{"id":22404970,"url":"https://github.com/mfernstrom/js-sif","last_synced_at":"2026-05-03T19:33:12.328Z","repository":{"id":49621987,"uuid":"276698043","full_name":"MFernstrom/js-sif","owner":"MFernstrom","description":"Scan your JS source code for potential SQL injection vectors","archived":false,"fork":false,"pushed_at":"2022-12-30T20:45:45.000Z","size":137,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-19T21:45:09.099Z","etag":null,"topics":["appsec","injection-attacks","mysql","security","sql"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MFernstrom.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-02T16:41:16.000Z","updated_at":"2021-10-21T00:48:52.000Z","dependencies_parsed_at":"2023-01-31T16:15:17.852Z","dependency_job_id":null,"html_url":"https://github.com/MFernstrom/js-sif","commit_stats":null,"previous_names":["mfernstrom/js-sql-injection-finder"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MFernstrom%2Fjs-sif","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MFernstrom%2Fjs-sif/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MFernstrom%2Fjs-sif/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MFernstrom%2Fjs-sif/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MFernstrom","download_url":"https://codeload.github.com/MFernstrom/js-sif/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245761300,"owners_count":20667895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","injection-attacks","mysql","security","sql"],"created_at":"2024-12-05T10:16:12.870Z","updated_at":"2026-05-03T19:33:12.298Z","avatar_url":"https://github.com/MFernstrom.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SIF / SQL Injection Finder\n\nScan your JavaScript code for potential SQL injection vectors\n\n\u003cimg src=\"sif.png\" /\u003e\n\n## Install\nnpm i -g @marcusfernstrom/sif\n\n## Use\nFrom commandline/terminal run `sif \u003cdirectory\u003e` where directory is the root of your project.\n\nIf a file has a potential SQL injection vector it shows up in red.\n\nSIF will exit with error code 1 if it found any risky SQL, useful if you want to add it to a build script.\n\n## How\nSIF grabs all .js files in the directory (recursively) and scans them for MySQL queries `.query(`, when it finds them it collects the SQL statement and analyzes it for string concatenation as well as string literals.\n\n## Notes\nSIF does not follow variables. A fairly common pattern is to use constants for SQL statements, such as\n\n```\nconnection.query(SQL_GET_ALL_USERS, function (error, results, fields) {\n  if (error) throw error;\n  console.log('The solution is: ', results[0].solution);\n});\n\nconst SQL_GET_ALL_USERS = `\n...sql here\n`;\n```\n\nFollowing variables like this is planned for a future version.\n\nThis is an early version, please report false positives and false negatives along with the SQL when possible so I can improve the accuracy.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmfernstrom%2Fjs-sif","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmfernstrom%2Fjs-sif","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmfernstrom%2Fjs-sif/lists"}