njsscan is a semantic-aware static application security testing (SAST) tool that detects insecure code patterns in Node.js applications.
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Developers and security professionals use njsscan to automatically identify security vulnerabilities and insecure coding patterns in Node.js source code before deployment. It integrates into development workflows to enhance code security by providing semantic and pattern-based analysis, making it suitable for DevSecOps pipelines and security automation.
njsscan currently supports only macOS and Linux platforms and requires Python 3.7 or higher. It is designed for Node.js applications and leverages semantic analysis for more accurate vulnerability detection. Integrating njsscan into CI/CD pipelines can enhance early detection of insecure code patterns. Users should ensure their codebase is compatible with the tool's scanning capabilities and review output formats for integration with other security tools.
Ensure Python 3.7 or higher is installed
Run `pip install njsscan` to install the tool
Use on macOS or Linux platformsnjsscan test.js
Scan a single JavaScript file for insecure code patterns
njsscan [path ...]
Scan one or more files or directories containing Node.js source code
njsscan --json -o result.json [path]
Scan and output results in JSON format to a specified file
njsscan --sarif [path]
Scan and output results in SARIF 2.1.0 format
njsscan --sonarqube [path]
Scan and output results compatible with SonarQube
njsscan --html -o report.html [path]
Scan and generate an HTML report
njsscan --missing-controls [path]
Enable checks for missing security controls during the scan
njsscan -w [path]
Exit with a non-zero code if warnings are found
njsscan -v
Display the current version of njsscan