Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gradejs/gradejs

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
https://github.com/gradejs/gradejs

bugbounty bundle bundling javascript npm package-management security-tools vulnerability vulnerability-detection webpack website-security

Last synced: 11 days ago
JSON representation

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Host: GitHub
URL: https://github.com/gradejs/gradejs
Owner: gradejs
License: mit
Created: 2021-09-16T11:04:34.000Z (about 3 years ago)
Default Branch: develop
Last Pushed: 2022-11-08T16:05:56.000Z (about 2 years ago)
Last Synced: 2024-08-01T15:19:40.705Z (3 months ago)
Topics: bugbounty, bundle, bundling, javascript, npm, package-management, security-tools, vulnerability, vulnerability-detection, webpack, website-security
Language: TypeScript
Homepage: https://gradejs.com
Size: 2.93 MB
Stars: 407
Watchers: 6
Forks: 11
Open Issues: 5
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# GradeJS

GradeJS is an open-source project that allows you to analyze webpack production bundles without having access to the source code of a website. It detects a list of bundled NPM libraries and works even for minified or tree-shaken bundles.

It parses the abstract syntax tree from a JavaScript file, detects the webpack bootstrap entities and localizes module boundaries. A webpack-bundled module usually represents either a single file of an NPM library or a subset of concatenated files. By using built-in AST hash functions, GradeJS generates special signatures per each exported entity, which are retrospectively looked up in the pre-made database index by a matching algorithm. The matching algorithm is quite straightforward and based on a probabilistic approach.

![Preview](./docs/preview-1.png)
![Preview](./docs/preview-2.png)

More info:

- [How it works?](https://github.com/gradejs/gradejs/discussions/6)
- [Understanding Accuracy](https://github.com/gradejs/gradejs/discussions/8)

## How to use

Go to the [https://gradejs.com/](https://gradejs.com/) and enter a site in the `https://example.com` format. An analysis is performed server-side. Once the bundle is analyzed, the package name, version, size, and relative percentage size of the packages are returned.

## Supported bundlers & packages

Current beta version supports [webpack](https://webpack.js.org/) from 3 to 5 and have indexed ~3,000 most popular NPM libraries over ~100,000 releases.

## Contributing

We value your feedback, please use Discussions for questions and comments. If you encounter any suspicious behavior, false or missing results, please file a new issue. At this stage, we don't expect direct code contributions yet.