npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

humanifyjs

v2.1.2

Published

> Deobfuscate Javascript code using LLMs ("AI")

Downloads

525

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jehnajehna

Keywords

humanifydecompilerdecompileunobfuscateunobfuscatordeobfuscatedeobfuscatordecompiledecompilerreverse engineeringunminifyunuglifyllmllamaopenaichatgpt

Readme

HumanifyJS

Deobfuscate Javascript code using LLMs ("AI")

This tool uses large language modeles (like ChatGPT & llama) and other tools to deobfuscate, unminify, transpile, decompile and unpack Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.

Version 2 is out! 🎉

v2 highlights compared to v1:

  • Python not required anymore!
  • A lot of tests, the codebase is actually maintanable now
  • Renewed CLI tool humanify installable via npm

➡️ Check out the introduction blog post for in-depth explanation!

Example

Given the following minified code:

function a(e,t){var n=[];var r=e.length;var i=0;for(;i<r;i+=t){if(i+t<r){n.push(e.substring(i,i+t))}else{n.push(e.substring(i,r))}}return n}

The tool will output a human-readable version:

function splitString(inputString, chunkSize) {
  var chunks = [];
  var stringLength = inputString.length;
  var startIndex = 0;
  for (; startIndex < stringLength; startIndex += chunkSize) {
    if (startIndex + chunkSize < stringLength) {
      chunks.push(inputString.substring(startIndex, startIndex + chunkSize));
    } else {
      chunks.push(inputString.substring(startIndex, stringLength));
    }
  }
  return chunks;
}

🚨 NOTE: 🚨

Large files may take some time to process and use a lot of tokens if you use ChatGPT. For a rough estimate, the tool takes about 2 tokens per character to process a file:

echo "$((2 * $(wc -c < yourscript.min.js)))"

So for refrence: a minified bootstrap.min.js would take about $0.5 to un-minify using ChatGPT.

Using humanify local is of course free, but may take more time, be less accurate and not possible with your existing hardware.

Getting started

Installation

Prerequisites:

  • Node.js >=20

The preferred whay to install the tool is via npm:

npm install -g humanifyjs

This installs the tool to your machine globally. After the installation is done, you should be able to run the tool via:

humanify

If you want to try it out before installing, you can run it using npx:

npx humanifyjs

This will download the tool and run it locally. Note that all examples here expect the tool to be installed globally, but they should work by replacing humanify with npx humanifyjs as well.

Usage

Next you'll need to decide whether to use openai, gemini or local mode. In a nutshell:

  • openai or gemini mode
    • Runs on someone else's computer that's specifically optimized for this kind of things
    • Costs money depending on the length of your code
    • Is more accurate
  • local mode
    • Runs locally
    • Is free
    • Is less accurate
    • Runs as fast as your GPU does (it also runs on CPU, but may be very slow)

See instructions below for each option:

OpenAI mode

You'll need a ChatGPT API key. You can get one by signing up at https://openai.com/.

There are several ways to provide the API key to the tool:

humanify openai --apiKey="your-token" obfuscated-file.js

Alternatively you can also use an environment variable OPENAI_API_KEY. Use humanify --help to see all available options.

Gemini mode

You'll need a Google AI Studio key. You can get one by signing up at https://aistudio.google.com/.

You need to provice the API key to the tool:

humanify gemini --apiKey="your-token" obfuscated-file.js

Alternatively you can also use an environment variable GEMINI_API_KEY. Use humanify --help to see all available options.

Local mode

The local mode uses a pre-trained language model to deobfuscate the code. The model is not included in the repository due to its size, but you can download it using the following command:

humanify download 2b

This downloads the 2b model to your local machine. This is only needed to do once. You can also choose to download other models depending on your local resources. List the available models using humanify download.

After downloading the model, you can run the tool with:

humanify local obfuscated-file.js

This uses your local GPU to deobfuscate the code. If you don't have a GPU, the tool will automatically fall back to CPU mode. Note that using a GPU speeds up the process significantly.

Humanify has native support for Apple's M-series chips, and can fully utilize the GPU capabilities of your Mac.

Features

The main features of the tool are:

  • Uses ChatGPT functions/local models to get smart suggestions to rename variable and function names
  • Uses custom and off-the-shelf Babel plugins to perform AST-level unmanging
  • Uses Webcrack to unbundle Webpack bundles

Contributing

If you'd like to contribute, please fork the repository and use a feature branch. Pull requests are warmly welcome.

Licensing

The code in this project is licensed under MIT license.