⚡️ Run a static analysis of your module's dependencies.

💡 Features

Scanner builds on JS-X-Ray (SAST) and Vulnera (CVE detection), and adds additional detections such as:

• Detects:
  • Manifest confusion
  • Dependency confusion
  • Typosquatting of popular package names
  • Install scripts (e.g. install, preinstall, postinstall, preuninstall, postuninstall)
• Highlights packages by name, version(s), or maintainer
• Highlights infrastructure components such as ip, hostname, email, url
• Supports NPM and Yarn lockfiles

💃 Getting Started

$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner

For full API documentation, options, and usage examples, see the @nodesecure/scanner package README.

Workspaces

• @nodesecure/scanner
• @nodesecure/tarball
• @nodesecure/tree-walker
• @nodesecure/flags
• @nodesecure/mama
• @nodesecure/contact
• @nodesecure/conformance
• @nodesecure/npm-types
• @nodesecure/i18n
• @nodesecure/rc
• @nodesecure/utils
• @nodesecure/fs-walk
• @nodesecure/github
• @nodesecure/gitlab

🐥 Contributors guide

If you are a developer looking to contribute to the project, you must first read the CONTRIBUTING guide.

Once you have finished your development, check that the tests (and linter) are still good by running the following script:

$ npm run check

Caution

In case you introduce a new feature or fix a bug, make sure to include tests for it as well.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Gentilhomme 💻 📖 👀 🛡️ 🐛	Tony Gorez 💻 📖 👀 🐛	Haze 💻	Maksim Balabash 💻 🐛	Antoine Coulon 💻 🐛 👀 🚧 🛡️	Nicolas Hallaert 💻	Yefis 💻
Franck Hallaert 💻	Ange TEKEU 💻	Vincent Dhennin 💻 📖 👀 🐛	Kouadio Fabrice Nguessan 🚧	PierreDemailly 💻 👀 🐛 ⚠️	Kishore 💻 📖	Clement Gombauld 💻
Ajāy 💻 📖	Nicolas Hallaert 📖	Maxime ⚠️	Ange TEKEU 💻	Alexandre Malaj 💻 📖 🌍	FredGuiou 🚧	Christian Lisangola ⚠️
Quentin Lepateley 📖	Antoine Neff 🌍	Kévin VOYER 🌍	Mathieu 💻 🌍	im_codebreaker 💻 📖 🎨	Ayushmaan Shrotriya 📖	Inès & Mélu 📖
zwOk9 ⚠️	Pierre Martin 📖	Hamed Mohamed 💻

License

MIT