`; set to `true` only when you want the optional Babel downlevel transform before protection. |
+| `babelPreserveAsync` | Defaults to `true`; when `babel: true`, keeps async/generator syntax native so async-aware flattening can avoid Babel regenerator helper bloat. Set to `false` for legacy async lowering. |
 | `protections.virtualMachine` | User-facing VM bytecode backend configuration. |
 | `protections.hashMesh` | User-facing hash-mesh unlock configuration. |
 | `numericVm` | Lower-level numeric VM configuration retained for internal callers. |
 | `preprocessorVariables` | Compile-time preprocessor constants. |
 | `logLevel` | `error`, `warn`, `info`, `debug`, or `log`. |
 
+The default path parses modern syntax directly and normalizes the constructs
+that older obfuscation passes cannot consume yet. The native AST path supports
+plain classes as native islands, class fields, private fields, arrows, for-of
+loops, async/generator functions, optional chaining, nullish coalescing, object
+rest/spread, and spread calls.
+
+When `babel: true` and `babelPreserveAsync` is enabled, optional Babel packages
+installed by the caller can still downlevel syntax for legacy browser targets
+while leaving async and generator functions for ToilDefender's async/generator
+dispatchers. This avoids the large regenerator helper path for modern browser
+and Node bundles.
+
 ## Toil Integration
 
 ToilDefender is intended to sit behind Toil build tooling. Framework packages