Mochi.js: A Bun-Native Approach to High-Fidelity Browser Automation

Browser automation has long been a cat-and-mouse game between developers and anti-bot services. While tools like Playwright and Puppeteer are industry standards for testing, they often leave distinct fingerprints that make them easy targets for sophisticated detection systems. Mochi.js enters the scene as a Bun-native framework designed specifically to solve the 'fingerprint' problem by ensuring that every aspect of the browser's identity is logically consistent.

The Problem with Traditional Automation

Most automation libraries attempt to hide their identity by patching the browser or injecting scripts to override common detection vectors. This often creates "Frankenstein fingerprints"—where a User-Agent might claim the browser is running on macOS, but the WebGL renderer reveals a Linux-based environment. These inconsistencies are exactly what modern bot detectors like FingerprintJS Pro look for.

The Five Pillars of Mochi.js

To achieve high-fidelity stealth, Mochi.js is built around five core technical pillars:

1. Relational Consistency Engine

Instead of randomly assigning attributes, Mochi.js uses a 48-rule Directed Acyclic Graph (DAG) to derive fingerprints from a single (profile, seed) pair. This ensures that canvas, WebGL, audio, fonts, and WebGPU data are all relationally coherent. If a profile is set to a specific version of Chrome on macOS, every other fingerprint surface is adjusted to match that specific environment, eliminating the contradictions that typically trigger bot detection.

2. Chromium-Native Fetch

One of the most common ways bots are detected is through the TLS handshake and HTTP/2 fingerprints (JA3/JA4). Mochi.js avoids the common pitfall of using a separate HTTP layer or FFI to impersonate Chrome. Instead, it routes session.fetch() calls directly through Chromium via the Chrome DevTools Protocol (CDP), ensuring the network traffic is indistinguishable from a real user's browser by definition.

3. Behavioral Synthesis

Stealth isn't just about what the browser is, but how it behaves. Mochi.js implements biomechanical models to simulate human interaction:

• Bezier Paths: Mouse movements include overshoot and correction to mimic human imprecision.
• Fitts's Law: Movement times are calculated based on the distance and size of the target.
• Lognormal Digraph Delays: Typing speeds are simulated with realistic delays between specific key combinations.

4. Probe-Manifest Harness

To maintain its stealth capabilities, the library includes a "Probe-Manifest" harness. This system captures baselines from real devices and compares live sessions against these baselines in the CI pipeline. Any divergence must be justified with a written rationale, ensuring that the tool doesn't regress into a detectable state.

5. A Unified Bun-Native Stack

Unlike traditional setups that require a complex pipeline of Patchright, fingerprint injectors, and Python sidecars, Mochi.js is a single library built for Bun. This reduces the overhead and simplifies the deployment of stealth browsers.

Implementation and Usage

Mochi.js aims to maintain the "muscle memory" of Playwright users, offering a similar API. A basic stealth session can be launched in just a few lines of code:

import { mochi } from "@mochi.js/core";

const session = await mochi.launch({
  profile: "linux-chrome-stable",
  seed: "user-12345",
});

const page = await session.newPage();
await page.goto("https://target.example/checkout");

await session.close();

Community Feedback and Critiques

While the technical ambitions of Mochi.js are impressive, the initial Hacker News reception highlighted several critical points of concern:

• Stability and Reliability: Some users reported crashes when navigating to specific bot-detection sites or rendering issues on certain pages (e.g., Grok), suggesting that the tool may still be in an early, unstable phase.
• **- The Transparency Paradox: One commenter noted that by documenting the DAG and fingerprint manifest publicly, the developers may be providing a roadmap for anti-bot services to improve their detection methods, potentially accelerating the "cat-and-mouse chase."
• **- The Debug Mode Dilemma: A common critique in the automation community is that browsers running in debug mode (required for CDP) are often detectable. Users questioned whether Mochi.js effectively masks the fact that the browser is running in a controlled environment.
• **- Documentation and UX: Feedback indicated that the homepage and documentation are not mobile-friendly, which some viewed as a contradiction to the library's focus on high-fidelity simulation.

Conclusion

Mochi.js represents a sophisticated attempt to move beyond simple patching and toward a systemic simulation of a real browser environment. By focusing on relational consistency and biomechanical behavior, it offers a promising alternative for those requiring high-stealth automation, provided it can overcome the initial stability hurdles reported by the early adopters.