Security Meta Analysis For JavaScript Applications.
Experimental functionality:
- Reviews the package.json and provides guidance on potential issues or misconfigurations when using a particular dependency from a repository
- Performs third-party dependency scanning using npm or yarn audit
- Identifies secrets using semgrep
- Identifies security issues using semgrep
- Finds ReDoS issues with recheck
- Finds Electron issues with electronegativity
- Clone project and run
npm install
- Set up Semgrep CLI https://semgrep.dev
$ git clone https://github.com/lewisardern/metasecjs
$ cd metasecjs && npm install
$ cd bin
$ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save
auditing project...
...
Describe the command here
USAGE
$ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save
OPTIONS
-p, --project=project Project definition
-d, --dir=directoy Directory to scan
-o, --output=output Directory to save results
display help for metasec
USAGE
$ metasec help audit