{"id":13464804,"url":"https://github.com/lirantal/is-website-vulnerable","last_synced_at":"2025-05-14T15:10:43.673Z","repository":{"id":35148926,"uuid":"212983914","full_name":"lirantal/is-website-vulnerable","owner":"lirantal","description":"finds publicly known security vulnerabilities in a website's frontend JavaScript libraries","archived":false,"fork":false,"pushed_at":"2024-09-12T17:47:03.000Z","size":703,"stargazers_count":1935,"open_issues_count":1,"forks_count":111,"subscribers_count":22,"default_branch":"main","last_synced_at":"2024-10-29T15:45:27.107Z","etag":null,"topics":["hacktoberfest","lighthouse","nodejs","scan","security","security-vulnerabilities","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lirantal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-05T10:52:11.000Z","updated_at":"2024-10-28T23:48:34.000Z","dependencies_parsed_at":"2024-01-19T01:04:04.484Z","dependency_job_id":"92b56cfa-9c8c-4f62-8e28-eee10afcf246","html_url":"https://github.com/lirantal/is-website-vulnerable","commit_stats":{"total_commits":67,"total_committers":25,"mean_commits":2.68,"dds":0.4626865671641791,"last_synced_commit":"a8b7ce9c9815a478f1bd7a976545e28e0644cc99"},"previous_names":[],"tags_count":49,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fis-website-vulnerable","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fis-website-vulnerable/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fis-website-vulnerable/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fis-website-vulnerable/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lirantal","download_url":"https://codeload.github.com/lirantal/is-website-vulnerable/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248154995,"owners_count":21056542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","lighthouse","nodejs","scan","security","security-vulnerabilities","vulnerabilities"],"created_at":"2024-07-31T14:00:50.653Z","updated_at":"2025-04-10T03:48:55.882Z","avatar_url":"https://github.com/lirantal.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","Web","\u003ca id=\"761a373e2ec1c58c9cd205cd7a03e8a8\"\u003e\u003c/a\u003e靶机\u0026\u0026漏洞环境\u0026\u0026漏洞App","Tools Powered by Snyk","security","System"],"sub_categories":["Scanning / Pentesting","\u003ca id=\"3e751670de79d2649ba62b177bd3e4ef\"\u003e\u003c/a\u003e未分类-VulnerableMachine","Security","Web Vulnerability Scanners"],"readme":"\u003cp align=\"center\"\u003e\u003ch1 align=\"center\"\u003e\n  is-website-vulnerable\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  finds publicly known security vulnerabilities in a website's frontend JavaScript libraries\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.npmjs.org/package/is-website-vulnerable\"\u003e\u003cimg src=\"https://badgen.net/npm/v/is-website-vulnerable\" alt=\"npm version\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.org/package/is-website-vulnerable\"\u003e\u003cimg src=\"https://badgen.net/npm/license/is-website-vulnerable\" alt=\"license\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.org/package/is-website-vulnerable\"\u003e\u003cimg src=\"https://badgen.net/npm/dt/is-website-vulnerable\" alt=\"downloads\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/lirantal/is-website-vulnerable/actions?workflow=CI\"\u003e\u003cimg src=\"https://github.com/lirantal/is-website-vulnerable/workflows/CI/badge.svg\" alt=\"build\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://codecov.io/gh/lirantal/is-website-vulnerable\"\u003e\u003cimg src=\"https://badgen.net/codecov/c/github/lirantal/is-website-vulnerable\" alt=\"codecov\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://snyk.io/test/github/lirantal/is-website-vulnerable\"\u003e\u003cimg src=\"https://snyk.io/test/github/lirantal/is-website-vulnerable/badge.svg\" alt=\"Known Vulnerabilities\"/\u003e\u003c/a\u003e\n  \u003ca href=\"./SECURITY.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg\" alt=\"Responsible Disclosure Policy\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./.github/is-website-vulnerable-logo.png\" alt=\"Screenshot of npm module called is website vulnerable that detects security vulnerabilities in websites based on Snyk database\" /\u003e\n  \u003cp align=\"center\"\u003e\n  \t\u003cp align=\"center\"\u003eMany thanks to \u003ca href=\"https://snyk.io\"\u003e\u003cimg src=\"./.github/snyk-logo.png\" width=\"100\"\u003e\u003c/a\u003e for supporting open source security\u003c/p\u003e\n\u003c/p\u003e\n\n\n\u003c/p\u003e\n\n\n# About\n\nFinds publicly known security vulnerabilities in a website's frontend JavaScript libraries.\n\n# Usage\n\n## Command line\n\nUsing Node.js's `npx` to run a one-off scan of a website:\n\n```bash\nnpx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]\n```\n\nThe CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:\n\n```bash\n$ npx is-website-vulnerable\nWoops! You forgot to provide a URL of a website to scan.\n? Please provide a URL to scan: › https://example.com\n...\n```\n\n### Exit codes\n\nIf the CLI detects an error, it will terminate with an exit code different from 0.\n\nExit Code 0: Everything is fine. No vulnerabilities found.\n\nExit Code 1: An error happened during the execution. Check the logs for details.\n\nExit Code 2: Vulnerabilities were found. Check the logs for details.\n\n## Docker\n\nTo build and run the container locally:\n\n```bash\n# Clone Repo:\ngit clone https://github.com/lirantal/is-website-vulnerable.git\n\n# Change to repo's cloned directory:\ncd is-website-vulnerable\n\n# Build Image locally:\ndocker build --no-cache -t lirantal/is-website-vulnerable:latest .\n\n# Run container:\ndocker run --rm -e SCAN_URL=\"https://www.google.com/\" lirantal/is-website-vulnerable:latest\n```\n\n`SCAN_URL` is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.\n\nIf you wish to provide command line arguments to `is-website-vulnerable` and customize the run, such as providing `--json` or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:\n\n```\ndocker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json\n```\n\n:warning: A modern version of Chrome is assumed to be available when using `is-website-vulnerable`. It may not be safe to assume that this is satisfied automatically on some CI services. For example, [additional configuration](https://docs.travis-ci.com/user/chrome#selecting-a-chrome-version) is necessary for [Travis CI](https://travis-ci.com/).\n\n# GitHub Action\nCreate .github/workflows/is-website-vulnerable.yml with the url that you want scanned:\n\n```yaml\nname: Test site for publicly known js vulnerabilities\n\non: push\njobs:\n  security:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Test for public javascript library vulnerabilities \n        uses: lirantal/is-website-vulnerable@main\n        with:\n          scan-url: \"https://yoursite.com\"\n```\n\n# Install\n\nYou can install globally via:\n\n```bash\nnpm install -g is-website-vulnerable\n```\n\n# Learn Node.js Security\n\n\u003chr/\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003cp\u003e\n    \u003ca href=\"https://nodejs-security.com\"\u003e\n      \u003cimg alt=\"Node.js Security\" align=\"center\" src=\"https://img.shields.io/badge/%F0%9F%A6%84-Learn%20Node.js%20Security%E2%86%92-gray.svg?colorA=5734F5\u0026colorB=5734F5\u0026style=flat\" /\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n  \n  ![Screenshot 2024-09-12 at 20 14 27](https://github.com/user-attachments/assets/586f3151-eed9-4542-92f1-de9237f6783c)\n  \n  \u003cp\u003e\n    Learn Node.js Secure Coding techniques and best practices from \u003ca href=\"https://www.lirantal.com\"\u003eLiran Tal\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n\n# Contributing\n\nPlease consult [CONTRIBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.\n\n# Author\n\n**is-website-vulnerable** © [Liran Tal](https://github.com/lirantal), Released under the [Apache-2.0](./LICENSE) License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fis-website-vulnerable","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flirantal%2Fis-website-vulnerable","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fis-website-vulnerable/lists"}