Thank you for considering contributing to our project!
Feel free to participate to this project, as much as you can. Even supporting other users or improving the documentation can make a big difference!
Build & Run
Clone electronegativity and proceed with the following:
$ npm install $ npm run build $ node dist/index.js -h
Creating new checks
Electronegativity is build in such a way to easily allow the development of new security checks.
There are three different check types:
- JS (using a combination of Esprima, Babel, TypeScript ESTree)
- HTML (using Cheerio)
- JSON (using the native
- Create a new file in
- Create a new class with a
match()function, which should contain the logic of your custom check
- JS ->
- HTML ->
- JSON ->
- JS ->
- Add a constructor that specifies the check details such as name, description, etc.
Take a look at the different checks in
/src/finder/checks to get an idea on how things work.
- The classname (and file) for each check uses CamelCase notation with the following convention:
NAME is a self-descriptive identifier
TYPE can be HTML, JSON or JS
<CHECK_NAME_IDENTIFIER>(class id) uses uppercase notation with the following convention:
Testing checks with Mocha
Test cases for unit testing are placed in
Filenames for tests should have the following format:
<CHECK_NAME_IDENTIFIER>_<test number #>_<number of issues>.<js|htm|html>
For instance, the
NODE_INTEGRATION_JS_CHECK_1_0.js will be analyzed using the
NODE_INTEGRATION_JS_CHECK check and the test is expected to find
To run all tests, use the following:
$ npm test