js-x-ray
js-x-ray copied to clipboard
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
There is currently a lot of situations where we are missing dynamic RegExps. Ref and examples here: https://github.com/nodejs/security-wg/issues/208 We should probably use the new Tracer to detect those cases (extension,...
The warning short identifiers is throw on the following file: https://unpkg.com/[email protected]/lib/fetch/file.js It should not throw for this file. I guess the current analysis don't take in account class name and...
The goal is to add UT about https://github.com/NodeSecure/js-x-ray/tree/master/src/probes/ It can help you to get into this project, feel free to submit a PR about 1 or multiples probes :)
fix https://github.com/NodeSecure/js-x-ray/issues/221 ### (WIP) Inject custom probes as param for AstAnalyser ```js const { AstAnalyser, JsSourceParser } = require("@nodesecure/js-x-ray"); new AstAnalyser({ parser: new JsSourceParser(), probes: [ // Any valid probe...
Right now JS-X-Ray is only capable to scan one sourcefile by one sourcefile. The [Scanner](https://github.com/NodeSecure/scanner) package is currently responsible of listing and iterating all JavaScript files from a given NPM...
Bumps the dependencies group with 1 update: [@typescript-eslint/typescript-estree](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-estree). Updates `@typescript-eslint/typescript-estree` from 6.21.0 to 7.1.0 Release notes Sourced from @typescript-eslint/typescript-estree's releases. v7.1.0 7.1.0 (2024-02-26) 🚀 Features eslint-plugin: add *-type-checked-only configs (#8367)...
Bumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.23.2 to 3.24.6 Changelog Sourced from github/codeql-action's changelog. CodeQL Action Changelog See the releases page for...
Here is a roadmap about my ideas about future releases of JS-X-Ray (outside of fixing current issues). - Add new documentation about Architectures - https://github.com/NodeSecure/js-x-ray/issues/267 - Improve the way to...
The goal of the task is to allow to package users (developers) to inject a new custom probe using the AstAnalyser ```js const { AstAnalyser, JsSourceParser } = require("@nodesecure/js-x-ray"); new...