/jssa

JS static analyzer (jssa): An aggregation of javascript source code static analysis tools

Primary LanguageJavaScriptMIT LicenseMIT

Cyclopt rating Coverage

jssa

JS static analyzer (jssa): An aggregation of javascript source code static analysis tools

Installation

In order to install jssa:

npm install jssa

Usage

In order to use jssa in your project follow the steps:

  1. Instert jssa in your code
$ const jssa = require('jssa');
  1. Analyze js code
var project_root_directory = "example_project_to_analyze";
var list_of_js_files = [ 'example_project/app.js',
  'example_project/appcopy.js',
  'example_project/sonarjs.js',
  'example_project/routes/index.js',
  'example_project/routes/users.js' ]

jssa.analyze_all(project_root_directory, list_of_js_files).then(res => {
  analysis_results = res; // Object containing the analysis results
})
.catch(err => {
  console.log(err); // Print error 
});

Test

The example_project folder contains a project created using express-generator.

The file appcopy.js was added to be caught by jsinspect. In the package.json one extra vulnerable package was added.

To run the tests:

npm test-windows

or

npm test-linux

Publish steps

(useful for maintainers)