expose-kit 0.2.6 → 0.2.8

package/README.md

@@ -1,99 +1,167 @@
 # Expose Kit
 ![release workflow](https://github.com/evex-dev/linejs/actions/workflows/release.yml/badge.svg)
-[![](https://dcbadge.limes.pink/api/server/evex)](https://discord.gg/evex)  
+[![](https://dcbadge.limes.pink/api/server/evex)](https://discord.gg/evex)
 
-> A universal toolkit for deobfuscating JavaScript  
----
+> A universal toolkit for JavaScript deobfuscation
 
-##### <center>❓ Question: Join our [Discord community](https://evex.land)</center>
 ---
 
-## Concept
-JavaScript deobfuscation tools are *everywhere*.  
-<img width="145.2" height="113.5" alt="image" src="https://github.com/relative/synchrony/blob/master/.github/hm.png?raw=true" />
-
-
-But many of them are **too aggressive**, rewriting code until it breaks.  
-
-<img width="654" height="24" alt="image" src="https://github.com/user-attachments/assets/fd11d250-0163-4cd2-b36c-5514137fe087" />
+## What is this?
 
-Expose Kit takes *a different path*.
+JavaScript deobfuscation tools are everywhere.  
+But many of them are **too aggressive**, rewriting code until it breaks.
 
-Instead of brute force, it works **step by step**.
+Expose Kit takes a **different approach**.
 
-Alongside deobfuscation, Expose Kit includes a collection of practical utilities.    
+- No brute force
+- Step-by-step, verifiable transforms
+- Designed to *not* break your code silently
 
-Everything you need is documented right here in this [README](README.md).
+Each transformation is meant to be **checked and validated**, so you always know *when* something goes wrong.
 
----
+Alongside deobfuscation, Expose Kit also provides a set of **practical utilities** for working with obfuscated JavaScript.
 
-##### If the feature you’re looking for doesn’t exist, please create an [issue](https://github.com/EdamAme-x/expose-kit/issues).  
-##### If you know what you want to do but aren’t sure which feature to use, join our [Discord community](https://evex.land) and ask for help.
 ---
 
 ## Installation
-*Just one step*  
-<!-- For Highlight -->
-```regex
+
+Just one step:
+
+```bash
 npm i -g expose-kit
 # or
 bun i -g expose-kit
 ```
 
-<!-- For Highlight -->
-```regex
+```bash
 expose --help
 expose parsable sample.js
 ```
 
-## Docs
-By default, the first argument should be the file name (alternatively, `--file` or `--input` can be used).  
+---
+
+## Usage Notes
+
+### Default arguments
+
+- The first argument is the input file  
+  (`--file` / `--input` can also be used)
+- If required options are missing, Expose Kit will **prompt you**
+- A timeout is enabled by default to avoid hangs  
+  Use `--unlimited` for long-running execution
+
+---
+
+## Recommended Workflow
+
+First, an important premise:
+
+> It is **impossible** to create a static deobfuscation tool that *never* breaks.
+
+Reasons include:
+- Unpredictable execution (`eval`, dynamic code)
+- Bugs or edge cases in AST manipulation
 
-If no options are provided, this tool will prompt you for the required values.  
+Because of this, you should **verify the code at every step**.
 
-To avoid memory leaks and hung processes, a reasonable timeout is set by default.  
-When long-running execution is expected, the timeout can be disabled with `--unlimited`.
+### 1. Always verify with `parsable`
+
+After each transformation, run:
+
+```bash
+expose parsable file.js
+```
+
+This ensures the syntax is still valid.
 
-### Commands
 ---
 
-#### `expose parsable`
+### 2. Make scopes safe first
+
+One of the most common causes of breakage is **variable name confusion**.
+
+If you try to write your own deobfuscation logic (e.g. in Python), you’ll quickly realize how painful it is to track scopes correctly.
+
+That’s why you should **always start with**:
+
+```bash
+expose safe-scope input.js
+```
+
+This renames bindings per scope, producing code like:
+
+```js
+Before: var x = 810;((x) => console.log(x))(114514);
+After:  var x = 810;((_x) => console.log(_x))(114514);
+```
+
+With this alone:
+- The code becomes far more resistant to breakage
+- Writing custom deobfuscation logic becomes much easier
+- You no longer need to worry about scope collisions
+
+---
+
+### 3. Apply transforms step by step
+
+After `safe-scope`, combine common techniques like:
+- `expand-array` and more
+- legacy obfuscator-specific commands
+
+After **each step**, run `parsable` again.
+
+Expose Kit will also clearly indicate whether a **diff** exists, making inspection easy.
+
+Repeat this process, and the original code will gradually reveal itself.
+
+---
+
+## Commands
+
+### `expose parsable`
+
+Check whether a file is syntactically valid.
 
-Check if the file is parsable  
 ```js
 parsable:     const x = 810;
 not parsable: cons x; = 810;
 ```
 
-##### Example
 ```bash
 expose parsable path/to/file.js
 ```
 
-##### Args
-- *Only default args*
+Args:
+- Default args only
 
 ---
-#### `expose scope-safe`
 
-Rename bindings per scope for safer transforms  
-```js
-Before: var x = 810;((x) => console.log(x))(114514);
-After: var x = 810;((_x) => console.log(_x))(114514);
-```
+### `expose safe-scope`
+
+Rename bindings per scope for safer transformations.
 
-##### Example
 ```bash
-expose scope-safe path/to/file.js --output path/to/file.scope-safe.js
+expose safe-scope path/to/file.js --output path/to/file.safe-scope.js
 ```
 
-##### Args
-- `--o, --output <file>`: Output file path  
-  If the input has no extension, `path/to/file.scope-safe.js` is used.  
-  Otherwise, `path/to/file.scope-safe.<ext>` is used (same directory).
+Args:
+- `--o, --output <file>`  
+  Output file path  
+  - No extension → `file.safe-scope.js`
+  - With extension → `file.safe-scope.<ext>`
+
+---
+
+## Community & Support
+
+- Missing a feature? → [Create an issue](https://github.com/EdamAme-x/expose-kit/issues)
+- Not sure which command to use? → Join our [Discord](https://evex.land)
+
+---
+
+## Author
 
-## Authors
 - [EdamAme-x](https://github.com/EdamAme-x)
 
 Built for research, not abuse.  
-Want stronger obfuscation? Then make something this tool can’t reverse.
+Want stronger obfuscation? Then build something this tool can’t reverse.

package/dist/index.js

@@ -59,13 +59,14 @@ var createParseOptions = (filename) => {
 };
 
 // utils/common/timeout.ts
+var MAX_TIMEOUT = 2147483647;
 var timeout = (fn, ms) => {
   let aborted = false;
   const { resolve, reject, promise } = Promise.withResolvers();
   const timer = setTimeout(() => {
     aborted = true;
     reject(new Error("Hang detected, please report to the developer"));
-  }, ms);
+  }, ms ?? MAX_TIMEOUT);
   const finish = () => {
     clearTimeout(timer);
     resolve();
@@ -118,13 +119,13 @@ var parsable_default = createCommand((program2) => {
             return finish();
           }
         },
-        options.unlimited ? Infinity : 30 * 1e3
+        options.unlimited ? null : 30 * 1e3
       );
     }
   );
 });
 
-// commands/scope-safe/index.ts
+// commands/safe-scope/index.ts
 import { readFileSync as readFileSync2, writeFileSync } from "fs";
 import { basename, dirname, extname, join } from "path";
 import { parse as parse2 } from "@babel/parser";
@@ -134,17 +135,34 @@ import loading2 from "loading-cli";
 
 // utils/babel/patchDefault.ts
 var patchDefault = (babelFn) => {
+  if (typeof babelFn === "function") {
+    return babelFn;
+  }
   return babelFn.default;
 };
 
-// commands/scope-safe/index.ts
+// utils/common/diff.ts
+function diff(before, after) {
+  const beforeLines = before.split(/\r?\n/);
+  const afterLines = after.split(/\r?\n/);
+  const changed = [];
+  const max = Math.max(beforeLines.length, afterLines.length);
+  for (let i = 0; i < max; i++) {
+    if (beforeLines[i] !== afterLines[i]) {
+      changed.push(i + 1);
+    }
+  }
+  return changed;
+}
+
+// commands/safe-scope/index.ts
 var createDefaultOutputPath = (inputPath) => {
   const ext = extname(inputPath);
   if (!ext) {
-    return `${inputPath}.scope-safe.js`;
+    return `${inputPath}.safe-scope.js`;
   }
   const base = basename(inputPath, ext);
-  return join(dirname(inputPath), `${base}.scope-safe${ext}`);
+  return join(dirname(inputPath), `${base}.safe-scope${ext}`);
 };
 var renameBindingsByScope = (code, filename) => {
   const ast = parse2(code, createParseOptions(filename));
@@ -170,8 +188,8 @@ var renameBindingsByScope = (code, filename) => {
   });
   return patchDefault(generate)(ast).code;
 };
-var scope_safe_default = createCommand((program2) => {
-  program2.command("scope-safe").description("Rename bindings per scope for safer transforms").argument("[file]", "The file to transform").option("--input, --file <file>", "The file to transform").option("--o, --output <file>", "Output file path").option("--unlimited", "Unlimited timeout").action(
+var safe_scope_default = createCommand((program2) => {
+  program2.command("safe-scope").description("Rename bindings per scope for safer transforms").argument("[file]", "The file to transform").option("--input, --file <file>", "The file to transform").option("--o, --output <file>", "Output file path").option("--unlimited", "Unlimited timeout").action(
     async (fileArgument, options) => {
       await timeout(
         async ({ finish }) => {
@@ -183,15 +201,21 @@ var scope_safe_default = createCommand((program2) => {
           try {
             const fileContent = readFileSync2(filename, "utf8");
             const defaultOutputPath = createDefaultOutputPath(filename);
-            const outputPath = options.output ?? (await createPrompt("Enter the output file path:") || "").trim() ?? defaultOutputPath;
+            let outputPath = options.output;
+            if (!outputPath) {
+              const promptPath = (await createPrompt("Enter the output file path:"))?.trim();
+              outputPath = promptPath || defaultOutputPath;
+            }
             const loader = loading2("Renaming variables by scope...").start();
             try {
               const output = renameBindingsByScope(fileContent, filename);
               writeFileSync(outputPath, output, "utf8");
-              loader.succeed(`Saved scope-safe file to: ${outputPath}`);
+              loader.succeed(
+                `Saved safe-scope file to: ${outputPath} (${diff(fileContent, output).length} lines changed)`
+              );
               return finish();
             } catch (error) {
-              loader.fail("Failed to apply scope-safe transform");
+              loader.fail("Failed to apply safe-scope transform");
               showError(
                 `Error transforming file '${filename}': ${error instanceof Error ? error.message : "Unknown error"}`
               );
@@ -204,7 +228,7 @@ var scope_safe_default = createCommand((program2) => {
             return finish();
           }
         },
-        options.unlimited ? Infinity : 120 * 1e3
+        options.unlimited ? null : 120 * 1e3
       );
     }
   );
@@ -273,7 +297,7 @@ program.name("expose").description("CLI for Deobfuscating").version(
   "-v, --version",
   "display version number"
 );
-var commands = [parsable_default, scope_safe_default];
+var commands = [parsable_default, safe_scope_default];
 for (const command of commands) {
   command(program);
 }

package/dist/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "expose-kit",
-	"version": "0.2.6",
+	"version": "0.2.8",
 	"type": "module",
 	"private": false,
 	"author": "EdamAmex <edame8080@gmail.com> (https://github.com/EdamAme-x)",

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "expose-kit",
-	"version": "0.2.6",
+	"version": "0.2.8",
 	"type": "module",
 	"private": false,
 	"author": "EdamAmex <edame8080@gmail.com> (https://github.com/EdamAme-x)",