Skip to content

cunev/byteweb

Repository files navigation

Byteweb

A minimalist javascript compiler for the Web.

This library "compiles" your javascript code into QuickJS bytecode, and by doing so, adds a small layer of protection on top of your javascript code.

Yes, you can run this in the browser thanks to WebAssembly.

Why?

Similar to a module called Bytenode, which uses V8's compiler to turn your javascript code into optimized bytecode, this also compiles your code into Bytecode that is executed by QuickJS inside your browser.

This should not be used by heavy modules, because QuickJS is slower than V8, and you completely avoid all browser optimizations.

Use cases

A good example of usage, would be specific algorithms that you want to protect from public eye. Since you have direct access to the host and DOM, you can use available data and modify it inside a "protected" sandbox.

Installation

npm install byteweb

or

yarn add byteweb

Usage

The usage is pretty straight forward.

import { getInstance } from "byteweb"

getInstance().then(vm => {
    // Making a host variable that is used inside the VM
    window["hostVariable"] = "world!"

    // JavaScript that needs to be protected
    const code = vm.bytecode(`let a = "Hello " + host.run("window.hostVariable"); a;`);

    // Evaluating the generated bytecode;
    const result = vm.eval(code)

    // Getting "Hello world!" in the console.
    console.log(result)
})

The function bytecode returns an Uint8Array which you can convert into base64 and distribute protected and evaluate later on.

You can invoke code or get data from the host using host.run(code:string):string.

Known issues and limitations

  • You don't have direct access to the host, you have to use host.run(code) inside the sandbox.
  • Strings are visible, you can use gnirt or terser for better protection.

Thanks to

  • Bytenode - Inspiration
  • quickjs-eval - QJS part template
  • quickjs - Awesome javascript runtime

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published