NodeJsScan: static security code scanner for Node.js applications


Static security code scanner (SAST) for Node.js applications.

How to Configure

  1. Clone the repo: git clone
  2. Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/
  3. Run pip install -r requirements.txt
  4. Run python
  5. Run python

This will run NodeJsScan on If you need to debug, set DEBUG = True in core/

NodeJsScan CLI

The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

python -d <node_js_source_code>

Learn Node.js Security: Pentesting and Exploitation

OpSecX Video Course


docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan


docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI

NodeJsScan V2

Static Analysis

NodeJsScan Static Scan ResultsNodeJsScan Static Scan Vulnerability Details

Copyright (C) ajinabraham




Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply

SC ProDefence SRL - Cyber Security Services