Comments (6)
Are these scripts intended to run at server side using Node.js or at client side via browsers?
from nodejsscan.
ECMAScripts are just coding standards for javascript that is supported by Javascript Engine. If used in Node.js it will run on server side.
Nodejs ECMA : https://nodejs.org/en/docs/es6/
Below link is for client side but similar code can be used on server side.
https://www.w3schools.com/js/js_es6.asp
from nodejsscan.
NodeJsScan by design will try to avoid scanning JavaScript files meant for client side to avoid false positives.
I think, import
has to be supported. But the big downside is, now it's difficult to distinguish between server side and client side JS.
from nodejsscan.
I will check if we can differentiate by some means.
from nodejsscan.
My 2ยข is that users of NodeJsScan tend to know the anatomy of their project well, and are in a good position to configure something to explicitly delineate which files are Node files and which are browser-targeted. We have some files that are isomorphic and run in both contexts, which will likely make any heuristic-based approach inaccurate. I'd be happy to configure the tool either via a config file or a CLI flag.
Another option might be to start at the entry-point for a project and traverse the included modules by looking at import
and require
statements, expanding the included files and assuming they're all Node files.
from nodejsscan.
We don't distinguish between client side/server side javascript now.
Take a look at our new CLI tool: https://github.com/ajinabraham/njsscan
from nodejsscan.
Related Issues (20)
- [Feature Request] Allow configuration files HOT 1
- Not detecting any errors HOT 2
- Nodejsscan failing : Attaching logs HOT 2
- Exception on /upload/ HOT 6
- Not written in Node HOT 1
- NodeJSScan fails locally on requirements.txt step HOT 2
- Hangs on upload HOT 2
- module is stuck at pattern match HOT 1
- Feature Request: Download results file via web UI HOT 1
- Bug: Crash on what appears to be empty file HOT 3
- Javascript Framework HOT 1
- Getting json.decoder.JSONDecodeError HOT 1
- first project scan HOT 1
- Wrong nodejsscan version is displayed HOT 2
- RuntimeError: Cannot add child handler, the child watcher does not have a loop attached HOT 6
- Base image contains vulnerabilities HOT 1
- Python 3.7 is not available in the latest docker image HOT 1
- Feature Request - Google Chat Alerts
- module 'sqlalchemy' has no attribute '__all__'. Did you mean: '__file__'? HOT 2
- Error HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodejsscan.