gradejs
cloudfire
Our great sponsors
gradejs | cloudfire | |
---|---|---|
16 | 1 | |
398 | 11 | |
0.0% | - | |
0.0 | 10.0 | |
over 1 year ago | over 1 year ago | |
TypeScript | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gradejs
-
Find out which NPM packages are used on your favourite website
That's weird. Could you please provide more details and submit an issue? https://github.com/gradejs/gradejs/issues
-
Open source website bundle analyzer that shows vulnerable NPM packages
I’d like to share an open source project I’ve been working on during the last year. It analyzes production JavaScript code and detects bundled NPM package versions. A vulnerability is shown when a specific detected version contains known vulnerabilities, taken from the Github advisory.
There’s also a dedicated package page, that shows accumulated statistics of a package. It’s like wappalyzer or builtwith but with better accuracy. For example: https://gradejs.com/package/react
So far I’ve only indexed ~10,000 popular websites. The current version works for Webpack bundles with 70-90% accuracy and ~3% false positive. The package detection algorithm is designed to match minified and tree-shaken AST subtrees for each export per bundled JS module.
I'd like to collect any feedback from the community.
Repository: https://github.com/gradejs/gradejs
-
I created a tool, that detects NPM package versions used on a website
Source code: https://github.com/gradejs/gradejs
-
Open source tool that detects bundled NPM packages on a website
Well, the accuracy question is tricky, since there are two problems. A false positive mistake is a tool showing something that IS NOT bundled. A false negative mistake would be a tool NOT showing something that IS bundled. Currently we see ~30% FN and ~5% FP for GradeJS accuracy. More info.
- GradeJS – Production Webpack Bundle Analyzer
-
FOSS: A website scanner that detects vulnerable NPM packages.
Try it out: gradejs.com
-
A tool that identifies NPM libraries inside production Webpack bundle by entering a website URL
Source code: https://github.com/gradejs/gradejs
- GitHub - gradejs/gradejs: GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
-
I made a project that detects NPM package versions bundled into website source code
Link: gradejs.com Source code: github.com/gradejs/gradejs
- Production Webpack bundle analyzer without access to the source code
cloudfire
-
A tool that identifies NPM libraries inside production Webpack bundle by entering a website URL
You could use this to bypass their checks
What are some alternatives?
repack - A Webpack-based toolkit to build your React Native application with full support of Webpack ecosystem.
undetected-chromedriver - Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)
BundleMon - A free open-source tool that helps you to monitor your bundle size on every commit and alerts you on changes.
snoop - Snoop — инструмент разведки на основе открытых данных (OSINT world)
nexe - 🎉 create a single executable out of your node.js apps
requests-html - Pythonic HTML Parsing for Humans™
mailgo - 💌 mailgo, a new concept of mailto and tel links [deprecated]
autoscraper - A Smart, Automatic, Fast and Lightweight Web Scraper for Python
reactn - React, but with built-in global state management.
Scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.
yarn.build - Build 🛠 and Bundle 📦 your local workspaces. Like Bazel, Buck, Pants and Please but for Yarn Berry. Build any language, mix javascript, typescript, golang and more in one polyglot repo. Ship your bundles to AWS Lambda, Docker, or any nodejs runtime.
cloudproxy - Hide your scrapers IP behind the cloud. Provision proxy servers across different cloud providers to improve your scraping success.