In the modern web, JavaScript (JS) provides dynamic behavior and, at the same time, is often used by malicious actors for a wide range of attacks such as drive-by-downloads, malicious payload delivery, ransomware, cryptojacking, and phishing. Malicious actors leverage JS obfuscation to obscure the original intention of the source code by hiding the API usages and evading existing detection systems. In this paper, we present a subtree evaluation-based system named JSHint, that focuses on the recovery of API usage in obfuscated JS scripts. We demonstrate that introducing obfuscation using off-the-shelf tools to JS source code significantly hides the standard API usage, and after being restored by JSHint almost complete recovery of API usages is achieved, with averages as high as 95.06%. We further demonstrate that introducing obfuscation to malicious JS source code makes them evasive - by generating false negatives as high as 9.30%. Through API usage restoration by JSHint, we can defeat these evasions significantly - up to 94.97% of the false negatives are converted back into true positives.