Carat

Scans Node.js programs for vulnerabilities. Uses Espect

Usage:

From terminal:

$ carat <file> [options]

Example:

$ carat vulns/fs.js
---------------- vulns/fs.js
vuln
 sink:
  line: vulns/fs.js:4
  code: fs.readFileSync(process.argv[2])
source:
  line: vulns/fs.js:4
  code: process
vuln
 sink:
  line: vulns/fs.js:8
  code: eval(data)
source:
  line: vulns/fs.js:8
  code: data

Notes to keep in mind:

Code is written in es6, only traverses es5 for now.

Name		Name	Last commit message	Last commit date
Latest commit History 67 Commits
bin		bin
lib		lib
test		test
vulns		vulns
.eslintignore		.eslintignore
.eslintrc		.eslintrc
.gitignore		.gitignore
.validate.json		.validate.json
README.md		README.md
TODO		TODO
_ast.js		_ast.js
circle.yml		circle.yml
index.js		index.js
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bin

bin

lib

lib

test

test

vulns

vulns

.eslintignore

.eslintignore

.eslintrc

.eslintrc

.gitignore

.gitignore

.validate.json

.validate.json

README.md

README.md

TODO

TODO

_ast.js

_ast.js

circle.yml

circle.yml

index.js

index.js

package.json

package.json

Repository files navigation

Carat

Usage:

Notes to keep in mind:

About

Releases

Packages

Contributors 2

Languages

coder13/Carat

Folders and files

Latest commit

History

Repository files navigation

Carat

Usage:

Notes to keep in mind:

About

Resources

Stars

Watchers

Forks

Languages