Can local javascript code running be reviewed?

If I am using the Tor browser and javascript is enabled, then some javascript can be used to uniquely identify the browser. (If this is wrong please tell me. I am not expert on TTB)

I do not understand whether any javascript code that runs locally can be reviewed (like open source software) or if it can’t be reviewed (like the source code for Windows).

An example if that if I am using DuckDuckGo to do search, and DDG appears to have very strong links to Microsoft, if it is running local javascript code in disposible VM, if that code were particularly aggressive with obtaining machine characteristics would security researchers know that?

I am concerned with the type of specific tests of browser characteristics in creeps.js that may identify Tor Browsers as unique when javascript is used so that I would expect similar disposable VMs of Tor to have similar unique values.

My understanding of these things is low and I would like to understand this. I know for any activity that has higher threat model, javascript is never used for this very reason.

I am not sure if it is better to use DuckDuckGo and blend in with many users or use SearX and land on an instance with few users in which I am trusting the person who hosts the instance not to collect identifiers. I am also not sure if javascript can be read once it’s running locally or if it is more like an exe file and wish I knew the answer.

I think you should ask this question here:
https://v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion/c/support/tor-browser-desktop/14

i tried to join but they haven’t approved me

probably they don’t like that i tried to register on a tor node :person_shrugging: