Node.jsScan: A semantic aware static code analysis tool for Node.js applications (opens in new tab)

(github.com)

27 pointsgeeklord5y ago4 comments

4 comments

A quick summary of what exactly this scans for at the top of the README would be nice.

From the screenshots at the bottom, it looks like mainly SQL injection and outdated dependencies?

Probably JSON injection too. You can handle this in middleware, but I suspect lot of people don't.

Does this mean that if I use single quotes or add whitespace inside the parentheses the vulnerability will not be detected?

Static analysis software is quite valuable if you can successfully sell it.

j / k navigate · click thread line to collapse

A quick summary of what exactly this scans for at the top of the README would be nice.

From the screenshots at the bottom, it looks like mainly SQL injection and outdated dependencies?

Probably JSON injection too. You can handle this in middleware, but I suspect lot of people don't.

Does this mean that if I use single quotes or add whitespace inside the parentheses the vulnerability will not be detected?

Static analysis software is quite valuable if you can successfully sell it.

j / k navigate · click thread line to collapse