Malicious Node Package Detector |
Malicious Node Package Detector is a tool that helps you to detect malicious node packages in your node project. It scans your project and checks for malicious packages. It also checks for the version of the packages and if the version is outdated, it will notify you to update the package.
- Node.js
- NPM
- Git
- Internet Connection
- Clone the repository into a folder of your choice.
- Navigate to the folder and run
npm install
to install the dependencies. - Run
node ./routes/Detector.js
to run the program directly from the terminal.
npm i
node ./routes/Detector.js
A report, if results are found, will be written inside the results folder. The report will be in the form of a JSON file.
What you really need to do right now is just copy Detector.js from inside this project into your NodeJS application, and ensure that you have a folder called results in your project directory adjacent to the the DetectorJS file (same directory as). This is where the report will be written to. Finally, run the Detector.js file from the command line.
node ./{your project dir}/Detector.js
And it should review the contents of your node_modules folder.
- Plan to output the results to a web page running off a local express server. This is why there is an entire Express server and routes in the project. I just haven't gotten around to it yet.
Want to contribute? Great!
To fix a bug or enhance an existing module, follow these steps:
- Fork the repo
- Create a new branch (
git checkout -b improve-feature
) - Make the appropriate changes in the files
- Add changes to reflect the changes made
- Commit your changes (
git commit -am 'Improve feature'
) - Push to the branch (
git push origin improve-feature
) - Create a Pull Request
If you find a bug (the applicatio couldn't handle the query and / or gave undesired results), kindly open an issue here by including your search query and the expected result.
If you'd like to request a new function, feel free to do so by opening an issue here. Please include sample queries and their corresponding results.
MIT License for the time being. Just give me credit if you use my code somewhere else.