JS static analyzer (jssa): An aggregation of javascript source code static analysis tools
In order to install jssa
:
npm install jssa
In order to use jssa
in your project follow the steps:
- Instert
jssa
in your code
$ const jssa = require('jssa');
- Analyze js code
var project_root_directory = "example_project_to_analyze";
var list_of_js_files = [ 'example_project/app.js',
'example_project/appcopy.js',
'example_project/sonarjs.js',
'example_project/routes/index.js',
'example_project/routes/users.js' ]
jssa.analyze_all(project_root_directory, list_of_js_files).then(res => {
analysis_results = res; // Object containing the analysis results
})
.catch(err => {
console.log(err); // Print error
});
The example_project folder contains a project created using express-generator
.
The file appcopy.js
was added to be caught by jsinspect
. In the package.json
one extra vulnerable package was added.
To run the tests:
npm test-windows
or
npm test-linux
(useful for maintainers)