Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gradejs/gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
https://github.com/gradejs/gradejs
bugbounty bundle bundling javascript npm package-management security-tools vulnerability vulnerability-detection webpack website-security
Last synced: about 2 months ago
JSON representation
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
- Host: GitHub
- URL: https://github.com/gradejs/gradejs
- Owner: gradejs
- License: mit
- Created: 2021-09-16T11:04:34.000Z (over 3 years ago)
- Default Branch: develop
- Last Pushed: 2022-11-08T16:05:56.000Z (about 2 years ago)
- Last Synced: 2024-08-01T15:19:40.705Z (5 months ago)
- Topics: bugbounty, bundle, bundling, javascript, npm, package-management, security-tools, vulnerability, vulnerability-detection, webpack, website-security
- Language: TypeScript
- Homepage: https://gradejs.com
- Size: 2.93 MB
- Stars: 407
- Watchers: 6
- Forks: 11
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# GradeJS
GradeJS is an open-source project that allows you to analyze webpack production bundles without having access to the source code of a website. It detects a list of bundled NPM libraries and works even for minified or tree-shaken bundles.
It parses the abstract syntax tree from a JavaScript file, detects the webpack bootstrap entities and localizes module boundaries. A webpack-bundled module usually represents either a single file of an NPM library or a subset of concatenated files. By using built-in AST hash functions, GradeJS generates special signatures per each exported entity, which are retrospectively looked up in the pre-made database index by a matching algorithm. The matching algorithm is quite straightforward and based on a probabilistic approach.
![Preview](./docs/preview-1.png)
![Preview](./docs/preview-2.png)More info:
- [How it works?](https://github.com/gradejs/gradejs/discussions/6)
- [Understanding Accuracy](https://github.com/gradejs/gradejs/discussions/8)## How to use
Go to the [https://gradejs.com/](https://gradejs.com/) and enter a site in the `https://example.com` format. An analysis is performed server-side. Once the bundle is analyzed, the package name, version, size, and relative percentage size of the packages are returned.
## Supported bundlers & packages
Current beta version supports [webpack](https://webpack.js.org/) from 3 to 5 and have indexed ~3,000 most popular NPM libraries over ~100,000 releases.
## Contributing
We value your feedback, please use Discussions for questions and comments. If you encounter any suspicious behavior, false or missing results, please file a new issue. At this stage, we don't expect direct code contributions yet.