		@@ -189,3 +189,3 @@ Apache License

		Copyright [yyyy] [name of copyright owner]
		Copyright 2023 Endo Contributors

		@@ -192,0 +192,0 @@ Licensed under the Apache License, Version 2.0 (the "License");

+4

-5

package.json

		{
		"name": "@endo/evasive-transform",
		"version": "1.4.0",
		"version": "2.0.0",
		"description": "Source transforms to evade SES censorship",
		@@ -35,3 +35,2 @@ "keywords": [
		"lint-fix": "yarn lint:eslint --fix && yarn lint:types",
		"lint-check": "yarn lint",
		"lint": "yarn lint:types && yarn lint:eslint",
		@@ -44,3 +43,3 @@ "lint:types": "tsc",
		"@babel/types": "~7.26.0",
		"@endo/ses-ava": "^1.2.10",
		"@endo/ses-ava": "^1.3.0",
		"@types/babel__generator": "^7.6.8",
		@@ -52,3 +51,3 @@ "@types/babel__traverse": "^7.20.6",
		"tsd": "^0.31.2",
		"typescript": "~5.6.3"
		"typescript": "~5.8.3"
		},
		@@ -85,3 +84,3 @@ "files": [
		},
		"gitHead": "9b6784831d37db948cdd61f6da1f3489e8f97906"
		"gitHead": "571b7803cf10df7cb4fa9d70e4d53a0b53767fa8"
		}

+2

-0

README.md

		@@ -20,2 +20,3 @@ # @endo/evasive-transform
		const sourceUrl = 'index.js'; // assuming the source map references index.js
		// sourceType can be "script" (CJS) or "module" (ESM)
		const sourceType = 'script';
		@@ -26,2 +27,3 @@
		sourceUrl,
		// always provide a sourceType, if known!
		sourceType,
		@@ -28,0 +30,0 @@ });

+2

-2

SECURITY.md

		@@ -11,5 +11,5 @@ # Security Policy

		SES stands for fearless cooperation, and strong security requires strong collaboration with security researchers. If you believe that you have found a security sensitive bug that should not be disclosed until a fix has been made available, we encourage you to report it. To report a bug in HardenedJS, you have several options that include:
		SES stands for fearless cooperation, and strong security requires strong collaboration with security researchers. If you believe that you have found a security sensitive bug that should not be disclosed until a fix has been made available, we encourage you to report it. To report a bug in HardenedJS, you have several options that include:

		* Reporting the issue to the [Agoric HackerOne vulnerability rewards program](https://hackerone.com/agoric).
		* Reporting the issue to the [Agoric HackerOne vulnerability rewards program](https://hackerone.com/agoric).

		@@ -16,0 +16,0 @@ * Sending an email to security at (@) agoric.com., encrypted or unencrypted. To encrypt, please use @Warner’s personal GPG key [A476E2E6 11880C98 5B3C3A39 0386E81B 11CAA07A](http://www.lothar.com/warner-gpg.html) .

+15

-42

src/generate.d.ts

		/**
		* Options for {@link generateCode} with source map
		*
		* @typedef GenerateAstOptionsWithSourceMap
		* @property {string} [source]
		* @property {string} sourceUrl - If present, we will generate a source map
		* @property {string} [sourceMap] - If present, the generated source map will be a transform over the given source map.
		* @internal
		*/
		/**
		* Options for {@link generateCode} (no source map generated)
		*
		* @typedef GenerateAstOptionsWithoutSourceMap
		* @property {string} [source]
		* @property {undefined} [sourceUrl] - This should be undefined or otherwise not provided
		* @internal
		*/
		/**
		* The result of {@link generate}; depends on whether a `sourceUrl` was
		* provided to the options.
		*
		* @template {string\|undefined} [SourceUrl=undefined]
		* @typedef {{code: string, map: SourceUrl extends string ? string : never}} TransformedResult
		* @internal
		*/
		/**
		* Generates new code from a Babel AST; returns code and source map
		*
		* @callback GenerateAstWithSourceMap
		*@overload
		* @param {import('@babel/types').File} ast - Babel "File" AST
		* @param {GenerateAstOptionsWithSourceMap} options - Options for the transform
		* @returns {TransformedResult<string>}
		* @returns {TransformedResultWithSourceMap}
		* @internal
		*/
		export function generate(ast: import("@babel/types").File, options: GenerateAstOptionsWithSourceMap): TransformedResultWithSourceMap;
		/**
		* Generates new code from a Babel AST; returns code only
		*
		* @callback GenerateAstWithoutSourceMap
		*@overload
		* @param {import('@babel/types').File} ast - Babel "File" AST
		* @param {GenerateAstOptionsWithoutSourceMap} [options] - Options for the transform
		* @returns {TransformedResult<undefined>}
		* @param {GenerateAstOptions} [options] - Options for the transform
		* @returns {TransformedResult}
		* @internal
		*/
		export const generate: GenerateAstWithSourceMap & GenerateAstWithoutSourceMap;
		export function generate(ast: import("@babel/types").File, options?: GenerateAstOptions \| undefined): TransformedResult;
		/**
		@@ -62,3 +36,3 @@ * Options for {@link generateCode} with source map
		*/
		export type GenerateAstOptionsWithoutSourceMap = {
		export type GenerateAstOptions = {
		source?: string \| undefined;
		@@ -74,14 +48,13 @@ /**
		*/
		export type TransformedResult<SourceUrl extends string \| undefined = undefined> = {
		export type TransformedResult = {
		code: string;
		map: SourceUrl extends string ? string : never;
		map: undefined;
		};
		/**
		* Generates new code from a Babel AST; returns code and source map
		* The result of {@link generate}; depends on whether a `sourceUrl` was
		* provided to the options.
		*/
		export type GenerateAstWithSourceMap = (ast: import("@babel/types").File, options: GenerateAstOptionsWithSourceMap) => TransformedResult<string>;
		/**
		* Generates new code from a Babel AST; returns code only
		*/
		export type GenerateAstWithoutSourceMap = (ast: import("@babel/types").File, options?: GenerateAstOptionsWithoutSourceMap \| undefined) => TransformedResult<undefined>;
		export type TransformedResultWithSourceMap = TransformedResult & {
		map: NonNullable<import("@babel/generator").GeneratorResult["map"]>;
		};
		//# sourceMappingURL=generate.d.ts.map

+1

-1

src/generate.d.ts.map

		@@ -1,1 +0,1 @@
		{"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["generate.js"],"names":[],"mappings":"AAmBA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AAEH;;;;;;;GAOG;AAEH;;;;;;;;GAQG;AAEH;;;;;;;;GAQG;AACH,uBACa,wBAAwB,GAAG,2BAA2B,CAiC/D;;;;;;;;;eA5EU,MAAM;;;;;;;;;;;;;;gBAUN,SAAS;;;;;;8BAQU,SAAS,SAA5B,MAAM,GAAC,SAAU,gBAClB;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,SAAS,SAAS,MAAM,GAAG,MAAM,GAAG,KAAK,CAAA;CAAC;;;;6CAQhE,OAAO,cAAc,EAAE,IAAI,WAC3B,+BAA+B,KAC7B,iBAAiB,CAAC,MAAM,CAAC;;;;gDAQ3B,OAAO,cAAc,EAAE,IAAI,+DAEzB,iBAAiB,CAAC,SAAS,CAAC"}
		{"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["generate.js"],"names":[],"mappings":";;;;;;;;AAwDE,8BACS,OAAO,cAAc,EAAE,IAAI,WAC3B,+BAA+B,GAC7B,8BAA8B,CACxC;;;;;;;;;AAKD,8BACS,OAAO,cAAc,EAAE,IAAI,6CAEzB,iBAAiB,CAC3B;;;;;;;;;eA7CW,MAAM;;;;;;;;;;;;;;gBAUN,SAAS;;;;;;gCAQV;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,SAAS,CAAA;CAAC;;;;;6CAQ9B,iBAAiB,GAAG;IAAE,GAAG,EAAE,WAAW,CAAC,OAAO,kBAAkB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAA;CAAC"}

+51

-43

src/generate.js

		@@ -33,3 +33,3 @@ /**
		*
		* @typedef GenerateAstOptionsWithoutSourceMap
		* @typedef GenerateAstOptions
		* @property {string} [source]
		@@ -44,4 +44,3 @@ * @property {undefined} [sourceUrl] - This should be undefined or otherwise not provided
		*
		* @template {string\|undefined} [SourceUrl=undefined]
		* @typedef {{code: string, map: SourceUrl extends string ? string : never}} TransformedResult
		* @typedef {{code: string, map: undefined}} TransformedResult
		* @internal
		@@ -51,8 +50,15 @@ */
		/**
		* The result of {@link generate}; depends on whether a `sourceUrl` was
		* provided to the options.
		*
		* @typedef {TransformedResult & { map: NonNullable<import('@babel/generator').GeneratorResult['map']>}} TransformedResultWithSourceMap
		* @internal
		*/

		/**
		* Generates new code from a Babel AST; returns code and source map
		*
		* @callback GenerateAstWithSourceMap
		*@overload
		* @param {import('@babel/types').File} ast - Babel "File" AST
		* @param {GenerateAstOptionsWithSourceMap} options - Options for the transform
		* @returns {TransformedResult<string>}
		* @returns {TransformedResultWithSourceMap}
		* @internal
		@@ -63,43 +69,45 @@ */
		* Generates new code from a Babel AST; returns code only
		*@overload
		* @param {import('@babel/types').File} ast - Babel "File" AST
		* @param {GenerateAstOptions} [options] - Options for the transform
		* @returns {TransformedResult}
		* @internal
		*/

		/**
		* Generates new code from a Babel AST; returns code only
		*
		* @callback GenerateAstWithoutSourceMap
		* @param {import('@babel/types').File} ast - Babel "File" AST
		* @param {GenerateAstOptionsWithoutSourceMap} [options] - Options for the transform
		* @returns {TransformedResult<undefined>}
		* @param {GenerateAstOptions} [options] - Options for the transform
		* @internal
		*/
		export const generate =
		/** @type {GenerateAstWithSourceMap & GenerateAstWithoutSourceMap} */ (
		(ast, options) => {
		// TODO Use options?.sourceUrl when resolved:
		// https://github.com/Agoric/agoric-sdk/issues/8671
		const sourceUrl = options ? options.sourceUrl : undefined;
		const inputSourceMap =
		options && 'sourceMap' in options ? options.sourceMap : undefined;
		const source = options ? options.source : undefined;
		const result = generator(
		ast,
		{
		sourceFileName: sourceUrl,
		sourceMaps: Boolean(sourceUrl),
		// @ts-expect-error Property missing on versioned types
		inputSourceMap,
		retainLines: true,
		...(source === undefined
		? {}
		: { experimental_preserveFormat: true }),
		},
		source,
		);
		export const generate = (ast, options) => {
		// TODO Use options?.sourceUrl when resolved:
		// https://github.com/Agoric/agoric-sdk/issues/8671
		const sourceUrl = options ? options.sourceUrl : undefined;
		const inputSourceMap =
		options && 'sourceMap' in options ? options.sourceMap : undefined;
		const source = options ? options.source : undefined;
		const result = generator(
		ast,
		{
		sourceFileName: sourceUrl,
		sourceMaps: Boolean(sourceUrl),
		// @ts-expect-error Property missing on versioned types
		inputSourceMap,
		retainLines: true,
		...(source === undefined ? {} : { experimental_preserveFormat: true }),
		},
		source,
		);

		if (sourceUrl) {
		return {
		code: result.code,
		map: result.map,
		};
		}
		return {
		code: result.code,
		};
		}
		);
		if (sourceUrl) {
		return {
		code: result.code,
		map: result.map,
		};
		}
		return {
		code: result.code,
		};
		};

+35

-15

src/index.d.ts

		/**
		* Options for {@link evadeCensorSync}
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* @typedef EvadeCensorOptions
		* @property {string} [sourceMap] - Original source map in JSON string or object form
		* @property {string} [sourceUrl] - URL or filepath of the original source in `code`
		* @property {boolean} [elideComments] - Replace comments with an ellipsis but preserve interior newlines.
		* @property {import('./parse-ast.js').SourceType} [sourceType] - Module source type
		* @property {boolean} [useLocationUnmap] - deprecated, vestigial
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @overload
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions & {sourceUrl: string}} options - Options for the transform
		* @returns {TransformedResultWithSourceMap} Object containing new code and optionally source map object (ready for stringification)
		* @public
		*/
		export function evadeCensorSync(source: string, options: EvadeCensorOptions & {
		sourceUrl: string;
		}): TransformedResultWithSourceMap;
		/**
		@@ -18,9 +22,9 @@ * Apply SES censorship evasion transforms on the given code `source`
		*
		* @template {EvadeCensorOptions} T
		* @overload
		* @param {string} source - Source code to transform
		* @param {T} [options] - Options for the transform
		* @returns {TransformedResult<T['sourceUrl']>} Object containing new code and optionally source map object (ready for stringification)
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @returns {TransformedResult} Object containing new code and optionally source map object (ready for stringification)
		* @public
		*/
		export function evadeCensorSync<T extends EvadeCensorOptions>(source: string, options?: T \| undefined): TransformedResult<T["sourceUrl"]>;
		export function evadeCensorSync(source: string, options?: EvadeCensorOptions \| undefined): TransformedResult;
		/**
		@@ -32,10 +36,25 @@ * Apply SES censorship evasion transforms on the given code `source`
		*
		* @template {EvadeCensorOptions} T
		* @overload
		* @param {string} source - Source code to transform
		* @param {T} [options] - Options for the transform
		* @returns {Promise<TransformedResult<T['sourceUrl']>>} Object containing new code and optionally source map object (ready for stringification)
		* @param {EvadeCensorOptions & {sourceUrl: string}} options - Options for the transform
		* @returns {Promise<TransformedResultWithSourceMap>} Object containing new code and source map object (ready for stringification)
		* @public
		*/
		export function evadeCensor<T extends EvadeCensorOptions>(source: string, options?: T \| undefined): Promise<TransformedResult<T["sourceUrl"]>>;
		export function evadeCensor(source: string, options: EvadeCensorOptions & {
		sourceUrl: string;
		}): Promise<TransformedResultWithSourceMap>;
		/**
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @overload
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @returns {Promise<TransformedResult>} Object containing new code
		* @public
		*/
		export function evadeCensor(source: string, options?: EvadeCensorOptions \| undefined): Promise<TransformedResult>;
		/**
		* Options for {@link evadeCensorSync}
		@@ -65,3 +84,4 @@ */
		};
		import type { TransformedResultWithSourceMap } from './generate.js';
		import type { TransformedResult } from './generate.js';
		//# sourceMappingURL=index.d.ts.map

+1

-1

src/index.d.ts.map

		@@ -1,1 +0,1 @@
		{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.js"],"names":[],"mappings":"AAcA;;;;;;;;;;GAUG;AAEH;;;;;;;;;;;GAWG;AACH,gCANkC,CAAC,SAArB,kBAAmB,UACtB,MAAM,4BAEJ,kBAAkB,CAAC,CAAC,WAAW,CAAC,CAAC,CAuB7C;AAED;;;;;;;;;;;GAWG;AACH,4BANkC,CAAC,SAArB,kBAAmB,UACtB,MAAM,4BAEJ,OAAO,CAAC,kBAAkB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAKtD;;;;;;;;;;;;;;;;;;;;;;;;;;uCAnEmC,eAAe"}
		{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.js"],"names":[],"mappings":";;;;;;;;;;;;AAgCG,wCACQ,MAAM,WACN,kBAAkB,GAAG;IAAC,SAAS,EAAE,MAAM,CAAA;CAAC,GACtC,8BAA8B,CACxC;;;;;;;;;;;;;AASA,wCACQ,MAAM,6CAEJ,iBAAiB,CAC3B;;;;;;;;;;;;;AAwCA,oCACQ,MAAM,WACN,kBAAkB,GAAG;IAAC,SAAS,EAAE,MAAM,CAAA;CAAC,GACtC,OAAO,CAAC,8BAA8B,CAAC,CACjD;;;;;;;;;;;;;AASA,oCACQ,MAAM,6CAEJ,OAAO,CAAC,iBAAiB,CAAC,CACpC;;;;;;;;;;;;;;;;;;;;;;;;;;oDAnGiE,eAAe;uCAAf,eAAe"}

+54

-7

src/index.js

		@@ -8,3 +8,3 @@ /**
		/**
		* @import {TransformedResult} from './generate.js'
		* @import {TransformedResult, TransformedResultWithSourceMap} from './generate.js'
		*/
		@@ -34,8 +34,31 @@
		*
		* @template {EvadeCensorOptions} T
		* @overload
		* @param {string} source - Source code to transform
		* @param {T} [options] - Options for the transform
		* @returns {TransformedResult<T['sourceUrl']>} Object containing new code and optionally source map object (ready for stringification)
		* @param {EvadeCensorOptions & {sourceUrl: string}} options - Options for the transform
		* @returns {TransformedResultWithSourceMap} Object containing new code and optionally source map object (ready for stringification)
		* @public
		*/

		/**
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @overload
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @returns {TransformedResult} Object containing new code and optionally source map object (ready for stringification)
		* @public
		*/
		/**
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @public
		*/
		export function evadeCensorSync(source, options) {
		@@ -69,10 +92,34 @@ const {
		*
		* @template {EvadeCensorOptions} T
		* @overload
		* @param {string} source - Source code to transform
		* @param {T} [options] - Options for the transform
		* @returns {Promise<TransformedResult<T['sourceUrl']>>} Object containing new code and optionally source map object (ready for stringification)
		* @param {EvadeCensorOptions & {sourceUrl: string}} options - Options for the transform
		* @returns {Promise<TransformedResultWithSourceMap>} Object containing new code and source map object (ready for stringification)
		* @public
		*/

		/**
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @overload
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @returns {Promise<TransformedResult>} Object containing new code
		* @public
		*/

		/**
		* Apply SES censorship evasion transforms on the given code `source`
		*
		* If the `sourceUrl` option is provided, the `map` property of the fulfillment
		* value will be a source map object; otherwise it will be `undefined`.
		*
		* @param {string} source - Source code to transform
		* @param {EvadeCensorOptions} [options] - Options for the transform
		* @public
		*/
		export async function evadeCensor(source, options) {
		return evadeCensorSync(source, options);
		}

+5

-9

src/parse-ast.d.ts

		/**
		* This is the same type as `@babel/parser`'s `ParserOptions['sourceType']`, but
		* This is a subset of `@babel/parser`'s `ParserOptions['sourceType']`, but
		* re-implemented here for decoupling purposes.
		*
		* Still, this is likely Babel-specific.
		*
		* @typedef {'module'\|'script'\|'unambiguous'} SourceType
		* @typedef {'module' \| 'script'} SourceType
		* @public
		@@ -24,10 +22,8 @@ */
		*/
		export function parseAst(source: string, opts?: ParseAstOptions \| undefined): babelParser.ParseResult<import("@babel/types").File>;
		export function parseAst(source: string, opts?: ParseAstOptions): babelParser.ParseResult<import("@babel/types").File>;
		/**
		* This is the same type as `@babel/parser`'s `ParserOptions['sourceType']`, but
		* This is a subset of `@babel/parser`'s `ParserOptions['sourceType']`, but
		* re-implemented here for decoupling purposes.
		*
		* Still, this is likely Babel-specific.
		*/
		export type SourceType = "module" \| "script" \| "unambiguous";
		export type SourceType = "module" \| "script";
		/**
		@@ -34,0 +30,0 @@ * Options for {@link parseAst}.

+1

-1

src/parse-ast.d.ts.map

		@@ -1,1 +0,1 @@
		{"version":3,"file":"parse-ast.d.ts","sourceRoot":"","sources":["parse-ast.js"],"names":[],"mappings":"AAUA;;;;;;;;GAQG;AAEH;;;;;;GAMG;AAEH;;;;;;GAMG;AACH,iCAJW,MAAM,4FAWhB;;;;;;;yBA1BY,QAAQ,GAAC,QAAQ,GAAC,aAAa;;;;;;;6BAVf,eAAe"}
		{"version":3,"file":"parse-ast.d.ts","sourceRoot":"","sources":["parse-ast.js"],"names":[],"mappings":"AAUA;;;;;;GAMG;AAEH;;;;;;GAMG;AAEH;;;;;;GAMG;AACH,iCAJW,MAAM,SACN,eAAe,wDAWzB;;;;;yBA3BY,QAAQ,GAAG,QAAQ;;;;;;;6BARH,eAAe"}

+3

-4

src/parse-ast.js

		@@ -12,8 +12,6 @@ /**
		/**
		* This is the same type as `@babel/parser`'s `ParserOptions['sourceType']`, but
		* This is a subset of `@babel/parser`'s `ParserOptions['sourceType']`, but
		* re-implemented here for decoupling purposes.
		*
		* Still, this is likely Babel-specific.
		*
		* @typedef {'module'\|'script'\|'unambiguous'} SourceType
		* @typedef {'module' \| 'script'} SourceType
		* @public
		@@ -42,4 +40,5 @@ */
		createParenthesizedExpressions: true,
		allowReturnOutsideFunction: opts.sourceType === 'script',
		...opts,
		});
		}

+1

-1

src/transform-ast.d.ts

		@@ -24,3 +24,3 @@ /**
		*/
		export function transformAst(ast: import("@babel/types").File, { elideComments }?: TransformAstOptionsWithoutSourceMap \| undefined): void;
		export function transformAst(ast: import("@babel/types").File, { elideComments }?: TransformAstOptions): void;
		/**
		@@ -27,0 +27,0 @@ * Options for {@link transformAst}

+1

-1

src/transform-ast.d.ts.map

		@@ -1,1 +0,1 @@
		{"version":3,"file":"transform-ast.d.ts","sourceRoot":"","sources":["transform-ast.js"],"names":[],"mappings":"AAkBA;;;;;GAKG;AAEH;;;;;;GAMG;AAEH;;;;;;;;;GASG;AACH,kCAJW,OAAO,cAAc,EAAE,IAAI,wEAEzB,IAAI,CAuBhB;;;;kCA1CY,mCAAmC"}
		{"version":3,"file":"transform-ast.d.ts","sourceRoot":"","sources":["transform-ast.js"],"names":[],"mappings":"AAkBA;;;;;GAKG;AAEH;;;;;;GAMG;AAEH;;;;;;;;;GASG;AACH,kCAJW,OAAO,cAAc,EAAE,IAAI,sBAC3B,mBAAmB,GACjB,IAAI,CAuBhB;;;;kCA1CY,mCAAmC"}

@endo/evasive-transform - npm Package Compare versions

Improved metrics