js-confuser-vm 0.0.1 → 0.0.3

package/src/runtimeObf.ts

@@ -0,0 +1,62 @@
+import * as t from "@babel/types";
+import { generate } from "@babel/generator";
+import { parse } from "@babel/parser";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { shuffle } from "./random.ts";
+import type { Options } from "./options.ts";
+import { minify } from "./minify.ts";
+const traverse = (traverseImport.default ||
+  traverseImport) as typeof traverseImport.default;
+
+export async function obfuscateRuntime(runtime: string, options: Options) {
+  let ast: t.File;
+  try {
+    ast = parse(runtime, {
+      sourceType: "unambiguous",
+    });
+  } catch (error) {
+    throw new Error("VM-Runtime final parsing failed", { cause: error });
+  }
+
+  // shuffle order of opcode handlers
+
+  if (options.shuffleOpcodes) {
+    let switchStatement: t.SwitchStatement | null = null;
+    traverse(ast, {
+      SwitchStatement(path) {
+        if (
+          path.node.leadingComments?.some((comment) =>
+            comment.value.includes("@SWITCH"),
+          )
+        ) {
+          switchStatement = path.node;
+          path.stop();
+        }
+      },
+    });
+
+    ok(switchStatement, "Could not find opcode handlers switch statement");
+
+    // simply shuffle the order of the cases
+
+    switchStatement.cases = shuffle(switchStatement.cases);
+  }
+
+  let generated: string;
+  try {
+    generated = generate(ast).code;
+  } catch (error) {
+    throw new Error("VM-Runtime final generation failed", { cause: error });
+  }
+
+  if (options.minify) {
+    try {
+      generated = await minify(generated);
+    } catch (error) {
+      throw new Error("VM-Runtime final minification failed", { cause: error });
+    }
+  }
+
+  return generated;
+}

package/src/transforms/controlFlowFlattening.ts

@@ -0,0 +1,30 @@
+import { Instruction } from "../types.ts";
+
+interface BasicBlock {
+  label: string;
+  body: Instruction;
+  jumpLabels?: Set<string>;
+}
+
+/**
+ * Breaks functions into DAGs (Directed Acyclic Graphs)
+ *
+ * - 1. Break bytecode into chunks
+ * - 2. Shuffle chunks but remember their original position
+ * - 3. Create an effectively Switch statement inside a While loop, each case is a chunk, and the while loops exits on the last transition.
+ *
+ * The Switch statement:
+ *
+ * - 1. The state variable controls which case will run next
+ * - 2. At the end of each case, the state variable is updated to the next block of code.
+ * - 3. The while loop continues until the the state variable is the end state.
+ */
+export async function controlFlowFlattening(bytecode: Instruction) {
+  // break bytecode into basic blocks
+  // 1. read bytecode and track the current label from the IR-instruction "defineLabel"
+  // 2. track any potential jumps inside this block using the IR-instruction operand "label"
+  // at this stage in the passing process, may still use these IR-instruction labels for jumps, meaning no effort is required to maintain absolute PCs
+  // create a bare CFF implementation of a simple switch dispatch loop effectively
+  // This CFF implementation should only apply to "easy jumps" such as conditional jump (if-statement)
+  // the complex and specific jumps for for..in shouldn't get flattened
+}

package/src/transforms/resolveContants.ts

@@ -0,0 +1,42 @@
+import type { Bytecode, Instruction } from "../types.ts";
+import { SOURCE_NODE_SYM } from "../compiler.ts";
+
+// Resolve all {type:"constant", value} operands to integer indices into the
+// constants pool.  Returns both the resolved bytecode and the constants array
+// so the Serializer can use it for comment generation and output.
+export function resolveConstants(bc: Bytecode): {
+  bytecode: Bytecode;
+  constants: any[];
+} {
+  const constants: any[] = [];
+  const constantsMap = new Map<any, number>();
+
+  function intern(value: any): number {
+    let idx = constantsMap.get(value);
+    if (typeof idx !== "number") {
+      idx = constants.length;
+      constantsMap.set(value, idx);
+      constants.push(value);
+    }
+    return idx;
+  }
+
+  const resolved: Bytecode = [];
+  for (const instr of bc) {
+    const [op, operand] = instr;
+    if (
+      operand !== undefined &&
+      operand !== null &&
+      typeof operand === "object" &&
+      (operand as any).type === "constant"
+    ) {
+      const newInstr: Instruction = [op, intern((operand as any).value)];
+      (newInstr as any)[SOURCE_NODE_SYM] = (instr as any)[SOURCE_NODE_SYM];
+      resolved.push(newInstr);
+    } else {
+      resolved.push(instr);
+    }
+  }
+
+  return { bytecode: resolved, constants };
+}

package/src/transforms/resolveLabels.ts

@@ -0,0 +1,83 @@
+// --- Label IR ---
+// During compilation, jump targets are symbolic labels instead of hard-coded
+// PC numbers.  Two IR "pseudo operands" carry the label information:
+//
+//   defineLabel operand  : [null, {type:"defineLabel", label:"FN_ENTRY_1"}]
+//     Marks a position in the bytecode array.
+//     resolveLabels() strips these out entirely.
+//
+//   label ref operand      : [OP.JUMP, {type:"label", label:"FN_ENTRY_1"}]
+//     Used as the operand of any jump instruction. resolveLabels() replaces
+//     it with the integer PC that the corresponding defineLabel resolves to.
+
+import type { Instruction } from "../types.ts";
+import { Compiler } from "../compiler.ts";
+
+// Resolve symbolic labels to absolute PC indices within a bytecode array.
+// defineLabel pseudo-instructions are stripped; label-ref operands become ints.
+// Mutates `bc` in place so callers holding a reference see the resolved result.
+export function resolveLabels(
+  bc: Instruction[],
+  compiler: Compiler,
+): {
+  bytecode: Instruction[];
+} {
+  // Pass 1 – walk the array and record each label's real PC, counting only
+  // real instructions (defineLabel pseudo-ops don't occupy a PC slot).
+  const labelToPc = new Map<string, number>();
+  let realPc = 0;
+  for (const instr of bc) {
+    const op = instr[0];
+    const operand = instr[1];
+    if (
+      op === null &&
+      operand !== null &&
+      typeof operand === "object" &&
+      operand.type === "defineLabel"
+    ) {
+      labelToPc.set(operand.label, realPc);
+    } else {
+      realPc++;
+    }
+  }
+
+  // Pass 2 – build the resolved instruction list.
+  const resolved: any[] = [];
+  for (const instr of bc) {
+    const op = instr[0];
+    const operand = instr[1];
+
+    // Strip defineLabel pseudo-ops.
+    if (
+      op === null &&
+      typeof operand === "object" &&
+      operand?.type === "defineLabel"
+    ) {
+      continue;
+    }
+
+    // Replace label-ref operands with integer PCs.
+    if (
+      operand !== undefined &&
+      operand !== null &&
+      typeof operand === "object" &&
+      operand.type === "label"
+    ) {
+      const pc = labelToPc.get(operand.label);
+      if (pc === undefined)
+        throw new Error(`Undefined label: ${operand.label}`);
+      resolved.push([op, pc + (operand.offset ?? 0)]);
+    } else {
+      resolved.push(instr);
+    }
+  }
+
+  // Patch each function descriptor's startPc now that labels are resolved.
+  for (const desc of compiler.fnDescriptors) {
+    desc.startPc = labelToPc.get(desc.startLabel);
+  }
+
+  return {
+    bytecode: resolved,
+  };
+}

package/src/transforms/selfModifying.ts

@@ -0,0 +1,124 @@
+import type { Bytecode, Instruction } from "../types.ts";
+import { Compiler } from "../compiler.ts";
+
+export function selfModifying(
+  bc: Bytecode,
+  compiler: Compiler,
+): { bytecode: Bytecode } {
+  // Walk the bytecode looking for "defineLabel" pseudo-ops, which start basic
+  // blocks. For each block we collect the body (instructions between the label
+  // and the next label/jump terminator), move it to the end of the bytecode
+  // under a fresh "patch_LXX" label, and replace it in-place with:
+  //
+  //   defineLabel ("originalLabel")         ← kept as-is (pseudo-op)
+  //   LOAD_INT  { label: patch_LXX, offset: N }   ← push slice-end PC
+  //   LOAD_INT  { label: patch_LXX }               ← push slice-start PC
+  //   PATCH     { label: originalLabel, offset: 3 } ← destPc = L+3
+  //   LOAD_INT 0  × N                              ← N placeholder instructions
+  //
+  // PATCH pops (start, end) from the stack and copies bytecode[start..end) to
+  // bytecode[destPc..]. Since destPc = L+3 = first placeholder, the body is
+  // written exactly over the placeholder region on the first call.  Subsequent
+  // calls are idempotent (same bytes written again).  Execution falls through
+  // from PATCH into the freshly-patched body at L+3, then continues naturally
+  // to whatever terminator (JUMP/RETURN) follows at L+3+N.
+
+  const { OP, JUMP_OPS } = compiler;
+
+  const result: Bytecode = [];
+  const appended: Bytecode = [];
+  let patchCount = 0;
+
+  let i = 0;
+  while (i < bc.length) {
+    const instr = bc[i];
+    const [op, operand] = instr;
+
+    // Detect a defineLabel pseudo-op — start of a new basic block.
+    if (
+      op === null &&
+      operand !== null &&
+      typeof operand === "object" &&
+      (operand as any).type === "defineLabel"
+    ) {
+      const originalLabel = (operand as any).label as string;
+      result.push(instr); // keep the defineLabel marker
+      i++;
+
+      // Collect body: everything after the label until the next terminator.
+      let j = i;
+      while (j < bc.length) {
+        const [nextOp, nextOperand] = bc[j];
+
+        // Another defineLabel = boundary of the next block.
+        if (
+          nextOp === null &&
+          typeof nextOperand === "object" &&
+          (nextOperand as any)?.type === "defineLabel"
+        ) {
+          break;
+        }
+
+        // Jump instructions, RETURN, and DATA (function header words) all
+        // terminate the body without being included in it.
+        if (
+          nextOp !== null &&
+          (JUMP_OPS.has(nextOp) || nextOp === OP.RETURN || nextOp === OP.DATA)
+        ) {
+          break;
+        }
+
+        j++;
+      }
+
+      const body = bc.slice(i, j);
+      const N = body.length;
+
+      if (N === 0) {
+        // Nothing to transform — label is immediately followed by a terminator.
+        continue;
+      }
+
+      const patchLabel = `patch_${originalLabel}_${patchCount++}`;
+
+      // ── Stub (3 real instructions) ──────────────────────────────────────
+      // LOAD_INT pushes the end-index of the body slice (patchLabel_pc + N).
+      // LOAD_INT pushes the start-index (patchLabel_pc).
+      // Stack before PATCH: [end (bottom), start (top)].
+      // PATCH: slice(pop()=start, pop()=end) copies the body to destPc = L+3.
+      result.push([
+        OP.LOAD_INT as number,
+        { type: "label", label: patchLabel, offset: N },
+      ]);
+      result.push([
+        OP.LOAD_INT as number,
+        { type: "label", label: patchLabel },
+      ]);
+      result.push([
+        OP.PATCH as number,
+        { type: "label", label: originalLabel, offset: 3 },
+      ]);
+
+      // ── Placeholders (N instructions) ───────────────────────────────────
+      // These are overwritten by PATCH on the first execution.  They never
+      // execute as LOAD_INT 0 in a correct run.
+      for (let p = 0; p < N; p++) {
+        result.push([OP.LOAD_INT as number, 0]);
+      }
+
+      // ── Append real body at end ─────────────────────────────────────────
+      appended.push([null, { type: "defineLabel", label: patchLabel }]);
+      for (const bodyInstr of body) {
+        appended.push(bodyInstr);
+      }
+
+      i = j; // skip over the original body in the input array
+      continue;
+    }
+
+    result.push(instr);
+    i++;
+  }
+
+  return { bytecode: [...result, ...appended] };
+}

package/src/types.ts

@@ -0,0 +1,24 @@
+// Bytecode supports both real instructions and IR pseudo-instructions
+// Real instruction: [OP.ADD, 5]
+// IR instruction: [null, { type: "defineLabel", label: "FN_ENTRY_1" }]
+
+// IR instructions are used to hold symbolic information during compilation
+// All "null" instructions are dropped before assembly time
+export type Instruction = [
+  number | null,
+  (
+    | number
+    | { type: "label"; label: string; offset?: number }
+    | { type: "defineLabel"; label: string }
+    | { type: "constant"; value: any }
+  )?,
+];
+
+export type Bytecode = Instruction[];
+
+export function constantOperand(value: any): Instruction[1] {
+  return {
+    type: "constant",
+    value: value,
+  };
+}

package/src/utilts.ts

@@ -0,0 +1,3 @@
+export function escapeRegex(s: string): string {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/.claude/settings.local.json

@@ -1,8 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(NODE_OPTIONS=--experimental-vm-modules npx jest:*)",
-      "Bash(npm test:*)"
-    ]
-  }
-}

package/ReadME.MD

@@ -1,164 +0,0 @@
-# JS Confuser VM
-
-**Requires Node v24.13.1 or higher**
-
-- ES5 support only. No complex features: async, generator, and even try..catch are beyond scope.
-- Experimental. Expect issues.
-
-### Usage
-
-```shell
-$ git clone https://github.com/MichaelXF/js-confuser-vm
-```
-
-- Example Script:
-
-```js
-import { virtualize } from "./src/index.js";
-import { readFileSync, writeFileSync } from "fs";
-
-const sourceCode = readFileSync("input.js", "utf-8");
-const { code: output } = virtualize(sourceCode);
-
-writeFileSync("output.js", output, "utf-8");
-console.log(output);
-```
-
-- Input/Output:
-
-```js
-function fibonacci(num) {
-  var a = 0,
-    b = 1,
-    c = num;
-  while (num-- > 1) {
-    c = a + b;
-    a = b;
-    b = c;
-  }
-  return c;
-}
-
-for (var i = 1; i <= 25; i++) {
-  console.log(i, fibonacci(i));
-}
-
-/*
-function d(a){a=typeof Buffer!=="undefined"?Buffer.from(a,"base64"):Uint8Array.from(atob(a),function(b){return b.charCodeAt(0)});for(var h=new Int32Array(a.length/4),c=0;c<h.length;c++)h[c]=a[c*4]|a[c*4+1]<<8|a[c*4+2]<<16|a[c*4+3]<<24;return h}var f=Symbol();function l(a,h){this.g=a;this.m=h;this.n=!1;this.p=void 0}function m(a){return a.n?a.p:a.g.b[a.m]}function n(a,h){a.n?a.p=h:a.g.b[a.m]=h}function p(a){this.f=a;this.l=[];this.prototype={}}
-function w(a,h){this.r=a;this.b=Array(a.f.t).fill(void 0);this.d=a.f.u;this.x=h!==void 0?h:void 0;this.o=null}function x(a,h,c){this.q=a;this.e=h;this.i=c;this.a=[];this.h=[];this.j=[];this.c=new w(new p({k:0,t:0,u:0}))}function y(a,h){a.a.push(h)}function z(a){return a.a.pop()}function A(a){return a.a[a.a.length-1]}function E(a,h,c){for(var b=0;b<a.j.length;b++){var e=a.j[b];if(e.g===h&&e.m===c)return e}e=new l(h,c);a.j.push(e);return e}
-function F(a,h){a.j=a.j.filter(function(c){return c.g===h?(c.p=c.g.b[c.m],c.n=!0,!1):!0})}
-function G(a){for(var h=performance.now();;){var c=a.c,b=a.q;if(c.d>=b.length)break;b=b[c.d++];var e=b&255;b>>>=8;var g=performance.now(),k=g-h>1E3;h=g;k&&(e=13);switch(e){case 0:y(a,a.e[b]);break;case 1:y(a,c.b[b]);break;case 2:c.b[b]=z(a);break;case 3:y(a,a.i[a.e[b]]);break;case 4:a.i[a.e[b]]=z(a);break;case 5:c=z(a);b=A(a);y(a,b[c]);break;case 6:b=z(a);y(a,z(a)+b);break;case 7:b=z(a);y(a,z(a)-b);break;case 8:b=z(a);y(a,z(a)*b);break;case 9:b=z(a);y(a,z(a)/b);break;case 36:b=z(a);y(a,z(a)%b);break;
-case 37:b=z(a);y(a,z(a)&b);break;case 38:b=z(a);y(a,z(a)|b);break;case 39:b=z(a);y(a,z(a)^b);break;case 40:b=z(a);y(a,z(a)<<b);break;case 41:b=z(a);y(a,z(a)>>b);break;case 42:b=z(a);y(a,z(a)>>>b);break;case 15:b=z(a);y(a,z(a)<b);break;case 16:b=z(a);y(a,z(a)>b);break;case 17:b=z(a);y(a,z(a)===b);break;case 20:b=z(a);y(a,z(a)<=b);break;case 21:b=z(a);y(a,z(a)>=b);break;case 22:b=z(a);y(a,z(a)!==b);break;case 52:b=z(a);y(a,z(a)==b);break;case 53:b=z(a);y(a,z(a)!=b);break;case 46:b=z(a);y(a,z(a)in b);
-break;case 47:c=z(a);b=z(a);if(typeof c==="function")y(a,b instanceof c);else{c=c.prototype;b=Object.getPrototypeOf(b);for(e=!1;b!==null;){if(b===c){e=!0;break}b=Object.getPrototypeOf(b)}y(a,e)}break;case 25:y(a,-z(a));break;case 26:y(a,z(a));break;case 27:y(a,!z(a));break;case 28:y(a,~z(a));break;case 29:y(a,typeof z(a));break;case 30:z(a);y(a);break;case 31:b=z(a);e=Object.prototype.hasOwnProperty.call(a.i,b)?a.i[b]:void 0;y(a,typeof e);break;case 18:c.d=b;break;case 19:z(a)||(c.d=b);break;case 44:A(a)?
-c.d=b:z(a);break;case 43:A(a)?z(a):c.d=b;break;case 10:g=a.e[b];e=new p(g);for(b=0;b<g.v.length;b++)k=g.v[b],k.y?e.l.push(E(a,c,k.w)):e.l.push(c.r.l[k.w]);var t=a;b=function(B){return function(){for(var u=Array.prototype.slice.call(arguments),C=new x(t.q,t.e,t.i),v=new w(B,this),q=0;q<u.length;q++)v.b[q]=u[q];v.b[B.f.k]=u;C.c=v;return G(C)}}(e);b[f]=e;b.prototype=e.prototype;y(a,b);break;case 23:y(a,m(c.r.l[b]));break;case 24:n(c.r.l[b],z(a));break;case 32:b=a.a.splice(a.a.length-b);y(a,b);break;
-case 33:c=a.a.splice(a.a.length-b*2);e={};for(b=0;b<c.length;b+=2)e[c[b]]=c[b+1];y(a,e);break;case 34:e=z(a);c=z(a);b=z(a);b[c]=e;y(a,e);break;case 35:c=z(a);b=z(a);y(a,b[c]);break;case 45:c=z(a);b=z(a);y(a,delete b[c]);break;case 11:c=a.a.splice(a.a.length-b);if((e=z(a))&&e[f]){e=e[f];g=new w(e);for(b=0;b<c.length;b++)g.b[b]=c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,e.apply(null,c));break;case 12:c=a.a.splice(a.a.length-b);e=z(a);b=z(a);if(e&&e[f]){e=e[f];g=new w(e,b);for(b=0;b<c.length;b++)g.b[b]=
-c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,e.apply(b,c));break;case 48:y(a,c.x);break;case 49:c=a.a.splice(a.a.length-b);if((e=z(a))&&e[f]){e=e[f];b=Object.create(e.prototype||null);g=new w(e,b);g.o=b;for(b=0;b<c.length;b++)g.b[b]=c[b];g.b[e.f.k]=c;a.h.push(a.c);a.c=g}else y(a,Reflect.construct(e,c));break;case 13:b=z(a);F(a,c);if(a.h.length===0)return b;c.o===null||typeof b==="object"&&b!==null||(b=c.o);a.c=a.h.pop();y(a,b);break;case 14:z(a);break;case 50:y(a,A(a));break;case 51:throw z(a);
-case 54:b=z(a);c=[];if(b!==null&&b!==void 0)for(e=Object.create(null),g=Object(b);g!==null;){k=Object.getOwnPropertyNames(g);for(b=0;b<k.length;b++){var r=k[b];if(!(r in e)){e[r]=!0;var D=Object.getOwnPropertyDescriptor(g,r);D&&D.enumerable&&c.push(r)}}g=Object.getPrototypeOf(g)}y(a,{keys:c,s:0});break;case 55:e=z(a);e.s>=e.keys.length?c.d=b:y(a,e.keys[e.s++]);break;case 56:c=z(a);e=a.e[b];e=d(e);for(b=0;b<e.length;b++)a.q[c+b]=e[b];break;default:throw Error("Unknown opcode: "+e+" at pc "+(c.d-1));
-}}}var H={},I;for(I of Object.getOwnPropertyNames(globalThis))H[I]=globalThis[I];typeof window!=="undefined"&&(H.window=window);H.undefined=void 0;H.Infinity=Infinity;H.NaN=NaN;
-G(new x(d("CgMAAAQEAAAAAQAABAUAAAMFAAAABgAAFAAAABMYAAADBwAAAAgAAAUAAAADBQAAAwQAAAMFAAALAQAADAIAAA4AAAADBQAAMgAAAAABAAAGAAAABAUAAA4AAAASBAAADQAAAAAKAAA4CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="),[0,1,void 0,{k:1,t:5,v:[],u:25},"fibonacci","i",25,"console","log","AAAAAAICAAAAAQAAAgMAAAEAAAACBAAAAQAAADIAAAAAAQAABwAAAAIAAAAAAQAAEAAAABM4AAABAgAAAQMAAAYAAAACBAAAAQQAAA4AAAABAwAAAgIAAAECAAAOAAAAAQQAAAIDAAABAwAADgAAABIhAAABBAAADQAAAAACAAANAAAADQAAAA==",
-27],H));
-*/
-```
-
-### Features
-
-- [x] functions: call, arguments, return
-- [x] closures and nested functions
-- [x] literals
-- [x] binary expressions
-- [x] unary expressions
-- [x] update expressions
-- [x] if statements
-- [x] while, do-while, for loops
-- [x] get property
-- [x] logical expressions
-- [x] array, object expression
-- [x] function expression
-- [x] default arguments in functions
-- [x] sequence expression
-- [x] conditional expression (ternary operator)
-- [x] delete operator
-- [x] in / instanceof
-- [x] this, new expression
-- [x] arguments
-- [x] Infinity, NaN
-- [x] break/continue
-- [x] switch statement
-- [x] throw statement
-- [x] labeled statements
-- [x] for..in loop
-
-### Missing
-
-- [ ] try..catch
-- [ ] RegExp literals
-- [ ] with statement
-- [ ] arguments.callee, argument parameter syncing   
-- [ ] getter/setters
-
-### Hardening
-
-- [x] opcode randomization per build
-- [x] property name concealment of vm internals
-- - Google Closure Compiler aggressively renames our class props
-- [ ] shuffled handler order
-- [ ] dead handlers
-- [ ] dead bytecode insertion
-- [ ] macro opcodes
-- [x] encoded bytecode array and words
-- [x] self-modifying bytecode
-- [x] timing checks
-- [ ] low-level bytecode obfuscations
-- [ ] stack protection
-- [ ] control flow integrity
-
-### Minification
-
-`minify.js` uses Google Closure Compiler to minify the JS VM and renames (most) VM property names. This approach helps keep the VM Compiler simple and lets Google do the heavy lifting.
-
-### No Try Catch
-
-Try..Catch is complex operator that may not get added. You can use Try..Catch by defining an outside helper function:
-
-```js
-function TryCatch(cb) {
-  try {
-    return { value: cb() };
-  } catch (error) {
-    return { error };
-  }
-}
-```
-
-## ES5 Only
-
-This VM Compiler only supports ES5 JavaScript. Most ES6+ features are syntax sugar that can be transpiled down relatively easily. This is a design decision to keep the VM wrapper simple and the bytecode more uniform. Having opcodes dedicated for classes and methods makes them standout more for attackers to debug easier. Keeping things simple enables easier hardening improvements.
-
-Please transpile your code down first using [Babel](https://github.com/babel/babel).
-
-### Project:
-
-- Stack based VM
-- Lua-style Closure and Upvalue model
-- CPython-style opcodes and codegen
-- Compiler is in src/compiler.ts
-- Runtime is in src/runtime.ts
-- "Typescript"
-- - This "Typescript" projects uses Node's new flag `--experimental-strip-types`. This is means we can run `node index.ts` directly!
-
-### Use with JS-Confuser
-
-JS-Confuser is recommended to be applied *after* virtualizing your source code. JS-Confuser's CFF can safeguard and obfuscate your VM internals - adding a layer of obscurity and preventing analysis of the opcodes. 
-
-### WIP
-
-- 120 tests, 90.16% coverage
-- [Test262 (es5-tests)](https://github.com/tc39/test262/tree/es5-tests) percentage: 43.26%
-
-### Made with AI
-
-This project has been created with the help of AI. Expect issues.
-
-### License
-
-MIT License

package/input.js

@@ -1,15 +0,0 @@
-function fibonacci(num) {
-  var a = 0,
-    b = 1,
-    c = num;
-  while (num-- > 1) {
-    c = a + b;
-    a = b;
-    b = c;
-  }
-  return c;
-}
-
-for (var i = 1; i <= 25; i++) {
-  console.log(i, fibonacci(i));
-}

package/minify.js

@@ -1,17 +0,0 @@
-import ClosureCompiler from "google-closure-compiler";
-
-const compiler = new ClosureCompiler({
-  js: "output.js",
-  js_output_file: "output.min.js",
-  compilation_level: "ADVANCED",
-
-  warning_level: "QUIET",
-  env: "CUSTOM", // removes all default externs
-  externs: "minify_empty_externs.js", // pass a blank file to satisfy the flag
-});
-
-compiler.run((exitCode, stdOut, stdErr) => {
-  if (stdErr) console.error(stdErr);
-  if (exitCode !== 0) process.exit(exitCode);
-  console.log("Done -> output.min.js");
-});

package/minify_empty_externs.js

@@ -1,4 +0,0 @@
-var window = {};
-var global = {};
-var atob = {};
-var performance;

package/obfuscate.js

@@ -1,12 +0,0 @@
-import JsConfuser from "../js-confuser/dist/index.js";
-import { readFileSync, writeFileSync } from "fs";
-
-const minified = readFileSync("output.min.js", "utf-8");
-
-JsConfuser.obfuscate(minified, {
-  target: "browser",
-  renameVariables: true,
-  controlFlowFlattening: true,
-}).then((result) => {
-  writeFileSync("output.obf.js", result.code, "utf-8");
-});

package/src/index.js

@@ -1,5 +0,0 @@
-import { compileAndSerialize } from "./compiler.ts";
-
-export function virtualize(source) {
-  return compileAndSerialize(source);
-}

package/src/random.js

@@ -1,3 +0,0 @@
-export function getPlaceholder() {
-  return Math.random().toString(36).substring(2, 15);
-}