Analysis tools logo

12 Node.js Static Analysis Tools

Type:
Any
89

Mega-Linter

  • Type: cli
173

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

7

InsiderSec

  • Type: cli
237

A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).

3

NodeJSScan

  • Type: cli
  • Type: service
1713

A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.

2

trivy

  • Type: cli
7238

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.

1

standard

  • Type: cli
25460

An npm module that checks for Javascript Styleguide issues.

0

lockfile-lint

  • Type: cli
422

Lint an npm or yarn lockfile to analyze and detect security issues

0

njsscan

  • Type: cli
140

A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.

0

RIPS

  • Type: cli

A static source code analyser for vulnerabilities in PHP scripts.

0

ShiftLeft Scan

  • Type: cli
  • Type: service
264

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

0

WhiteHat Application Security Platform

  • Type: cli

WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.

-1

Synopsys

  • Type: cli

A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.