Here is the markdown description:

is-website-vulnerable

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

About Detects publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js' npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0. Exit Code 0: Everything is fine. No vulnerabilities found. Exit Code 1: An error happened during the execution. Check the logs for details. Exit Code 2: Vulnerabilities were found. Check the logs for details.

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/is-website-vulnerable@main
        with:
          scan-url: "https://yoursite.com"

Install You can install globally via:

npm install -g is-website-vulnerable

Learn Node.js Security

Contributing Please consult CONTRIBUTING for guidelines on contributing to this project.

Author is-website-vulnerable © Liran Tal, Released under the Apache-2.0 License.

> Visit is website vulnerable Website <