A minimalist javascript compiler for the Web.
This library "compiles" your javascript code into QuickJS bytecode, and by doing so, adds a small layer of protection on top of your javascript code.
Yes, you can run this in the browser thanks to WebAssembly.
Similar to a module called Bytenode, which uses V8's compiler to turn your javascript code into optimized bytecode, this also compiles your code into Bytecode that is executed by QuickJS inside your browser.
This should not be used by heavy modules, because QuickJS is slower than V8, and you completely avoid all browser optimizations.
A good example of usage, would be specific algorithms that you want to protect from public eye. Since you have direct access to the host and DOM, you can use available data and modify it inside a "protected" sandbox.
npm install byteweb
or
yarn add byteweb
The usage is pretty straight forward.
import { getInstance } from "byteweb"
getInstance().then(vm => {
// Making a host variable that is used inside the VM
window["hostVariable"] = "world!"
// JavaScript that needs to be protected
const code = vm.bytecode(`let a = "Hello " + host.run("window.hostVariable"); a;`);
// Evaluating the generated bytecode;
const result = vm.eval(code)
// Getting "Hello world!" in the console.
console.log(result)
})The function bytecode returns an Uint8Array which you can convert into base64 and distribute protected and evaluate later on.
You can invoke code or get data from the host using host.run(code:string):string.
- You don't have direct access to the host, you have to use
host.run(code)inside the sandbox. - Strings are visible, you can use gnirt or terser for better protection.
- Bytenode - Inspiration
- quickjs-eval - QJS part template
- quickjs - Awesome javascript runtime