js-confuser-vm 0.0.1 → 0.0.2

package/src/index.ts

@@ -0,0 +1,13 @@
+import { compileAndSerialize } from "./compiler.ts";
+import type { Options } from "./options.ts";
+
+async function obfuscate(source, options: Options = {}) {
+  const result = compileAndSerialize(source, options);
+
+  return result;
+}
+
+export const JsConfuserVM = {
+  obfuscate,
+};
+export default JsConfuserVM;

package/src/minify.ts

@@ -0,0 +1,21 @@
+import ClosureCompiler from "google-closure-compiler";
+
+export function minify(sourceCode: string): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const compiler = new ClosureCompiler({
+      compilation_level: "ADVANCED",
+      warning_level: "QUIET",
+    });
+
+    const compilerProcess = compiler.run((exitCode: number, stdOut: string, stdErr: string) => {
+      if (exitCode !== 0) {
+        reject(new Error(stdErr || `Closure Compiler exited with code ${exitCode}`));
+      } else {
+        resolve(stdOut);
+      }
+    });
+
+    compilerProcess.stdin.write(sourceCode);
+    compilerProcess.stdin.end();
+  });
+}

package/src/options.ts

@@ -0,0 +1,10 @@
+export interface Options {
+  target?: "node" | "browser";
+
+  randomizeOpcodes?: boolean; // randomize opcode values in OP mapping?
+  shuffleOpcodes?: boolean; // shuffle order of opcode handlers in the runtime?
+  encodeBytecode?: boolean; // encode bytecode? when off, comments for instructions are added
+  selfModifying?: boolean; // do self-modifying bytecode for function bodies?
+  timingChecks?: boolean; // add timing checks to detect debuggers?
+  minify?: boolean; // pass final output through Google Closure Compiler? (Renames VM class properties)
+}

package/src/random.ts

@@ -0,0 +1,31 @@
+import { ok } from "assert";
+
+export function getPlaceholder() {
+  return Math.random().toString(36).substring(2, 15);
+}
+
+export function choice<T>(elements: T[]): T {
+  ok(elements.length > 0, "choice() called on empty sequence");
+  return elements[Math.floor(Math.random() * elements.length)];
+}
+
+export function getRandom(): number {
+  return Math.random();
+}
+
+export function getRandomInt(min: number, max: number): number {
+  ok(min <= max, "min must be <= max");
+  return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+/**
+ * Shuffles an array in-place using the Fisher-Yates algorithm.
+ * @param array - The array to shuffle (mutated)
+ */
+export function shuffle<T>(array: T[]): T[] {
+  for (let i = array.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [array[i], array[j]] = [array[j], array[i]];
+  }
+  return array;
+}

package/src/runtime.ts

@@ -1,13 +1,14 @@
-import { OP } from "./compiler.ts";
+import { OP_ORIGINAL as OP } from "./compiler.ts";
 const BYTECODE = [];
 const MAIN_START_PC = 0;
 const CONSTANTS = [];
-const PACK = false;
+const ENCODE_BYTECODE = false;
+const TIMING_CHECKS = false;
 // The text above is not included in the compiled output - for type intellisense only
 // @START
 
 function decodeBytecode(s) {
-  if (!PACK) return s;
+  if (!ENCODE_BYTECODE) return s;
 
   var b =
     typeof Buffer !== "undefined"
@@ -25,12 +26,12 @@ function decodeBytecode(s) {
   return r;
 }
 
-// ── Closure symbol ────────────────────────────────────────────────
+// Closure symbol
 // Used to tag shell functions so the VM can fast-path back to the
 // inner Closure instead of going through a sub-VM on internal calls.
 var CLOSURE_SYM = Symbol(); // Nameless for obfuscation
 
-// ── Upvalue ───────────────────────────────────────────────────────
+// Upvalue
 // While the outer frame is alive: reads/writes go to frame.locals[slot].
 // After the outer frame returns (closed): reads/writes hit this.value.
 function Upvalue(frame, slot) {
@@ -51,24 +52,24 @@ Upvalue.prototype.close = function () {
   this._closed = true;
 };
 
-// ── Closure & Frame ───────────────────────────────────────────────
+// Closure & Frame
 function Closure(fn) {
   this.fn = fn;
   this.upvalues = [];
-  this.prototype = {}; // ← default prototype object for \`new\`
+  this.prototype = {}; // <- default prototype object for \`new\`
 }
 
 function Frame(closure, returnPc, parent, thisVal?) {
   this.closure = closure;
   this.locals = new Array(closure.fn.localCount).fill(undefined);
-  this.pc = closure.fn.startPc; // ← initialize from fn descriptor
+  this.pc = closure.fn.startPc; // <- initialize from fn descriptor
   this.returnPc = returnPc; // pc to resume in parent frame after RETURN
   this.parent = parent;
   this.thisVal = thisVal !== undefined ? thisVal : undefined;
-  this._newObj = null; // ← set by NEW so RETURN can see it
+  this._newObj = null; // <- set by NEW so RETURN can see it
 }
 
-// ── VM ────────────────────────────────────────────────────────────
+// VM
 function VM(bytecode, mainStartPc, constants, globals) {
   this.bytecode = bytecode;
   this.constants = constants;
@@ -80,7 +81,7 @@ function VM(bytecode, mainStartPc, constants, globals) {
   var mainFn = {
     paramCount: 0,
     localCount: 0,
-    startPc: mainStartPc, // ← where main begins
+    startPc: mainStartPc, // <- where main begins
   };
   this.currentFrame = new Frame(new Closure(mainFn), null, null);
 }
@@ -108,7 +109,7 @@ VM.prototype.captureUpvalue = function (frame, slot) {
 };
 
 VM.prototype.closeUpvaluesFor = function (frame) {
-  // Called on RETURN — close every upvalue that was pointing into this frame.
+  // Called on RETURN - close every upvalue that was pointing into this frame.
   // After this, closures that captured from the frame read from upvalue.value.
   this.openUpvalues = this.openUpvalues.filter(function (uv) {
     if (uv.frame === frame) {
@@ -134,7 +135,7 @@ VM.prototype.run = function () {
     var op, operand;
     var word = bc[frame.pc++];
 
-    if (PACK) {
+    if (ENCODE_BYTECODE) {
       op = word & 0xff;
       operand = word >>> 8;
     } else {
@@ -145,11 +146,13 @@ VM.prototype.run = function () {
     // console.log(frame.pc - 1, op, operand);
 
     // Debugging protection
-    var t2 = now();
-    var isTamper = t2 - t > 1000;
-    t = t2;
-    if (isTamper) {
-      op = OP.RETURN;
+    if (TIMING_CHECKS) {
+      var t2 = now();
+      var isTamper = t2 - t > 1000;
+      t = t2;
+      if (isTamper) {
+        op = OP.POP;
+      }
     }
 
     /* @SWITCH */
@@ -175,8 +178,8 @@ VM.prototype.run = function () {
         break;
 
       case OP.GET_PROP: {
-        // Stack: [..., obj, key] → [..., obj, obj[key]]
-        // obj is PEEKED (not popped) — CALL_METHOD needs it as receiver
+        // Stack: [..., obj, key] -> [..., obj, obj[key]]
+        // obj is PEEKED (not popped) - CALL_METHOD needs it as receiver
         var key = this._pop();
         var obj = this.peek();
         this._push(obj[key]);
@@ -291,10 +294,10 @@ VM.prototype.run = function () {
         var ctor = this._pop();
         var obj = this._pop();
         if (typeof ctor === "function") {
-          // Native constructor (e.g. Array, Date) — native instanceof is fine
+          // Native constructor (e.g. Array, Date) - native instanceof is fine
           this._push(obj instanceof ctor);
         } else {
-          // VM Closure — ctor.prototype was set by MAKE_CLOSURE / user assignment.
+          // VM Closure - ctor.prototype was set by MAKE_CLOSURE / user assignment.
           // Walk obj's prototype chain looking for identity with ctor.prototype.
           var proto = ctor.prototype; // the .prototype property on the Closure
           var target = Object.getPrototypeOf(obj);
@@ -334,7 +337,7 @@ VM.prototype.run = function () {
       case OP.TYPEOF_SAFE: {
         // operand is a const index holding the variable name string.
         // Mimics JS semantics: typeof undeclaredVar === "undefined" (no throw).
-        var name = this._pop(); // LOAD_CONST pushed the name — consume it
+        var name = this._pop(); // LOAD_CONST pushed the name - consume it
         var val = Object.prototype.hasOwnProperty.call(this.globals, name)
           ? this.globals[name]
           : undefined;
@@ -351,7 +354,7 @@ VM.prototype.run = function () {
         break;
 
       case OP.JUMP_IF_TRUE_OR_POP:
-        // || semantics: if truthy, we're done — leave value, jump over RHS.
+        // || semantics: if truthy, we're done - leave value, jump over RHS.
         // If falsy, discard it and fall through to evaluate RHS.
         if (this.peek()) {
           frame.pc = operand;
@@ -361,7 +364,7 @@ VM.prototype.run = function () {
         break;
 
       case OP.JUMP_IF_FALSE_OR_POP:
-        // && semantics: if falsy, we're done — leave value, jump over RHS.
+        // && semantics: if falsy, we're done - leave value, jump over RHS.
         // If truthy, discard it and fall through to evaluate RHS.
         if (!this.peek()) {
           frame.pc = operand;
@@ -379,7 +382,7 @@ VM.prototype.run = function () {
             // Capture directly from current frame's local slot
             closure.upvalues.push(this.captureUpvalue(frame, desc._index));
           } else {
-            // Relay — take upvalue from the enclosing closure's list
+            // Relay - take upvalue from the enclosing closure's list
             closure.upvalues.push(frame.closure.upvalues[desc._index]);
           }
         }
@@ -391,7 +394,13 @@ VM.prototype.run = function () {
           return function () {
             var args = Array.prototype.slice.call(arguments);
             var sub = new VM(self.bytecode, 0, self.constants, self.globals);
-            var f = new Frame(c, null, null, this);
+            // Sloppy-mode: null/undefined thisArg → global object
+            var f = new Frame(
+              c,
+              null,
+              null,
+              this == null ? self.globals : this,
+            );
             for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
             f.locals[c.fn.paramCount] = args;
             sub.currentFrame = f;
@@ -420,7 +429,7 @@ VM.prototype.run = function () {
       }
 
       case OP.BUILD_OBJECT: {
-        // Stack has: key0, val0, key1, val1 ... keyN, valN  (pushed left→right)
+        // Stack has: key0, val0, key1, val1 ... keyN, valN  (pushed left->right)
         // Pop all pairs and build the object.
         var pairs = this._stack.splice(this._stack.length - operand * 2);
         var o = {};
@@ -432,16 +441,20 @@ VM.prototype.run = function () {
       }
       case OP.SET_PROP: {
         // Stack: [..., obj, key, val]
-        // Leaves val on stack — assignment is an expression in JS.
+        // Leaves val on stack - assignment is an expression in JS.
         var val = this._pop();
         var key = this._pop();
         var obj = this._pop();
-        obj[key] = val;
+        // Reflect.set performs [[Set]] without throwing on failure,
+        // correctly simulating sloppy-mode assignment from a strict-mode host
+        // (output.js is an ES module). This also properly invokes inherited
+        // or prototype-chain setter functions.
+        Reflect.set(obj, key, val);
         this._push(val); // assignment expression evaluates to the assigned value
         break;
       }
       case OP.GET_PROP_COMPUTED: {
-        // Stack: [..., obj, key]  — key is a runtime value (nums[i])
+        // Stack: [..., obj, key]  - key is a runtime value (nums[i])
         // Mirrors GET_PROP but pops the key that was pushed dynamically.
         var key = this._pop();
         var obj = this._pop();
@@ -459,9 +472,10 @@ VM.prototype.run = function () {
         var args = this._stack.splice(this._stack.length - operand);
         var callee = this._pop();
         if (callee && callee[CLOSURE_SYM]) {
-          // VM closure — run directly in this VM, no sub-VM overhead
+          // VM closure - run directly in this VM, no sub-VM overhead
           var c = callee[CLOSURE_SYM];
-          var f = new Frame(c, frame.pc, frame, undefined);
+          // Sloppy-mode: plain function call → global object as this
+          var f = new Frame(c, frame.pc, frame, this.globals);
           for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
           f.locals[c.fn.paramCount] = args;
           this.frameStack.push(this.currentFrame);
@@ -478,7 +492,7 @@ VM.prototype.run = function () {
         var callee = this._pop();
         var receiver = this._pop(); // left on stack by GET_PROP
         if (callee && callee[CLOSURE_SYM]) {
-          // VM closure — run directly in this VM with receiver as this
+          // VM closure - run directly in this VM with receiver as this
           var c = callee[CLOSURE_SYM];
           var f = new Frame(c, frame.pc, frame, receiver);
           for (var i = 0; i < args.length; i++) f.locals[i] = args[i];
@@ -500,7 +514,7 @@ VM.prototype.run = function () {
         var args = this._stack.splice(this._stack.length - operand);
         var callee = this._pop();
         if (callee && callee[CLOSURE_SYM]) {
-          // VM closure constructor — prototype is unified via shell.prototype = closure.prototype
+          // VM closure constructor - prototype is unified via shell.prototype = closure.prototype
           var c = callee[CLOSURE_SYM];
           var newObj = Object.create(c.prototype || null);
           var f = new Frame(c, frame.pc, frame, newObj);
@@ -511,7 +525,7 @@ VM.prototype.run = function () {
           this.currentFrame = f;
         } else {
           // Native constructor (e.g. new Error(), new Date()).
-          // Reflect.construct is required — Object.create+apply does NOT set
+          // Reflect.construct is required - Object.create+apply does NOT set
           // internal slots ([[NumberData]], [[StringData]], etc.) for built-ins.
           this._push(Reflect.construct(callee, args));
         }
@@ -523,7 +537,7 @@ VM.prototype.run = function () {
         this.closeUpvaluesFor(frame); // must happen before frame is abandoned
         if (this.frameStack.length === 0) return retVal;
 
-        // new-call rule: primitive return → discard, use the constructed object instead
+        // new-call rule: primitive return -> discard, use the constructed object instead
         if (frame._newObj !== null) {
           if (typeof retVal !== "object" || retVal === null)
             retVal = frame._newObj;
@@ -592,7 +606,7 @@ VM.prototype.run = function () {
         var destPc = this._pop();
         var words = this.constants[operand];
 
-        if (PACK) {
+        if (ENCODE_BYTECODE) {
           words = decodeBytecode(words);
         }
 
@@ -608,7 +622,7 @@ VM.prototype.run = function () {
   }
 };
 
-// ── Boot ─────────────────────────────────────────────────────────
+// Boot
 var globals: any = {}; // global object for globals
 
 // Always pull built-ins from globalThis so eval() scoping can't shadow them

package/src/runtimeObf.ts

@@ -0,0 +1,48 @@
+import * as t from "@babel/types";
+import { generate } from "@babel/generator";
+import { parse } from "@babel/parser";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { choice, shuffle } from "./random.ts";
+import type { Options } from "./options.ts";
+import { escapeRegex } from "./utilts.ts";
+import { minify } from "./minify.ts";
+const traverse = traverseImport.default;
+
+export async function obfuscateRuntime(runtime: string, options: Options) {
+  const ast = parse(runtime, {
+    sourceType: "unambiguous",
+  });
+
+  // shuffle order of opcode handlers
+
+  if (options.shuffleOpcodes) {
+    let switchStatement: t.SwitchStatement | null = null;
+    traverse(ast, {
+      SwitchStatement(path) {
+        if (
+          path.node.leadingComments?.some((comment) =>
+            comment.value.includes("@SWITCH"),
+          )
+        ) {
+          switchStatement = path.node;
+          path.stop();
+        }
+      },
+    });
+
+    ok(switchStatement, "Could not find opcode handlers switch statement");
+
+    // simply shuffle the order of the cases
+
+    switchStatement.cases = shuffle(switchStatement.cases);
+  }
+
+  let generated = generate(ast).code;
+
+  if (options.minify) {
+    generated = await minify(generated);
+  }
+
+  return generated;
+}

package/src/utilts.ts

@@ -0,0 +1,3 @@
+export function escapeRegex(s: string): string {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/.claude/settings.local.json

@@ -1,8 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(NODE_OPTIONS=--experimental-vm-modules npx jest:*)",
-      "Bash(npm test:*)"
-    ]
-  }
-}

package/ReadME.MD

@@ -1,164 +0,0 @@
-# JS Confuser VM
-
-**Requires Node v24.13.1 or higher**
-
-- ES5 support only. No complex features: async, generator, and even try..catch are beyond scope.
-- Experimental. Expect issues.
-
-### Usage
-
-```shell
-$ git clone https://github.com/MichaelXF/js-confuser-vm
-```
-
-- Example Script:
-
-```js
-import { virtualize } from "./src/index.js";
-import { readFileSync, writeFileSync } from "fs";
-
-const sourceCode = readFileSync("input.js", "utf-8");
-const { code: output } = virtualize(sourceCode);
-
-writeFileSync("output.js", output, "utf-8");
-console.log(output);
-```
-
-- Input/Output:
-
-```js
-function fibonacci(num) {
-  var a = 0,
-    b = 1,
-    c = num;
-  while (num-- > 1) {
-    c = a + b;
-    a = b;
-    b = c;
-  }
-  return c;
-}
-
-for (var i = 1; i <= 25; i++) {
-  console.log(i, fibonacci(i));
-}
-
-/*
-function d(a){a=typeof Buffer!=="undefined"?Buffer.from(a,"base64"):Uint8Array.from(atob(a),function(b){return b.charCodeAt(0)});for(var h=new Int32Array(a.length/4),c=0;c<h.length;c++)h[c]=a[c*4]|a[c*4+1]<<8|a[c*4+2]<<16|a[c*4+3]<<24;return h}var f=Symbol();function l(a,h){this.g=a;this.m=h;this.n=!1;this.p=void 0}function m(a){return a.n?a.p:a.g.b[a.m]}function n(a,h){a.n?a.p=h:a.g.b[a.m]=h}function p(a){this.f=a;this.l=[];this.prototype={}}
-function w(a,h){this.r=a;this.b=Array(a.f.t).fill(void 0);this.d=a.f.u;this.x=h!==void 0?h:void 0;this.o=null}function x(a,h,c){this.q=a;this.e=h;this.i=c;this.a=[];this.h=[];this.j=[];this.c=new w(new p({k:0,t:0,u:0}))}function y(a,h){a.a.push(h)}function z(a){return a.a.pop()}function A(a){return a.a[a.a.length-1]}function E(a,h,c){for(var b=0;b<a.j.length;b++){var e=a.j[b];if(e.g===h&&e.m===c)return e}e=new l(h,c);a.j.push(e);return e}
-function F(a,h){a.j=a.j.filter(function(c){return c.g===h?(c.p=c.g.b[c.m],c.n=!0,!1):!0})}
-function G(a){for(var h=performance.now();;){var c=a.c,b=a.q;if(c.d>=b.length)break;b=b[c.d++];var e=b&255;b>>>=8;var g=performance.now(),k=g-h>1E3;h=g;k&&(e=13);switch(e){case 0:y(a,a.e[b]);break;case 1:y(a,c.b[b]);break;case 2:c.b[b]=z(a);break;case 3:y(a,a.i[a.e[b]]);break;case 4:a.i[a.e[b]]=z(a);break;case 5:c=z(a);b=A(a);y(a,b[c]);break;case 6:b=z(a);y(a,z(a)+b);break;case 7:b=z(a);y(a,z(a)-b);break;case 8:b=z(a);y(a,z(a)*b);break;case 9:b=z(a);y(a,z(a)/b);break;case 36:b=z(a);y(a,z(a)%b);break;
-case 37:b=z(a);y(a,z(a)&b);break;case 38:b=z(a);y(a,z(a)|b);break;case 39:b=z(a);y(a,z(a)^b);break;case 40:b=z(a);y(a,z(a)<<b);break;case 41:b=z(a);y(a,z(a)>>b);break;case 42:b=z(a);y(a,z(a)>>>b);break;case 15:b=z(a);y(a,z(a)<b);break;case 16:b=z(a);y(a,z(a)>b);break;case 17:b=z(a);y(a,z(a)===b);break;case 20:b=z(a);y(a,z(a)<=b);break;case 21:b=z(a);y(a,z(a)>=b);break;case 22:b=z(a);y(a,z(a)!==b);break;case 52:b=z(a);y(a,z(a)==b);break;case 53:b=z(a);y(a,z(a)!=b);break;case 46:b=z(a);y(a,z(a)in b);
-break;case 47:c=z(a);b=z(a);if(typeof c==="function")y(a,b instanceof c);else{c=c.prototype;b=Object.getPrototypeOf(b);for(e=!1;b!==null;){if(b===c){e=!0;break}b=Object.getPrototypeOf(b)}y(a,e)}break;case 25:y(a,-z(a));break;case 26:y(a,z(a));break;case 27:y(a,!z(a));break;case 28:y(a,~z(a));break;case 29:y(a,typeof z(a));break;case 30:z(a);y(a);break;case 31:b=z(a);e=Object.prototype.hasOwnProperty.call(a.i,b)?a.i[b]:void 0;y(a,typeof e);break;case 18:c.d=b;break;case 19:z(a)||(c.d=b);break;case 44:A(a)?
-c.d=b:z(a);break;case 43:A(a)?z(a):c.d=b;break;case 10:g=a.e[b];e=new p(g);for(b=0;b<g.v.length;b++)k=g.v[b],k.y?e.l.push(E(a,c,k.w)):e.l.push(c.r.l[k.w]);var t=a;b=function(B){return function(){for(var u=Array.prototype.slice.call(arguments),C=new x(t.q,t.e,t.i),v=new w(B,this),q=0;q<u.length;q++)v.b[q]=u[q];v.b[B.f.k]=u;C.c=v;return G(C)}}(e);b[f]=e;b.prototype=e.prototype;y(a,b);break;case 23:y(a,m(c.r.l[b]));break;case 24:n(c.r.l[b],z(a));break;case 32:b=a.a.splice(a.a.length-b);y(a,b);break;
-case 33:c=a.a.splice(a.a.length-b*2);e={};for(b=0;b<c.length;b+=2)e[c[b]]=c[b+1];y(a,e);break;case 34:e=z(a);c=z(a);b=z(a);b[c]=e;y(a,e);break;case 35:c=z(a);b=z(a);y(a,b[c]);break;case 45:c=z(a);b=z(a);y(a,delete b[c]);break;case 11:c=a.a.splice(a.a.length-b);if((e=z(a))&&e[f]){e=e[f];g=new w(e);for(b=0;b<c.length;b++)g.b[b]=c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,e.apply(null,c));break;case 12:c=a.a.splice(a.a.length-b);e=z(a);b=z(a);if(e&&e[f]){e=e[f];g=new w(e,b);for(b=0;b<c.length;b++)g.b[b]=
-c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,e.apply(b,c));break;case 48:y(a,c.x);break;case 49:c=a.a.splice(a.a.length-b);if((e=z(a))&&e[f]){e=e[f];b=Object.create(e.prototype||null);g=new w(e,b);g.o=b;for(b=0;b<c.length;b++)g.b[b]=c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,Reflect.construct(e,c));break;case 13:b=z(a);F(a,c);if(a.h.length===0)return b;c.o===null||typeof b==="object"&&b!==null||(b=c.o);a.c=a.h.pop();y(a,b);break;case 14:z(a);break;case 50:y(a,A(a));break;case 51:throw z(a);
-case 54:b=z(a);c=[];if(b!==null&&b!==void 0)for(e=Object.create(null),g=Object(b);g!==null;){k=Object.getOwnPropertyNames(g);for(b=0;b<k.length;b++){var r=k[b];if(!(r in e)){e[r]=!0;var D=Object.getOwnPropertyDescriptor(g,r);D&&D.enumerable&&c.push(r)}}g=Object.getPrototypeOf(g)}y(a,{keys:c,s:0});break;case 55:e=z(a);e.s>=e.keys.length?c.d=b:y(a,e.keys[e.s++]);break;case 56:c=z(a);e=a.e[b];e=d(e);for(b=0;b<e.length;b++)a.q[c+b]=e[b];break;default:throw Error("Unknown opcode: "+e+" at pc "+(c.d-1));
-}}}var H={},I;for(I of Object.getOwnPropertyNames(globalThis))H[I]=globalThis[I];typeof window!=="undefined"&&(H.window=window);H.undefined=void 0;H.Infinity=Infinity;H.NaN=NaN;
-G(new x(d("CgMAAAQEAAAAAQAABAUAAAMFAAAABgAAFAAAABMYAAADBwAAAAgAAAUAAAADBQAAAwQAAAMFAAALAQAADAIAAA4AAAADBQAAMgAAAAABAAAGAAAABAUAAA4AAAASBAAADQAAAAAKAAA4CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="),[0,1,void 0,{k:1,t:5,v:[],u:25},"fibonacci","i",25,"console","log","AAAAAAICAAAAAQAAAgMAAAEAAAACBAAAAQAAADIAAAAAAQAABwAAAAIAAAAAAQAAEAAAABM4AAABAgAAAQMAAAYAAAACBAAAAQQAAA4AAAABAwAAAgIAAAECAAAOAAAAAQQAAAIDAAABAwAADgAAABIhAAABBAAADQAAAAACAAANAAAADQAAAA==",
-27],H));
-*/
-```
-
-### Features
-
-- [x] functions: call, arguments, return
-- [x] closures and nested functions
-- [x] literals
-- [x] binary expressions
-- [x] unary expressions
-- [x] update expressions
-- [x] if statements
-- [x] while, do-while, for loops
-- [x] get property
-- [x] logical expressions
-- [x] array, object expression
-- [x] function expression
-- [x] default arguments in functions
-- [x] sequence expression
-- [x] conditional expression (ternary operator)
-- [x] delete operator
-- [x] in / instanceof
-- [x] this, new expression
-- [x] arguments
-- [x] Infinity, NaN
-- [x] break/continue
-- [x] switch statement
-- [x] throw statement
-- [x] labeled statements
-- [x] for..in loop
-
-### Missing
-
-- [ ] try..catch
-- [ ] RegExp literals
-- [ ] with statement
-- [ ] arguments.callee, argument parameter syncing   
-- [ ] getter/setters
-
-### Hardening
-
-- [x] opcode randomization per build
-- [x] property name concealment of vm internals
-- - Google Closure Compiler aggressively renames our class props
-- [ ] shuffled handler order
-- [ ] dead handlers
-- [ ] dead bytecode insertion
-- [ ] macro opcodes
-- [x] encoded bytecode array and words
-- [x] self-modifying bytecode
-- [x] timing checks
-- [ ] low-level bytecode obfuscations
-- [ ] stack protection
-- [ ] control flow integrity
-
-### Minification
-
-`minify.js` uses Google Closure Compiler to minify the JS VM and renames (most) VM property names. This approach helps keep the VM Compiler simple and lets Google do the heavy lifting.
-
-### No Try Catch
-
-Try..Catch is complex operator that may not get added. You can use Try..Catch by defining an outside helper function:
-
-```js
-function TryCatch(cb) {
-  try {
-    return { value: cb() };
-  } catch (error) {
-    return { error };
-  }
-}
-```
-
-## ES5 Only
-
-This VM Compiler only supports ES5 JavaScript. Most ES6+ features are syntax sugar that can be transpiled down relatively easily. This is a design decision to keep the VM wrapper simple and the bytecode more uniform. Having opcodes dedicated for classes and methods makes them standout more for attackers to debug easier. Keeping things simple enables easier hardening improvements.
-
-Please transpile your code down first using [Babel](https://github.com/babel/babel).
-
-### Project:
-
-- Stack based VM
-- Lua-style Closure and Upvalue model
-- CPython-style opcodes and codegen
-- Compiler is in src/compiler.ts
-- Runtime is in src/runtime.ts
-- "Typescript"
-- - This "Typescript" projects uses Node's new flag `--experimental-strip-types`. This is means we can run `node index.ts` directly!
-
-### Use with JS-Confuser
-
-JS-Confuser is recommended to be applied *after* virtualizing your source code. JS-Confuser's CFF can safeguard and obfuscate your VM internals - adding a layer of obscurity and preventing analysis of the opcodes. 
-
-### WIP
-
-- 120 tests, 90.16% coverage
-- [Test262 (es5-tests)](https://github.com/tc39/test262/tree/es5-tests) percentage: 43.26%
-
-### Made with AI
-
-This project has been created with the help of AI. Expect issues.
-
-### License
-
-MIT License

package/input.js

@@ -1,15 +0,0 @@
-function fibonacci(num) {
-  var a = 0,
-    b = 1,
-    c = num;
-  while (num-- > 1) {
-    c = a + b;
-    a = b;
-    b = c;
-  }
-  return c;
-}
-
-for (var i = 1; i <= 25; i++) {
-  console.log(i, fibonacci(i));
-}

package/minify.js

@@ -1,17 +0,0 @@
-import ClosureCompiler from "google-closure-compiler";
-
-const compiler = new ClosureCompiler({
-  js: "output.js",
-  js_output_file: "output.min.js",
-  compilation_level: "ADVANCED",
-
-  warning_level: "QUIET",
-  env: "CUSTOM", // removes all default externs
-  externs: "minify_empty_externs.js", // pass a blank file to satisfy the flag
-});
-
-compiler.run((exitCode, stdOut, stdErr) => {
-  if (stdErr) console.error(stdErr);
-  if (exitCode !== 0) process.exit(exitCode);
-  console.log("Done -> output.min.js");
-});

package/obfuscate.js

@@ -1,12 +0,0 @@
-import JsConfuser from "../js-confuser/dist/index.js";
-import { readFileSync, writeFileSync } from "fs";
-
-const minified = readFileSync("output.min.js", "utf-8");
-
-JsConfuser.obfuscate(minified, {
-  target: "browser",
-  renameVariables: true,
-  controlFlowFlattening: true,
-}).then((result) => {
-  writeFileSync("output.obf.js", result.code, "utf-8");
-});

package/src/index.js

@@ -1,5 +0,0 @@
-import { compileAndSerialize } from "./compiler.ts";
-
-export function virtualize(source) {
-  return compileAndSerialize(source);
-}

package/src/random.js

@@ -1,3 +0,0 @@
-export function getPlaceholder() {
-  return Math.random().toString(36).substring(2, 15);
-}