有读者私信问我My该怎么实现，今天正好有空写篇文章记录一下。

Have questions? Feel free to ask in the comments section below.

正文

#我在“使用Node.js VM模块的JavaScript沙箱的安全问题”上的注释。Node有一个vm模块，感觉就像一个现代的eval替代方案：你传入代码和一个上下文对象，它运行代码：。在Node内置vm模块的文档页面上，它写着：。> node: vm模块不是安全机制。请勿使用它来运行不受信任的代码。vm模块无法抵御哪些可能的攻击载体？虽然这可能会关闭服务器，但理论上

在现代Web开发中，My变得越来越重要。开发者需要了解相关的安全 implications 和最佳实践。

实现My时，有几个关键考虑因素。首先是性能优化——复杂的计算可能会阻塞主线程，影响用户体验。其次是安全性，必须在应用的每一层都考虑到。

许多开发者忽视了适当的错误处理和调试技术的重要性。浏览器开发者工具、日志框架和监控服务可以显著改善开发流程。

My相关的生态系统发展迅速。新库和新框架 regularly 出现，每个都有各自解决常见问题的方法。

测试是另一个关键方面，不容忽视。自动化测试、代码审查和安全审计有助于确保代码库的质量和可靠性。

更多内容

除了上面提到的内容，还有几个点值得注意。首先是浏览器的兼容性，不同浏览器对Web Crypto API的支持程度有所不同。其次是性能问题，加密操作在大量数据时可能会影响用户体验。最后是密钥管理，如何安全地存储和传输密钥也是一个需要考虑的问题。

以上就是关于这个话题的完整分享，希望能对大家有所帮助。如果还有其他问题，欢迎在评论区留言讨论。

Reference: My notes on "The security concerns of a JavaScript sandbox with the Node.js VM module" - Advanced Web Machinery

I've had several readers ask me about jsvmp编译与反编译详解(1)——实现一个简单的jsvmp recently, so I decided to write a comprehensive article about it.

Found this helpful? Share it with your team and leave a comment below!

正文

目前，主流的JavaScript代码保护措施主要包括精简、加密和混淆。这些方法的核心思想主要借鉴了传统的软件代码保护技术。然而，由于JavaScript是一种脚本语言，其在传输过程中以带有语法属性的文本源码形式存在，逆向分析比传统的编译后的二进制应用程序更加容易。再加上浏览器性能的提升和调试器功能的日益完善，这些保护方法难以提供有效的保护。

jsvmp（JavaScript Virtual Machine Protection）是一种用于保护JavaScript代码的技术，类似于我们平常看到的代码混淆。但不同的是，它通过将JavaScript代码转换为一种虚拟机指令集来实现代码混淆和保护，具体的执行逻辑由vmp虚拟机来执行，这样可以防止代码被轻易地反编译和理解，从而提高代码的安全性。 对于普通的javascript代码来说，执行逻辑是这样的：

JavaScript代码 -> 词法分析/语法分析 -> 生成AST语法树 -> 生成js指令-> js引擎执行代码

而对于经过vmp混淆后的代码，执行逻辑是这样的，中间多了这么一段： 将AST转换为vmp指令集 -> 加载进vmp虚拟机

在vmp混淆的代码流程中，防护者实现了一个虚拟机来解释和执行这些指令集，并对对虚拟机和指令集进行混淆，这种工作类似于将高级语言编译为汇编的过程，因此，对混淆代直接人肉分析几乎是不可能的

wasm有一个致命的弱点，即wasm和js运行时的环境是隔离的，本身无法直接访问js对象的属性，只能以模块的方式导入导出，这个就决定了它在收集环境参数上受限很大。2020年就有使用wasm的网站，几年过去后，也并未出现大的发展。其次，wasm在执行时必须借助js实现对属性的操作部分，这样频繁的在wasm和js之间交互肯定会带来性能的影响，降低执行效率。同时还需要附带大量代码负责维护两个模块的通信，这势必会带来新的空间开销。

此外，目前可以发现，国内各大厂商的vmp实现几乎天差地别，难以出现通用的反混淆方案，jsvmp的虚拟机设计可以灵活地适应不同的保护需求，相比ast混淆的方式，能够提供更高的安全性，现在对于js混淆来说，已经有了成熟的解混淆方案。尽管在性能上可能会有一定的开销，但在保护代码安全性方面，jsvmp无疑是一个强有力的工具。

return ('undefined' == typeof window ? global : window)['_$webrt_1668687510']('484e4f4a403f5243002c210c79d545fd138caff600000000000007561b000b180201fe19203e17000e1b000b180201ff0202000d1b00131e00061a002248001d00a922201d0201220a00001d0202220a00001d020322121d01e222121d01fe220200001d01ff22121d020422131e00061a00224805483c2a1d02052248021d011f224805483c2a1d011d1d011c220200001d01f322201d02062248031d02071d00911b000b02221e0126241b000b191b000b180a0002101c1b000b191e00a948003e22011700201c1b000b03221e0108241b000b191e00a90a0001101b000b191e00a94017000d1b000b040202081a01471b000b191e02092217000c1c1b000b191e020a0117000d1b000b0402020b1a01471b000b051e0123221e00ce241b000b191e00a90a0001101c1b000b061e00a948003e1700111b000b061b000b191e00a91d00a91b000b191e0201011700c11b000b191e01ff0200003e17000d1b000b0402020c1a01471b000b191e01ff0202003f17000d1b000b0402020d1a01471b000b061b000b191e01ff1d01ff1b000b061b000b071b000b19041d01291b000b08261b000b091b000b191e02074903e82a0a0002101c1b000b191e01301b000b0a402217000a1c1b000b1926401700401b000b061e020e221e00ce241b000b191e01300a0001101c1b000b061b000b061e020e221e020f24020000250009180018012f000a00011001011d01301b000b191e011c1700d61b000b06201d02101b000b0b17007f1b000b191e011c1e0205221700191c1b000b191e011c1e02051b000b061e011c1e0205391700551b000b0c1b000b0b041c1b000b061b000b02221e012624131e00061a001b000b061e011c1b000b191e011c0a0003101d011c1b001b000b0d261b000b0e1b000b061e011c1e02054903e82a0a0002101d002716004b1b000b061b000b02221e012624131e00061a001b000b061e011c1b000b191e011c0a0003101d011c1b001b000b0d261b000b0e1b000b061e011c1e02054903e82a0a0002101d00271b000b191e02111700251b000b061b000b191e02111d02111b000b08261b000b0f48054903e82a0a0002101c111b000b191d02121b000b10260a0000101c1b000b111b000b191e0202041c1b000b121b000b191e0203041c1b000b13260a0000101c1b000b14012217000b1c1b000b191e01e217002b1b00201d00841b000b061b000b191e01e21d01e21b000b08261b000b1548054903e82a0a0002101c1b000b191e020617002e1b000b061e0213011700231b000b06201d02131b000b08261b000b16480a4903e82a1b000b190a0003101c1b000b06201d0214000215000160203333333333333333333333333333333333333333333333333333333333333333016d0e3130333c3b3005273a253027212c023c31061a373f3036210332302108313037203232302707303b23363a313007363a3b263a393007333c27303720320a3a20213027023c31213d0a3c3b3b3027023c31213d0b3a202130271d303c323d210b3c3b3b30271d303c323d2109202630271432303b210b213a193a223027163426300163073c3b31302d1a33083039303621273a3b09203b3130333c3b30310925273a213a212c253008213a0621273c3b3204363439390725273a36302626100e3a373f3036217525273a3630262608063a373f30362105213c213930043b3a31300168016202266541141716111013121d1c1f1e19181b1a05040706010003020d0c0f343736313033323d3c3f3e39383b3a25242726212023222d2c2f65646766616063626d6c7e7a6802266441113e3125323d610f1e2604176d657a1833232266630d1c640767607e02001439103c621b19373a240c011a05202f38133f1f3b272c2d6c1d03123634062116306802266741113e3125323d610f1e2604176d657a1833232266630d1c640767607802001439103c621b19373a240c011a05202f38133f1f3b272c2d6c1d031236340621163068016c0264640639303b32213d0a363d3427163a3130142102646506363d342714210f0e3a373f30362175023c3b313a220808113a362038303b21120e3a373f303621751b34233c3234213a2708053f26313a38100e3a373f303621751d3c26213a272c0807253920323c3b26080a253d343b213a380b36343939053d343b213a380b0a0a3b3c323d2138342730051420313c3a1816343b23342607303b3130273c3b32163a3b21302d2167110922303731273c233027133230211a223b05273a253027212c1b343830260939343b32203432302606363d273a38300727203b213c383007363a3b3b303621140a0a22303731273c2330270a3023343920342130130a0a263039303b3c20380a30233439203421301b0a0a22303731273c2330270a2636273c25210a33203b36213c3a3b170a0a22303731273c2330270a2636273c25210a33203b36150a0a22303731273c2330270a2636273c25210a333b130a0a332d31273c2330270a3023343920342130120a0a31273c2330270a203b22273425253031150a0a22303731273c2330270a203b22273425253031110a0a31273c2330270a3023343920342130140a0a263039303b3c20380a203b22273425253031140a0a332d31273c2330270a203b22273425253031090a263039303b3c20380c36343939063039303b3c2038160a063039303b3c20380a1c11100a0730363a2731302702646708313a362038303b21043e302c2602646602646102646002646305383421363d06073032102d250a09710e34782f0831360a063634363d300a04263a383008363033063d34272508163033063d34272505303a34253c16303a02303717273a22263027113c26253421363d30270f373c3b311a373f30362114262c3b360e3c26101a02303717273a222630270166043a25303b0421302621093c3b363a323b3c213a073a3b3027273a2704363a31301204001a01140a100d1610101110110a1007070e263026263c3a3b06213a27343230072630211c21303810263a38301e302c1d302730172c2130310a2730383a23301c213038093c3b31302d303111170c053a3c3b2130271023303b210e1806053a3c3b2130271023303b210d36273034213010393038303b210636343b23342609213a1134213400071907273025393436300309267f01320a3b34213c2330363a3130140e3a373f30362175053920323c3b142727342c084a0b3d212125266a6f097a097a7d0e65786c082e647966287d097b0e65786c082e647966287c2e6628290e34783365786c082e647961287d6f0e34783365786c082e647961287c2e62287c016108393a3634213c3a3b043d27303304333c3930103d2121256f7a7a393a3634393d3a26210825393421333a273807223c3b313a222603223c3b07343b31273a3c3105393c3b202d026462063c253d3a3b3002646d043c25343102646c043c253a3102676503383436026764093834363c3b213a263d0c3834360a253a22302725367c0436273a26032d64640536273c3a2605332d3c3a2604253c3e3002676702676602676102676002676302676202676d02676c08333c2730333a2d7a063a253027347a05753a25277a05753a25217a07363d273a38307a0821273c31303b217a0438263c300266650266640623303b313a2706123a3a3239300e0a253427343806223c21363d1a3b0a313c27303621063c323b0a363a3b263c2621303b210626223c21363d03313a3807253d343b213a38043d3a3a3e40141716111013121d1c1f1e19181b1a05040706010003020d0c0f343736313033323d3c3f3e39383b3a25242726212023222d2c2f65646766616063626d6c787b03343c31013b01330127092621342721013c383001210934373c393c213c30260a213c3830262134382564133d34273122342730163a3b36202727303b362c0c3130233c36301830383a272c0839343b32203432300a2730263a3920213c3a3b0f3423343c390730263a3920213c3a3b0926362730303b013a250a26362730303b19303321103130233c3630053c2d30390734213c3a0a25273a31203621062037073734212130272c012509213a20363d1c3b333a08213c38302f3a3b300a213c3830262134382567073225201c3b333a0b3f26133a3b2126193c26210b253920323c3b26193c26210a213c38302621343825660a30233027163a3a3e3c300721210a26363c3101380b262c3b21342d1027273a270c3b34213c233019303b32213d052721361c05093325033027263c3a3b0b0a0a233027263c3a3b0a0a0836393c303b211c310a213c38302621343825610b302d21303b31133c303931042520263d0334393904213d303b093734263063610a363d0c33273a38163d3427163a3130063763610a6665083734263063610a65026667083734263063610a64026666083734263063610a6702666102666002666307323021013c38300266620b313a381b3a210334393c31092620372621273c3b320825273a213a363a3902666d02666c02616502616401650e646565656565656564646565656502616702616607333a272730343902616104373a312c092621273c3b323c332c022e280261600b373a312c033439672621270a373a312c0a3d34263d6801730320273902616305242030272c0a34263a39310a263c323b092534213d3b343830680921210a2230373c3168067320203c316802616202616d0e0a372c2130310a2630360a313c3102616c0a61676c616c6362676c63093330033027263c3a3b0260650e0a656717610f63223a65656565640260640260670526393c3630026066070610161c1b131a033b3a2209213c383026213438250533393a3a270627343b313a380f3230210101023037163a3a3e3c3026052121223c310821210a2230373c310721210230371c310b21210a2230373c310a23670921210230373c3103670727203b3b3c3b3205333920263d08383a2330193c2621062625393c3630063730183a23300936393c363e193c262107373016393c363e0c3e302c373a342731193c26210a37301e302c373a3427310b3436213c233006213421300b223c3b313a2206213421300326013805212734363e08203b3c21013c3830033436360a203b3c2114383a203b210837303d34233c3a2707382632012c253003221c1107343c31193c26210b25273c2334362c183a313006362026213a38063426263c323b0f0210170a1110031c16100a1c1b131a043f263a3b0a2730323c3a3b163a3b33092730253a272100273904302d3c21090d78180678060100170c0d7818067805140c191a141120656565656565656565656565656565656565656565656565656565656565656520316164316d36316c6d33656537676561306c6d65656c6c6d3036336d616762300123062037363a3130063130363a31300421273c38210b0e0926092013101313092d1465087e290e0926092013101313092d1465087e71062621273c3b3202606102606002606302606202606d02606c0263650263640263670263660263610263600c393a36343906213a2734323003647b6403647b6703647b6603647b6103647b6003647b6303647b6203647b6d03647b6c03677b65143c313a3b213e3b3a223b223d34213c26213d3c261432302110393038303b2126172c0134321b343830043d303431062636273c25210c263021142121273c372021300a1f3423340636273c25210421302d2102687701770b342525303b31163d3c39310b2730383a2330163d3c39310c332734383010393038303b21072134321b343830061c130714181006253427303b21042630393303213a25063327343830260a363a3939303621021c110d31302130362117273a22263027053a2530273405751a05077a051a2530273407133c2730333a2d0b1d01181910393038303b210b163a3b2621272036213a270626343334273c102520263d1b3a213c333c3634213c3a3b210e3a373f3036217506343334273c0730383a21301b3a213c333c3634213c3a3b080f142525393005342c063026263c3a3b0606343334273c0516273c1a060a163d273a3830751c1a0606163d273a38300a06212c39301830313c3404103132300c21272c193a34311c3834323004393a3431051c383432300a323021163a3b21302d21026731063a3b393a343109312734221c383432300c3230211c38343230113421340431342134032627364e313421346f3c383432307a323c336e37342630636179076539121a11393d14041417141c14141414141414057a7a7a2c1d60171410141414141419141414141414171414101414141c1707141462033b34250b32303a393a3634213c3a3b0d3b3a213c333c3634213c3a3b2604383c313c063634383027340a383c36273a253d3a3b3007262530343e30270b3130233c3630783c3b333a0f3734363e32273a203b3178262c3b360937392030213a3a213d12253027263c2621303b217826213a27343230143438373c303b2178393c323d217826303b263a270d343636303930273a383021302709322c273a26363a25300c3834323b30213a38302130270936393c25373a342731143436363026263c373c393c212c783023303b21260e36393c25373a34273178273034310f36393c25373a3427317822273c21300f25342c38303b21783d343b313930270b253027383c26263c3a3b260134043b3438300526213421300625273a382521073227343b2130310631303b3c303105363421363d0738302626343230303c26753b3a217534752334393c3175303b2038752334392030753a3375212c253075053027383c26263c3a3b1b34383003383425043f3a3c3b0e0d113a38343c3b073024203026210b362730342130053a252025132730383a23301023303b21193c2621303b30270d32393a37343906213a273432300c3a25303b11342134373426300b34212134363d1023303b210d1436213c23300d1a373f3036210d313c26253421363d1023303b210b34313117303d34233c3a27103431311023303b21193c2621303b30270b31302134363d1023303b2109333c27301023303b211018202134213c3a3b1a37263027233027131d01181918303b201c21303810393038303b21091c3b216d142727342c0b253a2621183026263432300d242030272c0630393036213a270b253027333a2738343b36300b363a3b21302d2118303b200f313a362038303b2110393038303b2111323021013c38302f3a3b301a3333263021053834323c36062205273a2526063105273a2526033f26230b37273a22263027012c2530063c33273438300636393c303b21052121363c3105213a3e303b0d363a3939303621162026213a380626362730303b0e38261b3022013a3e303b193c262109213a3e303b193c2621042d38263c053c3b31302d070d78173a3220260a0a263c323b34212027300e0d18191d2121250730242030262110263021073024203026211d30343130270426303b31103a233027273c3130183c3830012c25300f0a34360a3c3b213027363025213031050a26303b31150a372c2130310a3c3b213027363025210a393c26210433203b36093427322038303b21260e0b363a3b21303b2178212c253071013c052625393c21016e0e0a372c2130310a363a3b21303b21150a3a233027273c3130183c3830012c2530142732260b213a0025253027163426300d0a372c2130310a3830213d3a310a0a372c2130310a202739073a3b34373a2721093a3b393a3431303b310b3a3b393a343126213427210a3a3b25273a3227302626093a3b213c38303a20210312100104051a06010b0a263c323b3421202730680b0a372c2130310a373a312c123a3b273034312c2621342130363d343b3230062025393a34310838260621342120260b0a0a34360a213026213c31073826013a3e303b0326313c0d2630361c3b333a1d30343130270b273026253a3b2630000719043d3a262111323021073026253a3b26301d30343130270a2d78382678213a3e303b03263036043c3b3c210d313a0a253a26210a333021363d023a3e073d3034313027260922273425133021363d063830213d3a31032630210536393a3b300827303330272730270e2730333027273027053a393c362c04383a31300b36273031303b213c343926053634363d30082730313c27303621093c3b213032273c212c160a0a34360a3c3b2130273630252130310a333021363d05333021363d060a333021363d083a25303b02273425150a0a34360a3c3b2130273630252130310a3a25303b050a3a25303b03313325062730323c3a3b02363b053c2606111e0e303b343739300534213d193c26210f202739073022273c213007203930260331302303332730042d2d373204313127211e3a25213c3a3b75343c317d1c3b21303230277c753c26753b30303130317403373a3007373a301d3a262124373a301d3a262175382026217537307525273a233c313031753c3b75373a3075383a31300f2730323c3a3b753c26753b20393974122730323c3a3b753c26753c3b2334393c3174100a303b34373930063c323b3421202730062730312036300b303b34373930012734363e0425302733073a25213c3a3b26040a3133250b3c3b3c213c34393c2f3031', [, , 'undefined' != typeof Object ? Object : void 0, 'undefined' != typeof Math ? Math : void 0, void 0 !== _0x406f15 ? _0x406f15 : void 0, _0x402a35, _0xeb6638, void 0 !== _0x1d2071 ? _0x1d2071 : void 0, 'undefined' != typeof setTimeout ? setTimeout : void 0, void 0 !== _0x42cf85 ? _0x42cf85 : void 0, void 0, void 0 !== _0x44d375 ? _0x44d375 : void 0, 'undefined' != typeof clearInterval ? clearInterval : void 0, 'undefined' != typeof setInterval ? setInterval : void 0, void 0 !== _0x30f369 ? _0x30f369 : void 0, void 0 !== _0x482d81 ? _0x482d81 : void 0, void 0 !== _0x9d9194 ? _0x9d9194 : void 0, void 0 !== _0x53074b ? _0x53074b : void 0, void 0 !== _0x4d654b ? _0x4d654b : void 0, void 0 !== _0x5a4435 ? _0x5a4435 : void 0, false, void 0 !== _0x296c90 ? _0x296c90 : void 0, void 0 !== _0xea47f9 ? _0xea47f9 : void 0, _0x4dff2d, _0x1935a8], this);

，字节通过实现了一个虚拟机，来执行这段指令序列。原始代码被转换为虚拟机指令集，虚拟机在运行时解释和执行指令，使得静态分析工具难以有效地分析代码。并且jsvmp会对虚拟机和指令集进行混淆，使得代码难以阅读和理解。虚拟机通常会实现一个栈来存储操作数和中间结果，整个执行流程类似cpu对机器码的处理。

以python为例，我们将如下代码进行编译，就得到python字节码，可以看到每个数字都代表了不同的操作，将python编译为字节码，并交由解释器去执行，就是python执行的过程

我们可以通过实现一个jsvmp来更好的理解原理，例如，我们定义一个简单的js函数，这个函数只有将两个参数相加并返回的功能：

编译为汇编代码了。我们省略了一些步骤，这中间要经过我们最熟悉的词法分析语法分析器先转换为ast，然后再经过我们的编译器转换为汇编代码

为了将这个虚拟机指令集编译为字节码，我们需要为每个操作码（op）和参数（arg）分配一个唯一的字节表示，首先定义操作码的字节值

bytecode.push(instr.arg.charCodeAt(0)); // 将参数转换为字节表示

然后我们再实现一个虚拟机来执行指令，可以看到，到这一步我们的代码逻辑已经和javascript引擎几乎毫无联系了

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

That's all for this comprehensive guide. I hope you found it helpful! Feel free to leave comments if you have questions.

Reference: jsvmp编译与反编译详解(1)——实现一个简单的jsvmp - dream的小站

在做前端安全相关需求时，source这个问题绕不开，刚好把踩坑经验分享一下。

Found this helpful? Share it with your team and leave a comment below!

正文

我知道隐藏源代码是不可能的，但是，例如，如果我必须将JavaScript文件从CDN链接到网页，并且我不希望人们知道这个脚本的位置和/或内容，这是否可能？现在，是否可以隐藏脚本来源的用户，或者隐藏脚本内容并在网页上使用它？混淆您的代码是一个很好的解决方案，但这还不够，因为虽然很难，但有人可能会破译您的代码并“窃取”您的脚本。O

在现代Web开发中，source变得越来越重要。开发者需要了解相关的安全 implications 和最佳实践。

实现source时，有几个关键考虑因素。首先是性能优化——复杂的计算可能会阻塞主线程，影响用户体验。其次是安全性，必须在应用的每一层都考虑到。

许多开发者忽视了适当的错误处理和调试技术的重要性。浏览器开发者工具、日志框架和监控服务可以显著改善开发流程。

source相关的生态系统发展迅速。新库和新框架 regularly 出现，每个都有各自解决常见问题的方法。

测试是另一个关键方面，不容忽视。自动化测试、代码审查和安全审计有助于确保代码库的质量和可靠性。

更多内容

除了上面提到的内容，还有几个点值得注意。首先是浏览器的兼容性，不同浏览器对Web Crypto API的支持程度有所不同。其次是性能问题，加密操作在大量数据时可能会影响用户体验。最后是密钥管理，如何安全地存储和传输密钥也是一个需要考虑的问题。

码字不易，觉得有帮助的话点个赞再走~ 如果想了解更多相关内容，可以关注我的博客后续更新。

Reference: source code protection - How do I protect JavaScript files? - Stack Overflow

I've been researching Building for a project, and here's a summary of what I found useful.

Want to learn advanced techniques? Check out our premium courses.

正文

Today, we're going to build our own JavaScript virtual machine from scratch. By the end of this tutorial, you'll understand lexical analysis,

In modern web development, Building has become increasingly important. Developers need to understand the security implications and best practices.

When implementing Building, there are several key considerations. First, performance optimization is crucial. Second, security must be addressed at every layer.

Many developers overlook the importance of proper error handling and debugging techniques.

The ecosystem around Building continues to evolve rapidly. New libraries and frameworks emerge regularly.

Testing is another critical aspect that shouldn't be neglected.

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

This article was first published on JSVMP Blog. Reposting with attribution is welcome.

Reference: Building a JavaScript Virtual Machine from Scratch - Medium

不少同学在群里讨论JavaScript，这里统一回复一下，顺便整理成文章。

Have questions? Feel free to ask in the comments section below.

正文

JavaScript代码加密是保护前端源代码安全的重要方法。我们的

JSVMP （ JavaScript虚拟机保护）加密工具

保护技术，以有效防止代码被反编译、反向工程和

防止您的代码逻辑和算法被竞争对手窃取

Significantly increase reverse engineering difficulty

保护敏感数据，如API密钥和配置

维护核心业务代码价值并保持竞争力

JSVMP加密技术功能虚拟机保护：

内置反调试、反挂钩和反仪表灵活加密级别：

支持主流浏览器和Node.js环境

准备JavaScript代码（建议使用ES5语法）

调整加密难度滑块（ 0-3级，推荐1-2级）

JSVMP的虚拟机保护技术显著增加了

破解，有效防止大多数逆向工程攻击。

根据您的需求选择适当的加密级别：对性能敏感的0-1级

更多内容

除了上面提到的内容，还有几个点值得注意。首先是浏览器的兼容性，不同浏览器对Web Crypto API的支持程度有所不同。其次是性能问题，加密操作在大量数据时可能会影响用户体验。最后是密钥管理，如何安全地存储和传输密钥也是一个需要考虑的问题。

篇幅原因就先写这么多，后面有空会再补充更多实战案例。有问题评论区见。

Reference: JavaScript Code Encryption, Compression & Obfuscation Tool

I've been researching JavaScript for a project, and here's a summary of what I found useful.

Want to learn advanced techniques? Check out our premium courses.

正文

**What is an obfuscation code?**. ### **Why obfuscate JavaScript code?**. JavaScript obfuscation is a series of code transformations that turn plain, easy-to-read JS code into a modified version that is extremely hard to understand and reverse-engineer. Polymorphic JavaScript obfuscation is a unique **technique used by Jscrambler** that ensures that every new code obfuscation results in completely different code. ### **Compatibility of Obfuscated JavaScript Code**. While obfuscation should provi

In modern web development, JavaScript has become increasingly important. Developers need to understand the security implications and best practices.

When implementing JavaScript, there are several key considerations. First, performance optimization is crucial. Second, security must be addressed at every layer.

Many developers overlook the importance of proper error handling and debugging techniques.

The ecosystem around JavaScript continues to evolve rapidly. New libraries and frameworks emerge regularly.

Testing is another critical aspect that shouldn't be neglected.

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

This article was first published on JSVMP Blog. Reposting with attribution is welcome.

Reference: JavaScript Obfuscation: The Definitive Guide for 2026 - Jscrambler

I've been researching How for a project, and here's a summary of what I found useful.

Ready to learn more? Subscribe to our newsletter for weekly tutorials and tips.

正文

JavaScript (JS) is a versatile language for creating interactive websites, but it’s also easily viewable, which can expose sensitive parts of your code to anyone.

Encrypting or obfuscating JavaScript is a way to add a layer of protection to your website by making your code harder to understand or reverse-engineer.

Here’s a step-by-step guide on why and how to encrypt JavaScript code effectively, and how tools like

JavaScript encryption is primarily about protecting sensitive logic and securing data from unauthorized access. Some common reasons to encrypt JavaScript include:

Protecting Intellectual Property: If your JavaScript contains unique algorithms or proprietary functions, encryption makes it harder for others to understand and reuse.

Enhancing Security: Sensitive data or security mechanisms (e.g., client-side form validation or authentication data) benefit from encryption.

Preventing Data Scraping: If your application is prone to scraping or data theft, encrypting key parts of your code can deter attackers.

JavaScript encryption typically involves obfuscation or minification, with additional techniques for more robust protection. Here are some of the main methods:

Obfuscation is one of the most common ways to protect JavaScript code. It changes variable names, removes whitespace, and alters the structure of your code without affecting functionality. Obfuscation can make code difficult to read for humans but maintains functionality for browsers. Here’s how it’s done:

uglifyjs yourfile.js -o yourfile.min.js --compress --mangle

The result is a file with shorter variable names and a compact structure that’s hard to reverse-engineer.

Minification reduces the size of your JavaScript by removing unnecessary characters (like comments and whitespace) without changing functionality. While not encryption per se, minified code is harder to read and thus offers a basic layer of protection.

Terser is popular for JavaScript minification, often used with build tools like Webpack.

terser yourfile.js -o yourfile.min.js c. Using Encryption Libraries

For more sensitive data, consider encrypting parts of your code with client-side encryption libraries. These libraries offer encryption algorithms, such as AES, RSA, and SHA, for securing data in transit or storage.

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

Feel free to ask questions in the comments - I'll reply as soon as possible.

Reference: How to Encrypt JavaScript Code for Web Security - DEV Community

Information about Front-End is scattered across the web, so I compiled this guide for reference.

Want to learn advanced techniques? Check out our premium courses.

正文

Front-End Security: 10 Popular Types of Attacks and Best Practices to Prevent Them

Your web application's front end is the first part seen everywhere. It’s the first thing that regular users and potential customers look at but it’s also the first thing that an attacker sees—it's the main door to your

Front-end security demands have increased a lot over the past decade. There are more sophisticated attacks taking place against web application front ends these days, whereas in the past most attacks were straightforward, resulting in easier detection. More recently, attacks have become stealthier, harder to detect, and often discovered far too late.

Employing proactive techniques, like engaging security from the start, reducing

, and nurturing a healthy cybersecurity culture within an organization, can help reduce the attack surface of any web application's front end.

Top 10 Front-End Security Risks and Best Practices to Prevent Them

Let's look at some popular front-end security issues, and how you can fight different

to prevent them with the industry's best practices.

XSS attacks are one of the largest and most dangerous forms of attack. They're crafted in such a way that they inject code into a web application, which ends up performing malicious actions when accessed by an end user.

XSS attacks are drawn to a lack of sanitization in a web application's input and output, which can lead to a variety of attacks.

rank as one of the largest types of attacks under the XSS attack umbrella, as they're simply performed by replacing legitimate parts of a web page with similar-looking, yet dangerous, elements. For example, checkout buttons can be replaced with buttons redirecting users to

, legitimate download buttons can be replaced with buttons resulting in malware downloads, and more.

With XSS attacks, an attacker can inject JavaScript libraries, which then execute on the client side—logging the user's IP address, geolocation and other personal details. These can then be used by the attacker to target the end user with personalized scams or

With code injected by an XSS attack, cryptomining can be performed on end users' devices as well. While it may already seem to slow down a single device, hundreds or thousands of users visiting a web application every day means crypto mining scripts running on your web application can unknowingly cause not only slowdowns but also heating issues on users' devices. This sort of effect on your web application can lead to a negative experience on their part.

Protection against XSS attacks can be achieved by the proper sanitization of inputs made into your web application, as well as by filtering inputs correctly. For example, limiting mobile numbers to digits only or not allowing special characters in names can yield a substantial benefit by preventing most injection attacks on your web application.

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

Feel free to ask questions in the comments - I'll reply as soon as possible.

Reference: Front-End Security: 10 Popular Types of Attacks and Best Practices ...