Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Static analysis tool for javascript code based. Scanjs uses Esprima to convert sources to AST, then walks AST looking for patterns.
JavaScript CSS
Latest commit b72c991 @pauljt Merge pull request #5 from mozilla/master
Merge back from Mozilla repo
Failed to load latest commit information.
client remove console.log
tests fixed all advanced tests
.gitignore Added compatibility for chrome and fixed issues with node.js comaptib…
LICENSE license
package.json fixed command-line scanner, still need a way to disply the results file
scanner.js remove old scanner, and fix rules ctrl. Added UI for loading rules bu…
server.js can't just serve client, because it would exclude common/
stackato.yml make hosting scanjs web ui a stackato task. this changes server.js to…


  • Static analysis tool for javascript codebases. Scanjs uses Acorn to convert sources to AST, then walks AST looking for patterns.
  • Works on both client and server side

Client-side instructions

  • git clone
  • node server.js
  • Navigate to scanjs/client/ or see our example page

Server-side instructions

  • Install node.js
  • git clone
  • cd scanjs
  • npm install
  • node scanner.js -t DIRECTORY_PATH

Testing instructions

We use the mocha testing framework. node server.js

To add tests, create a new file in ```/tests/cases/``` and following the naming
convention, which should be obvious. For example, our rule named .innerHTML
lives in ```/tests/cases/innerhtml.js```.

From there, add the new test case to ```/tests/index.html```. In our
example, that would involve adding a ```<script src='/tests/cases/innerhtml.js'></script>```.
Something went wrong with that request. Please try again.