{"id":13527978,"url":"https://github.com/ajinabraham/nodejsscan","last_synced_at":"2025-05-14T03:08:01.162Z","repository":{"id":27926734,"uuid":"31419036","full_name":"ajinabraham/nodejsscan","owner":"ajinabraham","description":"nodejsscan is a static security code scanner for Node.js applications.","archived":false,"fork":false,"pushed_at":"2024-10-16T11:43:49.000Z","size":5538,"stargazers_count":2395,"open_issues_count":11,"forks_count":327,"subscribers_count":58,"default_branch":"master","last_synced_at":"2024-10-29T15:34:10.672Z","etag":null,"topics":["code-analysis","code-review","devsecops","javascript","lint","node","node-security","nodejs","nodejsscan","sast","security","security-scanner","static-analysis"],"latest_commit_sha":null,"homepage":"https://opensecurity.in","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ajinabraham.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"ajinabraham","custom":["https://paypal.me/ajinabraham"]}},"created_at":"2015-02-27T12:52:46.000Z","updated_at":"2024-10-26T23:42:56.000Z","dependencies_parsed_at":"2023-09-22T21:53:39.893Z","dependency_job_id":"3071d982-db45-48f7-8991-a5e8e5302d94","html_url":"https://github.com/ajinabraham/nodejsscan","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajinabraham%2Fnodejsscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajinabraham%2Fnodejsscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajinabraham%2Fnodejsscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajinabraham%2Fnodejsscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ajinabraham","download_url":"https://codeload.github.com/ajinabraham/nodejsscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248288340,"owners_count":21078900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-analysis","code-review","devsecops","javascript","lint","node","node-security","nodejs","nodejsscan","sast","security","security-scanner","static-analysis"],"created_at":"2024-08-01T06:02:09.105Z","updated_at":"2025-04-10T20:06:41.597Z","avatar_url":"https://github.com/ajinabraham.png","language":"CSS","readme":"# nodejsscan ![nodejsscan icon](https://user-images.githubusercontent.com/4301109/83980418-abb48b00-a8e3-11ea-99df-1d25dcc7fc28.png)\n\nStatic security code scanner (SAST) for Node.js applications powered by [libsast](https://github.com/ajinabraham/libsast) and [semgrep](https://github.com/returntocorp/semgrep).\n\nMade with ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82e3a63c-4813-11e6-9430-6015d98aeaab.png) in India  [![Tweet](https://img.shields.io/twitter/url?url=https://github.com/ajinabraham/nodejsscan)](https://twitter.com/intent/tweet/?text=nodejsscan,%20a%20static%20security%20code%20scanner%20for%20node.js%20applications%20by%20%40ajinabraham%20%40OpenSecurity_IN\u0026url=https://github.com/ajinabraham/nodejsscan)\n\n[![platform](https://img.shields.io/badge/platform-osx%2Flinux-green.svg)](https://github.com/ajinabraham/nodejsscan)\n[![License](https://img.shields.io/:license-gpl3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.html)\n[![python](https://img.shields.io/badge/python-3.7+-blue.svg)](https://www.python.org/downloads/)\n[![Tests](https://github.com/ajinabraham/nodejsscan/workflows/Tests/badge.svg)](https://github.com/ajinabraham/nodejsscan/actions?query=workflow%3ATests)\n\n### Support nodejsscan\n\n* **Donate via Paypal:** [![Donate via Paypal](https://user-images.githubusercontent.com/4301109/76471686-c43b0500-63c9-11ea-8225-2a305efb3d87.gif)](https://paypal.me/ajinabraham)\n* **Sponsor the Project:** [![Github Sponsors](https://user-images.githubusercontent.com/4301109/95517226-9e410780-098e-11eb-9ef5-7b8c7561d725.png)](https://github.com/sponsors/ajinabraham)\n\n### e-Learning Courses \u0026 Certifications\n[![OpSecX Video Course](https://user-images.githubusercontent.com/4301109/82597198-99fa8600-9b76-11ea-8243-c604bc7b06b1.png)](https://opsecx.com/index.php/product/node-js-security-pentesting-and-exploitation/?uid=github) [OpSecX Node.js Security: Pentesting and Exploitation - NJS](https://opsecx.com/index.php/product/node-js-security-pentesting-and-exploitation/?uid=github)\n\n## Run nodejsscan\n\n```bash\ndocker pull opensecurity/nodejsscan:latest\ndocker run -it -p 9090:9090 opensecurity/nodejsscan:latest\n```\n\n## Setup nodejsscan locally\n\nInstall Postgres and configure `SQLALCHEMY_DATABASE_URI` in `nodejsscan/settings.py` or as environment variable.\n\nFrom version 4 onwards, windows support is dropped.\n\n```bash\ngit clone https://github.com/ajinabraham/nodejsscan.git\ncd nodejsscan\npython3 -m venv venv\nsource venv/bin/activate\npip install -r requirements.txt\npython3 manage.py recreate-db # Run once to create database schema\n```\n\nTo run nodejsscan \n\n`./run.sh`\n\nThis will run nodejsscan web user interface at `http://127.0.0.1:9090`\n\n\n## Command Line Interface(CLI) and Python API\n\n![njsscan_cli](https://user-images.githubusercontent.com/4301109/83962395-ecbc8900-a86a-11ea-9fe7-40703a7e6d4b.gif)\n\n* CLI: https://github.com/ajinabraham/njsscan#command-line-options\n* API: https://github.com/ajinabraham/njsscan#python-api\n\n## Presentations\n\n[![Watch the video](https://img.youtube.com/vi/kTjICeZCvS0/hqdefault.jpg)](https://youtu.be/kTjICeZCvS0)\n\n## Integrations\n\n### Slack Alerts\n\nCreate your slack app [Slack App](https://api.slack.com/messaging/webhooks) and set `SLACK_WEBHOOK_URL` in `nodejsscan/settings.py` or as environment variable.\n\n![nodejsscan slack alert](https://user-images.githubusercontent.com/4301109/83978059-d64a1800-a8d2-11ea-9ef8-7a17d8904324.png)\n\n### Email Alerts\n\nConfigure SMTP settings in `nodejsscan/settings.py` or as environment variable.\n\n### CI/CD or DevSecOps\n\n* **Github Action**: https://github.com/ajinabraham/njsscan#github-action\n* **Gitlab CI/CD**: https://github.com/ajinabraham/njsscan#gitlab-cicd\n* **Travis CI**: https://github.com/ajinabraham/njsscan#travis-ci\n\n## Build Docker image\n\n```bash\ndocker build -t nodejsscan .\ndocker run -it -p 9090:9090 nodejsscan\n ```\n\n* CLI Docker Image: https://github.com/ajinabraham/njsscan#build-locally\n\n## nodejsscan screenshots\n\n![nodejsscan web ui](https://user-images.githubusercontent.com/4301109/83994121-74fe6500-a923-11ea-9ad7-012113f1bb12.png)\n![nodejsscan dashboard](https://user-images.githubusercontent.com/4301109/83980766-44e4a100-a8e6-11ea-9770-b179faf7f6ac.png)\n![nodejsscan charts](https://user-images.githubusercontent.com/4301109/83980816-ad338280-a8e6-11ea-98b0-d94d8dededcc.png)\n![nodejsscan overview](https://user-images.githubusercontent.com/4301109/83980780-62196f80-a8e6-11ea-9318-4ef97425f776.png)\n![nodejsscan findings](https://user-images.githubusercontent.com/4301109/83980887-2af78e00-a8e7-11ea-91af-8d2f269d65d1.png)\n","funding_links":["https://github.com/sponsors/ajinabraham","https://paypal.me/ajinabraham"],"categories":["\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","CSS","SAST","security","Static Code Analysis","CSS (66)","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具","static-analysis"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajinabraham%2Fnodejsscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fajinabraham%2Fnodejsscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajinabraham%2Fnodejsscan/lists"}