The WeChat mini-game ecosystem faces rampant intellectual property theft to other platforms via secondary development, yet existing JavaScript obfuscation tools are ill-equipped for large-scale applications, suffering from prohibitive processing times, severe runtime performance degradation, and unsustainable code size inflation. This paper introduces JSProtect, a high-throughput parallelized obfuscation framework designed to overcome these fundamental limitations. At the core of our framework is the Parallel-Aware Scope Analysis (PASA) algorithm, which enables two key optimizations: independent code partitioning for multi-core processing and independent namespace management that aggressively reuses short identifiers to combat code bloat. Our evaluation demonstrates that JSProtectprocesses 20MB codebases in minutes, maintaining 100\% semantic equivalence while controlling code size inflation to as low as 20\% compared to over 1,000\% with baseline tools. Furthermore, it preserves near-native runtime performance and provides superior security effectiveness against both static analysis tools and large language models. This work presents a new paradigm for industrial-scale JavaScript protection that effectively balances robust security with high performance and scalability.

翻译：微信小游戏生态系统面临通过二次开发向其他平台猖獗扩散的知识产权窃取问题，然而现有JavaScript混淆工具难以应对大规模应用场景，存在处理时间过长、运行时性能严重下降以及代码体积膨胀不可持续等根本性缺陷。本文提出JSProtect，一种旨在突破这些基础限制的高吞吐量并行化混淆框架。我们框架的核心是并行感知作用域分析算法，该算法实现了两项关键优化：支持多核处理的独立代码分区，以及通过积极复用短标识符以抑制代码膨胀的独立命名空间管理。评估结果表明，JSProtect可在数分钟内处理20MB规模的代码库，在保持100%语义等价性的同时，将代码体积膨胀率控制在最低20%（基线工具普遍超过1,000%）。此外，该框架能维持接近原生的运行时性能，并对静态分析工具与大型语言模型均展现出卓越的安全防护效能。本研究为工业级JavaScript保护提供了兼顾强安全性、高性能与可扩展性的新范式。