-
gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
I’d like to share an open source project I’ve been working on during the last year. It analyzes production JavaScript code and detects bundled NPM package versions. A vulnerability is shown when a specific detected version contains known vulnerabilities, taken from the Github advisory.
There’s also a dedicated package page, that shows accumulated statistics of a package. It’s like wappalyzer or builtwith but with better accuracy. For example: https://gradejs.com/package/react
So far I’ve only indexed ~10,000 popular websites. The current version works for Webpack bundles with 70-90% accuracy and ~3% false positive. The package detection algorithm is designed to match minified and tree-shaken AST subtrees for each export per bundled JS module.
I'd like to collect any feedback from the community.
Repository: https://github.com/gradejs/gradejs
Related posts
-
Find out which NPM packages are used on your favourite website
-
I created a tool, that detects NPM package versions used on a website
-
Open source tool that detects bundled NPM packages on a website
-
GradeJS – Production Webpack Bundle Analyzer
-
FOSS: A website scanner that detects vulnerable NPM packages.