is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Last updated a year ago by lirantal_bot .
Apache-2.0 · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install is-website-vulnerable 
SYNC missed versions from official npm registry.

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

npm version license downloads build codecov Known Vulnerabilities Responsible Disclosure Policy

Screenshot of npm module called is website vulnerable that detects security vulnerabilities in websites based on Snyk database

Many thanks to for supporting open source security

About

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js's npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

:warning: A modern version of Chrome is assumed to be available when using is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/is-website-vulnerable@master
        with:
          scan-url: "https://yoursite.com"

Install

You can install globally via:

npm install -g is-website-vulnerable

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

is-website-vulnerable © Liran Tal, Released under the Apache-2.0 License.

Current Tags

  • 1.14.4                                ...           latest (2 months ago)

42 Versions

  • 1.14.4                                ...           2 months ago
  • 1.14.3                                ...           4 months ago
  • 1.14.2                                ...           4 months ago
  • 1.14.1                                ...           5 months ago
  • 1.14.0                                ...           8 months ago
  • 1.13.0                                ...           8 months ago
  • 1.12.0                                ...           8 months ago
  • 1.11.2                                ...           8 months ago
  • 1.11.1                                ...           8 months ago
  • 1.11.0                                ...           8 months ago
  • 1.10.2                                ...           8 months ago
  • 1.10.1                                ...           9 months ago
  • 1.10.0                                ...           9 months ago
  • 1.9.5                                ...           9 months ago
  • 1.9.4                                ...           9 months ago
  • 1.9.3                                ...           10 months ago
  • 1.9.2                                ...           10 months ago
  • 1.9.1                                ...           a year ago
  • 1.9.0                                ...           a year ago
  • 1.8.0                                ...           a year ago
  • 1.7.1                                ...           a year ago
  • 1.7.0                                ...           a year ago
  • 1.6.4                                ...           a year ago
  • 1.6.3                                ...           a year ago
  • 1.6.2                                ...           a year ago
  • 1.6.1                                ...           a year ago
  • 1.6.0                                ...           a year ago
  • 1.5.4                                ...           a year ago
  • 1.5.3                                ...           a year ago
  • 1.5.2                                ...           a year ago
  • 1.5.1                                ...           a year ago
  • 1.5.0                                ...           a year ago
  • 1.4.0                                ...           a year ago
  • 1.3.0                                ...           a year ago
  • 1.2.2                                ...           a year ago
  • 1.2.1                                ...           a year ago
  • 1.2.0                                ...           a year ago
  • 1.1.0                                ...           a year ago
  • 1.0.3                                ...           a year ago
  • 1.0.2                                ...           a year ago
  • 1.0.1                                ...           a year ago
  • 1.0.0                                ...           a year ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 26
Dependencies (4)

Copyright 2014 - 2016 © taobao.org |