js-x-ray VS cli

If you are new in town, JS-X-Ray is an open source JavaScript SAST (Static Application Security Testing). The tool analyzes your JavaScript sources for patterns that may affect the security and quality of your project 😎.

@nodesecure/js-x-ray, a SAST scanner (A static analyser for detecting most common malicious patterns)

I'm back at writing for a new technical article on NodeSecure. This time I want to focus on the SAST JS-X-Ray 🔬.

And it is happening right now. Github is opening the GitHub Advisory Database to community submissions. Awesome community NodeSecure builds cool things like scanner and js-x-ray. There are also lockfile-lint, LavaMoat, Jfrog-npm-tools (and I am sure there is more).

Static Analysis is powered by @nodesecure/js-x-ray and @nodesecure/scanner.

Execute NodeSecure/JS-X-Ray on each JavaScript files.

JS-X-Ray - SAST Scanner

I have been working every night of the week on a new major version of my open-source JavaScript SAST JS-X-Ray. I've been looking forward to making significant changes to the code for several months now...

📢 By the way NodeSecure CLI has a first-class support of the scorecard.

Those information are visible in the NodeSecure CLI interface:

@nodesecure/cli, a CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project

Fun fact: its first contribution 🐤 on NodeSecure was also on the old version of the code Scanner that managed vulnerabilities.

When NodeSecure was a single project the AST analysis was at most a few hundred lines in two or three JavaScript files. All the logic was coded with if and else conditions directly in the walker 🙈.

View on GitHub

NodeSecure can now detect packages created by Marak and it will generate a global warning ⚠️.

After more than ten long months of work we are finally there 😵! Version 0.9.0 has been released on npm 🚀.

Nsecure