Package Exports
- v7-scanner
- v7-scanner/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (v7-scanner) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
🛡️ V7 Scanner
Lightning-fast, zero-dependency static analysis tool for detecting security vulnerabilities, SQL injections, XSS risks, and common code bugs.
🌟 Why V7 Scanner?
| Feature | V7 Scanner | Heavy Linters |
|---|---|---|
| Zero Dependencies | ✅ | ❌ |
| Instant Install | ✅ | ❌ |
| Security Focused | ✅ | ❌ (requires heavy plugins) |
| No Configuration Hell | ✅ | ❌ |
| CI/CD Ready | ✅ | ✅ |
🎯 What V7 Scanner Detects
🔴 Critical Security Errors (Exits Code 1)
eval()Usage — Prevents arbitrary code execution.setTimeout(string)— Prevents string-to-code eval vulnerabilities..innerHTMLAssignment — Flags potential Cross-Site Scripting (XSS) risks.- Hardcoded Secrets — Detects exposed API Keys, Passwords, and Tokens.
- SQL Injection Risks — Detects loose string concatenation in SQL
SELECTqueries.
🟡 Warnings & Bugs (Exits Code 0)
console.log()— Leftover debug statements before production.debugger— Leftover breakpoints.- Loose Equality — Flags
==and!=advising to use===and!==. - Empty
catch(e) {}Blocks — Flags swallowed errors that can mask critical app failures.
🚀 Quick Start
Install Globally (Recommended)
npm install -g v7-scannerUse Without Installing
npx v7-scanner .Scan Your Project
# Scan current directory recursively
v7-scanner .
# Scan specific directories
v7-scanner src/ components/
# Scan a single file
v7-scanner app.js💡 Output Example
Clicking the file paths in your IDE (like VS Code) will open the exact file automatically.
./src/auth.js
✖ 12:4 error Potential hardcoded secret or API key detected. S004
const API_KEY = "sk_live_123456789";
⚠ 45:1 warning Remove console statements before production. B001
console.log("User logged in");
─── Summary ───
Files scanned: 24 / 45
✖ Errors (Critical): 1
⚠ Warnings (Bugs): 1
Time: 18msNote: If Errors (Critical) are found, V7 Scanner exits with code
1so it can block vulnerable PRs in your CI/CD pipeline.
🔌 Programmatic API
const { scan, scanDirectory } = require('v7-scanner');
// Scan a single file
const result = scan('./src/app.js');
console.log(result.errors);
console.log(result.warnings);
// Scan a full directory
const dirResult = scanDirectory('./src');
console.log(`Found ${dirResult.totalErrors} security issues!`);🚫 Ignore Files
V7 Scanner automatically ignores:
node_modules, .git, dist, build, coverage, .next, .nuxt, .cache, vendor, package-lock.json, yarn.lock.
You can pass specific directories to override default scanning paths. Large files (>5MB) are automatically skipped for performance.
🔒 Security Guarantee
- Never Executes Your Code: Uses safe text analysis, AST-lite parsing, and Regex.
- No Network Access: Never phones home or sends your code anywhere.
- Zero Supply Chain Risk: Contains exactly 0 dependencies.
👨💻 Author
TheVaibhaw
- 🌐 Website: vaibhawkumarparashar.in
- 🐙 GitHub: @TheVaibhaw
Made by Vaibhaw Kumar Parashar