
Node.jsScan: A semantic aware static code analysis tool for Node.js applications - geeklord
https://github.com/ajinabraham/nodejsscan
======
danenania
A quick summary of what exactly this scans for at the top of the README would
be nice.

From the screenshots at the bottom, it looks like mainly SQL injection and
outdated dependencies?

~~~
nailer
Probably JSON injection too. You can handle this in middleware, but I suspect
lot of people don't.

------
29athrowaway
[https://github.com/ajinabraham/njsscan/blob/master/njsscan/r...](https://github.com/ajinabraham/njsscan/blob/master/njsscan/rules/semantic_grep/crypto_node.yaml#L5)

Does this mean that if I use single quotes or add whitespace inside the
parentheses the vulnerability will not be detected?

------
narrationbox
Static analysis software is quite valuable if you can successfully sell it.

[https://github.blog/2019-09-18-github-welcomes-
semmle/](https://github.blog/2019-09-18-github-welcomes-semmle/)

