Skip to content
MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
JavaScript Batchfile
Branch: master
Clone or download
Latest commit b7cbe5e Oct 7, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin initial commit Sep 13, 2019
src updates to electron Oct 7, 2019
.editorconfig initial commit Sep 13, 2019
.eslintrc initial commit Sep 13, 2019
.gitignore small updates Sep 20, 2019
LICENSE initial commit Sep 13, 2019 config reference Sep 26, 2019
package-lock.json updates, and make electron check from local project vs global dep Oct 7, 2019
package.json updates, and make electron check from local project vs global dep Oct 7, 2019

Please note:

This is an unstable PoC, and is work in progress!

This was written over a few evenings for AppSec Amsterdam, so feel free to use it but issues will exist, and it is not currently OS agnostic or robus yet.

We have to start somewhere, and well, this is somewhere!



Security Meta Analysis For JavaScript Applications.

Current functionality:

  • Reviews the package.json and provides guidance on potential issues or misconfigurations when using a particular dependency from a repository
  • Performs third-party dependency scanning using npm or yarn audit
  • Identifies secrets with ripgrep
  • Lints for security issues using eslint
  • Finds ReDoS issues with vuln-regex-detector


  1. Clone project and run npm install
  2. Set up ripgrep by following the instructions
  3. Set up vuln-regex-detector following the instructions


In the future this will be a npm module, but as it has too many third-party components, publishing does not make sense.

$ git clone
$ cd metasecjs && npm install
$ cd bin
$ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save 
auditing project...


metasec audit

Describe the command here

  $ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save

  -p, --project=project  Project definition
  -d, --dir=directoy Directory to scan
  -o, --output=output Directory to save results

metasec help [COMMAND]

display help for metasec

  $ metasec help audit
You can’t perform that action at this time.