{"id":46156428,"url":"https://github.com/scanoss/scanoss.js","last_synced_at":"2026-03-02T10:02:29.493Z","repository":{"id":40258350,"uuid":"375664618","full_name":"scanoss/scanoss.js","owner":"scanoss","description":"The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.","archived":false,"fork":false,"pushed_at":"2026-02-23T15:40:53.000Z","size":3808,"stargazers_count":9,"open_issues_count":4,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-23T21:38:58.051Z","etag":null,"topics":["software-composition-analysis"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scanoss.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-06-10T10:52:17.000Z","updated_at":"2026-02-23T13:09:08.000Z","dependencies_parsed_at":"2024-04-15T16:16:09.644Z","dependency_job_id":"d06e95fb-0e2a-47c0-90be-588b08e27154","html_url":"https://github.com/scanoss/scanoss.js","commit_stats":{"total_commits":110,"total_committers":4,"mean_commits":27.5,"dds":"0.23636363636363633","last_synced_commit":"2e09b665faad52b94079a4c06f085761b4f8b425"},"previous_names":[],"tags_count":71,"template":false,"template_full_name":null,"purl":"pkg:github/scanoss/scanoss.js","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fscanoss.js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fscanoss.js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fscanoss.js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fscanoss.js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scanoss","download_url":"https://codeload.github.com/scanoss/scanoss.js/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fscanoss.js/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29998079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T09:59:02.300Z","status":"ssl_error","status_checked_at":"2026-03-02T09:59:02.001Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["software-composition-analysis"],"created_at":"2026-03-02T10:02:27.158Z","updated_at":"2026-03-02T10:02:29.431Z","avatar_url":"https://github.com/scanoss.png","language":"TypeScript","readme":"\u003cdiv align='left'\u003e\n\n[![REUSE status](https://api.reuse.software/badge/github.com/scanoss/scanoss.js)](https://api.reuse.software/info/github.com/scanoss/scanoss.js)\n![Build and Test status](https://github.com/scanoss/scanoss.js/actions/workflows/build_test.yml/badge.svg)\n\u003c/div\u003e\n\n\n\n\n# Scanoss JS Package\n\nThe SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.\n\nIt can be installed on your system and used as a CLI or installed directly into your Node.js project.\n\n## Installation\n\nYou can install the Scanoss package using npm (the Node Package Manager). Note that you will need to install Node.js and npm. Installing Node.js should install npm as well.\n\nTo download and install the Scanoss CLI run the following command: `npm install -g scanoss`\n\nOn the other hand, if you need to install the module in your own Node.js project and consume it as a dependency, execute the following command `npm install scanoss`\n\n## CLI Usage\n\nRunning the bare command will list the available sub-commands:\n\n```Usage: scanoss-js [options] [command]\nUsage: scanoss-js [options] [command]\n\nThe SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.\n\nOptions:\n -V, --version output the version number\n -h, --help display help for command\n\nCommands:\n scan [options] \u003csource\u003e Scan a folder/file\n dep [options] \u003csource\u003e Scan for dependencies\n wfp [options] \u003csource\u003e Generates fingerprints for a folder/file\n crypto [options] \u003csource\u003e Scan local cryptography\n help [command] display help for command\n```\n\n### Command `scan`\n* **Quick Analysis**: For a fast and free analysis of your project, simply run:\n `scanoss-js scan -o results.json \u003csource-folder\u003e`\n\n* **API Token Scanning**: Use your API token for enhanced scanning capabilities:\n `scanoss-js scan -o results.json --key \u003cyour_token\u003e --apiurl \u003cyour_apiurl\u003e \u003csource-folder\u003e`\n\n* **Dependency Detection**: Include dependency detection in your scan:\n `scanoss-js scan -o results.json --dependencies \u003csource-folder\u003e`\n\n* **Cryptography Detection**: Include cryptographic algorithm and library detection:\n `scanoss-js scan results.json --cryptography --key \u003cyour_token\u003e`\n\n * You can also specify custom algorithm and library detection rules:\n `scanoss-js scan results.json --cryptography --key \u003cyour_token\u003e --algorithm-rules \u003cpath-to-algorithm-rules.json\u003e --library-rules \u003cpath-to-library-rules.json\u003e`\n See examples of [algorithm rules](#example-algorithm-rules-file) and [library rules](#example-library-rules-file) files below.\n\n\n\u003e **Note**: Component cryptography scanning is only performed when a token is provided. Without a token, only local cryptography scanning is performed. Custom rules for algorithms and libraries are applied to local cryptography detection in either case.\n\n\n### Command `wfp`\n* Generate Hashes without analysis: `scanoss-js wfp -o fingerprints.wfp \u003csource-folder\u003e`\n\n \n* Subsequent scanning of previously generated Hashes: `scanoss-js scan -w fingerprints.wfp -o results.json`\n\nNote: the --dependencies flag is not applicable here, given that manifest files aren't encompassed within the hashes.\n\n\n\n### Command `dep`\n* Focus Exclusively on Dependencies: `scanoss-js dep .`\n\nThe manifest files acknowledged during the scanning process are:\n\n * Python: requirements.txt, pyproject.toml\n * Java: pom.xml\n * Javascript: package.json, package-lock.json, yarn.lock\n * Ruby: Gemfile, Gemfile.lock\n * Golang: go.mod, go.sum\n * .NET/NuGet: *.csproj, packages.config\n * Gradle: build.gradle\n\n\n### Command `crypto`\n* Focus exclusively on local cryptographic algorithm and library detection: \n```bash\nscanoss-js crypto .\n```\n\nUs can also specify custom cryptography algorithm detection rules and library detection rules:\n``` bash\nscanoss-js crypto . --algorithm-rules \u003cpath-to-algorithm-rules.json\u003e --library-rules \u003cpath-to-library-rules.json\u003e\n```\nSee examples of [algorithm rules](#example-algorithm-rules-file) and [library rules](#example-library-rules-file) files below.\n\n### Example Algorithm Rules File\n\n```json\n [\n {\n \"algorithmId\": \"md5\",\n \"algorithm\": \"MD5 Message-Digest Algorithm\",\n \"strength\": \"128\",\n \"keywords\": [\n \"md5_file\",\n \"md5crypt\",\n \"md5_block_data_order\",\n \"ossl_md5_sha1_\",\n \"MD5_Init\"\n ]\n },\n {\n \"algorithm\": \"crc32\",\n \"strength\": \"32\",\n \"keywords\": [\n \"...\"\n ]\n }\n]\n```\n\n### Example Library Rules File\n```json\n[\n {\n \"id\": \"library/webcrypto\",\n \"name\": \"Web Cryptography API\",\n \"description\": \"A JavaScript API for performing basic cryptographic operations in web applications.\",\n \"keywords\": [\n \"window.crypto.subtle\",\n \"crypto.subtle.\",\n \"crypto.getRandomValues\",\n \"NodeWebCrypto\",\n \"WebCryptoAPI\"\n ],\n \"url\": \"https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API\",\n \"category\": \"library\",\n \"purl\": \"pkg:generic/webcrypto\",\n \"tags\": [\n \"JavaScript\"\n ]\n }\n]\n```\n\n\n## SDK Usage\nThe SDK provides a simple way to interact with the Scanoss APIs from your JS code. Here are two examples for performing code scanning and dependency scanning\n\n### Code Scanning \n\n```typescript\n// Import as ES6\nimport { Scanner, ScannerEvents, ScannerTypes } from 'scanoss';\n\n// Import as CommonJS\n// const { Scanner, ScannerEvents } = require('scanoss');\n\nconst scanner = new Scanner();\n\n// Set the folder path where the module will save the scan results and fingerprints\n// If is not specified, the module will create a folder on tmp\n// directory using a timestamp as a name\nscanner.setWorkDirectory('/yourProjectFolder/ScanResults/');\n\n// Set the scanner log event handler\nscanner.on(ScannerEvents.SCANNER_LOG, (logTxt) =\u003e console.log(logTxt));\n\n// Set the scanner finish event handler\nscanner.on(ScannerEvents.SCAN_DONE, (resultPath) =\u003e {\n console.log('Path to results: ', resultPath);\n});\n\nconst scannerInput = {\n fileList: ['/yourProjectFolder/example1.c', '/yourProjectFolder/example2.c'],\n};\n\n// Launch the scanner\nscanner.scan([scannerInput]);\n```\n\nThe scanner object provides a set of events that can be used to trigger custom actions. \nThese events are listed in the table above and were previously mentioned.\n\n| Event Name | Description |\n| ------------------- | ----------------------------------- |\n| SCANNER_LOG | Report any internal scanner events |\n| SCAN_DONE | Scan completed |\n| DISPATCHER_NEW_DATA | New data received but not persisted |\n| RESULTS_APPENDED | Results added to scan report file |\n\n\n\n\n## Local Development and Usage\nIf you want to develop this package and use it locally in your project (without publishing it), follow these steps:\n\n#### 1 - Creating a Symbolic Link for the Development Package:\nIn the root of the scanoss.js package, run the command:\n\n```bash\nnpm install \u0026\u0026 npm run build \u0026\u0026 npm link . \n```\nThis command creates a global symbolic link in your system that points to the local location of your package. This means you can use the package in any other Node.js project on your machine as if it were installed globally.\n\n#### 2 - Using the Package in Your Project:\n\nIn the root of the project where you want to use the scanoss package, run the command:\n\n```bash\nnpm link scanoss\n```\nThis will create a symbolic link in your project to the globally linked scanoss package. Any changes made in the package will be immediately reflected in the consuming project.\n\n#### 3 - Disconnecting the Link:\n\nRemember that once you finish developing or using the package locally, you should break the link to avoid potential issues with future versions or with installing other packages. To do this, simply run:\n\n```bash\nnpm unlink scanoss\n```\nin both the project and the scanoss package. This will remove the symbolic links and restore the normal state of the packages.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fscanoss.js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscanoss%2Fscanoss.js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fscanoss.js/lists"}