expose-kit 0.2.6 → 0.2.7

package/README.md

@@ -1,99 +1,167 @@
 # Expose Kit
 ![release workflow](https://github.com/evex-dev/linejs/actions/workflows/release.yml/badge.svg)
-[![](https://dcbadge.limes.pink/api/server/evex)](https://discord.gg/evex)  
+[![](https://dcbadge.limes.pink/api/server/evex)](https://discord.gg/evex)
 
-> A universal toolkit for deobfuscating JavaScript  
----
+> A universal toolkit for JavaScript deobfuscation
 
-##### <center>❓ Question: Join our [Discord community](https://evex.land)</center>
 ---
 
-## Concept
-JavaScript deobfuscation tools are *everywhere*.  
-<img width="145.2" height="113.5" alt="image" src="https://github.com/relative/synchrony/blob/master/.github/hm.png?raw=true" />
-
-
-But many of them are **too aggressive**, rewriting code until it breaks.  
-
-<img width="654" height="24" alt="image" src="https://github.com/user-attachments/assets/fd11d250-0163-4cd2-b36c-5514137fe087" />
+## What is this?
 
-Expose Kit takes *a different path*.
+JavaScript deobfuscation tools are everywhere.  
+But many of them are **too aggressive**, rewriting code until it breaks.
 
-Instead of brute force, it works **step by step**.
+Expose Kit takes a **different approach**.
 
-Alongside deobfuscation, Expose Kit includes a collection of practical utilities.    
+- No brute force
+- Step-by-step, verifiable transforms
+- Designed to *not* break your code silently
 
-Everything you need is documented right here in this [README](README.md).
+Each transformation is meant to be **checked and validated**, so you always know *when* something goes wrong.
 
----
+Alongside deobfuscation, Expose Kit also provides a set of **practical utilities** for working with obfuscated JavaScript.
 
-##### If the feature you’re looking for doesn’t exist, please create an [issue](https://github.com/EdamAme-x/expose-kit/issues).  
-##### If you know what you want to do but aren’t sure which feature to use, join our [Discord community](https://evex.land) and ask for help.
 ---
 
 ## Installation
-*Just one step*  
-<!-- For Highlight -->
-```regex
+
+Just one step:
+
+```bash
 npm i -g expose-kit
 # or
 bun i -g expose-kit
 ```
 
-<!-- For Highlight -->
-```regex
+```bash
 expose --help
 expose parsable sample.js
 ```
 
-## Docs
-By default, the first argument should be the file name (alternatively, `--file` or `--input` can be used).  
+---
+
+## Usage Notes
+
+### Default arguments
+
+- The first argument is the input file  
+  (`--file` / `--input` can also be used)
+- If required options are missing, Expose Kit will **prompt you**
+- A timeout is enabled by default to avoid hangs  
+  Use `--unlimited` for long-running execution
+
+---
+
+## Recommended Workflow
+
+First, an important premise:
+
+> It is **impossible** to create a static deobfuscation tool that *never* breaks.
+
+Reasons include:
+- Unpredictable execution (`eval`, dynamic code)
+- Bugs or edge cases in AST manipulation
 
-If no options are provided, this tool will prompt you for the required values.  
+Because of this, you should **verify the code at every step**.
 
-To avoid memory leaks and hung processes, a reasonable timeout is set by default.  
-When long-running execution is expected, the timeout can be disabled with `--unlimited`.
+### 1. Always verify with `parsable`
+
+After each transformation, run:
+
+```bash
+expose parsable file.js
+```
+
+This ensures the syntax is still valid.
 
-### Commands
 ---
 
-#### `expose parsable`
+### 2. Make scopes safe first
+
+One of the most common causes of breakage is **variable name confusion**.
+
+If you try to write your own deobfuscation logic (e.g. in Python), you’ll quickly realize how painful it is to track scopes correctly.
+
+That’s why you should **always start with**:
+
+```bash
+expose scope-safe input.js
+```
+
+This renames bindings per scope, producing code like:
+
+```js
+Before: var x = 810;((x) => console.log(x))(114514);
+After:  var x = 810;((_x) => console.log(_x))(114514);
+```
+
+With this alone:
+- The code becomes far more resistant to breakage
+- Writing custom deobfuscation logic becomes much easier
+- You no longer need to worry about scope collisions
+
+---
+
+### 3. Apply transforms step by step
+
+After `scope-safe`, combine common techniques like:
+- `expand-array` and more
+- legacy obfuscator-specific commands
+
+After **each step**, run `parsable` again.
+
+Expose Kit will also clearly indicate whether a **diff** exists, making inspection easy.
+
+Repeat this process, and the original code will gradually reveal itself.
+
+---
+
+## Commands
+
+### `expose parsable`
+
+Check whether a file is syntactically valid.
 
-Check if the file is parsable  
 ```js
 parsable:     const x = 810;
 not parsable: cons x; = 810;
 ```
 
-##### Example
 ```bash
 expose parsable path/to/file.js
 ```
 
-##### Args
-- *Only default args*
+Args:
+- Default args only
 
 ---
-#### `expose scope-safe`
 
-Rename bindings per scope for safer transforms  
-```js
-Before: var x = 810;((x) => console.log(x))(114514);
-After: var x = 810;((_x) => console.log(_x))(114514);
-```
+### `expose scope-safe`
+
+Rename bindings per scope for safer transformations.
 
-##### Example
 ```bash
 expose scope-safe path/to/file.js --output path/to/file.scope-safe.js
 ```
 
-##### Args
-- `--o, --output <file>`: Output file path  
-  If the input has no extension, `path/to/file.scope-safe.js` is used.  
-  Otherwise, `path/to/file.scope-safe.<ext>` is used (same directory).
+Args:
+- `--o, --output <file>`  
+  Output file path  
+  - No extension → `file.scope-safe.js`
+  - With extension → `file.scope-safe.<ext>`
+
+---
+
+## Community & Support
+
+- Missing a feature? → [Create an issue](https://github.com/EdamAme-x/expose-kit/issues)
+- Not sure which command to use? → Join our [Discord](https://evex.land)
+
+---
+
+## Author
 
-## Authors
 - [EdamAme-x](https://github.com/EdamAme-x)
 
 Built for research, not abuse.  
-Want stronger obfuscation? Then make something this tool can’t reverse.
+Want stronger obfuscation? Then build something this tool can’t reverse.

package/dist/index.js

@@ -137,6 +137,20 @@ var patchDefault = (babelFn) => {
   return babelFn.default;
 };
 
+// utils/common/diff.ts
+function diff(before, after) {
+  const beforeLines = before.split(/\r?\n/);
+  const afterLines = after.split(/\r?\n/);
+  const changed = [];
+  const max = Math.max(beforeLines.length, afterLines.length);
+  for (let i = 0; i < max; i++) {
+    if (beforeLines[i] !== afterLines[i]) {
+      changed.push(i + 1);
+    }
+  }
+  return changed;
+}
+
 // commands/scope-safe/index.ts
 var createDefaultOutputPath = (inputPath) => {
   const ext = extname(inputPath);
@@ -188,7 +202,7 @@ var scope_safe_default = createCommand((program2) => {
             try {
               const output = renameBindingsByScope(fileContent, filename);
               writeFileSync(outputPath, output, "utf8");
-              loader.succeed(`Saved scope-safe file to: ${outputPath}`);
+              loader.succeed(`Saved scope-safe file to: ${outputPath} (${diff(fileContent, output).length} lines changed)`);
               return finish();
             } catch (error) {
               loader.fail("Failed to apply scope-safe transform");

package/dist/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "expose-kit",
-	"version": "0.2.6",
+	"version": "0.2.7",
 	"type": "module",
 	"private": false,
 	"author": "EdamAmex <edame8080@gmail.com> (https://github.com/EdamAme-x)",

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "expose-kit",
-	"version": "0.2.6",
+	"version": "0.2.7",
 	"type": "module",
 	"private": false,
 	"author": "EdamAmex <edame8080@gmail.com> (https://github.com/EdamAme-x)",