Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

nodejsscan nodejsscan icon

Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep.

Made with Love in India Tweet

platform License python

Language grade: Python Requirements Status Build

Support nodejsscan

  • Donate via Paypal: Donate via Paypal
  • Sponsor the Project: Github Sponsors

e-Learning Courses & Certifications

OpSecX Video Course OpSecX Node.js Security: Pentesting and Exploitation - NJS

Run nodejsscan

docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Try nodejsscan online: Try in PWD

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/ or as environment variable.

From version 4 onwards, windows support is dropped.

git clone
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 recreate-db # Run once to create database schema

To run nodejsscan


This will run nodejsscan web user interface at

Command Line Interface(CLI) and Python API



Watch the video


Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/ or as environment variable.

nodejsscan slack alert

Email Alerts

Configure SMTP settings in nodejsscan/ or as environment variable.

CI/CD or DevSecOps

Build Docker image

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

nodejsscan screenshots

nodejsscan web ui nodejsscan dashboard nodejsscan charts nodejsscan overview nodejsscan findings