JavaScript language logo

JavaScript static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JavaScript code

  • .Bug
  • .Security Vulnerability
  • .Security Hotspot
  • .Code Smell

Language versions

through ECMAScript 2019 (10th Edition)


React JSX, Vue.js, Flow

Web frameworks

Node.js, Express

Database APIs

sequelize, pg, pg-pool, pg-promise, mysql, mysql2, sqlite3, better-sqlite3, knex, MongoDB node.js, Mongoose ODM

Test frameworks

Chai, Mocha

JavaScript Coverage of OWASP TOP 10 2017

JavaScript coverage of OWASP TOP 10 2017

A1 Injection
A2 Broken Authentication
A3 Sensitive Data Exposure
A4 XML External Entities (XXE)
A5 Broken Access control
A6 Security misconfigurations
A7 Cross Site Scripting (XSS)
A8 Insecure Deserialization
A9 Using Components with known vulnerabilities
A10 Insufficient logging and monitoring