Package Exports
- @bhupesh123/security
- @bhupesh123/security/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@bhupesh123/security) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@github-analyzer/security
Security vulnerability analysis microservice for GitHub repositories.
Installation
npm install -g @github-analyzer/securityUsage
CLI
# Analyze a repository
security-analyzer analyze --owner facebook --repo react --branch main --token YOUR_GITHUB_TOKEN
# Output as JSON
security-analyzer analyze --owner facebook --repo react --json
# Or use environment variable
export GITHUB_TOKEN=your_token_here
security-analyzer analyze --owner facebook --repo reactProgrammatic API
import { SecurityAnalyzer } from '@github-analyzer/security';
const analyzer = new SecurityAnalyzer('YOUR_GITHUB_TOKEN');
const result = await analyzer.analyzeRepository('facebook', 'react', 'main');
console.log(`Security Score: ${result.securityScore}/100`);
console.log(`Critical Issues: ${result.criticalIssues}`);
console.log(result.issues);Features
Code Security Analysis: Detects common vulnerabilities
- SQL Injection (CWE-89)
- Cross-Site Scripting (CWE-79)
- Command Injection (CWE-78)
- Hardcoded Credentials (CWE-798)
- Weak Random Number Generation (CWE-338)
- Code Injection via eval() (CWE-95)
- Insecure Transport (CWE-319)
- Exposed Secrets (CWE-540)
Dependency Vulnerability Scanning: Checks for known vulnerabilities in dependencies
Security Score: Calculates overall security score (0-100)
Detailed Reports: Provides file, line, and remediation information
Multiple Languages: Supports JavaScript, TypeScript, Python, Java, Go, PHP, Ruby
Security Categories
sql-injection: SQL injection vulnerabilitiesxss: Cross-site scripting vulnerabilitiescommand-injection: Command injection vulnerabilitieshardcoded-credentials: Hardcoded passwords and API keysweak-random: Weak random number generationcode-injection: Code injection via eval()insecure-transport: Insecure HTTP connectionsexposed-secrets: Exposed secret files
API
SecurityAnalyzer
Constructor
new SecurityAnalyzer(githubToken: string)Methods
analyzeRepository(owner, repo, branch?)
Analyzes a GitHub repository for security vulnerabilities.
Parameters:
owner(string): Repository ownerrepo(string): Repository namebranch(string, optional): Branch name (default: 'main')
Returns: Promise<SecurityAnalysisResult>
Exit Codes
0: Success (no critical issues)1: Critical security issues found
License
MIT