README.md
April 20, 2026 Β· View on GitHub
β‘οΈ Run a static analysis of your module's dependencies.
π‘ Features
Scanner builds on JS-X-Ray (SAST) and Vulnera (CVE detection), and adds additional detections such as:
- Detects:
- Manifest confusion
- Dependency confusion
- Typosquatting of popular package names
- Install scripts (e.g.
install,preinstall,postinstall,preuninstall,postuninstall)
- Highlights packages by name, version(s), or maintainer
- Highlights infrastructure components such as ip, hostname, email, url
- Supports NPM and Yarn lockfiles
π Getting Started
$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner
For full API documentation, options, and usage examples, see the @nodesecure/scanner package README.
Workspaces
- @nodesecure/scanner
- @nodesecure/tarball
- @nodesecure/tree-walker
- @nodesecure/flags
- @nodesecure/mama
- @nodesecure/contact
- @nodesecure/conformance
- @nodesecure/npm-types
- @nodesecure/i18n
- @nodesecure/rc
- @nodesecure/utils
- @nodesecure/fs-walk
- @nodesecure/github
- @nodesecure/gitlab
π₯ Contributors guide
If you are a developer looking to contribute to the project, you must first read the CONTRIBUTING guide.
Once you have finished your development, check that the tests (and linter) are still good by running the following script:
$ npm run check
Caution
In case you introduce a new feature or fix a bug, make sure to include tests for it as well.
Contributors β¨
Thanks goes to these wonderful people (emoji key):
License
MIT