Skip to content

Instantly share code, notes, and snippets.

@0xdevalias

0xdevalias/javascript-web-app-reverse-engineering-module-identification.md

Last active March 22, 2025 09:02
Show Gist options
  • Save 0xdevalias/28c18edfc17606f09cf413f97e404a60 to your computer and use it in GitHub Desktop.
Save 0xdevalias/28c18edfc17606f09cf413f97e404a60 to your computer and use it in GitHub Desktop.
Download ZIP
Some notes on JavaScript Web App Reverse Engineering, specifically focussing on module / dependency identification
Raw
javascript-web-app-reverse-engineering-module-identification.md

JavaScript Web App Reverse Engineering - Module Identification

Some notes on JavaScript Web App Reverse Engineering, specifically focussing on module / dependency identification.

Table of Contents

Modules

Past Work

For the more general case of 'module detection' (and related concepts), see these issues:

And other similar deep dives / reverse engineering / module identification attempts:

autoprefixer / autoprefixer-deno

I had a file that contained content like this:

// ..snip..
class r extends o {
  check(e) {
    return !e.value.split(/\s+/).some(e => {
      let t = e.toLowerCase();
      return t === "reverse" || t === "alternate-reverse";
    });
  }
}
r.names = ["animation", "animation-direction"];
module.exports = r;

Which I searched for on GitHub Code Search:

Which seemed to point me towards autoprefixer / autoprefixer-deno's lib/hacks/animation.js:

browserslist/caniuse-lite / Fyrd/caniuse

I found the following confusing looking code in a bundle I was exploring (prettified here):

module.exports = {
  A: {
    A: {
      1: "A B",
      2: "J E F G PC"
    },
    B: {
      1: "0 1 2 3 4 C K L H M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m r s t u v w x y z D"
    },
    C: {
      1: "6 7 8 9 H M N O n o p AB BB CB DB EB FB GB HB IB JB KB LB MB NB OB PB QB RB SB TB UB VB WB XB YB ZB aB bB cB",
      2: "5 QC 3B I J E F G A B C K L RC SC",
      129: "dB eB fB",
      769: "gB 4B",
      1281: "0 1 2 3 4 hB 5B iB jB kB lB mB nB oB pB qB rB sB q tB uB vB wB xB P Q R 6B S T U V W X Y Z a b c d e f g h i j k l m r s t u v w x y z D 7B 8B 9B"
    },
    D: {
      1: "0 1 2 3 4 8 9 AB BB CB DB EB FB GB HB IB JB KB LB MB NB OB PB QB RB SB TB UB VB WB XB YB ZB aB bB cB dB eB fB gB 4B hB 5B iB jB kB lB mB nB oB pB qB rB sB q tB uB vB wB xB P Q R S T U V W X Y Z a b c d e f g h i j k l m r s t u v w x y z D 7B 8B 9B",
      2: "5 6 I J E F G A B C K L H M N O",
      33: "7 n o p"
    },
    E: {
      1: "F G A B C K L H XC BC yB zB CC YC ZC DC EC 0B aC 1B FC GC HC IC JC KC 2B LC MC bC",
      2: "5 I J E TC AC UC VC WC"
    },
    F: {
      1: "6 7 8 9 H M N O n o p AB BB CB DB EB FB GB HB IB JB KB LB MB NB OB PB QB RB SB TB UB VB WB XB YB ZB aB bB cB dB eB fB gB hB iB jB kB lB mB nB oB pB qB rB sB q tB uB vB wB xB P Q R 6B S T U V W X Y Z a b c d e f g h i j k l m",
      2: "G B C cC dC eC fC yB NC gC zB"
    },
    G: {
      1: "F mC nC oC pC qC rC sC tC uC vC wC xC yC zC 0C DC EC 0B 1C 1B FC GC HC IC JC KC 2B LC MC",
      2: "AC hC OC iC jC kC lC"
    },
    H: {
      2: "2C"
    },
    I: {
      1: "D 7C 8C",
      2: "3B I 3C 4C 5C 6C OC"
    },
    J: {
      1: "A",
      2: "E"
    },
    K: {
      1: "q",
      2: "A B C yB NC zB"
    },
    L: {
      1: "D"
    },
    M: {
      1: "D"
    },
    N: {
      1: "A B"
    },
    O: {
      1: "0B"
    },
    P: {
      1: "I n o p 9C AD BD CD DD BC ED FD GD HD ID 1B 2B JD KD"
    },
    Q: {
      1: "CC"
    },
    R: {
      1: "LD"
    },
    S: {
      1: "MD ND"
    }
  },
  B: 2,
  C: "High Resolution Time API",
  D: true
};

Searching GitHub for the only identifiable string didn't turn up much, except that it seemed like it might relate to a web feature, and some references linked to caniuse.com:

Trying to search for parts of the other 'minified' strings on GitHub mostly seemed to turn up pnpm cache entries and similar, but didn't help to identify what the original source was.

Looking at the repo containing the data for caniuse.com, and searching for the identifiable string seemed to confirm that it looks related in data shape, but wasn't quite the right match, as it still didn't explain the weird 'minified' looking strings:

Exploring a bit further with ChatGPT pointed me towards browserslist/caniuse-lite, and while searching for the main identifiable string didn't turn up anything directly, manually looking at the data did find what seemed to be a close match for the code we found in the bundle:

While this is one example, there are many other examples based on all of the other feature data:

crypto-js

I had a file that contained content like this:

// ..snip..
i = (r = (o = d).lib).Base;
a = r.WordArray;
s = (l = o.algo).SHA256;
c = l.HMAC;
u = l.PBKDF2 = i.extend({
  cfg: i.extend({
    keySize: 4,
    hasher: s,
    iterations: 250000
  }),
// ..snip..
o.PBKDF2 = function (e, t, n) {
  return u.create(n).compute(e, t);
};
module.exports = d.PBKDF2;

Which I searched for on GitHub Code Search:

Which seemed to point me towards crypto-js's src/pbkdf2.js:

cssnano / stylehacks

I had a file that just contained this content:

module.exports = {
  MEDIA_QUERY: "media query",
  PROPERTY: "property",
  SELECTOR: "selector",
  VALUE: "value"
};

Which I searched for on GitHub Code Search:

Which seemed to point me towards stylehacks, which seems to be a part of cssnano

html-dom-parser

I had a file that contained content like this:

// ..snip..

function a(e) {
  return function (e) {
    return r.CASE_SENSITIVE_TAG_NAMES_MAP[e];
  }(e = e.toLowerCase()) || e;
}
exports.formatAttributes = i;
exports.formatDOM = function e(t, n = null, r) {

// ..snip..

    (l = new o.ProcessingInstruction(r.substring(0, r.indexOf(" ")).toLowerCase(), r)).next = s

// ..snip..

Which I searched for on GitHub Code Search:

Which seemed to point me towards html-dom-parser's utilities.ts file:

postcss / postcss-deno

I had a file that started with this content:

const t = {
  after: "\n",
  beforeClose: "\n",
  beforeComment: "\n",
  beforeDecl: "\n",
  beforeOpen: " ",
  beforeRule: "\n",
  colon: ": ",
  commentLeft: " ",
  commentRight: " ",
  emptyBody: "",
  indent: "    ",
  semicolon: false
};

// ..snip..

Which I searched for on GitHub Code Search:

Which after a little looking through things, lead me to the postcss / postcss-deno stringifier.js file:

If I kept looking through the minified code I also would have seen this part later on, which sort of helped confirm that it relates to PostCSS:

// ..snip..

  stringify(e, t) {
    if (!this[e.type]) {
      throw new Error("Unknown AST node type " + e.type + ". Maybe you need to change PostCSS stringifier.");
    }
    this[e.type](e, t);
  }

// ..snip..

prosemirror-state

I had a file that contained content like this:

// ..snip..

  static near(e, t = 1) {
    return this.findFrom(e, t) || this.findFrom(e, -t) || new m(e.node(0));
  }
  static atStart(e) {
    return f(e, e, 0, 0, 1) || new m(e);
  }
  static atEnd(e) {
    return f(e, e, e.content.size, e.childCount, -1) || new m(e);
  }
  static fromJSON(e, t) {
    if (!t || !t.type) {
      throw new RangeError("Invalid input for Selection.fromJSON");
    }
    let n = i[t.type];
    if (!n) {
      throw new RangeError(`No selection type ${t.type} defined`);
    }
    return n.fromJSON(e, t);
  }

// ..snip..

Which I searched for on GitHub Code Search:

Which seemed to point me towards prosemirror-state's src/selection.ts:

react-resizable

I had a file that contained content like this:

module.exports = function () {
  throw new Error("Don't instantiate Resizable directly! Use require('react-resizable').Resizable");
};
// ..snip..

Which I searched for on GitHub Code Search:

Which seemed to point me towards react-resizable's index.js:

tailwindcss-typography

  • https://github.com/tailwindlabs/tailwindcss-typography

    • tailwindcss-typography Beautiful typographic defaults for HTML you don't control.

    • The official Tailwind CSS Typography plugin provides a set of prose classes you can use to add beautiful typographic defaults to any vanilla HTML you don’t control, like HTML rendered from Markdown, or pulled from a CMS.

I had a file that contained content like this:

// ..snip..

const r = e => e.toFixed(7).replace(/(\.[0-9]+?)0+$/, "$1").replace(/\.0$/, "");

// ..snip..

Which I searched for on GitHub Code Search:

Which seemed to point me towards tailwindcss-typography's src/styles.js:

See Also

My Other Related Deepdive Gist's and Projects

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment