zhaoyu_ma 5d3259f632 代码混淆插件. | 8 mesiacov pred | |
---|---|---|
.. | ||
bin | 8 mesiacov pred | |
dist | 8 mesiacov pred | |
scripts | 8 mesiacov pred | |
src | 8 mesiacov pred | |
.eslintignore | 8 mesiacov pred | |
.eslintrc.js | 8 mesiacov pred | |
.ncurc | 8 mesiacov pred | |
.travis.yml | 8 mesiacov pred | |
CHANGELOG.md | 8 mesiacov pred | |
CODE_OF_CONDUCT.md | 8 mesiacov pred | |
CONTRIBUTING.md | 8 mesiacov pred | |
LICENSE.BSD | 8 mesiacov pred | |
README.md | 8 mesiacov pred | |
index.cli.ts | 8 mesiacov pred | |
index.d.ts | 8 mesiacov pred | |
index.ts | 8 mesiacov pred | |
package.json | 8 mesiacov pred | |
tsconfig.json | 8 mesiacov pred |
JavaScript Obfuscator is a powerful free obfuscator for JavaScript, containing a variety of features which provide protection for your source code.
The example of obfuscated code: github.com
Huge thanks to all supporters!
It is not recommended to obfuscate vendor scripts and polyfills, since the obfuscated code is 15-80% slower (depends on options) and the files are significantly larger.
Install the package with Yarn or NPM and add it to your dependencies
or devDependencies
:
$ yarn add --dev javascript-obfuscator
or
$ npm install --save-dev javascript-obfuscator
From CDN:
<script src="https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js"></script>
From node_modules
:
<script src="./node_modules/javascript-obfuscator/dist/index.browser.js"></script>
var JavaScriptObfuscator = require('javascript-obfuscator');
var obfuscationResult = JavaScriptObfuscator.obfuscate(
`
(function(){
var variable1 = '5' - 3;
var variable2 = '5' + 3;
var variable3 = '5' + - '2';
var variable4 = ['10','10','10','10','10'].map(parseInt);
var variable5 = 'foo ' + 1 + 1;
console.log(variable1);
console.log(variable2);
console.log(variable3);
console.log(variable4);
console.log(variable5);
})();
`,
{
compact: false,
controlFlowFlattening: true
}
);
console.log(obfuscationResult.getObfuscatedCode());
/*
var _0x2218 = [
'8|3|1|2|0|4|6|9|7|5',
'bqndd',
'dySIh',
'kTiiG',
'log',
'tuvgv'
];
(function (_0x38b423, _0x1d6bd4) {
var _0x39a849 = function (_0x5794c7) {
while (--_0x5794c7) {
_0x38b423['push'](_0x38b423['shift']());
}
};
_0x39a849(++_0x1d6bd4);
}(_0x2218, 0x114));
var _0x8221 = function (_0xcac13e, _0x3627d7) {
_0xcac13e = _0xcac13e - 0x0;
var _0x1eae4d = _0x2218[_0xcac13e];
return _0x1eae4d;
};
(function () {
var _0x5336d5 = {
'bqndd': _0x8221('0x0'),
'islRd': function _0x2abb6c(_0x2f45f8, _0x4d47b0) {
return _0x2f45f8 + _0x4d47b0;
},
'kTiiG': function _0x32525a(_0x44ba8d, _0x2c5e0c) {
return _0x44ba8d + _0x2c5e0c;
},
'dySIh': 'foo\x20',
'tuvgv': function _0x28d015(_0x35d81a, _0x2d2463) {
return _0x35d81a - _0x2d2463;
}
};
var _0x5000ba = _0x5336d5[_0x8221('0x1')]['split']('|'), _0x5c972f = 0x0;
while (!![]) {
switch (_0x5000ba[_0x5c972f++]) {
case '0':
var _0x586faa = _0x5336d5['islRd'](_0x5336d5['kTiiG'](_0x5336d5[_0x8221('0x2')], 0x1), 0x1);
continue;
case '1':
var _0xab6a82 = _0x5336d5[_0x8221('0x3')]('5', -'2');
continue;
case '2':
var _0x19ab9d = [
'10',
'10',
'10',
'10',
'10'
]['map'](parseInt);
continue;
case '3':
var _0x321653 = _0x5336d5[_0x8221('0x3')]('5', 0x3);
continue;
case '4':
console['log'](_0x2c1b0c);
continue;
case '5':
console[_0x8221('0x4')](_0x586faa);
continue;
case '6':
console[_0x8221('0x4')](_0x321653);
continue;
case '7':
console[_0x8221('0x4')](_0x19ab9d);
continue;
case '8':
var _0x2c1b0c = _0x5336d5[_0x8221('0x5')]('5', 0x3);
continue;
case '9':
console[_0x8221('0x4')](_0xab6a82);
continue;
}
break;
}
}());
*/
obfuscate(sourceCode, options)
Returns ObfuscationResult
object which contains two public methods:
getObfuscatedCode()
- returns string
with obfuscated code;getSourceMap()
- if sourceMap
option is enabled - returns string
with source map or an empty string if sourceMapMode
option is set as inline
.Calling toString()
for ObfuscationResult
object will return string
with obfuscated code.
Method takes two parameters, sourceCode
and options
– the source code and the opitons respectively:
sourceCode
(string
, default: null
) – any valid source code, passed as a string;options
(Object
, default: null
) – an object with options.For available options, see options.
obfuscateMultiple(sourceCodesObject, options)
Accepts sourceCodesObject
that is a map which keys are identifiers of source codes and values are source codes:
{
foo: 'var foo = 1;',
bar: 'var bar = 2;'
}
Returns a map object which keys are identifiers of source codes and values are ObfuscationResult
objects.
See CLI options.
Usage:
javascript-obfuscator input_file_name.js [options]
javascript-obfuscator input_file_name.js --output output_file_name.js [options]
javascript-obfuscator input_file_name.js --output output_folder_name [options]
javascript-obfuscator input_folder_name --output output_folder_name [options]
Obfuscation of single input file with .js
extension.
If the destination path is not specified with the --output
option, the obfuscated file will be saved into the input file directory, with INPUT_FILE_NAME-obfuscated.js
name.
Some examples:
javascript-obfuscator samples/sample.js --compact true --self-defending false
// creates a new file samples/sample-obfuscated.js
javascript-obfuscator samples/sample.js --output output/output.js --compact true --self-defending false
// creates a new file output/output.js
Usage:
javascript-obfuscator ./dist [options]
// creates a new obfuscated files under `./dist` directory near the input files with `obfuscated` postfix
javascript-obfuscator ./dist --output ./dist/obfuscated [options]
// creates a folder structure with obfuscated files under `./dist/obfuscated` path
Obfuscation of all .js
files under input directory. If this directory contains already obfuscated files with -obfuscated
postfix - these files will ignored.
Obfuscated files will saved into the input directory under INPUT_FILE_NAME-obfuscated.js
name.
You can disable and enable obfuscation for specific parts of the code by adding following comments:
// javascript-obfuscator:disable
or /* javascript-obfuscator:disable */
;// javascript-obfuscator:enable
or /* javascript-obfuscator:enable */
.Example:
// input
var foo = 1;
// javascript-obfuscator:disable
var bar = 2;
// output
var _0xabc123 = 0x1;
var bar = 2;
Conditional comments affect only direct transformations of AST-tree nodes. All child transformations still will be applied to the AST-tree nodes.
For example:
Kind of variables of inserted nodes will auto-detected, based on most prevailing kind of variables of source code.
During obfuscation of the different files, the same names can be generated for the global identifiers between these files.
To prevent this set the unique prefix for all global identifiers for each obfuscated file with identifiersPrefix
option.
When using CLI this prefix will be added automatically.
Some input source code that will obfuscated with some obfuscation options can trigger false positive alerts in a few antiviruses. If you will get this false positive triggers, try to play with obfuscation options.
stringArrayEncoding
option value between rc4
and base64
values or disable it completely;identifierNamesGenerator
option value from hexadecimal
on mangled
;selfDefending
.If this wont help - attach your source code and describe your obfuscation options here: https://github.com/javascript-obfuscator/javascript-obfuscator/issues/51
Following options are available for the JS Obfuscator:
{
compact: true,
controlFlowFlattening: false,
controlFlowFlatteningThreshold: 0.75,
deadCodeInjection: false,
deadCodeInjectionThreshold: 0.4,
debugProtection: false,
debugProtectionInterval: false,
disableConsoleOutput: false,
domainLock: [],
identifierNamesGenerator: 'hexadecimal',
identifiersDictionary: [],
identifiersPrefix: '',
inputFileName: '',
log: false,
renameGlobals: false,
reservedNames: [],
reservedStrings: [],
rotateStringArray: true,
seed: 0,
selfDefending: false,
shuffleStringArray: true,
sourceMap: false,
sourceMapBaseUrl: '',
sourceMapFileName: '',
sourceMapMode: 'separate',
splitStrings: false,
splitStringsChunkLength: 10,
stringArray: true,
stringArrayEncoding: false,
stringArrayThreshold: 0.75,
target: 'browser',
transformObjectKeys: false,
unicodeEscapeSequence: false
}
-v, --version
-h, --help
-o, --output
--compact <boolean>
--config <string>
--control-flow-flattening <boolean>
--control-flow-flattening-threshold <number>
--dead-code-injection <boolean>
--dead-code-injection-threshold <number>
--debug-protection <boolean>
--debug-protection-interval <boolean>
--disable-console-output <boolean>
--domain-lock '<list>' (comma separated)
--exclude '<list>' (comma separated)
--identifier-names-generator <string> [dictionary, hexadecimal, mangled]
--identifiers-dictionary '<list>' (comma separated)
--identifiers-prefix <string>
--log <boolean>
--rename-globals <boolean>
--reserved-names '<list>' (comma separated)
--reserved-strings '<list>' (comma separated)
--rotate-string-array <boolean>
--seed <string|number>
--self-defending <boolean>
--shuffle-string-array <boolean>
--source-map <boolean>
--source-map-base-url <string>
--source-map-file-name <string>
--source-map-mode <string> [inline, separate]
--split-strings <boolean>
--split-strings-chunk-length <number>
--string-array <boolean>
--string-array-encoding <boolean|string> [true, false, base64, rc4]
--string-array-threshold <number>
--target <string> [browser, browser-no-eval, node]
--transform-object-keys <boolean>
--unicode-escape-sequence <boolean>
compact
Type: boolean
Default: true
Compact code output on one line.
config
Type: string
Default: ``
Name of JS/JSON config file which contains obfuscator options. These will be overridden by options passed directly to CLI
controlFlowFlattening
Type: boolean
Default: false
controlFlowFlatteningThreshold
to set percentage of nodes that will affected by control flow flattening.Enables code control flow flattening. Control flow flattening is a structure transformation of the source code that hinders program comprehension.
Example:
// input
(function(){
function foo () {
return function () {
var sum = 1 + 2;
console.log(1);
console.log(2);
console.log(3);
console.log(4);
console.log(5);
console.log(6);
}
}
foo()();
})();
// output
(function () {
function _0x3bfc5c() {
return function () {
var _0x3260a5 = {
'WtABe': '4|0|6|5|3|2|1',
'GokKo': function _0xf87260(_0x427a8e, _0x43354c) {
return _0x427a8e + _0x43354c;
}
};
var _0x1ad4d6 = _0x3260a5['WtABe']['split']('|'), _0x1a7b12 = 0x0;
while (!![]) {
switch (_0x1ad4d6[_0x1a7b12++]) {
case '0':
console['log'](0x1);
continue;
case '1':
console['log'](0x6);
continue;
case '2':
console['log'](0x5);
continue;
case '3':
console['log'](0x4);
continue;
case '4':
var _0x1f2f2f = _0x3260a5['GokKo'](0x1, 0x2);
continue;
case '5':
console['log'](0x3);
continue;
case '6':
console['log'](0x2);
continue;
}
break;
}
};
}
_0x3bfc5c()();
}());
controlFlowFlatteningThreshold
Type: number
Default: 0.75
Min: 0
Max: 1
The probability that the controlFlowFlattening
transformation will be applied to any given node.
This setting is especially useful for large code size because large amounts of control flow transformations can slow down your code and increase code size.
controlFlowFlatteningThreshold: 0
equals to controlFlowFlattening: false
.
deadCodeInjection
Type: boolean
Default: false
deadCodeInjectionThreshold
to set percentage of nodes that will affected by dead code injection.stringArray
option.With this option, random blocks of dead code will be added to the obfuscated code.
Example:
// input
(function(){
if (true) {
var foo = function () {
console.log('abc');
console.log('cde');
console.log('efg');
console.log('hij');
};
var bar = function () {
console.log('klm');
console.log('nop');
console.log('qrs');
};
var baz = function () {
console.log('tuv');
console.log('wxy');
console.log('z');
};
foo();
bar();
baz();
}
})();
// output
var _0x5024 = [
'zaU',
'log',
'tuv',
'wxy',
'abc',
'cde',
'efg',
'hij',
'QhG',
'TeI',
'klm',
'nop',
'qrs',
'bZd',
'HMx'
];
var _0x4502 = function (_0x1254b1, _0x583689) {
_0x1254b1 = _0x1254b1 - 0x0;
var _0x529b49 = _0x5024[_0x1254b1];
return _0x529b49;
};
(function () {
if (!![]) {
var _0x16c18d = function () {
if (_0x4502('0x0') !== _0x4502('0x0')) {
console[_0x4502('0x1')](_0x4502('0x2'));
console[_0x4502('0x1')](_0x4502('0x3'));
console[_0x4502('0x1')]('z');
} else {
console[_0x4502('0x1')](_0x4502('0x4'));
console[_0x4502('0x1')](_0x4502('0x5'));
console[_0x4502('0x1')](_0x4502('0x6'));
console[_0x4502('0x1')](_0x4502('0x7'));
}
};
var _0x1f7292 = function () {
if (_0x4502('0x8') === _0x4502('0x9')) {
console[_0x4502('0x1')](_0x4502('0xa'));
console[_0x4502('0x1')](_0x4502('0xb'));
console[_0x4502('0x1')](_0x4502('0xc'));
} else {
console[_0x4502('0x1')](_0x4502('0xa'));
console[_0x4502('0x1')](_0x4502('0xb'));
console[_0x4502('0x1')](_0x4502('0xc'));
}
};
var _0x33b212 = function () {
if (_0x4502('0xd') !== _0x4502('0xe')) {
console[_0x4502('0x1')](_0x4502('0x2'));
console[_0x4502('0x1')](_0x4502('0x3'));
console[_0x4502('0x1')]('z');
} else {
console[_0x4502('0x1')](_0x4502('0x4'));
console[_0x4502('0x1')](_0x4502('0x5'));
console[_0x4502('0x1')](_0x4502('0x6'));
console[_0x4502('0x1')](_0x4502('0x7'));
}
};
_0x16c18d();
_0x1f7292();
_0x33b212();
}
}());
deadCodeInjectionThreshold
Type: number
Default: 0.4
Min: 0
Max: 1
Allows to set percentage of nodes that will affected by deadCodeInjection
.
debugProtection
Type: boolean
Default: false
This option makes it almost impossible to use the console
tab of the Developer Tools (both on WebKit-based and Mozilla Firefox).
debugProtectionInterval
Type: boolean
Default: false
If checked, an interval is used to force the debug mode on the Console tab, making it harder to use other features of the Developer Tools. Works if debugProtection
is enabled.
disableConsoleOutput
Type: boolean
Default: false
Disables the use of console.log
, console.info
, console.error
, console.warn
, console.debug
, console.exception
and console.trace
by replacing them with empty functions. This makes the use of the debugger harder.
domainLock
Type: string[]
Default: []
target: 'node'
Locks the obfuscated source code so it only runs on specific domains and/or sub-domains. This makes really hard for someone to just copy and paste your source code and run it elsewhere.
It's possible to lock your code to more than one domain or sub-domain. For instance, to lock it so the code only runs on www.example.com add www.example.com
. To make it work on any sub-domain from example.com, use .example.com
.
exclude
Type: string[]
Default: []
A file names or globs which indicates files to exclude from obfuscation.
identifierNamesGenerator
Type: string
Default: hexadecimal
Sets identifier names generator.
Available values:
dictionary
: identifier names from identifiersDictionary
listhexadecimal
: identifier names like _0xabc123
mangled
: short identifier names like a
, b
, c
identifiersDictionary
Type: string[]
Default: []
Sets identifiers dictionary for identifierNamesGenerator
: dictionary
option. Each identifier from the dictionary will be used in a few variants with a different casing of each character. Thus, the number of identifiers in the dictionary should depend on the identifiers amount at original source code.
identifiersPrefix
Type: string
Default: ''
Sets prefix for all global identifiers.
Use this option when you want to obfuscate multiple files. This option helps to avoid conflicts between global identifiers of these files. Prefix should be different for every file.
inputFileName
Type: string
Default: ''
Allows to set name of the input file with source code. This name will used internally for source map generation.
log
Type: boolean
Default: false
Enables logging of the information to the console.
renameGlobals
Type: boolean
Default: false
Enables obfuscation of global variable and function names with declaration.
reservedNames
Type: string[]
Default: []
Disables obfuscation and generation of identifiers, which being matched by passed RegExp patterns.
Example:
{
reservedNames: [
'^someVariable',
'functionParameter_\d'
]
}
reservedStrings
Type: string[]
Default: []
Disables transformation of string literals, which being matched by passed RegExp patterns.
Example:
{
reservedStrings: [
'react-native',
'\.\/src\/test',
'some-string_\d'
]
}
rotateStringArray
Type: boolean
Default: true
stringArray
must be enabledShift the stringArray
array by a fixed and random (generated at the code obfuscation) places. This makes it harder to match the order of the removed strings to their original place.
This option is recommended if your original source code isn't small, as the helper function can attract attention.
seed
Type: string|number
Default: 0
This option sets seed for random generator. This is useful for creating repeatable results.
If seed is 0
- random generator will work without seed.
selfDefending
Type: boolean
Default: false
compact
value to true
This option makes the output code resilient against formatting and variable renaming. If one tries to use a JavaScript beautifier on the obfuscated code, the code won't work anymore, making it harder to understand and modify it.
shuffleStringArray
Type: boolean
Default: true
stringArray
must be enabledRandomly shuffles the stringArray
array items.
sourceMap
Type: boolean
Default: false
Enables source map generation for obfuscated code.
Source maps can be useful to help you debug your obfuscated JavaScript source code. If you want or need to debug in production, you can upload the separate source map file to a secret location and then point your browser there.
sourceMapBaseUrl
Type: string
Default: ``
Sets base url to the source map import url when sourceMapMode: 'separate'
.
CLI example:
javascript-obfuscator input.js --output out.js --source-map true --source-map-base-url 'http://localhost:9000'
Result:
//# sourceMappingURL=http://localhost:9000/out.js.map
sourceMapFileName
Type: string
Default: ``
Sets file name for output source map when sourceMapMode: 'separate'
.
CLI example:
javascript-obfuscator input.js --output out.js --source-map true --source-map-base-url 'http://localhost:9000' --source-map-file-name example
Result:
//# sourceMappingURL=http://localhost:9000/example.js.map
sourceMapMode
Type: string
Default: separate
Specifies source map generation mode:
inline
- emit a single file with source maps instead of having a separate file;separate
- generates corresponding '.map' file with source map. In case you run obfuscator through CLI - adds link to source map file to the end of file with obfuscated code //# sourceMappingUrl=file.js.map
.splitStrings
Type: boolean
Default: false
Splits literal strings into chunks with length of splitStringsChunkLength
option value.
Example:
// input
(function(){
var test = 'abcdefg';
})();
// output
(function(){
var _0x5a21 = 'ab' + 'cd' + 'ef' + 'g';
})();
splitStringsChunkLength
Type: number
Default: 10
Sets chunk length of splitStrings
option.
stringArray
Type: boolean
Default: true
Removes string literals and place them in a special array. For instance, the string "Hello World"
in var m = "Hello World";
will be replaced with something like var m = _0x12c456[0x1];
stringArrayEncoding
Type: boolean|string
Default: false
stringArray
option must be enabledThis option can slow down your script.
Encode all string literals of the stringArray
using base64
or rc4
and inserts a special code that used to decode it back at runtime.
Available values:
true
(boolean
): encode stringArray
values using base64
false
(boolean
): don't encode stringArray
values'base64'
(string
): encode stringArray
values using base64
'rc4'
(string
): encode stringArray
values using rc4
. About 30-50% slower than base64
, but more harder to get initial values. It is recommended to disable unicodeEscapeSequence
option with rc4
encoding to prevent very large size of obfuscated code.
stringArrayThreshold
Type: number
Default: 0.8
Min: 0
Max: 1
stringArray
option must be enabledYou can use this setting to adjust the probability (from 0 to 1) that a string literal will be inserted into the stringArray
.
This setting is especially useful for large code size because it repeatedly calls to the string array
and can slow down your code.
stringArrayThreshold: 0
equals to stringArray: false
.
target
Type: string
Default: browser
Allows to set target environment for obfuscated code.
Available values:
browser
;browser-no-eval
;node
.Currently output code for browser
and node
targets is identical, but some browser-specific options are not allowed to use with node
target.
Output code for browser-no-eval
target is not using eval
.
transformObjectKeys
Type: boolean
Default: false
Enables transformation of object keys.
Example:
// input
(function(){
var object = {
foo: 'test1',
bar: {
baz: 'test2'
}
};
})();
// output
var _0x2fae = [
'baz',
'test2',
'foo',
'test1',
'bar'
];
var _0x377c = function (_0x1fbd3f, _0x59c72f) {
_0x1fbd3f = _0x1fbd3f - 0x0;
var _0x14fada = _0x2fae[_0x1fbd3f];
return _0x14fada;
};
(function () {
var _0x8a12db = {};
_0x8a12db[_0x377c('0x0')] = _0x377c('0x1');
var _0xc75419 = {};
_0xc75419[_0x377c('0x2')] = _0x377c('0x3');
_0xc75419[_0x377c('0x4')] = _0x8a12db;
var _0x191393 = _0xc75419;
}());
unicodeEscapeSequence
Type: boolean
Default: false
Allows to enable/disable string conversion to unicode escape sequence.
Unicode escape sequence increases code size greatly and strings easily can be reverted to their original view. Recommended to enable this option only for small source code.
Performance will 50-100% slower than without obfuscation
{
compact: true,
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 1,
deadCodeInjection: true,
deadCodeInjectionThreshold: 1,
debugProtection: true,
debugProtectionInterval: true,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
renameGlobals: false,
rotateStringArray: true,
selfDefending: true,
shuffleStringArray: true,
splitStrings: true,
splitStringsChunkLength: '5',
stringArray: true,
stringArrayEncoding: 'rc4',
stringArrayThreshold: 1,
transformObjectKeys: true,
unicodeEscapeSequence: false
}
Performance will 30-35% slower than without obfuscation
{
compact: true,
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 0.75,
deadCodeInjection: true,
deadCodeInjectionThreshold: 0.4,
debugProtection: false,
debugProtectionInterval: false,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
renameGlobals: false,
rotateStringArray: true,
selfDefending: true,
shuffleStringArray: true,
splitStrings: true,
splitStringsChunkLength: '10',
stringArray: true,
stringArrayEncoding: 'base64',
stringArrayThreshold: 0.75,
transformObjectKeys: true,
unicodeEscapeSequence: false
}
Performance will slightly slower than without obfuscation
{
compact: true,
controlFlowFlattening: false,
deadCodeInjection: false,
debugProtection: false,
debugProtectionInterval: false,
disableConsoleOutput: true,
identifierNamesGenerator: 'hexadecimal',
log: false,
renameGlobals: false,
rotateStringArray: true,
selfDefending: true,
shuffleStringArray: true,
splitStrings: false,
stringArray: true,
stringArrayEncoding: false,
stringArrayThreshold: 0.75,
unicodeEscapeSequence: false
}
es3
, es5
, es2015
, es2016
and es2017
README.md
but it's not working!The README on the master branch might not match that of the latest stable release.
Try to run npm link javascript-obfuscator
command or install it globally with npm i -g javascript-obfuscator
maximum call stack size exceeded
Likely this is selfDefending
mechanism. Something is changing source code after obfuscation with selfDefending
option.
No. JSX support isn't planned.
var
, let
or const
)?See: Kind of variables
Support us with a monthly donation and help us continue our activities. [Become a backer]
Become a sponsor and get your logo on our README on Github with a link to your site. [Become a sponsor]
Copyright (C) 2016-2020 Timofey Kachalov.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.