Skip to content

Inject JS to the DOM to find vulnerable JavaScript libraries

License

Notifications You must be signed in to change notification settings

lirantal/js-vulns-detector

js-vulns-detector

Inject JS to the DOM to find vulnerable JavaScript libraries

npm version license downloads build codecov Known Vulnerabilities Responsible Disclosure Policy

About

This module provides a JavaScript bundle that can be injected into the DOM and detect which JavaScript libraries and versions are running, as well as the vulnerabilities associated with them.

This module provides several variation of bundles that can be used:

  • Global - provides JavaScript code that is not wrapped, and will call and return a function call result of the data when injected.

Install

npm install --save js-vulns-detector

Usage

One-off invocation

To generate a bundle file:

npx js-vulns-detector --global --outfile bundle.js

As a library

Access the bundle directly as an npm module:

import 'js-vulns-detector/dist/bundle-global.js'

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

js-vulns-detector © Liran Tal, Released under the Apache-2.0 License.