Abstract
WebAssembly (Wasm) has emerged as a powerful binary format, enabling the seamless integration of languages like C and Rust into web applications. JavaScript (JS), the dominant language for client-side web development, has its code susceptible to tampering and intellectual property theft due to its transparency in browser environments. We introduce TranspileJS, a novel tool designed to enhance code security by automatically selecting and translating JS snippets into Wasm. TranspileJS leverages a multi-stage architecture that converts JS to TypeScript, which is compiled into Wasm using the AssemblyScript compiler. TranspileJS addresses the challenges posed by the fundamental differences between JS and Wasm, including dynamic typing, runtime behaviour mismatches, and standard library discrepancies, ensuring that the original behaviour of the code is preserved while maximising the amount of code transpiled. Our experiments show that TranspileJS successfully transpiles approximately one-third of the code in our dataset, with a performance impact of up to a 12.3% increase in execution time. The transpilation process inherently obfuscates code, creating effects similar to standard obfuscation techniques, and generates a stealthy and resilient output. Furthermore, combining transpilation with WebAssembly-specific obfuscation techniques opens new possibilities for code protection and resistance against reverse engineering.