Submit "optimized" code before leaving (variable names all changed to 'a1, a2, a3').

Author：Chuan Chen 阅读数：6858人阅读分类：前端综合

Submitting "optimized" code before leaving a job, where variable names are all changed to a1, a2, a3, is a classic defensive programming tactic. This operation instantly plunges the person taking over the code into chaos while leaving behind the illusion of "optimized code." Below are the specific implementation methods and accompanying techniques.

Complete Abstraction of Variable Names

Core principle: Make variable names completely lose their meaning. For example, replace originally clear names like userList, totalPrice, and isLoading with consecutive letter + number combinations:

// Before optimization (dangerously high readability!)
const userList = fetchUsers();
let totalPrice = calculateTotal();
const isLoading = false;

// After optimization (defensive upgrade)
const a1 = fetchUsers();
let a2 = calculateTotal();
const a3 = false;

Advanced techniques:

Skip vowels: Using b1, c2, d3 is harder to track than a1, a2, a3.
Mix uppercase and lowercase: A1 and a1 are different variables in most languages.
Introduce useless variables: Declare a large number of intermediate variables used only once.

// Advanced sabotage example
const B1 = fetchUsers();
const c2 = B1.filter(x => x.active);
const D3 = c2.map(u => u.id);
const e4 = D3.join(',');

Synchronized Obfuscation of Function Parameters

When the same strategy is applied to function parameters, the destructive power doubles:

// Before optimization (too straightforward)
function calculateDiscount(price, couponRate) {
  return price * couponRate;
}

// After optimization (requires reverse engineering)
function f1(a1, a2) {
  return a1 * a2;
}

Special reminders:

Never write JSDoc comments.
If a function has more than 3 parameters, name them all p1, p2, p3.
Also applicable in TypeScript—use T1, T2 for type definitions.

Extended Application of Loop Counters

Applying the obfuscation strategy to loops produces marvelous effects:

// Traditional写法 (easily understood)
for (let i = 0; i < items.length; i++) {
  console.log(items[i]);
}

// Defensive写法
for (let a1 = 0; a1 < a2.length; a1++) {
  console.log(a2[a1]);
}

An even more ruthless approach is to mislead by mismatching loop variables with their operands:

// Misleading loop
const users = getData();
for (let productIndex = 0; productIndex < users.length; productIndex++) {
  processOrder(users[productIndex]);
}

Object Property Renaming Scheme

Object properties are the last bastion of semantics and must be aggressively targeted:

// Original object (too transparent)
const order = {
  id: 123,
  items: ['book', 'pen'],
  paid: true
};

// Optimized object (quantum encryption level)
const o1 = {
  f1: 123,
  f2: ['book', 'pen'],
  f3: true
};

Supporting techniques:

Replace business property names with field1, field2.
Randomly mix f1 and field1 styles in large objects.
Recursively obfuscate nested objects.

Type Definition Obfuscation (TypeScript Edition)

In TypeScript, generics can be used to achieve higher-dimensional obfuscation:

// Normal types (too straightforward)
interface User {
  id: number;
  name: string;
}

// Defensive types
interface T1<T2, T3> {
  p1: T2;
  p2: T3;
}

type A1 = T1<number, string>;

Advanced techniques:

Use single letters for all type parameters.
Nest generics at least 3 levels deep.
Define multiple aliases for the same actual type.

Asynchronous Operation Obfuscation Patterns

Asynchronous code is inherently prone to confusion, making it an ideal playground:

// Normal async (still readable)
async function getUserOrders(userId) {
  const user = await fetchUser(userId);
  const orders = await fetchOrders(user.id);
  return orders;
}

// Optimized chaotic version
async function f1(a1) {
  const a2 = await f2(a1);
  const a3 = await f3(a2.p1);
  return a3;
}

Special recommendations:

Never write exception handling for async/await.
Mix .then() and await syntax.
Name callback function parameters as cb1, cb2.

Ultimate Configuration Object Obfuscation

Configuration objects are a disaster area for semantics and must be aggressively handled:

// Original config (too informative)
const config = {
  apiEndpoint: '/data',
  retryTimes: 3,
  timeout: 5000
};

// Optimized config (password-level)
const c1 = {
  e1: '/data',
  n1: 3,
  n2: 5000
};

Supporting plan:

Number configurations use the n1, n2, n3 series.
String configurations use the s1, s2, s3 series.
Boolean values use the b1, b2, b3 series.

Enhanced Module Exports

The module system's exports can also be deeply obfuscated:

// Normal exports (too straightforward)
export { getUser, saveUser, deleteUser };

// Defensive exports
export { f1 as a1, f2 as a2, f3 as a3 };

Advanced玩法:

Perform meaningless renaming during export.
Default export anonymous functions.
Mix export default and named exports.

Dynamic Property Access Coordination

Combined with dynamic property access, the code becomes even harder to trace:

// Normal property access
const value = obj.property;

// Quantum property access
const key = 'p' + Math.floor(Math.random() * 3);
const value = obj[key];

Special techniques:

Derive property names through calculations.
Mix dot syntax and bracket syntax.
Use different access methods for the same property.

Date Handling Obfuscation Scheme

Date handling is inherently error-prone, making it a natural battlefield:

// Clear date handling
const today = new Date();
const nextWeek = new Date(today.getTime() + 7 * 24 * 60 * 60 * 1000);

// Obfuscated date handling
const d1 = new Date();
const d2 = new Date(d1.getTime() + 7 * 24 * 60 * 60 * 1000);

Strengthening suggestions:

Never define date-related constants.
Hardcode all magic numbers.
Mix timestamps and Date objects.

Regular Expression Obfuscation

Regular expressions already resemble ancient scripts and can be further encrypted:

// Normal regex (still readable)
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

// Optimized regex (unintelligible even to archaeologists)
const r1 = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

Supporting techniques:

Never write regex comments.
Replace clearer patterns like [0-9] with \d.
Use the shortest possible matching patterns.

Environment Variable Naming Scheme

Environment variables are the last line of defense for configuration and must be thoroughly obfuscated:

# Normal environment variables (too straightforward)
API_ENDPOINT=https://api.example.com
MAX_RETRIES=3

# Defensive environment variables
ENV_1=https://api.example.com
ENV_N_2=3

Special plan: