Open Le0Developer opened 1 year ago
Hi you're right. JS-confuser only places var
right now. The obfuscator has a much easier time dealing with var
code and dislikes the use of let
and const
For instance, Control Flow Flattening completely ignores blocks of code that use let
/const
due to the lexical bindings having stricter rules.
Being able to differentiate between obfuscator code (var
) and user code (let
) is a big flaw, so here are solutions:
1) Make the obfuscator use let
so there is no difference (all let
solution)
2) Change the users code to use var
, and keep obfuscator using var
(all var
solution)
What do you think?
I'd prefer all let
, because doing var
-> let
yourself is a lot harder than let
-> var
(if you need the other for some reason).
Is your feature request related to a problem? Please describe. js-confuser generated code uses
var
instead of the preferredlet
alternative.js-confuser using
var
makes reverse engineering easier, because it eases differentiating between js-confuser generated and normal code.Before upgrading to the latest version, I was simply replacing all
var
withlet
and then shoving it into esbuild, which … worked! Now, it fails due to (I'd assume) control flow changes (erroring due to redeclaration of var).Describe the solution you'd like Always use
let
instead ofvar
.If support for older JS runtimes is required, the user could always shove the output into another transpiler.