Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

coder13/Carat

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
67 Commits
bin
bin
 
 
lib
lib
 
 
test
test
 
 
vulns
vulns
 
 
.eslintignore
.eslintignore
 
 
.eslintrc
.eslintrc
 
 
.gitignore
.gitignore
 
 
.validate.json
.validate.json
 
 
README.md
README.md
 
 
TODO
TODO
 
 
_ast.js
_ast.js
 
 
circle.yml
circle.yml
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Carat

Scans Node.js programs for vulnerabilities. Uses Espect

Usage:

From terminal:

$ carat <file> [options]

Example:

$ carat vulns/fs.js
---------------- vulns/fs.js
vuln
 sink:
  line: vulns/fs.js:4
  code: fs.readFileSync(process.argv[2])
source:
  line: vulns/fs.js:4
  code: process
vuln
 sink:
  line: vulns/fs.js:8
  code: eval(data)
source:
  line: vulns/fs.js:8
  code: data

Notes to keep in mind:

Code is written in es6, only traverses es5 for now.

About

Scans NodeJS programs for vulnerabilities

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.