Open source website bundle analyzer that shows vulnerable NPM packages

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
JavaScript Webpack security-tools Bundling Npm

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

  • gradejs

    GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

    • I’d like to share an open source project I’ve been working on during the last year. It analyzes production JavaScript code and detects bundled NPM package versions. A vulnerability is shown when a specific detected version contains known vulnerabilities, taken from the Github advisory.

    There’s also a dedicated package page, that shows accumulated statistics of a package. It’s like wappalyzer or builtwith but with better accuracy. For example: https://gradejs.com/package/react

    So far I’ve only indexed ~10,000 popular websites. The current version works for Webpack bundles with 70-90% accuracy and ~3% false positive. The package detection algorithm is designed to match minified and tree-shaken AST subtrees for each export per bundled JS module.

    I'd like to collect any feedback from the community.

    Repository: https://github.com/gradejs/gradejs

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Find out which NPM packages are used on your favourite website

    1 project | /r/learnjavascript | 2 Nov 2022

  • I created a tool, that detects NPM package versions used on a website

    2 projects | /r/npm | 24 Oct 2022

  • Open source tool that detects bundled NPM packages on a website

    2 projects | /r/Frontend | 5 Oct 2022

  • GradeJS – Production Webpack Bundle Analyzer

    1 project | news.ycombinator.com | 20 Sep 2022

  • FOSS: A website scanner that detects vulnerable NPM packages.

    1 project | /r/hacking | 20 Sep 2022