npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

unuglify-js

v0.9.5

Published

JavaScript tool that renames variables and parameters to names based on statistical model learnt from thousands of open source projects

Downloads

22

Readme

UnuglifyJS

UnuglifyJS is a JavaScript tool that renames variables and parameters to names based on statistical model learnt from thousands of open source projects. This is on open-source reimplementation of the JS Nice tool which provides similar functionality.

The implementation of UnuglifyJS is based on UglifyJS 2 -- parser, minifier, compressor or beautifier toolkit for JavaScript.

This page documents how to use the UnuglifyJS as a client of the Nice 2 Predict framework to build statistical model learnt from thousands of open source projects, which is subsequently used to rename variables and parameters names of minified JavaScript files. A live demo of the Unuglify client is available at http://www.nice2predict.org.

NPM Module

The npm module is available at https://www.npmjs.com/package/unuglify-js. To install run:

sudo npm install unuglify-js --global

To use the UnuglifyJS simply supply the JavaScript file to be analyzed. For example:

//demo.js - minified file
function f(a,b,c) {
  b.open('GET', a, false);
  b.send(c);
}

unuglifyjs demo.js > demo_renamed.js

//demo_renamed.js
function f(fileUrl, req, message) {
  req.open('GET', fileUrl, false);
  req.send(message);
}

Install from Source

UnuglifyJS

First make sure you have installed the latest version of node.js and NPM. (You may need to restart your computer after this step).

sudo apt-get install nodejs npm

Download UnuglifyJS git repository:

git clone https://github.com/eth-srl/UnuglifyJS.git

Once the sources are downloaded, install all the dependencies using NPM:

sudo npm install

(Optional) Check that everything is installed correctly by running the tests:

./test/run-tests.js

(Optional) Package for the browser. The UglifyJS2 provides a quick way to build itself for the browser using followig command:

./bin/uglifyjs --self -o /tmp/uglify.js

Nice 2 Predict

To install Nice 2 Predict framework please follow the instructions on the https://github.com/eth-srl/2Nice page.

Obtaining Training Dataset (UnuglifyJS)

As a first step we need to obtain a large number of JavaScript files that can be used to train the statistical model. This can be easily achieved by downloading large amount of projects from GitHub or other repositories.

To produce the training dataset, from the UnuglifyJS directory run the following script:

./extract_features.py --dir . > training_data

Here, the --dir . is used to specify which directory is searched for JavaScript files. In this demo we simply use the source files of the UnuglifyJS itself. While the script is runnig, you might notice output such as Skipping minified file: './test/compress/issue-611.js'. This is because our goal is to predict good variable names, therefore we do not want to train on already minified files.

Before we discuss how to train the statistical model, we briefly describe how the programs are represented and the format of the training dataset.

Program Representation

The role of the Unuglify client to perform a program analysis which transforms the input program into a representation that allows usage of machine learning algorithms provided by Nice 2 Predict. Here, the program is represented as a set of features that relate known and unknown properties of the program. We illustrate the program representation using the following code snippet var a = s in _MAP; where _MAP is a global variable.

  • Known properties are program constants, objects properties, methods and global variables – that is, program parts which cannot be (soundly) renamed (e.g. the DOM APIs). The known properties of the code snippet are:

    _MAP

  • Unknown properties are all local variables. The unknown properties of the code snippet are:

    a, s

  • Features relate properties. An example of feature function is (s, _MAP) -> :Binaryin: between properties s and _MAP, which captures the fact that they are used together as a left-hand and right-hand side of binary operator in. The features of the code snippet are:

	(a, s) -> :VarDef:Binaryin[0]
	(a, _MAP) -> :VarDef:Binaryin[1]
	(s, _MAP) -> :Binaryin:
Program Format

The program representation as described above is translated into a JSON format which the 2Nice server can process. The JSON consists of two parts query describing the features and assign describing the properties and their initial assignments with the attribute giv or inf for known and unknown properties respectively. That is, the JSON representation of the code snippet var a = s in _MAP; is:

{
 "query":[
  {"a": 0,	"b": 1,	"f2": ":VarDef:Binaryin[0]"},
  {"a": 0,	"b": 2,	"f2": ":VarDef:Binaryin[1]"},
  {"a": 1,	"b": 2,	"f2": ":Binaryin:"}
 ],
 "assign":[
  {"v": 0,	"inf": "a"},
  {"v": 1,	"inf": "s"},
  {"v": 2,	"giv": "_MAP"}
 ]
}
Training Dataset Format

The training dataset produced by running UnuglifyJS simply consists of JSON program representations as shown above, one per line.

Training (Nice2Predict)

Succesfull compilation of Nice2Predict creates a training binary in Nice2Predict installation directory. To train to model we simply run:

./bin/training/train --logtostderr -num_threads 16 --input training_data

where training_data is the file produced in previous step and num_threads specifies how many threads should the training algorithm use. To get full options available for training (such as learning rate, regularization and margin), use:

./bin/training/train --help

After the training finishes, two files are created which contains the trained model: model_strings and model_features.

Predicting Properties (Nice2Predict)

To predict properties for new programs, start a server after a model was trained:

./bin/server/nice2server --logtostderr

Then, the server will predict properties for programs given in JsonRPC format. One can debug and observe deobfuscation from the viewer available in the viewer/viewer.html (online demo available at http://www.nice2predict.org). The server takes as an input same JSON format as described above and returns best assigment to the unknown properties (labelled as inf).