WeChat Mini-Program ecosystems suffer from widespread JavaScript code theft, while existing obfuscation tools face critical bottlenecks—including slow processing, severe code bloat (often >50%), and significant runtime performance degradation. To address these challenges, we propose Parallel-Aware Scope Analysis (PASA), a novel algorithm integrating multi-core parallelism, scope-sensitive static analysis, namespace isolation, and semantics-preserving obfuscation. Based on PASA, we design an efficient, scalable obfuscation protection framework. Our framework processes large-scale codebases (e.g., 20 MB) within minutes, incurs ≤20% code size overhead, preserves near-native runtime performance, and maintains compatibility with static analyzers and large-language-model-based security tools. Compared to state-of-the-art baselines, our approach achieves substantially higher security strength—marking the first practical solution for high-throughput, low-overhead, and robust large-scale JavaScript obfuscation.

The WeChat mini-game ecosystem faces rampant intellectual property theft to other platforms via secondary development, yet existing JavaScript obfuscation tools are ill-equipped for large-scale applications, suffering from prohibitive processing times, severe runtime performance degradation, and unsustainable code size inflation. This paper introduces JSProtect, a high-throughput parallelized obfuscation framework designed to overcome these fundamental limitations. At the core of our framework is the Parallel-Aware Scope Analysis (PASA) algorithm, which enables two key optimizations: independent code partitioning for multi-core processing and independent namespace management that aggressively reuses short identifiers to combat code bloat. Our evaluation demonstrates that JSProtectprocesses 20MB codebases in minutes, maintaining 100% semantic equivalence while controlling code size inflation to as low as 20% compared to over 1,000% with baseline tools. Furthermore, it preserves near-native runtime performance and provides superior security effectiveness against both static analysis tools and large language models. This work presents a new paradigm for industrial-scale JavaScript protection that effectively balances robust security with high performance and scalability.