JS static analyzer (jssa): An aggregation of javascript source code static analysis tools
In order to install jssa:
npm install jssaIn order to use jssa in your project follow the steps:
- Instert
jssain your code
$ const jssa = require('jssa');- Analyze js code
const project_root_directory = "example_project_to_analyze";
const list_of_js_files = [ 'example_project/app.js',
'example_project/appcopy.js',
'example_project/sonarjs.js',
'example_project/routes/index.js',
'example_project/routes/users.js' ]
jssa.analyze_all(project_root_directory, list_of_js_files, "npm").then(res => {
analysis_results = res; // Object containing the analysis results
})
.catch(err => {
console.log(err); // Print error
});The example_project folder contains a project created using express-generator.
The file appcopy.js was added to be caught by jsinspect. In the package.json one extra vulnerable package was added.
To run the tests:
npm test-windowsor
npm test-linux