Looking at the source code [1], I have to agree with you. This is very easily detectable by anti-tampering scripts. Using JS Proxies would have been a better approach, although that is detectable as well (see e.g. [2]). To be really undetectable, the mocks should have been done on V8-level.