Remove eval and nameRecycling and slight tweaks to presets

Author: MichaelXF

src/obfuscator.ts

@@ -15,7 +15,6 @@ import DeadCode from "./transforms/deadCode";
 import OpaquePredicates from "./transforms/opaquePredicates";
 import Calculator from "./transforms/calculator";
 import ControlFlowFlattening from "./transforms/controlFlowFlattening/controlFlowFlattening";
-import Eval from "./transforms/eval";
 import GlobalConcealing from "./transforms/identifier/globalConcealing";
 import StringSplitting from "./transforms/string/stringSplitting";
 import StringConcealing from "./transforms/string/stringConcealing";
@@ -30,7 +29,6 @@ import ES5 from "./transforms/es5/es5";
 import RGF from "./transforms/rgf";
 import Flatten from "./transforms/flatten";
 import Stack from "./transforms/stack";
-import NameRecycling from "./transforms/identifier/nameRecycling";
 import AntiTooling from "./transforms/antiTooling";
 import Finalizer from "./transforms/finalizer";
 
@@ -78,7 +76,6 @@ export default class Obfuscator extends EventEmitter {
     test(options.deadCode, DeadCode);
     test(options.calculator, Calculator);
     test(options.controlFlowFlattening, ControlFlowFlattening);
-    test(options.eval, Eval);
     test(options.globalConcealing, GlobalConcealing);
     test(options.opaquePredicates, OpaquePredicates);
     test(options.stringSplitting, StringSplitting);
@@ -87,7 +84,6 @@ export default class Obfuscator extends EventEmitter {
     test(options.stack, Stack);
     test(options.duplicateLiteralsRemoval, DuplicateLiteralsRemoval);
     test(options.shuffle, Shuffle);
-    test(options.nameRecycling, NameRecycling);
     test(options.movedDeclarations, MovedDeclarations);
     test(options.minify, Minify);
     test(options.renameVariables, RenameVariables);

src/options.ts

@@ -141,39 +141,6 @@ export interface ObfuscateOptions {
     "hexadecimal" | "randomized" | "zeroWidth" | "mangled" | "number"
   >;
 
-  /**
-   * ### `nameRecycling`
-   *
-   * (Experimental feature)
-   *
-   * Attempts to reuse released names.
-   *
-   * - Potency Medium
-   * - Resilience High
-   * - Cost Low
-   *
-   * ```js
-   * // Input
-   * function percentage(x) {
-   *   var multiplied = x * 100;
-   *   var floored = Math.floor(multiplied);
-   *   var output = floored + "%"
-   *   return output;
-   * }
-   *
-   * // Output
-   * function percentage(x) {
-   *   var multiplied = x * 100;
-   *   var floored = Math.floor(multiplied);
-   *   multiplied = floored + "%";
-   *   return multiplied;
-   * }
-   * ```
-   *
-   * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
-   */
-  nameRecycling?: ProbabilityMap<boolean>;
-
   /**
    * ### `controlFlowFlattening`
    *
@@ -286,48 +253,15 @@ export interface ObfuscateOptions {
    */
   dispatcher?: ProbabilityMap<boolean>;
 
-  /**
-   * ### `eval`
-   *
-   * #### **`Security Warning`**
-   *
-   * From [MDN](<(https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval)**>): Executing JavaScript from a string is an enormous security risk. It is far too easy
-   * for a bad actor to run arbitrary code when you use eval(). Never use eval()!
-   *
-   * Wraps defined functions within eval statements.
-   *
-   * - **`false`** - Avoids using the `eval` function. _Default_.
-   * - **`true`** - Wraps function's code into an `eval` statement.
-   *
-   * ```js
-   * // Output.js
-   * var Q4r1__ = {
-   *   Oo$Oz8t: eval(
-   *     "(function(YjVpAp){var gniSBq6=kHmsJrhOO;switch(gniSBq6){case'RW11Hj5x':return console;}});"
-   *   ),
-   * };
-   * Q4r1__.Oo$Oz8t("RW11Hj5x");
-   * ```
-   *
-   * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
-   */
-  eval?: ProbabilityMap<boolean>;
-
   /**
    * ### `rgf`
    *
    * RGF (Runtime-Generated-Functions) uses the [`new Function(code...)`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/Function) syntax to construct executable code from strings. (`"all"/true/false`)
    *
-   * - **This can break your code. This is also as dangerous as `eval`.**
+   * - **This can break your code.
    * - **Due to the security concerns of arbitrary code execution, you must enable this yourself.**
    * - The arbitrary code is also obfuscated.
    *
-   * | Mode | Description |
-   * | --- | --- |
-   * | `"all"` | Recursively applies to every scope (slow) |
-   * | `true` | Applies to the top level only |
-   * | `false` | Feature disabled |
-   *
    * ```js
    * // Input
    * function log(x){
@@ -342,7 +276,7 @@ export interface ObfuscateOptions {
    *
    * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
    */
-  rgf?: ProbabilityMap<boolean | "all">;
+  rgf?: ProbabilityMap<boolean>;
 
   /**
    * ### `stack`
@@ -678,7 +612,6 @@ const validProperties = new Set([
   "renameVariables",
   "renameGlobals",
   "identifierGenerator",
-  "nameRecycling",
   "controlFlowFlattening",
   "globalConcealing",
   "stringCompression",
@@ -687,7 +620,6 @@ const validProperties = new Set([
   "stringSplitting",
   "duplicateLiteralsRemoval",
   "dispatcher",
-  "eval",
   "rgf",
   "objectExtraction",
   "flatten",
@@ -868,6 +800,10 @@ export async function correctOptions(
         "alert",
         "confirm",
         "location",
+        "btoa",
+        "atob",
+        "unescape",
+        "encodeURIComponent",
       ].forEach((x) => options.globalVariables.add(x));
     } else {
       // node
@@ -876,6 +812,8 @@ export async function correctOptions(
         "Buffer",
         "require",
         "process",
+        "exports",
+        "module",
         "__dirname",
         "__filename",
       ].forEach((x) => options.globalVariables.add(x));
@@ -887,6 +825,7 @@ export async function correctOptions(
       "parseInt",
       "parseFloat",
       "Math",
+      "JSON",
       "Promise",
       "String",
       "Boolean",
@@ -906,8 +845,6 @@ export async function correctOptions(
       "setImmediate",
       "clearImmediate",
       "queueMicrotask",
-      "exports",
-      "module",
       "isNaN",
       "isFinite",
       "Set",

src/presets.ts

@@ -17,7 +17,7 @@ import { ObfuscateOptions } from "./options";
  * 10. Minified output
  *
  * ## **`Disabled features`**
- * - `eval` Use at your own risk!
+ * - `rgf` Use at your own risk!
  *
  * ### Potential Issues
  * 1. *String Encoding* can corrupt files. Disable `stringEncoding` manually if this happens.
@@ -51,7 +51,6 @@ const highPreset: ObfuscateOptions = {
   stringSplitting: 0.75,
 
   // Use at own risk
-  eval: false,
   rgf: false,
 };
 
@@ -66,9 +65,9 @@ const mediumPreset: ObfuscateOptions = {
   calculator: true,
   compact: true,
   hexadecimalNumbers: true,
-  controlFlowFlattening: 0.5,
+  controlFlowFlattening: 0.25,
   deadCode: 0.025,
-  dispatcher: 0.75,
+  dispatcher: 0.5,
   duplicateLiteralsRemoval: 0.5,
   globalConcealing: true,
   identifierGenerator: "randomized",
@@ -95,10 +94,10 @@ const lowPreset: ObfuscateOptions = {
   calculator: true,
   compact: true,
   hexadecimalNumbers: true,
-  controlFlowFlattening: 0.25,
+  controlFlowFlattening: 0.1,
   deadCode: 0.01,
-  dispatcher: 0.5,
-  duplicateLiteralsRemoval: true,
+  dispatcher: 0.25,
+  duplicateLiteralsRemoval: 0.5,
   identifierGenerator: "randomized",
   minify: true,
   movedDeclarations: true,