mochi.js

2 min read Original article ↗

Bun-native · MIT · stock Chromium

Sticky on the outside.
Untouchable on the inside.

mochi.js is a Bun-native, raw-CDP browser automation framework. Pass a seed and a profile; get a relationally-coherent fingerprint that survives a getParameter(0x9245) probe. JIT-friendly inject payload, Chromium-native fetch (real Chrome JA4 by definition), behavioral synth on top of Bezier+Fitts. Leaves no crumbs.

bun ≥ 1.1 macOS · Linux · Windows MIT

mochi mascot — a smiling rice cake with a honey drip

five pillars

Built for the strictest probes.

Where Playwright and Puppeteer leave fingerprints, mochi.js leaves nothing measurable. Each pillar covers one class of detection.

🧬

Relational consistency engine

Every fingerprint surface — canvas, WebGL, audio, fonts, MediaDevices, WebGPU — derives from a single (profile, seed) pair through a 48-rule DAG. No Frankenstein fingerprints; a Mac UA never lands next to Linux WebGL.

🌐

Chromium-native fetch

session.fetch() routes through Chromium itself via CDP — Network.loadNetworkResource for simple GETs, page.evaluate('fetch') for non-GET. JA4/JA3/H2 are real Chrome by definition. No parallel HTTP layer to keep in lockstep, no FFI to install.

🎯

Behavioral synthesis

humanClick / humanType / humanScroll synthesize from biomechanical models — Bezier paths with overshoot+correction, Fitts-law movement times, lognormal digraph delays. Profile-parameterized: hand, tremor, wpm, scrollStyle.

📐

Probe-Manifest harness

Captured baselines from real devices live in the repo. Every PR diffs the live session's Probe Manifest against the baseline; Zero-Diff is a CI gate. Intentional divergences live next to a written rationale.

🍡

One coherent stack

Replaces the usual hand-stitched pipeline (Patchright + fingerprint-injector + Turnstile clicker + curl-impersonate) with one library that owns it end-to-end. Bun-only. No Node, no Python sidecars, no proprietary bits.

three-line stealth

Same Playwright muscle memory.
None of the crumbs.

import { mochi } from "@mochi.js/core";

// boot a stealth browser in three lines
const session = await mochi.launch({
  profile: "linux-chrome-stable",
  seed: "user-12345",
});

const page = await session.newPage();
await page.goto("https://target.example/checkout");

console.log("UA:", session.profile.userAgent);

await session.close();