seabox 0.1.0-beta.3 → 0.1.0

package/lib/native-scanner.mjs

@@ -0,0 +1,203 @@
+/**
+ * native-scanner.mjs
+ * Deep scanning of node_modules for native modules and automatic detection.
+ */
+
+import fs from 'fs/promises';
+import fsSync from 'fs';
+import path from 'path';
+import * as diag from './diagnostics.mjs';
+
+/**
+ * @typedef {Object} NativeModuleMetadata
+ * @property {string} name - Module name
+ * @property {string} path - Absolute path to module root
+ * @property {string} version - Module version
+ * @property {boolean} hasBindingGyp - Whether binding.gyp exists
+ * @property {string[]} binaryFiles - Detected .node files
+ */
+
+/**
+ * Scan node_modules directory for native modules
+ * @param {string} projectRoot - Project root directory
+ * @param {boolean} verbose - Enable verbose logging
+ * @returns {Promise<NativeModuleMetadata[]>}
+ */
+export async function scanDependenciesForNativeModules(projectRoot, verbose = false) {
+  const nativeModules = [];
+  const nodeModulesPath = path.join(projectRoot, 'node_modules');
+
+  if (!fsSync.existsSync(nodeModulesPath)) {
+    diag.verbose('No node_modules directory found');
+    return [];
+  }
+
+  diag.verbose('Scanning node_modules for native modules');
+
+  /**
+   * Recursively scan a directory for packages
+   */
+  async function scanDir(dir, isScoped = false) {
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        // Skip hidden directories and bin
+        if (entry.name.startsWith('.') || entry.name === '.bin') {
+          continue;
+        }
+
+        const fullPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory()) {
+          const pkgPath = path.join(fullPath, 'package.json');
+
+          // Check if this is a scoped package directory
+          if (entry.name.startsWith('@')) {
+            await scanDir(fullPath, true);
+            continue;
+          }
+
+          // Check if package.json exists
+          if (fsSync.existsSync(pkgPath)) {
+            const moduleInfo = await analyzePackage(fullPath, pkgPath);
+            if (moduleInfo) {
+              nativeModules.push(moduleInfo);
+            }
+          }
+        }
+      }
+    } catch (err) {
+      diag.verbose(`Error scanning directory: ${dir} - ${err.message}`);
+    }
+  }
+
+  /**
+   * Analyze a package to determine if it's a native module
+   */
+  async function analyzePackage(modulePath, pkgPath) {
+    try {
+      const pkgContent = await fs.readFile(pkgPath, 'utf8');
+      const pkg = JSON.parse(pkgContent);
+
+      // Check for native module indicators
+      const hasBindingGyp = fsSync.existsSync(path.join(modulePath, 'binding.gyp'));
+      const hasGypfile = pkg.gypfile === true;
+      const hasBinaryField = pkg.binary != null;
+
+      if (!hasBindingGyp && !hasGypfile && !hasBinaryField) {
+        return null;
+      }
+
+      // Find .node files
+      const binaryFiles = await findNodeFiles(modulePath);
+
+      if (hasBindingGyp || hasGypfile || binaryFiles.length > 0) {
+        return {
+          name: pkg.name,
+          path: modulePath,
+          version: pkg.version,
+          hasBindingGyp: hasBindingGyp,
+          binaryFiles: binaryFiles
+        };
+      }
+
+      return null;
+    } catch (err) {
+      // Ignore packages with invalid package.json
+      return null;
+    }
+  }
+
+  /**
+   * Find all .node files in a directory tree
+   */
+  async function findNodeFiles(dir, maxDepth = 5, currentDepth = 0) {
+    const nodeFiles = [];
+
+    if (currentDepth > maxDepth) {
+      return nodeFiles;
+    }
+
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory()) {
+          // Skip node_modules subdirectories
+          if (entry.name === 'node_modules') {
+            continue;
+          }
+
+          // Recurse into subdirectories
+          const subFiles = await findNodeFiles(fullPath, maxDepth, currentDepth + 1);
+          nodeFiles.push(...subFiles);
+        } else if (entry.name.endsWith('.node')) {
+          nodeFiles.push(fullPath);
+        }
+      }
+    } catch (err) {
+      // Ignore read errors
+    }
+
+    return nodeFiles;
+  }
+
+  await scanDir(nodeModulesPath);
+
+  diag.verbose(`Found ${nativeModules.length} native modules`);
+  for (const mod of nativeModules) {
+    diag.verbose(`- ${mod.name}@${mod.version} (${mod.binaryFiles.length} binaries)`, 1);
+  }
+
+  return nativeModules;
+}
+
+/**
+ * Find the build output path for a native module
+ * @param {string} moduleRoot - Root directory of the native module
+ * @param {string} target - Build target (e.g., node24.11.0-win32-x64)
+ * @returns {Promise<string|null>}
+ */
+export async function findNativeModuleBuildPath(moduleRoot, target) {
+  const { platform, arch } = parseTarget(target);
+  
+  // Common build output locations
+  const searchPaths = [
+    path.join(moduleRoot, 'build/Release'),
+    path.join(moduleRoot, 'build/Debug'),
+    path.join(moduleRoot, 'lib/binding', `${platform}-${arch}`),
+    path.join(moduleRoot, 'prebuilds', `${platform}-${arch}`)
+  ];
+
+  for (const searchPath of searchPaths) {
+    if (fsSync.existsSync(searchPath)) {
+      // Look for .node files
+      const files = await fs.readdir(searchPath);
+      const nodeFile = files.find(f => f.endsWith('.node'));
+      
+      if (nodeFile) {
+        return path.join(searchPath, nodeFile);
+      }
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Parse a target string into components
+ */
+function parseTarget(target) {
+  const match = target.match(/^node(\d+\.\d+\.\d+)-(\w+)-(\w+)$/);
+  if (!match) {
+    throw new Error(`Cannot parse target: ${target}`);
+  }
+  return {
+    nodeVersion: match[1],
+    platform: match[2],
+    arch: match[3]
+  };
+}

package/lib/{obfuscate.js → obfuscate.mjs}

@@ -1,7 +1,11 @@
 /**
- * @file Obfuscate bootstrap code to protect encryption keys and decryption logic
+ * obfuscate.mjs
+ * Obfuscate bootstrap code to protect encryption keys and decryption logic
  */
 
+import Module from 'module';
+
+const require = Module.createRequire(import.meta.url);
 const JavaScriptObfuscator = require('javascript-obfuscator');
 
 /**
@@ -10,11 +14,9 @@ const JavaScriptObfuscator = require('javascript-obfuscator');
  * @param {string} bootstrapCode - The bootstrap JavaScript code to obfuscate
  * @returns {string} Obfuscated JavaScript code
  */
-function obfuscateBootstrap(bootstrapCode) {
+export function obfuscateBootstrap(bootstrapCode) {
   const obfuscationResult = JavaScriptObfuscator.obfuscate(bootstrapCode, {
     // Maximum protection settings for encryption key and decryption logic
-    
-    // String encoding
     stringArray: true,
     stringArrayThreshold: 1,
     stringArrayEncoding: ['rc4'],
@@ -25,49 +27,25 @@ function obfuscateBootstrap(bootstrapCode) {
     stringArrayWrappersChainedCalls: true,
     stringArrayWrappersParametersMaxCount: 5,
     stringArrayWrappersType: 'function',
-    
-    // Control flow
     controlFlowFlattening: true,
     controlFlowFlatteningThreshold: 1,
     deadCodeInjection: true,
     deadCodeInjectionThreshold: 0.4,
-    
-    // Code transformations
     transformObjectKeys: true,
     splitStrings: true,
     splitStringsChunkLength: 10,
-    
-    // Identifiers
     identifierNamesGenerator: 'hexadecimal',
     identifiersPrefix: '',
-    renameGlobals: false, // Keep false - we need to preserve global scope
-    renameProperties: false, // Keep false - breaks sea.getAsset patching
-    
-    // Self-defending
+    renameGlobals: false,
+    renameProperties: false,
     selfDefending: true,
-    
-    // Compact output
     compact: true,
-    
-    // Additional obfuscation
     numbersToExpressions: true,
     simplify: true,
-    
-    // Disable source maps (we don't want them)
-    sourceMap: false,
-    
-    // Performance vs protection tradeoff
-    // (these settings prioritize protection over performance)
     target: 'node',
     ignoreImports: true,
-    
-    // Comments removal
-    // (handled automatically by compact: true)
+    sourceMap: false
   });
 
   return obfuscationResult.getObfuscatedCode();
 }
-
-module.exports = {
-  obfuscateBootstrap
-};

package/lib/require-shim.mjs

@@ -0,0 +1,113 @@
+/**
+ * require-shim.js
+ * SEA-aware require replacement that intercepts .node module loads
+ */
+
+import * as diag from './diagnostics.mjs';
+
+/**
+ * Generate the __requireSeabox shim code
+ * @returns {string} - The shim code to inject
+ */
+export function generateRequireShim() {
+  return `
+// SEA-aware require replacement
+const __originalRequire = require;
+function __requireSeabox(id) {
+  // Check if this is a native module request (either .node extension or asset key)
+  if (typeof id === 'string' && (id.endsWith('.node') || id.startsWith('native/'))) {
+    // Check if we're in SEA mode
+    let isSEA = false;
+    try {
+      const sea = __originalRequire('node:sea');
+      isSEA = sea.isSea();
+    } catch (e) {
+      // Not in SEA mode
+    }
+    
+    if (isSEA && global.__seaNativeModuleMap) {
+      const path = __originalRequire('path');
+      
+      // Try multiple resolution strategies
+      const basename = path.basename(id);
+      const nameWithoutExt = basename.replace(/\\.node$/, '');
+      
+      // 1. Try the ID as-is (asset key)
+      let resolvedPath = global.__seaNativeModuleMap[id];
+      
+      // 2. Try basename
+      if (!resolvedPath) {
+        resolvedPath = global.__seaNativeModuleMap[basename];
+      }
+      
+      // 3. Try name without extension
+      if (!resolvedPath) {
+        resolvedPath = global.__seaNativeModuleMap[nameWithoutExt];
+      }
+      
+      // 4. Try searching for matching keys
+      if (!resolvedPath) {
+        for (const [key, value] of Object.entries(global.__seaNativeModuleMap)) {
+          if (key.endsWith(basename) || key.endsWith(nameWithoutExt)) {
+            resolvedPath = value;
+            break;
+          }
+        }
+      }
+      
+      if (resolvedPath) {
+        const module = { exports: {} };
+        process.dlopen(module, resolvedPath);
+        return module.exports;
+      } else {
+        console.error('[X] Native module not found in map');
+        console.error('    Requested:', id);
+        console.error('    Available:', Object.keys(global.__seaNativeModuleMap));
+      }
+    }
+  }
+  
+  // Handle bindings module - return a shim that uses our native module map
+  if (id === 'bindings') {
+    return function(name) {
+      if (!name.endsWith('.node')) {
+        name += '.node';
+      }
+      return __requireSeabox(name);
+    };
+  }
+  
+  // Fall back to original require
+  return __originalRequire(id);
+}
+`;
+}
+
+/**
+ * Replace all require() calls with __requireSeabox() in source code
+ * @param {string} sourceCode - The source code to transform
+ * @param {boolean} verbose - Enable verbose logging
+ * @returns {Object} - { code: string, count: number }
+ */
+export function replaceRequireCalls(sourceCode, verbose = false) {
+  diag.verbose('Replacing require() calls with __requireSeabox()');
+  
+  const requirePattern = /\brequire\s*\(/g;
+  let replacementCount = 0;
+  
+  const transformedCode = sourceCode.replace(requirePattern, (match) => {
+    replacementCount++;
+    return '__requireSeabox(';
+  });
+  
+  diag.verbose(`Replaced ${replacementCount} require() calls`);
+  
+  return {
+    code: transformedCode,
+    count: replacementCount
+  };
+}
+
+
+
+