Skip to content
/ scanjs Public

Static analysis tool for javascript code based. Scanjs uses Esprima to convert sources to AST, then walks AST looking for patterns.

License

View license
54 stars 47 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pauljt/scanjs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

234 Commits
client
client
 
 
common
common
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
scanner.js
scanner.js
 
 
server.js
server.js
 
 
stackato.yml
stackato.yml
 
 

Repository files navigation

scanjs

  • Static analysis tool for javascript codebases. Scanjs uses Acorn to convert sources to AST, then walks AST looking for patterns.
  • Works on both client and server side

Client-side instructions

  • git clone https://github.com/mozilla/scanjs.git
  • node server.js
  • Navigate to scanjs/client/ or see our example page

Server-side instructions

  • Install node.js
  • git clone https://github.com/mozilla/scanjs.git
  • cd scanjs
  • npm install
  • node scanner.js -t DIRECTORY_PATH

Testing instructions

We use the mocha testing framework. node server.js http://127.0.0.1:4000/tests/

To add tests, create a new file in /tests/cases/ and following the naming convention, which should be obvious. For example, our rule named .innerHTML lives in /tests/cases/innerhtml.js.

From there, add the new test case to /tests/index.html. In our example, that would involve adding a <script src='/tests/cases/innerhtml.js'></script>.

About

Static analysis tool for javascript code based. Scanjs uses Esprima to convert sources to AST, then walks AST looking for patterns.

Resources

Readme

License

View license
Activity

Stars

54 stars

Watchers

5 watching

Forks

47 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages