metasec.js

Security Meta Analysis For JavaScript Applications.

Experimental functionality:

Reviews the package.json and provides guidance on potential issues or misconfigurations when using a particular dependency from a repository
Performs third-party dependency scanning using npm or yarn audit
Identifies secrets using semgrep
Identifies security issues using semgrep
Finds ReDoS issues with recheck
Finds Electron issues with electronegativity

Set-up

Clone project and run npm install
Set up Semgrep CLI https://semgrep.dev

Usage

$ git clone https://github.com/lewisardern/metasecjs
$ cd metasecjs && npm install
$ cd bin
$ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save 
auditing project...
...

Commands

metasec audit
metasec help [COMMAND]

`metasec audit`

Describe the command here

USAGE
  $ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save

OPTIONS
  -p, --project=project  Project definition
  -d, --dir=directoy Directory to scan
  -o, --output=output Directory to save results

`metasec help [COMMAND]`

display help for metasec

USAGE
  $ metasec help audit

About

MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts

MIT License

Languages

Language:JavaScript 99.7%Language:Batchfile 0.3%