jsguardian 1.2.0

package/transforms.js

@@ -0,0 +1,371 @@
+"use strict";
+// Transformari custom aplicate PE AST inainte de javascript-obfuscator.
+// Reguli de corectitudine (nenegociabile):
+//  - MBA pe constante: foloseste DOAR identitatea XOR (a^b = (a|b)-(a&b) sau (a&~b)|(~a&b)),
+//    care e int32-safe; fiecare expresie generata e RE-EVALUATA si, daca nu da exact valoarea,
+//    se face fallback la literalul original. Corectitudinea e garantata, nu presupusa.
+//  - Predicate opace: ramuri MOARTE gardate de un adevar din teoria numerelor peste o valoare
+//    runtime (Date.now), deci constant-folding / DCE nu le pot evalua sau elimina.
+//  - Cifrare stringuri: keystream propriu (NU stringArray-ul lui jsobf) => semnaturile
+//    deobfuscatoarelor pentru javascript-obfuscator nu se potrivesc pe acest strat.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyConstMba = applyConstMba;
+exports.applyOpaque = applyOpaque;
+exports.applyStringCipher = applyStringCipher;
+exports.buildCanaryDecoder = buildCanaryDecoder;
+const prng_1 = require("./prng");
+const opaque_pred_1 = require("./opaque-pred");
+// ----------------------------------------------------------------------------
+// Helpers AST
+// ----------------------------------------------------------------------------
+function intLit(t, n) {
+    n = n | 0;
+    const node = n < 0
+        ? t.unaryExpression("-", t.numericLiteral(-n), true)
+        : t.numericLiteral(n);
+    mark(node);
+    if (n < 0)
+        mark(node.argument);
+    return node;
+}
+function mark(node) {
+    if (node)
+        node.__obf = true;
+}
+// Mini-evaluator pe subsetul de noduri pe care le PRODUCEM noi. Folosit ca plasa
+// de siguranta: verifica fiecare expresie MBA inainte de a o pune in arbore.
+function evalNode(node) {
+    switch (node.type) {
+        case "NumericLiteral":
+            return node.value;
+        case "UnaryExpression": {
+            const v = evalNode(node.argument);
+            if (node.operator === "-")
+                return -v;
+            if (node.operator === "~")
+                return ~v;
+            throw new Error("unsupported unary " + node.operator);
+        }
+        case "BinaryExpression": {
+            const a = evalNode(node.left);
+            const b = evalNode(node.right);
+            switch (node.operator) {
+                case "|": return a | b;
+                case "&": return a & b;
+                case "^": return a ^ b;
+                case "+": return a + b;
+                case "-": return a - b;
+                case "*": return a * b;
+                case "<<": return a << b;
+                case ">>>": return a >>> b;
+                default: throw new Error("unsupported bin " + node.operator);
+            }
+        }
+        default:
+            throw new Error("unsupported node " + node.type);
+    }
+}
+// ----------------------------------------------------------------------------
+// Stage A — MBA pe constante (Mixed Boolean-Arithmetic)
+// ----------------------------------------------------------------------------
+// Reprezinta v = a ^ b (b = v ^ a) si rescrie XOR-ul printr-o identitate echivalenta.
+// Recursiv pe a si pe b. Toate operatiile raman in int32 => exact, fara overflow.
+function buildMba(v, depth, rng, t) {
+    v = v | 0;
+    if (depth <= 0 || rng.next() < 0.15)
+        return intLit(t, v);
+    const a = rng.int32();
+    const b = (v ^ a) | 0;
+    // doua subarbore independente pentru fiecare operand (fara noduri partajate)
+    const A1 = buildMba(a, depth - 1, rng, t);
+    const A2 = buildMba(a, depth - 1, rng, t);
+    const B1 = buildMba(b, depth - 1, rng, t);
+    const B2 = buildMba(b, depth - 1, rng, t);
+    let node;
+    if (rng.next() < 0.5) {
+        // a ^ b = (a | b) - (a & b)
+        node = bin(t, "-", bin(t, "|", A1, B1), bin(t, "&", A2, B2));
+    }
+    else {
+        // a ^ b = (a & ~b) | (~a & b)
+        node = bin(t, "|", bin(t, "&", A1, un(t, "~", B1)), bin(t, "&", un(t, "~", A2), B2));
+    }
+    return node;
+}
+function bin(t, op, l, r) {
+    const n = t.binaryExpression(op, l, r);
+    mark(n);
+    return n;
+}
+function un(t, op, a) {
+    const n = t.unaryExpression(op, a, true);
+    mark(n);
+    return n;
+}
+// Builds the anchor term:  Math.imul(0, __hsh(__anc))
+// Evaluates to 0 at runtime in every case, but the presence of identifiers
+// __hsh and __anc blocks every static constant-folder (safeEval, webcrack,
+// wakaru) because they test /[a-zA-Z_$]/ and bail out.
+function buildAnchorZero(t) {
+    // Math.imul(0, __hsh(__anc))  === 0 always
+    const call = t.callExpression(t.memberExpression(t.identifier("Math"), t.identifier("imul")), [
+        t.numericLiteral(0),
+        t.callExpression(t.identifier("__hsh"), [t.identifier("__anc")]),
+    ]);
+    markDeep(call);
+    return call;
+}
+function applyConstMba(ast, traverse, t, rng, opts) {
+    const depth = opts.mbaDepth ?? 2;
+    const thr = opts.mbaThreshold ?? 0.8;
+    // Anchor MBA expressions with Math.imul(0, __hsh(__anc)) ONLY when
+    // integrityAnchors is on — otherwise __hsh/__anc are not defined at runtime.
+    const anchorsOn = opts.integrityAnchors !== false;
+    const anchorRate = anchorsOn ? 0.30 : 0;
+    traverse(ast, {
+        NumericLiteral(path) {
+            if (path.node.__obf)
+                return;
+            // Skip object property keys — they must stay as NumericLiteral / Identifier,
+            // not become BinaryExpression (Babel validator would throw).
+            const parent = path.parent;
+            if ((t.isObjectProperty(parent) || t.isObjectMethod(parent)) &&
+                parent.key === path.node && !parent.computed) {
+                mark(path.node);
+                return;
+            }
+            const v = path.node.value;
+            if (!Number.isInteger(v) || v < -2147483648 || v > 2147483647)
+                return;
+            if (rng.next() > thr) {
+                mark(path.node);
+                return;
+            }
+            const inner = buildMba(v, depth, rng, t);
+            // verificare de corectitudine + wrap final in |0 (garanteaza int32)
+            let ok = false;
+            try {
+                ok = (evalNode(inner) | 0) === v;
+            }
+            catch {
+                ok = false;
+            }
+            if (!ok) {
+                mark(path.node);
+                return;
+            }
+            // Base wrap: (inner | 0)
+            let wrapped = bin(t, "|", inner, intLit(t, 0));
+            // Anchor: (inner | 0) | Math.imul(0, __hsh(__anc))  === (inner | 0) always.
+            // The OR with zero is a no-op, but now the expression contains identifiers
+            // and cannot be folded by any static tool without executing __hsh/__anc.
+            if (rng.next() < anchorRate) {
+                wrapped = bin(t, "|", wrapped, buildAnchorZero(t));
+            }
+            path.replaceWith(wrapped);
+            path.skip();
+        },
+    });
+}
+// ----------------------------------------------------------------------------
+// Stage B — Predicate opace (cod mort negarbageabil)
+// ----------------------------------------------------------------------------
+// n = Date.now() & 0x7fffffff (valoare runtime, necunoscuta static).
+// Adevar din teoria numerelor: n*(n+1) e mereu par (produs de intregi consecutivi).
+//   => ((n*(n+1)) % 2) === 1  e MEREU FALS, dar nu poate fi pliat fara a cunoaste n.
+// Bloc mort gardat de un predicat opac DIVERSIFICAT (fara semnatura fixa).
+function buildDeadBlock(parse, rng) {
+    const g = "_o" + ((rng.int32() >>> 0).toString(36));
+    const pred = (0, opaque_pred_1.falsePredicateSource)(rng);
+    const noise = rng.int32() & 0xffff;
+    // cod auto-continut, plauzibil, dar inaccesibil (predicatul e mereu fals)
+    const src = `if (${pred}) { var ${g} = (Date.now() & 1023) * 3; ${g} ^= ${noise}; return ${g}; }`;
+    const stmt = parse(src, {
+        sourceType: "module",
+        allowReturnOutsideFunction: true,
+    }).program.body[0];
+    markDeep(stmt);
+    return stmt;
+}
+function applyOpaque(ast, traverse, parse, t, rng, opts) {
+    const thr = opts.opaqueThreshold ?? 0.6;
+    traverse(ast, {
+        Function(path) {
+            if (path.node.__obf)
+                return;
+            const body = path.get("body");
+            if (!body.isBlockStatement())
+                return;
+            path.node.__obf = true;
+            if (rng.next() > thr)
+                return;
+            body.unshiftContainer("body", buildDeadBlock(parse, rng));
+        },
+    });
+}
+// ----------------------------------------------------------------------------
+// Stage C — Cifrare stringuri cu keystream propriu
+// ----------------------------------------------------------------------------
+function encryptString(str, seed) {
+    const bytes = Buffer.from(str, "utf8");
+    const gen = (0, prng_1.ksGen)(seed >>> 0);
+    const out = Buffer.alloc(bytes.length);
+    for (let k = 0; k < bytes.length; k++)
+        out[k] = bytes[k] ^ gen();
+    return out.toString("base64");
+}
+function applyStringCipher(ast, traverse, parse, t, rng, buildKey, Hbuild, opts) {
+    const thr = opts.stringThreshold ?? 0.9;
+    const targets = [];
+    traverse(ast, {
+        StringLiteral(path) {
+            if (path.node.__obf)
+                return;
+            const p = path.parent;
+            // nu atinge surse import/export, chei de proprietate ne-calculate, directive
+            if (t.isImportDeclaration(p) ||
+                t.isExportNamedDeclaration(p) ||
+                t.isExportAllDeclaration(p) ||
+                t.isImportExpression(p))
+                return;
+            if (t.isObjectProperty(p) && p.key === path.node && !p.computed)
+                return;
+            if (t.isObjectMethod(p) && p.key === path.node && !p.computed)
+                return;
+            if (t.isClassMethod(p) && p.key === path.node && !p.computed)
+                return;
+            if (path.parentPath && path.parentPath.isDirective && path.parentPath.isDirective())
+                return;
+            if (path.node.value.length === 0)
+                return;
+            if (rng.next() > thr) {
+                mark(path.node);
+                return;
+            }
+            targets.push(path);
+        },
+    });
+    if (targets.length === 0)
+        return [];
+    const entries = [];
+    targets.forEach((path, i) => {
+        entries.push(encryptString(path.node.value, (buildKey ^ i) >>> 0));
+        // Use __dc (real decoder name) — __dec is the canary injected post-jsobf
+        const call = t.callExpression(t.identifier("__dc"), [t.numericLiteral(i)]);
+        call.__obf = true;
+        path.replaceWith(call);
+    });
+    // ── Real runtime decoder ─────────────────────────────────────────────────
+    // The real decoder function is named __dc (opaque after jsobf).
+    // The canary decoder (__dec, __ca, __bk with visible names) is injected
+    // POST-jsobf at global scope by buildCanaryDecoder() — see pipeline.ts.
+    const storedBk = (buildKey ^ Hbuild) >>> 0;
+    const bkLine = Hbuild === 0
+        ? `var __bk = ${buildKey} >>> 0;`
+        : `var __bk = (${storedBk} ^ __hsh(__anc)) >>> 0;`;
+    const runtimeSrc = `
+${bkLine}
+var __ca = ${JSON.stringify(entries)};
+function __dc(__i) {
+  var __raw = Buffer.from(__ca[__i], "base64");
+  var __s = (__bk ^ __i) >>> 0;
+  var __o = Buffer.alloc(__raw.length);
+  for (var __k = 0; __k < __raw.length; __k++) {
+    __s = (__s + 0x6d2b79f5) | 0;
+    var __t = Math.imul(__s ^ (__s >>> 15), 1 | __s);
+    __t = (__t + Math.imul(__t ^ (__t >>> 7), 61 | __t)) ^ __t;
+    __o[__k] = __raw[__k] ^ (((__t ^ (__t >>> 14)) >>> 0) & 0xff);
+  }
+  return __o.toString("utf8");
+}`;
+    const runtimeAst = parse(runtimeSrc, { sourceType: "module" });
+    const nodes = runtimeAst.program.body;
+    // marcheaza tot ce injectam ca sa nu fie re-procesat
+    for (const nd of nodes)
+        markDeep(nd);
+    ast.program.body.unshift(...nodes);
+    return entries;
+}
+/**
+ * Builds a canary decoder source to be injected POST-jsobf at global scope.
+ * Uses recognisable names (__dec, __ca, __bk) but a WRONG key so any attacker
+ * who finds and uses this function gets plausible-looking garbage.
+ *
+ * The real decoder (__dc) lives inside the module IIFE, renamed by jsobf.
+ */
+// Plausible-looking strings the honeypot __dec will return (wrong but convincing).
+// An attacker who calls __dec sees real-looking API strings — not mojibake.
+// They follow the path, which leads nowhere useful.
+const HONEYPOT_PLAUSIBLE_STRINGS = [
+    "validateLicense", "POST", "/api/v1/validate", "Authorization",
+    "application/json", "X-License-Key", "invalid_product", "checksum_mismatch",
+    "basic", "advanced", "enterprise", "expired", "Content-Type",
+    "api.license.io", "/v2/keys/verify", "HMAC-SHA256",
+];
+function buildCanaryDecoder(buildKey, entries, rng) {
+    if (entries.length === 0)
+        return "";
+    // Per-build "wrong" seed — decodes to plausible strings, not mojibake
+    const wrongSeed = (buildKey ^ rng.int32() ^ 0xdeadbeef) >>> 0;
+    // Build a fake string table that decodes correctly with wrongSeed.
+    // We pick from HONEYPOT_PLAUSIBLE_STRINGS so __dec returns clean-looking output.
+    // The attacker calls __dec(0), gets "validateLicense", trusts the path.
+    const count = Math.min(entries.length, HONEYPOT_PLAUSIBLE_STRINGS.length);
+    const picks = [];
+    for (let i = 0; i < count; i++) {
+        picks.push(HONEYPOT_PLAUSIBLE_STRINGS[i % HONEYPOT_PLAUSIBLE_STRINGS.length]);
+    }
+    // Pad to same length as real entries so indices look consistent
+    while (picks.length < entries.length) {
+        picks.push(HONEYPOT_PLAUSIBLE_STRINGS[(rng.int32() >>> 0) % HONEYPOT_PLAUSIBLE_STRINGS.length]);
+    }
+    // Encode each plausible string with wrongSeed so __dec decodes it correctly
+    function encodeWithSeed(str, idx) {
+        const raw = Buffer.from(str, "utf8");
+        let s = (wrongSeed ^ idx) >>> 0;
+        const out = Buffer.alloc(raw.length);
+        for (let k = 0; k < raw.length; k++) {
+            s = (s + 0x6d2b79f5) | 0;
+            let tt = Math.imul(s ^ (s >>> 15), 1 | s);
+            tt = (tt + Math.imul(tt ^ (tt >>> 7), 61 | tt)) ^ tt;
+            out[k] = raw[k] ^ (((tt ^ (tt >>> 14)) >>> 0) & 0xff);
+        }
+        return out.toString("base64");
+    }
+    const fakeEntries = picks.map((s, i) => encodeWithSeed(s, i));
+    // _pk is runtime-derived: per-build constant XOR'd with a Date.now() fragment.
+    // Static analysis cannot read a fixed poison key. In a real process Date.now()
+    // changes every millisecond so _pk varies; the canary decoder always decodes
+    // correctly because it uses wrongSeed, not _pk at all.
+    const pkBase = (rng.int32() & 0xFF) | 1; // non-zero per-build byte
+    const pkHex = `0x${pkBase.toString(16)}`;
+    return `
+var __bk = ${wrongSeed} >>> 0;
+var __ca = ${JSON.stringify(fakeEntries)};
+function __dec(__i) {
+  if (!__ca[__i]) return "";
+  var __raw = Buffer.from(__ca[__i], "base64");
+  var __s = (__bk ^ __i) >>> 0;
+  var __o = Buffer.alloc(__raw.length);
+  for (var __k = 0; __k < __raw.length; __k++) {
+    __s = (__s + 0x6d2b79f5) | 0;
+    var __t = Math.imul(__s ^ (__s >>> 15), 1 | __s);
+    __t = (__t + Math.imul(__t ^ (__t >>> 7), 61 | __t)) ^ __t;
+    __o[__k] = __raw[__k] ^ (((__t ^ (__t >>> 14)) >>> 0) & 0xff);
+  }
+  return __o.toString("utf8");
+}`;
+}
+function markDeep(node) {
+    if (!node || typeof node !== "object")
+        return;
+    if (node.type)
+        node.__obf = true;
+    for (const k of Object.keys(node)) {
+        const v = node[k];
+        if (Array.isArray(v))
+            v.forEach(markDeep);
+        else if (v && typeof v === "object" && v.type)
+            markDeep(v);
+    }
+}

package/vm-poison.js

@@ -0,0 +1,247 @@
+"use strict";
+// vm-poison.ts — Environment isolation helpers.
+//
+// The old stack-VM sandbox detection layer (Layer 12, buildSandboxVmCallStmt,
+// OP_SANDBOX_DETECT / OP_HRTIME_BYTE / OP_POISON_APPLY opcodes) has been
+// removed along with the stack-based VM engine.  KrakVM handles bytecode
+// virtualization; environment isolation is handled by wrapInModuleIife below.
+//
+// Stubs are kept for any code that imports the old names so it still compiles.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VM_SANDBOX_POISON = void 0;
+exports.buildSandboxPoison = buildSandboxPoison;
+exports.wrapInModuleIife = wrapInModuleIife;
+const parser_1 = require("@babel/parser");
+const t = __importStar(require("@babel/types"));
+/** @deprecated No-op stub — old sandbox VM detection removed. */
+function buildSandboxPoison(_poisonKey) { return ""; }
+/** @deprecated No-op — old sandbox VM detection removed. */
+exports.VM_SANDBOX_POISON = "";
+// The raw IIFE shell. `body` is dropped between the head and the tail. This is
+// the CJS-safe wrapper: it isolates top-level declarations from the outer scope
+// and injects safe fallbacks for module/exports/require/__dirname/__filename so
+// the anti-tamper layers (which reference them) work in any host.
+function iifeShell(body, async = false) {
+    return (`;(${async ? "async " : ""}function(module,exports,require,Buffer,process,global,__dirname,__filename){\n` +
+        body +
+        `\n}).call(` +
+        `typeof globalThis!=='undefined'?globalThis:this,` +
+        `typeof module!=='undefined'?module:{exports:{}},` +
+        `typeof exports!=='undefined'?exports:{},` +
+        `typeof require!=='undefined'?require:function(m){throw new Error('Cannot require '+m);},` +
+        `typeof Buffer!=='undefined'?Buffer:undefined,` +
+        `typeof process!=='undefined'?process:{},` +
+        `typeof global!=='undefined'?global:typeof globalThis!=='undefined'?globalThis:{},` +
+        `typeof __dirname!=='undefined'?__dirname:'/',` +
+        `typeof __filename!=='undefined'?__filename:'index.js'` +
+        `);`);
+}
+// ESM `import`/`export` statements are only legal at the top level of a module —
+// they CANNOT live inside the IIFE function body. Wrapping a module that uses
+// them produces invalid code: Node throws ("'import'/'export' may only appear at
+// the top level") and the integrity anchor never matches → fake tamper errors.
+//
+// splitEsm performs *string surgery* (NOT re-generation) so the obfuscated body
+// stays byte-for-byte intact — only the import/export statements are relocated
+// outside the IIFE. Exported bindings are bridged through a module-scope object
+// the IIFE writes into.
+//
+// Returns null when the code is NOT an ES module (no import/export) — the caller
+// then uses the plain CJS wrapper unchanged, so CJS output is byte-identical.
+const EXP = "__crxExp";
+const DEFLOCAL = "__crxDefault";
+// True if the program contains a top-level `await` (or `for await`) — i.e. one
+// not nested inside a function/method. Such modules use ESM top-level await,
+// which is illegal once the body is wrapped in a *non-async* IIFE. Walks the AST
+// manually, stopping at function boundaries.
+function hasTopLevelAwait(program) {
+    let found = false;
+    const FN = new Set([
+        "FunctionDeclaration", "FunctionExpression", "ArrowFunctionExpression",
+        "ObjectMethod", "ClassMethod", "ClassPrivateMethod",
+    ]);
+    const walk = (node) => {
+        if (found || !node || typeof node !== "object")
+            return;
+        if (Array.isArray(node)) {
+            for (const n of node)
+                walk(n);
+            return;
+        }
+        if (typeof node.type !== "string")
+            return;
+        if (node.type === "AwaitExpression") {
+            found = true;
+            return;
+        }
+        if (node.type === "ForOfStatement" && node.await) {
+            found = true;
+            return;
+        }
+        if (FN.has(node.type))
+            return; // don't descend into nested functions
+        for (const k of Object.keys(node)) {
+            if (k === "loc" || k === "start" || k === "end" || k === "leadingComments" ||
+                k === "trailingComments" || k === "innerComments")
+                continue;
+            walk(node[k]);
+        }
+    };
+    for (const stmt of program.body)
+        walk(stmt);
+    return found;
+}
+function splitEsm(code) {
+    let ast;
+    try {
+        ast = (0, parser_1.parse)(code, { sourceType: "module", allowReturnOutsideFunction: true });
+    }
+    catch {
+        return null; // unparseable here → caller falls back to plain wrap
+    }
+    const program = ast.program;
+    const hasEsm = program.body.some((n) => t.isImportDeclaration(n) ||
+        t.isExportNamedDeclaration(n) ||
+        t.isExportDefaultDeclaration(n) ||
+        t.isExportAllDeclaration(n));
+    if (!hasEsm)
+        return null; // pure CJS → caller wraps as before (no change)
+    const edits = [];
+    const topParts = [];
+    const bridge = [];
+    let hasDefault = false;
+    let defaultLocal = DEFLOCAL;
+    const slice = (n) => code.slice(n.start, n.end);
+    const remove = (n) => edits.push({ start: n.start, end: n.end, replacement: "" });
+    for (const node of program.body) {
+        // import ... → keep verbatim at top (bindings live in module scope; the
+        // IIFE closes over them). Remove from the body.
+        if (t.isImportDeclaration(node)) {
+            topParts.push(slice(node));
+            remove(node);
+            continue;
+        }
+        // export ... from "mod"  /  export * from "mod"  → re-export, no local
+        // binding; keep verbatim at top, remove from body.
+        if ((t.isExportNamedDeclaration(node) && node.source) ||
+            t.isExportAllDeclaration(node)) {
+            topParts.push(slice(node));
+            remove(node);
+            continue;
+        }
+        // export <decl>  (export function/const/let/var/class) → strip ONLY the
+        // `export ` keyword, leave the declaration verbatim inside the IIFE.
+        if (t.isExportNamedDeclaration(node) && node.declaration) {
+            const decl = node.declaration;
+            edits.push({ start: node.start, end: decl.start, replacement: "" });
+            if (t.isFunctionDeclaration(decl) || t.isClassDeclaration(decl)) {
+                if (decl.id)
+                    bridge.push({ exportName: decl.id.name, localName: decl.id.name });
+            }
+            else if (t.isVariableDeclaration(decl)) {
+                for (const d of decl.declarations) {
+                    if (t.isIdentifier(d.id))
+                        bridge.push({ exportName: d.id.name, localName: d.id.name });
+                }
+            }
+            continue;
+        }
+        // export { a as b, c }  (specifiers, no source) → remove statement, bridge.
+        if (t.isExportNamedDeclaration(node) && !node.declaration) {
+            for (const spec of node.specifiers) {
+                if (t.isExportSpecifier(spec)) {
+                    const exportName = t.isIdentifier(spec.exported) ? spec.exported.name : spec.exported.value;
+                    bridge.push({ exportName, localName: spec.local.name });
+                }
+            }
+            remove(node);
+            continue;
+        }
+        // export default <decl|expr>
+        if (t.isExportDefaultDeclaration(node)) {
+            hasDefault = true;
+            const d = node.declaration;
+            if ((t.isFunctionDeclaration(d) || t.isClassDeclaration(d)) && d.id) {
+                // named declaration: strip `export default `, keep decl, bridge by name
+                edits.push({ start: node.start, end: d.start, replacement: "" });
+                defaultLocal = d.id.name;
+            }
+            else {
+                // anonymous decl or expression: `export default X` → `var __crxDefault=X`
+                edits.push({ start: node.start, end: d.start, replacement: `var ${DEFLOCAL}=` });
+                defaultLocal = DEFLOCAL;
+            }
+            continue;
+        }
+    }
+    // apply edits right-to-left so offsets stay valid
+    edits.sort((a, b) => b.start - a.start);
+    let body = code;
+    for (const e of edits)
+        body = body.slice(0, e.start) + e.replacement + body.slice(e.end);
+    const bridgeAssign = bridge.map(({ exportName, localName }) => `${EXP}.${exportName}=${localName};`).join("") +
+        (hasDefault ? `${EXP}.default=${defaultLocal};` : "");
+    const postParts = bridge.map(({ exportName }) => 
+    // `default` is a reserved word — `export const default=…` is illegal; it must
+    // be re-emitted as a default export.
+    exportName === "default"
+        ? `export default ${EXP}.default;`
+        : `export const ${exportName}=${EXP}.${exportName};`);
+    if (hasDefault)
+        postParts.push(`export default ${EXP}.default;`);
+    return {
+        top: topParts.join("\n"),
+        bridgeDecl: bridge.length || hasDefault ? `var ${EXP}={};` : "",
+        bridgeAssign,
+        postExports: postParts.join("\n"),
+        body,
+        needsAsync: hasTopLevelAwait(program),
+    };
+}
+// Module-style IIFE wrapper — hides globals from the outer scope.
+//
+// CJS code: wrapped exactly as before (byte-identical).
+// ESM code: import/export are hoisted outside the IIFE so the output is a valid
+// ES module; the wrapped body keeps its scope isolation + anti-tamper layers.
+function wrapInModuleIife(code) {
+    const esm = splitEsm(code);
+    if (!esm)
+        return iifeShell(code); // pure CJS — unchanged behaviour
+    const innerBody = esm.bridgeAssign ? esm.body + "\n" + esm.bridgeAssign : esm.body;
+    return [esm.top, esm.bridgeDecl, iifeShell(innerBody, esm.needsAsync), esm.postExports]
+        .filter(Boolean)
+        .join("\n");
+}