Popularity

5.8

Declining

Activity

0.0

Stable

Stars 1,838

Watchers 21

Forks 111

Last Commit about 2 months ago

Description

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Programming language: JavaScript

License: Apache License 2.0

Tags: Nodejs Security Scan Vulnerabilities Lighthouse

Latest version: v1.15.10

is-website-vulnerable alternatives and similar modules

Based on the "Security" category.
Alternatively, view is-website-vulnerable alternatives based on common mentions on social networks and blogs.

snyk

7.4 9.9 L3 is-website-vulnerable VS snyk

Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
rate-limiter-flexible

6.2 4.9 is-website-vulnerable VS rate-limiter-flexible

Count and limit requests by key with atomic increments in single process or distributed environment.

Appwrite - The Open Source Firebase alternative introduces iOS support

Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

Promo appwrite.io

nsp

6.0 0.0 L5 is-website-vulnerable VS nsp

Node Security Project command-line tool
Themis by Cossack Labs

5.8 5.8 L3 is-website-vulnerable VS Themis by Cossack Labs

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Auto SNI

5.1 2.1 is-website-vulnerable VS Auto SNI

🔐 Free, automated HTTPS for NodeJS made easy.
crypto-hash

4.3 2.2 is-website-vulnerable VS crypto-hash

Tiny hashing module that uses the native crypto API in Node.js and the browser
credential-plus

4.0 0.0 is-website-vulnerable VS credential-plus

🔒Unified API for password hashing algorithms
RegEx-DoS

2.4 0.0 is-website-vulnerable VS RegEx-DoS

:cop: :punch: RegEx Denial of Service (ReDos) Scanner
unix-permissions

1.9 8.6 is-website-vulnerable VS unix-permissions

Swiss Army knife for Unix permissions
jose-simple

1.3 6.6 is-website-vulnerable VS jose-simple

Jose-Simple allows the encryption and decryption of data using the JOSE (JSON Object Signing and Encryption) standard.
💀 SimpleDDoS

0.7 0.0 is-website-vulnerable VS 💀 SimpleDDoS

💀 Multi-threaded DDoS script
GuardRails

0.1 - is-website-vulnerable VS GuardRails

GitHub app that provides security feedback in pull requests.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of is-website-vulnerable or a related project?

Add another 'Security' Module

Popular Comparisons

README

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Many thanks to for supporting open source security

About

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js's npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0.

Exit Code 0: Everything is fine. No vulnerabilities found.

Exit Code 1: An error happened during the execution. Check the logs for details.

Exit Code 2: Vulnerabilities were found. Check the logs for details.

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

If you wish to provide command line arguments to is-website-vulnerable and customize the run, such as providing --json or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:

docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json

:warning: A modern version of Chrome is assumed to be available when using is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/[email protected]
        with:
          scan-url: "https://yoursite.com"

Install

You can install globally via:

npm install -g is-website-vulnerable

Contributing

Please consult [CONTRIBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.

Author

*Note that all licence references and agreements mentioned in the is-website-vulnerable README section above are relevant to that project's source code only.