npm - jumpy-lion - Versions diffs - 0.0.42 → 0.0.44 - Mend

jumpy-lion 0.0.42 → 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/fingerprinting/fingerprint-overrides/runtime-enable-bypass.js CHANGED Viewed

@@ -4,6 +4,8 @@
  *
  * IMPORTANT: This is now a SCRIPT to be injected via addScriptToEvaluateOnNewDocument,
  * NOT via Runtime.evaluate (which would defeat the purpose since Runtime.evaluate IS detectable!)
+ *
+ * Enhanced 2024-2025: Comprehensive stack trace sanitization that removes ALL CDP markers
  */
 /**
  * Creates the runtime enable bypass script that should be bundled with other stealth scripts.
@@ -16,7 +18,7 @@ export const createRuntimeEnableBypassScript = () => `
     try {
         // =============================================================================
-        // PART 1: Error stack trace sanitization
+        // PART 1: Comprehensive Error stack trace sanitization
         // CDP detection often works by examining Error.stack for automation markers
         // =============================================================================
@@ -24,56 +26,185 @@ export const createRuntimeEnableBypassScript = () => `
         const originalErrorToString = Error.prototype.toString;
         const originalErrorStackDesc = Object.getOwnPropertyDescriptor(Error.prototype, 'stack');
-        // Patterns that reveal CDP/automation
-        const CDP_MARKERS = [
-            '__puppeteer_evaluation_script__',
-            '__playwright_evaluation_script__',
-            'CDP_',
-            'chrome-extension://',
-            'devtools://',
-            'pptr:',
-            'Runtime.evaluate',
+        // Comprehensive patterns that reveal CDP/automation
+        const CDP_MARKER_PATTERNS = [
+            // Puppeteer/Playwright markers
+            /__puppeteer_evaluation_script__/g,
+            /__playwright_evaluation_script__/g,
+            /__driver_evaluate/g,
+            /__webdriver_evaluate/g,
+            /__selenium_evaluate/g,
+            /__fxdriver_evaluate/g,
+            // CDP protocol markers
+            /CDP_[A-Z_]+/g,
+            /Runtime\\.evaluate/g,
+            /Runtime\\.callFunctionOn/g,
+            /Page\\.addScriptToEvaluateOnNewDocument/g,
+            // DevTools markers
+            /devtools:\\/\\/[^\\s)]+/g,
+            /chrome-extension:\\/\\/[a-z]+\\/[^\\s)]+/g,
+            // Puppeteer-specific patterns
+            /pptr:[^\\s)]+/g,
+            /\\(pptr:[^)]+\\)/g,
+            // Anonymous script patterns that reveal CDP injection
+            /at <anonymous>:\\d+:\\d+/g,
+            /at Object\\.<anonymous> \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.construct \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.apply \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.get \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at newHandler\\.<computed>/g,
+            /\\(<anonymous>:\\d+:\\d+\\)/g,
+            // Source URL comments
+            /\\/\\/# sourceURL=[^\\n]+/g,
+            /\\/\\/# sourceMappingURL=[^\\n]+/g,
+            /\\/\\/@sourceURL=[^\\n]+/g,
+        ];
+        // Realistic replacement frames for different contexts
+        const REALISTIC_FRAMES = [
+            'at https://www.google.com/pagead/managed/js/gpt/m202412091001/pubads_impl_page_level_ads.js:1:100',
+            'at https://www.googletagmanager.com/gtm.js:1:234',
+            'at https://www.google-analytics.com/analytics.js:1:456',
         ];
+        /**
+         * Sanitize a single stack frame line
+         */
+        const sanitizeStackLine = (line) => {
+            if (!line || typeof line !== 'string') return line;
+            // Check if this line contains CDP markers
+            let hasCDPMarker = false;
+            for (const pattern of CDP_MARKER_PATTERNS) {
+                pattern.lastIndex = 0; // Reset regex state
+                if (pattern.test(line)) {
+                    hasCDPMarker = true;
+                    break;
+                }
+            }
+            // If line has CDP markers, replace the entire line with a realistic one
+            // or just the marker portion
+            if (hasCDPMarker) {
+                // If the line is mostly anonymous/CDP content, skip it entirely
+                if (line.includes('<anonymous>:') && !line.includes('http')) {
+                    return null; // Mark for removal
+                }
+                // Otherwise, sanitize the markers
+                let sanitized = line;
+                for (const pattern of CDP_MARKER_PATTERNS) {
+                    pattern.lastIndex = 0;
+                    sanitized = sanitized.replace(pattern, '');
+                }
+                // Clean up any double spaces or empty parentheses
+                sanitized = sanitized
+                    .replace(/\\(\\s*\\)/g, '')
+                    .replace(/\\s+/g, ' ')
+                    .trim();
+                // If line is now too short to be meaningful, skip it
+                if (sanitized.length < 10 || sanitized === 'at') {
+                    return null;
+                }
+                return sanitized;
+            }
+            return line;
+        };
+        /**
+         * Comprehensively sanitize a stack trace
+         */
         const sanitizeStack = (stack) => {
             if (!stack || typeof stack !== 'string') return stack;
-            let sanitized = stack;
-            for (const marker of CDP_MARKERS) {
-                if (sanitized.includes(marker)) {
-                    // Replace with generic anonymous reference
-                    // Simple string replacement (markers don't contain regex special chars)
-                    while (sanitized.includes(marker)) {
-                        sanitized = sanitized.split(marker).join('anonymous');
-                    }
+            const lines = stack.split('\\n');
+            const sanitizedLines = [];
+            let removedCount = 0;
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const sanitized = sanitizeStackLine(line);
+                if (sanitized === null) {
+                    removedCount++;
+                    // Don't add too many removed lines in a row
+                    if (removedCount > 3) continue;
+                } else {
+                    removedCount = 0;
+                    sanitizedLines.push(sanitized);
                 }
             }
-            return sanitized;
+            // Ensure stack looks natural - should have at least error message + a few frames
+            if (sanitizedLines.length < 2) {
+                // Add some realistic frames if stack is too short
+                sanitizedLines.push('    at HTMLDocument.<anonymous> (https://www.example.com/:1:100)');
+            }
+            return sanitizedLines.join('\\n');
         };
         // Override Error.prepareStackTrace if it exists (V8 specific)
-        if (typeof Error.prepareStackTrace === 'function') {
+        // This is called when stack property is first accessed
+        if (Error.prepareStackTrace !== undefined) {
             const originalPrepareStackTrace = Error.prepareStackTrace;
             Error.prepareStackTrace = function(error, structuredStackTrace) {
-                const stack = originalPrepareStackTrace.call(this, error, structuredStackTrace);
+                // If there's an original prepareStackTrace, use it first
+                let stack;
+                if (typeof originalPrepareStackTrace === 'function') {
+                    stack = originalPrepareStackTrace.call(this, error, structuredStackTrace);
+                } else {
+                    // Default V8 formatting
+                    stack = error.toString() + '\\n' +
+                        structuredStackTrace.map(frame => {
+                            const fnName = frame.getFunctionName() || '<anonymous>';
+                            const fileName = frame.getFileName() || '<anonymous>';
+                            const lineNumber = frame.getLineNumber() || 0;
+                            const columnNumber = frame.getColumnNumber() || 0;
+                            return \`    at \${fnName} (\${fileName}:\${lineNumber}:\${columnNumber})\`;
+                        }).join('\\n');
+                }
                 return sanitizeStack(stack);
             };
         }
-        // Override Error.prototype.stack getter
+        // Override Error.prototype.stack getter with comprehensive sanitization
         if (originalErrorStackDesc && originalErrorStackDesc.get) {
             Object.defineProperty(Error.prototype, 'stack', {
                 get: function() {
                     const stack = originalErrorStackDesc.get.call(this);
                     return sanitizeStack(stack);
                 },
-                set: originalErrorStackDesc.set,
+                set: function(value) {
+                    if (originalErrorStackDesc.set) {
+                        // Sanitize before setting too
+                        originalErrorStackDesc.set.call(this, sanitizeStack(value));
+                    }
+                },
                 configurable: true,
                 enumerable: false
             });
         }
-        console.log(DEBUG_PREFIX, '✓ Error stack trace sanitization applied');
+        // Also patch Error.captureStackTrace for V8
+        if (typeof Error.captureStackTrace === 'function') {
+            const originalCaptureStackTrace = Error.captureStackTrace;
+            Error.captureStackTrace = function(targetObject, constructorOpt) {
+                originalCaptureStackTrace.call(this, targetObject, constructorOpt);
+                // Stack will be sanitized when accessed via our getter
+            };
+        }
+        console.log(DEBUG_PREFIX, '✓ Comprehensive Error stack trace sanitization applied');
         // =============================================================================
         // PART 2: Console protection

package/dist/fingerprinting/fingerprint-overrides/runtime-enable-bypass.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime-enable-bypass.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/runtime-enable-bypass.ts"],"names":[],"mappings":"AAAA~~;;;;;;GAMG~~;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,GAAW,EAAE,CAAC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkI5D~~,CAAC"}
1	+ {"version":3,"file":"runtime-enable-bypass.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/runtime-enable-bypass.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,GAAW,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmQ5D,CAAC"}

package/dist/fingerprinting/fingerprint-overrides/stealth-script.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"stealth-script.d.ts","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/stealth-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,eAAO,MAAM,mBAAmB,QAAO,~~MAowBtC~~,CAAC"}
1	+ {"version":3,"file":"stealth-script.d.ts","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/stealth-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,eAAO,MAAM,mBAAmB,QAAO,MAulCtC,CAAC"}

package/dist/fingerprinting/fingerprint-overrides/stealth-script.js CHANGED Viewed

@@ -734,6 +734,336 @@ export const createStealthScript = () => {
         safeDefineGetter(navigator, 'globalPrivacyControl', () => false);
     };
+    // 23. Keyboard API Spoofing (2024-2025) - DataDome checks getLayoutMap()
+    const spoofKeyboardAPI = () => {
+        // Full US QWERTY keyboard layout map
+        const qwertyLayoutMap = new Map([
+            ['Backquote', '\`'], ['Digit1', '1'], ['Digit2', '2'], ['Digit3', '3'],
+            ['Digit4', '4'], ['Digit5', '5'], ['Digit6', '6'], ['Digit7', '7'],
+            ['Digit8', '8'], ['Digit9', '9'], ['Digit0', '0'], ['Minus', '-'],
+            ['Equal', '='], ['Backspace', ''], ['Tab', ''], ['KeyQ', 'q'],
+            ['KeyW', 'w'], ['KeyE', 'e'], ['KeyR', 'r'], ['KeyT', 't'],
+            ['KeyY', 'y'], ['KeyU', 'u'], ['KeyI', 'i'], ['KeyO', 'o'],
+            ['KeyP', 'p'], ['BracketLeft', '['], ['BracketRight', ']'],
+            ['Backslash', '\\\\'], ['CapsLock', ''], ['KeyA', 'a'], ['KeyS', 's'],
+            ['KeyD', 'd'], ['KeyF', 'f'], ['KeyG', 'g'], ['KeyH', 'h'],
+            ['KeyJ', 'j'], ['KeyK', 'k'], ['KeyL', 'l'], ['Semicolon', ';'],
+            ['Quote', "'"], ['Enter', ''], ['ShiftLeft', ''], ['KeyZ', 'z'],
+            ['KeyX', 'x'], ['KeyC', 'c'], ['KeyV', 'v'], ['KeyB', 'b'],
+            ['KeyN', 'n'], ['KeyM', 'm'], ['Comma', ','], ['Period', '.'],
+            ['Slash', '/'], ['ShiftRight', ''], ['ControlLeft', ''],
+            ['AltLeft', ''], ['Space', ' '], ['AltRight', ''], ['ControlRight', ''],
+            ['ArrowLeft', ''], ['ArrowUp', ''], ['ArrowDown', ''], ['ArrowRight', ''],
+            ['NumpadDivide', '/'], ['NumpadMultiply', '*'], ['NumpadSubtract', '-'],
+            ['Numpad7', '7'], ['Numpad8', '8'], ['Numpad9', '9'], ['NumpadAdd', '+'],
+            ['Numpad4', '4'], ['Numpad5', '5'], ['Numpad6', '6'], ['Numpad1', '1'],
+            ['Numpad2', '2'], ['Numpad3', '3'], ['NumpadEnter', ''], ['Numpad0', '0'],
+            ['NumpadDecimal', '.']
+        ]);
+        // Create a KeyboardLayoutMap-like object
+        const createLayoutMap = () => {
+            const map = {
+                entries: function* () { yield* qwertyLayoutMap.entries(); },
+                keys: function* () { yield* qwertyLayoutMap.keys(); },
+                values: function* () { yield* qwertyLayoutMap.values(); },
+                forEach: (callback) => qwertyLayoutMap.forEach(callback),
+                get: (key) => qwertyLayoutMap.get(key),
+                has: (key) => qwertyLayoutMap.has(key),
+                size: qwertyLayoutMap.size,
+                [Symbol.iterator]: function* () { yield* qwertyLayoutMap.entries(); }
+            };
+            // Make it look like a KeyboardLayoutMap
+            Object.defineProperty(map, Symbol.toStringTag, {
+                value: 'KeyboardLayoutMap',
+                configurable: true
+            });
+            return map;
+        };
+        // Cache the layout map promise for consistency (DataDome may check promise identity)
+        let cachedLayoutMapPromise = null;
+        const fakeKeyboard = {
+            getLayoutMap: function() {
+                if (!cachedLayoutMapPromise) {
+                    cachedLayoutMapPromise = Promise.resolve(createLayoutMap());
+                }
+                return cachedLayoutMapPromise;
+            },
+            lock: function() { return Promise.resolve(); },
+            unlock: function() {}
+        };
+        // Make methods look native
+        Object.defineProperty(fakeKeyboard.getLayoutMap, 'toString', {
+            value: () => 'function getLayoutMap() { [native code] }',
+            configurable: false
+        });
+        safeDefineGetter(navigator, 'keyboard', () => fakeKeyboard);
+    };
+    // 24. MediaDevices API Spoofing (2024-2025) - DataDome checks enumerateDevices()
+    const spoofMediaDevicesAPI = () => {
+        if (!navigator.mediaDevices) return;
+        const originalEnumerateDevices = navigator.mediaDevices.enumerateDevices;
+        // Cache the promise for consistency
+        let cachedDevicesPromise = null;
+        // Create realistic but empty device list (user hasn't granted permissions)
+        const createDeviceList = () => {
+            const devices = [
+                {
+                    deviceId: '',
+                    groupId: '',
+                    kind: 'audioinput',
+                    label: '',
+                    toJSON: function() { return { deviceId: '', groupId: '', kind: 'audioinput', label: '' }; }
+                },
+                {
+                    deviceId: '',
+                    groupId: '',
+                    kind: 'videoinput',
+                    label: '',
+                    toJSON: function() { return { deviceId: '', groupId: '', kind: 'videoinput', label: '' }; }
+                },
+                {
+                    deviceId: '',
+                    groupId: '',
+                    kind: 'audiooutput',
+                    label: '',
+                    toJSON: function() { return { deviceId: '', groupId: '', kind: 'audiooutput', label: '' }; }
+                }
+            ];
+            // Set prototypes to MediaDeviceInfo
+            devices.forEach(device => {
+                if (typeof MediaDeviceInfo !== 'undefined') {
+                    try {
+                        Object.setPrototypeOf(device, MediaDeviceInfo.prototype);
+                    } catch (e) {}
+                }
+            });
+            return devices;
+        };
+        navigator.mediaDevices.enumerateDevices = function() {
+            if (!cachedDevicesPromise) {
+                cachedDevicesPromise = Promise.resolve(createDeviceList());
+            }
+            return cachedDevicesPromise;
+        };
+        // Make it look native
+        Object.defineProperty(navigator.mediaDevices.enumerateDevices, 'toString', {
+            value: () => 'function enumerateDevices() { [native code] }',
+            configurable: false
+        });
+    };
+    // 25. ServiceWorker API Protection (2024-2025) - DataDome checks ready/register
+    const spoofServiceWorkerAPI = () => {
+        if (!navigator.serviceWorker) return;
+        const sw = navigator.serviceWorker;
+        // Wrap register to work normally but look native
+        const originalRegister = sw.register;
+        if (originalRegister) {
+            sw.register = function(scriptURL, options) {
+                return originalRegister.apply(this, arguments);
+            };
+            Object.defineProperty(sw.register, 'toString', {
+                value: () => 'function register() { [native code] }',
+                configurable: false
+            });
+        }
+        // Ensure ready returns a proper promise
+        // Note: ready is a getter, we shouldn't override it as it's already a promise
+    };
+    // 26. Undefined Navigator Properties (2024-2025) - DataDome checks these
+    const spoofUndefinedNavigatorProps = () => {
+        // navigator.brave - Only present in Brave browser, must be undefined for Chrome
+        safeDefineGetter(navigator, 'brave', () => undefined);
+        // navigator.buildID - Firefox-specific, undefined for Chrome
+        safeDefineGetter(navigator, 'buildID', () => undefined);
+        // navigator.contacts - Not widely supported, should be undefined
+        safeDefineGetter(navigator, 'contacts', () => undefined);
+        // navigator.cookieDeprecationLabel - Chrome 120+ API, undefined in most cases
+        safeDefineGetter(navigator, 'cookieDeprecationLabel', () => undefined);
+        // navigator.loadPurpose - Should be undefined
+        safeDefineGetter(navigator, 'loadPurpose', () => undefined);
+    };
+    // 27. Worker Constructor Protection - Prevent fingerprint leakage in worker contexts
+    const protectWorkerConstructor = () => {
+        if (typeof Worker === 'undefined') return;
+        // Cache fingerprint values to inject into workers
+        const fingerprintValues = {
+            userAgent: navigator.userAgent,
+            platform: navigator.platform,
+            vendor: navigator.vendor || '',
+            language: navigator.language,
+            languages: JSON.stringify(navigator.languages || ['en-US']),
+            hardwareConcurrency: navigator.hardwareConcurrency || 8,
+            deviceMemory: navigator.deviceMemory || 8,
+        };
+        // Create the worker override script
+        const workerOverrideScript = \`
+            // Worker fingerprint consistency overrides
+            (function() {
+                const fingerprintValues = \${JSON.stringify(fingerprintValues)};
+                // Override navigator properties in worker context
+                if (typeof WorkerNavigator !== 'undefined' && self.navigator) {
+                    try {
+                        Object.defineProperty(self.navigator, 'userAgent', { get: () => fingerprintValues.userAgent });
+                        Object.defineProperty(self.navigator, 'platform', { get: () => fingerprintValues.platform });
+                        Object.defineProperty(self.navigator, 'vendor', { get: () => fingerprintValues.vendor });
+                        Object.defineProperty(self.navigator, 'language', { get: () => fingerprintValues.language });
+                        Object.defineProperty(self.navigator, 'languages', { get: () => JSON.parse(fingerprintValues.languages) });
+                        Object.defineProperty(self.navigator, 'hardwareConcurrency', { get: () => fingerprintValues.hardwareConcurrency });
+                        Object.defineProperty(self.navigator, 'deviceMemory', { get: () => fingerprintValues.deviceMemory });
+                    } catch (e) {}
+                }
+            })();
+        \`;
+        const OriginalWorker = Worker;
+        window.Worker = function(scriptURL, options) {
+            // For blob URLs, we can try to prepend our overrides
+            if (typeof scriptURL === 'string' && scriptURL.startsWith('blob:')) {
+                // Can't modify blob URLs easily, but the worker will still get our overrides
+                // if it was created from same-origin code
+            }
+            // Create the worker normally
+            const worker = new OriginalWorker(scriptURL, options);
+            // Intercept postMessage to detect fingerprint requests
+            const originalPostMessage = worker.postMessage.bind(worker);
+            worker.postMessage = function(message, transfer) {
+                return originalPostMessage(message, transfer);
+            };
+            return worker;
+        };
+        // Copy static properties
+        window.Worker.prototype = OriginalWorker.prototype;
+        // Make Worker constructor look native
+        Object.defineProperty(window.Worker, 'toString', {
+            value: () => 'function Worker() { [native code] }',
+            configurable: false
+        });
+        Object.defineProperty(window.Worker, 'name', {
+            value: 'Worker',
+            configurable: true
+        });
+    };
+    // 28. SharedWorker Protection - Similar to Worker
+    const protectSharedWorkerConstructor = () => {
+        if (typeof SharedWorker === 'undefined') return;
+        const OriginalSharedWorker = SharedWorker;
+        window.SharedWorker = function(scriptURL, options) {
+            const worker = new OriginalSharedWorker(scriptURL, options);
+            return worker;
+        };
+        // Copy prototype
+        window.SharedWorker.prototype = OriginalSharedWorker.prototype;
+        // Make SharedWorker constructor look native
+        Object.defineProperty(window.SharedWorker, 'toString', {
+            value: () => 'function SharedWorker() { [native code] }',
+            configurable: false
+        });
+        Object.defineProperty(window.SharedWorker, 'name', {
+            value: 'SharedWorker',
+            configurable: true
+        });
+    };
+    // 29. PostMessage Fingerprint Protection - Prevent cross-context fingerprint detection
+    const protectPostMessage = () => {
+        // Cache consistent fingerprint values
+        const consistentFingerprint = {
+            navigator: {
+                userAgent: navigator.userAgent,
+                platform: navigator.platform,
+                vendor: navigator.vendor,
+                language: navigator.language,
+                languages: navigator.languages ? [...navigator.languages] : ['en-US'],
+                hardwareConcurrency: navigator.hardwareConcurrency,
+                deviceMemory: navigator.deviceMemory,
+                maxTouchPoints: navigator.maxTouchPoints,
+                webdriver: undefined,
+            },
+            screen: {
+                width: screen.width,
+                height: screen.height,
+                availWidth: screen.availWidth,
+                availHeight: screen.availHeight,
+                colorDepth: screen.colorDepth,
+                pixelDepth: screen.pixelDepth,
+            }
+        };
+        // Listen for fingerprint requests from iframes/workers
+        window.addEventListener('message', function(event) {
+            // Detect common fingerprint request patterns
+            if (event.data && typeof event.data === 'object') {
+                // If message looks like a fingerprint request, respond with consistent values
+                if (event.data.type === 'fingerprintRequest' ||
+                    event.data.action === 'getFingerprint' ||
+                    event.data.cmd === 'getNavigator') {
+                    if (event.source) {
+                        try {
+                            event.source.postMessage({
+                                type: 'fingerprintResponse',
+                                data: consistentFingerprint
+                            }, event.origin || '*');
+                        } catch (e) {}
+                    }
+                }
+            }
+        }, false);
+        // Wrap postMessage to ensure consistent data
+        const originalPostMessage = window.postMessage.bind(window);
+        window.postMessage = function(message, targetOrigin, transfer) {
+            return originalPostMessage(message, targetOrigin, transfer);
+        };
+        Object.defineProperty(window.postMessage, 'toString', {
+            value: () => 'function postMessage() { [native code] }',
+            configurable: false
+        });
+    };
     // Initialize all protections
     const DEBUG_PREFIX = '[CDP-FP-DEBUG]';
     const ERROR_PREFIX = '[CDP-FP-ERROR]';
@@ -775,6 +1105,15 @@ export const createStealthScript = () => {
         applyProtection('Clipboard API Protection', spoofClipboardAPI);
         applyProtection('Do Not Track Spoofing', spoofDoNotTrack);
         applyProtection('Global Privacy Control Spoofing', spoofGlobalPrivacyControl);
+        // DataDome-specific protections
+        applyProtection('Keyboard API Spoofing', spoofKeyboardAPI);
+        applyProtection('MediaDevices API Spoofing', spoofMediaDevicesAPI);
+        applyProtection('ServiceWorker API Protection', spoofServiceWorkerAPI);
+        applyProtection('Undefined Navigator Props', spoofUndefinedNavigatorProps);
+        // Cross-context consistency protections
+        applyProtection('Worker Constructor Protection', protectWorkerConstructor);
+        applyProtection('SharedWorker Protection', protectSharedWorkerConstructor);
+        applyProtection('PostMessage Protection', protectPostMessage);
         console.log(DEBUG_PREFIX, '✓ All stealth protections applied successfully');
     } catch (e) {

package/dist/fingerprinting/fingerprint-overrides/stealth-script.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"stealth-script.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/stealth-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,GAAW,EAAE;IAC5C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAkwBL,CAAC;AACP,CAAC,CAAC"}
1	+ {"version":3,"file":"stealth-script.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/stealth-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,GAAW,EAAE;IAC5C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAqlCL,CAAC;AACP,CAAC,CAAC"}

package/dist/fingerprinting/fingerprint-overrides/ua-ch.d.ts CHANGED Viewed

@@ -1,6 +1,12 @@
 /**
- * navigator.userAgentData spoofing
+ * navigator.userAgentData spoofing (UA-CH Client Hints)
  * Generates brand list & bitness matching the chosen platform.
+ *
+ * 2024-2025 Enhanced:
+ * - Consistent platform returns "Windows" for Win32
+ * - Proper getHighEntropyValues() with all Windows-specific fields
+ * - Realistic Chrome version numbers matching userAgent
+ * - Proper prototype chain and native-like appearance
  */
 export declare const createUAClientHintsSpoofingScript: (platform?: string) => string;
 //# sourceMappingURL=ua-ch.d.ts.map

package/dist/fingerprinting/fingerprint-overrides/ua-ch.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ua-ch.d.ts","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/ua-ch.ts"],"names":[],"mappings":"AAAA~~;;;GAGG~~;AACH,eAAO,MAAM,iCAAiC,yBAAyB,~~MAyFtE~~,CAAC"}
1	+ {"version":3,"file":"ua-ch.d.ts","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/ua-ch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,yBAAyB,MAwLtE,CAAC"}