Popularity
5.9
Growing
Activity
3.0
Declining
1,583
20
91

Description

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Monthly Downloads: 0
Programming language: JavaScript
License: Apache License 2.0
Tags: Nodejs     Security     Scan     Vulnerabilities     Lighthouse    
Latest version: v1.15.10

is-website-vulnerable alternatives and similar modules

Based on the "Security" category.
Alternatively, view is-website-vulnerable alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of is-website-vulnerable or a related project?

Add another 'Security' Module

README

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Many thanks to for supporting open source security

About

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js's npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: โ€บ https://example.com
...

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0.

Exit Code 0: Everything is fine. No vulnerabilities found.

Exit Code 1: An error happened during the execution. Check the logs for details.

Exit Code 2: Vulnerabilities were found. Check the logs for details.

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

:warning: A modern version of Chrome is assumed to be available when using is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/[email protected]
        with:
          scan-url: "https://yoursite.com"

Install

You can install globally via:

npm install -g is-website-vulnerable

Contributing

Please consult [CONTRIBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.

Author

is-website-vulnerable ยฉ Liran Tal, Released under the [Apache-2.0](./LICENSE) License.


*Note that all licence references and agreements mentioned in the is-website-vulnerable README section above are relevant to that project's source code only.