{"id":21223081,"url":"https://github.com/nestdotland/analyzer","last_synced_at":"2025-07-10T14:30:35.770Z","repository":{"id":56701276,"uuid":"283474643","full_name":"nestdotland/analyzer","owner":"nestdotland","description":"Analyze and Detect broken and malicious JS/TS modules.","archived":false,"fork":false,"pushed_at":"2020-10-24T08:31:53.000Z","size":3443,"stargazers_count":12,"open_issues_count":9,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-29T23:50:06.049Z","etag":null,"topics":["analyzer","ast","deno","malicious-code","nestland"],"latest_commit_sha":null,"homepage":"https://analyzer.nest.land","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nestdotland.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-29T10:58:09.000Z","updated_at":"2023-11-17T19:25:54.000Z","dependencies_parsed_at":"2022-08-15T23:31:37.872Z","dependency_job_id":null,"html_url":"https://github.com/nestdotland/analyzer","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nestdotland%2Fanalyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nestdotland%2Fanalyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nestdotland%2Fanalyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nestdotland%2Fanalyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nestdotland","download_url":"https://codeload.github.com/nestdotland/analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225341567,"owners_count":17459232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","ast","deno","malicious-code","nestland"],"created_at":"2024-11-20T22:48:44.467Z","updated_at":"2024-11-20T22:48:45.123Z","avatar_url":"https://github.com/nestdotland.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `nest_analyzer`\n\nAnalyze broken and malicious JavaScript and TypeScript modules.\n\n![crates.io](https://img.shields.io/crates/v/nest_analyzer.svg)\n![ci](https://github.com/nestdotland/analyzer/workflows/ci/badge.svg)\n[![nest badge](https://nest.land/badge.svg)](https://nest.land/package/analyzer)\n\n![flow](https://github.com/nestdotland/analyzer/raw/master/diagrams/analyzer.png)\n\n## Usage\n\nThe analyzer is available for use in Deno. It comes with a default static analyzer and optional (but recommended) runtime analyzer.\n\n```typescript\nimport { analyze } from \"https://x.nest.land/analyzer@0.0.4/mod.ts\";\n\n// oh no! malicious!\nconst source_code = `Deno[\"run\"]({ cmd: \"shutdown now\"})`\n\n// analyzer to the rescue ;)\nconst diagnostics = await analyze(source_code);\n```\n\n## Architecture\n\nnest_analyzer has a runtime and static analyzer.\n\n#### Runtime analyzer\n\n\u003e The static code analzer was removed recently as module authors with malicious intent can obfuscate their function calls to bypass the static analyzer, it is not ideal to depend on it.\n\nThe runtime analyzer comes with the analyzer module published at nest.land\n\n```typescript\nimport { analyze } from \"https://x.nest.land/analyzer@0.0.4/mod.ts\";\n\nanalyze(source_code, {\n  runtime: true // enable the runtime analyzer\n})\n```\n\nRules are corresponding to the rules in the static analyzer.\n\nRuntime analysis is a tideous process.\n\nTypescript code is compiled and bundled to es6, which is then parsed into its AST.\nAST nodes are injected with custom listeners using a fork of `Iroh.js`.\nFinally the code is _safely_ evaluated and diagnostics are collected based on the inbuilt rules.\n\n#### Static analyzer\n\nThe static analyzer uses Sauron to collect quality metrics. It is avaliable as a wasm module for use on the Web and Deno.\nIt collects diagnostics based on linting techniques, project structure, etc which can be used for calculation module score among other modules.\n\n## Contributing\n\n- If you are going to work on an issue, mention so in the issue comments\n  _before_ you start working on the issue.\n\n- Please be professional in the forums. Have a problem? Email divy@nest.land\n\n## Submitting a Pull Request\n\nBefore submitting, please make sure the following is done:\n\n1. That there is a related issue and it is referenced in the PR text.\n2. There are tests that cover the changes.\n3. Ensure `cargo test` and `deno test -A --unstable` passes.\n4. Format your code with `deno run --allow-run tools/format.ts`\n5. Make sure `deno run --allow-run tools/lint.ts` passes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnestdotland%2Fanalyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnestdotland%2Fanalyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnestdotland%2Fanalyzer/lists"}