@jshookmcp/jshook 0.2.8 → 0.3.0

package/dist/webcrack-Be0_FccV.mjs

@@ -0,0 +1,747 @@
+import { t as logger } from "./logger-Dh_xb7_2.mjs";
+import { _t as JSVMP_MAX_ITERATIONS, fn as SANDBOX_EXEC_TIMEOUT_MS, gn as SANDBOX_TERMINATE_GRACE_MS, gt as JSVMP_DEOBFUSCATE_TIMEOUT_MS, hn as SANDBOX_STACK_SIZE_MB, mn as SANDBOX_MEMORY_LIMIT_MB } from "./constants-CDZLOoVv.mjs";
+import { t as ProcessRegistry } from "./ProcessRegistry-zGg12QbE.mjs";
+import { n as cpuLimit } from "./concurrency-Drev_Vz9.mjs";
+import path from "node:path";
+import { readdir, rm, stat } from "node:fs/promises";
+import * as parser from "@babel/parser";
+import traverse from "@babel/traverse";
+import * as t from "@babel/types";
+import generate from "@babel/generator";
+import { Worker } from "node:worker_threads";
+//#region src/modules/security/ExecutionSandbox.ts
+/**
+* ExecutionSandbox — Safe code execution for untrusted JavaScript.
+*
+* Uses worker_threads + vm module to isolate dynamic code execution
+* (e.g., deobfuscation eval, packer unpacking).
+*
+* Security:
+* - Runs in a separate worker thread (process isolation)
+* - vm.createContext with empty global (no require, no fs, no net)
+* - Timeout enforcement via worker termination
+* - Memory limit via worker resourceLimits
+*/
+const WORKER_SCRIPT = `
+import { workerData, parentPort } from 'node:worker_threads';
+import * as vm from 'node:vm';
+
+const { code, timeoutMs } = workerData;
+
+try {
+  // Create an isolated context with minimal globals
+  const sandbox = {
+    // Safe built-ins only
+    parseInt, parseFloat, isNaN, isFinite,
+    encodeURIComponent, decodeURIComponent,
+    encodeURI, decodeURI,
+    JSON: { parse: JSON.parse, stringify: JSON.stringify },
+    Math,
+    String, Number, Boolean, Array, Object, Map, Set,
+    Date, RegExp, Error, TypeError, RangeError,
+    Promise,
+    Symbol,
+    undefined,
+    NaN,
+    Infinity,
+    // Explicitly denied: require, process, __filename, __dirname, Buffer, setTimeout, setInterval, fetch
+  };
+
+  const context = vm.createContext(sandbox, {
+    name: 'jshook-sandbox',
+    codeGeneration: { strings: false, wasm: false },
+  });
+
+  const script = new vm.Script(code, {
+    filename: 'sandbox-eval.js',
+    timeout: timeoutMs,
+  });
+
+  const result = script.runInContext(context, { timeout: timeoutMs });
+  parentPort.postMessage({ ok: true, output: result });
+} catch (err) {
+  parentPort.postMessage({
+    ok: false,
+    error: err.message || String(err),
+    timedOut: err.code === 'ERR_SCRIPT_EXECUTION_TIMEOUT',
+  });
+}
+`;
+var ExecutionSandbox = class {
+	/**
+	* Execute JavaScript in an isolated sandbox.
+	* Wrapped in cpuLimit for global concurrency control.
+	*/
+	async execute(request) {
+		return cpuLimit(() => this.executeInternal(request));
+	}
+	executeInternal(request) {
+		const timeoutMs = request.timeoutMs ?? SANDBOX_EXEC_TIMEOUT_MS;
+		const memoryLimitMB = request.memoryLimitMB ?? SANDBOX_MEMORY_LIMIT_MB;
+		const startTime = Date.now();
+		return new Promise((resolve) => {
+			let settled = false;
+			const terminationTimeout = setTimeout(() => {
+				if (!settled) {
+					worker.terminate();
+					logger.warn(`[ExecutionSandbox] Worker terminated after ${timeoutMs + SANDBOX_TERMINATE_GRACE_MS}ms`);
+					finish({
+						ok: false,
+						error: "Execution timed out (worker terminated)",
+						timedOut: true
+					});
+				}
+			}, timeoutMs + SANDBOX_TERMINATE_GRACE_MS);
+			const workerOptions = {
+				eval: true,
+				workerData: {
+					code: request.code,
+					timeoutMs
+				},
+				resourceLimits: {
+					maxOldGenerationSizeMb: memoryLimitMB,
+					maxYoungGenerationSizeMb: Math.ceil(memoryLimitMB / 4),
+					stackSizeMb: SANDBOX_STACK_SIZE_MB
+				}
+			};
+			workerOptions.type = "module";
+			const worker = new Worker(WORKER_SCRIPT, workerOptions);
+			if (typeof worker.unref === "function") worker.unref();
+			ProcessRegistry.register(worker);
+			const finish = (result) => {
+				if (settled) return;
+				settled = true;
+				if (terminationTimeout) clearTimeout(terminationTimeout);
+				resolve({
+					...result,
+					durationMs: Date.now() - startTime
+				});
+			};
+			worker.on("message", (msg) => {
+				finish({
+					ok: msg.ok,
+					output: msg.output,
+					error: msg.error,
+					timedOut: msg.timedOut || false
+				});
+				worker.terminate();
+			});
+			worker.on("error", (err) => {
+				finish({
+					ok: false,
+					error: `Worker error: ${err.message}`,
+					timedOut: false
+				});
+			});
+			worker.on("exit", (code) => {
+				if (!settled) finish({
+					ok: false,
+					error: `Worker exited unexpectedly with code ${code}`,
+					timedOut: false
+				});
+			});
+		});
+	}
+};
+//#endregion
+//#region src/modules/deobfuscator/JSVMPDeobfuscator.restore.ts
+async function restoreJSVMPCode(context, code, vmType, aggressive) {
+	const warnings = [];
+	const unresolvedParts = [];
+	if (vmType === "obfuscator.io") return restoreObfuscatorIO(context, code, aggressive, warnings, unresolvedParts);
+	if (vmType === "jsfuck") return restoreJSFuck(context, code, warnings);
+	if (vmType === "jjencode") return restoreJJEncode(context, code, warnings);
+	return restoreCustomVM(context, code, aggressive, warnings, unresolvedParts);
+}
+async function restoreObfuscatorIO(context, code, aggressive, warnings, unresolvedParts) {
+	let restored = code;
+	let confidence = .5;
+	try {
+		const stringArrayMatch = code.match(/var\s+(_0x[a-f0-9]+)\s*=\s*(\[.*?\]);/s);
+		if (stringArrayMatch) {
+			const arrayName = stringArrayMatch[1];
+			const arrayContent = stringArrayMatch[2];
+			logger.info(` : ${arrayName}`);
+			try {
+				const sandboxResult = await context.sandbox.execute({
+					code: `return ${arrayContent || "[]"};`,
+					timeoutMs: 3e3
+				});
+				const stringArray = sandboxResult.ok ? sandboxResult.output : void 0;
+				if (Array.isArray(stringArray)) {
+					logger.info(`String array detected, ${stringArray.length} strings found`);
+					const refPattern = new RegExp(`${arrayName}\\[(\\d+)\\]`, "g");
+					restored = restored.replace(refPattern, (_match, index) => {
+						const idx = parseInt(index, 10);
+						if (idx < stringArray.length) return JSON.stringify(stringArray[idx]);
+						return _match;
+					});
+					confidence += .2;
+				}
+			} catch (e) {
+				warnings.push(`: ${e}`);
+				unresolvedParts.push({
+					location: "String Array",
+					reason: "",
+					suggestion: ""
+				});
+			}
+		}
+		restored = restored.replace(/\(function\s*\(_0x[a-f0-9]+,\s*_0x[a-f0-9]+\)\s*\{[\s\S]*?\}\(_0x[a-f0-9]+,\s*0x[a-f0-9]+\)\);?/g, "");
+		if (aggressive) {
+			restored = restored.replace(/\(function\s*\(\)\s*\{([\s\S]*)\}\(\)\);?/g, "$1");
+			confidence += .1;
+		}
+		restored = restored.replace(/0x([0-9a-f]+)/gi, (_match, hex) => {
+			return String(parseInt(hex, 16));
+		});
+		restored = restored.replace(/;\s*;/g, ";");
+		restored = restored.replace(/\{\s*\}/g, "{}");
+		warnings.push("obfuscator.io detected, may need special handling");
+		return {
+			code: restored,
+			confidence: Math.min(confidence, 1),
+			warnings,
+			unresolvedParts: unresolvedParts.length > 0 ? unresolvedParts : void 0
+		};
+	} catch (error) {
+		warnings.push(`obfuscator.io: ${error}`);
+		return {
+			code,
+			confidence: .2,
+			warnings,
+			unresolvedParts
+		};
+	}
+}
+async function restoreJSFuck(context, code, warnings) {
+	try {
+		logger.info("JSFuck detected, attempting deobfuscation...");
+		try {
+			if (code.length > 1e5) {
+				warnings.push("JSFuck code detected, file too large to process directly.");
+				warnings.push("Consider using an online JSFuck decoder tool.");
+				return {
+					code,
+					confidence: .1,
+					warnings
+				};
+			}
+			const sandboxResult = await context.sandbox.execute({
+				code: `return ${code};`,
+				timeoutMs: 5e3
+			});
+			const result = sandboxResult.ok ? sandboxResult.output : void 0;
+			if (typeof result === "string") {
+				logger.info(" JSFuck");
+				return {
+					code: result,
+					confidence: .9,
+					warnings: ["JSFuck"]
+				};
+			}
+			warnings.push("JSFuck");
+			return {
+				code,
+				confidence: .2,
+				warnings
+			};
+		} catch (execError) {
+			warnings.push(`JSFuck: ${execError}`);
+			warnings.push("Consider using an online JSFuck decoder tool.");
+			return {
+				code,
+				confidence: .1,
+				warnings
+			};
+		}
+	} catch (error) {
+		warnings.push(`JSFuck: ${error}`);
+		return {
+			code,
+			confidence: .1,
+			warnings
+		};
+	}
+}
+async function restoreJJEncode(context, code, warnings) {
+	try {
+		logger.info("JJEncode detected, attempting deobfuscation...");
+		try {
+			const lines = code.split("\n").filter((line) => line.trim());
+			if ((lines.length > 0 ? lines[lines.length - 1] : "")?.includes("$$$$")) {
+				const sandboxResult = await context.sandbox.execute({
+					code: `${code}; return $$$$()`,
+					timeoutMs: 5e3
+				});
+				const result = sandboxResult.ok ? sandboxResult.output : void 0;
+				if (typeof result === "string") {
+					logger.info(" JJEncode");
+					return {
+						code: result,
+						confidence: .9,
+						warnings: ["JJEncode"]
+					};
+				}
+			}
+			const sandboxResult = await context.sandbox.execute({
+				code,
+				timeoutMs: 5e3
+			});
+			if (!sandboxResult.ok) logger.warn("JJEncode sandbox execution failed:", sandboxResult.error);
+			warnings.push("JJEncode deobfuscation may be incomplete");
+			warnings.push("Result may still contain JJEncode fragments");
+			return {
+				code,
+				confidence: .2,
+				warnings
+			};
+		} catch (execError) {
+			warnings.push(`JJEncode: ${execError}`);
+			warnings.push("Result may contain evaluation artifacts");
+			return {
+				code,
+				confidence: .1,
+				warnings
+			};
+		}
+	} catch (error) {
+		warnings.push(`JJEncode: ${error}`);
+		return {
+			code,
+			confidence: .1,
+			warnings
+		};
+	}
+}
+async function restoreCustomVM(_context, code, aggressive, warnings, unresolvedParts) {
+	warnings.push("AI-assisted deobfuscation removed, using fallback directly.");
+	return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
+}
+function restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts) {
+	let restored = code;
+	let confidence = .3;
+	try {
+		restored = restored.replace(/if\s*\([^)]*\)\s*\{\s*\}/g, "");
+		restored = restored.replace(/!!\s*\(/g, "Boolean(");
+		restored = restored.replace(/""\s*\+\s*/g, "");
+		if (aggressive) {
+			restored = restored.replace(/debugger;?/g, "");
+			confidence += .1;
+			restored = restored.replace(/\?\s*([^:]+)\s*:\s*\1/g, "$1");
+			confidence += .05;
+		}
+		warnings.push("Analysis incomplete, partial results may be returned");
+		warnings.push("For better results, configure an LLM API key");
+		unresolvedParts.push({
+			location: "Custom VM",
+			reason: "VM",
+			suggestion: "VM protection detected, LLM-assisted analysis recommended"
+		});
+		return {
+			code: restored,
+			confidence,
+			warnings,
+			unresolvedParts: unresolvedParts.length > 0 ? unresolvedParts : void 0
+		};
+	} catch (error) {
+		warnings.push(`: ${error}`);
+		return {
+			code,
+			confidence: .1,
+			warnings,
+			unresolvedParts
+		};
+	}
+}
+//#endregion
+//#region src/modules/deobfuscator/JSVMPDeobfuscator.ts
+var JSVMPDeobfuscator = class {
+	sandbox = new ExecutionSandbox();
+	async deobfuscate(options) {
+		const startTime = Date.now();
+		const { code, aggressive = false, extractInstructions = false, timeout = JSVMP_DEOBFUSCATE_TIMEOUT_MS, maxIterations = JSVMP_MAX_ITERATIONS } = options;
+		logger.info(" JSVMP...");
+		try {
+			const vmFeatures = this.detectJSVMP(code);
+			if (!vmFeatures) {
+				logger.info("JSVMP");
+				return {
+					isJSVMP: false,
+					deobfuscatedCode: code,
+					confidence: 0,
+					warnings: ["JSVMP"]
+				};
+			}
+			logger.info(`JSVMP analysis complete, complexity: ${vmFeatures.complexity}`);
+			logger.info(` : ${vmFeatures.instructionCount}`);
+			const vmType = this.identifyVMType(code, vmFeatures);
+			logger.info(` : ${vmType}`);
+			let instructions;
+			if (extractInstructions) {
+				logger.info(" ...");
+				instructions = this.extractInstructions(code, vmFeatures);
+				logger.info(`  ${instructions.length} `);
+			}
+			logger.info(" ...");
+			const deobfuscationResult = await this.restoreCode(code, vmFeatures, vmType, aggressive, timeout, maxIterations);
+			const processingTime = Date.now() - startTime;
+			const result = {
+				isJSVMP: true,
+				vmType,
+				vmFeatures,
+				instructions,
+				deobfuscatedCode: deobfuscationResult.code,
+				confidence: deobfuscationResult.confidence,
+				warnings: deobfuscationResult.warnings,
+				unresolvedParts: deobfuscationResult.unresolvedParts,
+				stats: {
+					originalSize: code.length,
+					deobfuscatedSize: deobfuscationResult.code.length,
+					reductionRate: 1 - deobfuscationResult.code.length / code.length,
+					processingTime
+				}
+			};
+			logger.info(`JSVMP deobfuscation complete in ${processingTime}ms`);
+			logger.info(` : ${(result.confidence * 100).toFixed(1)}%`);
+			return result;
+		} catch (error) {
+			logger.error("JSVMP", error);
+			return {
+				isJSVMP: false,
+				deobfuscatedCode: code,
+				confidence: 0,
+				warnings: [`: ${error}`]
+			};
+		}
+	}
+	detectJSVMP(code) {
+		try {
+			const ast = parser.parse(code, {
+				sourceType: "unambiguous",
+				plugins: ["jsx", "typescript"],
+				errorRecovery: true
+			});
+			let hasSwitch = false;
+			let hasInstructionArray = false;
+			let hasProgramCounter = false;
+			let instructionCount = 0;
+			let interpreterLocation = "";
+			let maxSwitchCases = 0;
+			let hasBytecodeArray = false;
+			let hasApplyCall = false;
+			let hasWhileLoop = false;
+			let bytecodePattern = false;
+			traverse(ast, {
+				SwitchStatement(path) {
+					const caseCount = path.node.cases.length;
+					if (caseCount > 10) {
+						hasSwitch = true;
+						if (caseCount > maxSwitchCases) {
+							maxSwitchCases = caseCount;
+							instructionCount = caseCount;
+							interpreterLocation = `Line ${path.node.loc?.start.line || 0}`;
+						}
+					}
+				},
+				ArrayExpression(path) {
+					if (path.node.elements.length > 50) hasInstructionArray = true;
+				},
+				UpdateExpression(path) {
+					if (path.node.operator === "++" || path.node.operator === "--") {
+						const arg = path.node.argument;
+						if (t.isIdentifier(arg) && arg.name.length <= 3) hasProgramCounter = true;
+					}
+				},
+				CallExpression(path) {
+					if (t.isIdentifier(path.node.callee, { name: "parseInt" }) && path.node.arguments.length >= 2) {
+						const firstArg = path.node.arguments[0];
+						if (t.isBinaryExpression(firstArg) && firstArg.operator === "+") {
+							bytecodePattern = true;
+							hasBytecodeArray = true;
+						}
+					}
+					if (t.isMemberExpression(path.node.callee) && t.isIdentifier(path.node.callee.property, { name: "apply" })) hasApplyCall = true;
+				},
+				WhileStatement(path) {
+					if (t.isBooleanLiteral(path.node.test, { value: true }) || t.isNumericLiteral(path.node.test, { value: 1 })) hasWhileLoop = true;
+				},
+				ForStatement(path) {
+					if (!path.node.test) hasWhileLoop = true;
+				}
+			});
+			if (hasSwitch && (hasInstructionArray || hasProgramCounter) && (hasApplyCall || hasWhileLoop || bytecodePattern)) {
+				const complexity = instructionCount > 100 ? "high" : instructionCount > 50 ? "medium" : "low";
+				logger.info(" JSVMP:");
+				logger.info(`  - Switch: ${hasSwitch} (${maxSwitchCases} cases)`);
+				logger.info(`  - : ${hasInstructionArray}`);
+				logger.info(`  - : ${hasProgramCounter}`);
+				logger.info(`  - : ${hasBytecodeArray}`);
+				logger.info(`  - Apply: ${hasApplyCall}`);
+				logger.info(`  - : ${hasWhileLoop}`);
+				logger.info(`  - : ${bytecodePattern}`);
+				return {
+					instructionCount,
+					interpreterLocation,
+					complexity,
+					hasSwitch,
+					hasInstructionArray,
+					hasProgramCounter
+				};
+			}
+			return null;
+		} catch (error) {
+			logger.warn("JSVMP analysis failed", error);
+			return this.detectJSVMPWithRegex(code);
+		}
+	}
+	detectJSVMPWithRegex(code) {
+		const hasSwitch = (code.match(/switch\s*\(/g)?.length || 0) > 0;
+		const bytecodePattern = /parseInt\s*\(\s*["']?\s*\+\s*\w+\[/g.test(code);
+		const applyPattern = /\.apply\s*\(/g.test(code);
+		const whilePattern = /while\s*\(\s*(true|1)\s*\)/g.test(code);
+		if (hasSwitch && (bytecodePattern || applyPattern || whilePattern)) {
+			logger.info(" JSVMP");
+			return {
+				instructionCount: 0,
+				interpreterLocation: "Unknown",
+				complexity: "medium",
+				hasSwitch: true,
+				hasInstructionArray: bytecodePattern,
+				hasProgramCounter: applyPattern
+			};
+		}
+		return null;
+	}
+	identifyVMType(code, _features) {
+		if (code.includes("_0x") && code.includes("function(_0x")) return "obfuscator.io";
+		if (/^\s*\[\s*\]\s*\[\s*\(/.test(code)) return "jsfuck";
+		if (code.includes("$=~[];")) return "jjencode";
+		return "custom";
+	}
+	extractInstructions(code, features) {
+		const instructions = [];
+		try {
+			traverse(parser.parse(code, {
+				sourceType: "unambiguous",
+				plugins: ["jsx", "typescript"]
+			}), { SwitchStatement: (path) => {
+				if (path.node.cases.length === features.instructionCount) path.node.cases.forEach((caseNode, index) => {
+					const opcode = caseNode.test ? t.isNumericLiteral(caseNode.test) ? caseNode.test.value : t.isStringLiteral(caseNode.test) ? caseNode.test.value : index : index;
+					const type = this.inferInstructionType(caseNode);
+					instructions.push({
+						opcode,
+						name: `INST_${opcode}`,
+						type,
+						description: `Instruction ${opcode}`
+					});
+				});
+			} });
+		} catch (error) {
+			logger.warn("", error);
+		}
+		return instructions;
+	}
+	inferInstructionType(caseNode) {
+		const code = generate(caseNode).code;
+		const consequent = caseNode.consequent;
+		let hasAssignment = false;
+		let hasArrayAccess = false;
+		let hasFunctionCall = false;
+		let hasArithmetic = false;
+		let hasControlFlow = false;
+		for (const stmt of consequent) {
+			if (t.isExpressionStatement(stmt)) {
+				const expr = stmt.expression;
+				if (t.isAssignmentExpression(expr)) hasAssignment = true;
+				if (t.isMemberExpression(expr) && t.isNumericLiteral(expr.property)) hasArrayAccess = true;
+				if (t.isCallExpression(expr)) hasFunctionCall = true;
+				if (t.isBinaryExpression(expr)) {
+					if ([
+						"+",
+						"-",
+						"*",
+						"/",
+						"%",
+						"**"
+					].includes(expr.operator)) hasArithmetic = true;
+				}
+			}
+			if (t.isIfStatement(stmt) || t.isWhileStatement(stmt) || t.isBreakStatement(stmt) || t.isContinueStatement(stmt) || t.isReturnStatement(stmt)) hasControlFlow = true;
+		}
+		if ((code.includes("push") || code.includes(".push(")) && (hasArrayAccess || code.includes("["))) return "load";
+		if (hasAssignment && !hasArithmetic && !hasFunctionCall) return "store";
+		if (hasArithmetic || code.match(/[+\-*/%]/)) return "arithmetic";
+		if (hasControlFlow || code.includes("break") || code.includes("continue")) return "control";
+		if (hasFunctionCall || code.includes(".apply(") || code.includes(".call(")) return "call";
+		return "unknown";
+	}
+	async restoreCode(code, _features, vmType, aggressive, _timeout, _maxIterations) {
+		this.restoreCustomVMBasic;
+		return restoreJSVMPCode({ sandbox: this.sandbox }, code, vmType, aggressive);
+	}
+	restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts) {
+		return restoreCustomVMBasic(code, aggressive, warnings, unresolvedParts);
+	}
+};
+//#endregion
+//#region src/modules/deobfuscator/webcrack.ts
+const DEFAULT_OPTIONS = {
+	jsx: true,
+	mangle: false,
+	unminify: true,
+	unpack: true
+};
+const MAX_BUNDLE_MODULES = 100;
+async function importOptionalModule(specifier) {
+	return await import(specifier);
+}
+function normalizeOptions(options) {
+	return {
+		jsx: options.jsx ?? DEFAULT_OPTIONS.jsx,
+		mangle: options.mangle ?? DEFAULT_OPTIONS.mangle,
+		unminify: options.unminify ?? DEFAULT_OPTIONS.unminify,
+		unpack: options.unpack ?? DEFAULT_OPTIONS.unpack
+	};
+}
+function isSupportedNodeVersion() {
+	const [majorPart = "0", minorPart = "0"] = process.versions.node.split(".");
+	const major = Number.parseInt(majorPart, 10);
+	const minor = Number.parseInt(minorPart, 10);
+	if (!Number.isFinite(major) || !Number.isFinite(minor)) return false;
+	if (major === 20) return minor >= 19;
+	if (major === 22) return minor >= 12;
+	return major > 22;
+}
+function matchesRule(module, rule) {
+	const target = rule.target === "path" ? module.path : module.code;
+	const matchType = rule.matchType ?? "includes";
+	if (matchType === "exact") return target === rule.pattern;
+	if (matchType === "regex") try {
+		return new RegExp(rule.pattern, "m").test(target);
+	} catch {
+		return false;
+	}
+	return target.includes(rule.pattern);
+}
+function applyBundleMappings(bundle, mappings) {
+	const remapped = /* @__PURE__ */ new Map();
+	if (!mappings || mappings.length === 0) return remapped;
+	for (const module of bundle.modules.values()) for (const rule of mappings) {
+		if (!rule.path || !rule.pattern) continue;
+		if (matchesRule(module, rule)) {
+			if (module.path !== rule.path) {
+				remapped.set(module.id, { fromPath: module.path });
+				module.path = rule.path;
+			}
+			break;
+		}
+	}
+	return remapped;
+}
+function summarizeBundle(bundle, options, remapped) {
+	const maxBundleModules = options.maxBundleModules ?? MAX_BUNDLE_MODULES;
+	const modules = Array.from(bundle.modules.values()).toSorted((left, right) => {
+		if (left.isEntry !== right.isEntry) return left.isEntry ? -1 : 1;
+		return left.path.localeCompare(right.path);
+	}).slice(0, maxBundleModules).map((module) => ({
+		id: module.id,
+		path: module.path,
+		isEntry: module.isEntry,
+		size: module.code.length,
+		code: options.includeModuleCode ? module.code : void 0,
+		mappedPathFrom: remapped.get(module.id)?.fromPath
+	}));
+	return {
+		type: bundle.type,
+		entryId: bundle.entryId,
+		moduleCount: bundle.modules.size,
+		truncated: bundle.modules.size > maxBundleModules,
+		mappingsApplied: remapped.size,
+		modules
+	};
+}
+async function collectSavedArtifacts(rootDir, currentDir = rootDir) {
+	const entries = await readdir(currentDir, { withFileTypes: true });
+	const artifacts = [];
+	for (const entry of entries) {
+		const fullPath = path.join(currentDir, entry.name);
+		if (entry.isDirectory()) {
+			artifacts.push(...await collectSavedArtifacts(rootDir, fullPath));
+			continue;
+		}
+		if (!entry.isFile()) continue;
+		const metadata = await stat(fullPath);
+		artifacts.push({
+			path: path.relative(rootDir, fullPath).replace(/\\/g, "/"),
+			size: metadata.size,
+			type: "file"
+		});
+	}
+	return artifacts.toSorted((left, right) => left.path.localeCompare(right.path));
+}
+async function runWebcrack(code, options) {
+	const optionsUsed = normalizeOptions(options);
+	if (!isSupportedNodeVersion()) {
+		const reason = `webcrack requires Node.js 20.19+ or 22.12+; current runtime is ${process.versions.node}`;
+		logger.warn(reason);
+		return {
+			applied: false,
+			code,
+			optionsUsed,
+			reason
+		};
+	}
+	try {
+		await import("isolated-vm");
+	} catch {
+		logger.warn("isolated-vm is unavailable (likely Node 24 incompatibility). Deobfuscation sandbox is disabled — do not process untrusted code.");
+	}
+	try {
+		const { webcrack } = await importOptionalModule("webcrack");
+		const result = await webcrack(code, {
+			jsx: optionsUsed.jsx,
+			unpack: optionsUsed.unpack,
+			deobfuscate: true,
+			unminify: optionsUsed.unminify,
+			mangle: optionsUsed.mangle
+		});
+		const remapped = result.bundle ? applyBundleMappings(result.bundle, options.mappings) : /* @__PURE__ */ new Map();
+		let savedTo;
+		let savedArtifacts;
+		if (typeof options.outputDir === "string" && options.outputDir.trim().length > 0) {
+			savedTo = path.resolve(options.outputDir);
+			const cwd = process.cwd();
+			const relFromCwd = path.relative(cwd, savedTo);
+			if (path.isAbsolute(relFromCwd) || relFromCwd.startsWith("..") || savedTo === "/" || savedTo === path.parse(savedTo).root) throw new Error(`outputDir must resolve to a path within the project root. Got: ${savedTo}`);
+			if (options.forceOutput) await rm(savedTo, {
+				recursive: true,
+				force: true
+			});
+			await result.save(savedTo);
+			savedArtifacts = await collectSavedArtifacts(savedTo);
+		}
+		return {
+			applied: true,
+			code: result.code,
+			bundle: result.bundle ? summarizeBundle(result.bundle, {
+				includeModuleCode: options.includeModuleCode,
+				maxBundleModules: options.maxBundleModules
+			}, remapped) : void 0,
+			savedTo,
+			savedArtifacts,
+			optionsUsed
+		};
+	} catch (error) {
+		const reason = error instanceof Error ? error.message : String(error);
+		logger.warn("webcrack execution failed, falling back to legacy pipeline", error);
+		return {
+			applied: false,
+			code,
+			optionsUsed,
+			reason
+		};
+	}
+}
+//#endregion
+export { JSVMPDeobfuscator as n, runWebcrack as t };