
Product
Introducing Socket Fix for Safe, Automated Dependency Upgrades
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
is-website-vulnerable
Advanced tools
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Many thanks to for supporting open source security
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
Using Node.js's npx
to run a one-off scan of a website:
npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]
The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:
$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...
If the CLI detects an error, it will terminate with an exit code different from 0.
Exit Code 0: Everything is fine. No vulnerabilities found.
Exit Code 1: An error happened during the execution. Check the logs for details.
Exit Code 2: Vulnerabilities were found. Check the logs for details.
To build and run the container locally:
# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git
# Change to repo's cloned directory:
cd is-website-vulnerable
# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .
# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest
SCAN_URL
is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.
If you wish to provide command line arguments to is-website-vulnerable
and customize the run, such as providing --json
or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:
docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json
:warning: A modern version of Chrome is assumed to be available when using is-website-vulnerable
. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.
Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:
name: Test site for publicly known js vulnerabilities
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Test for public javascript library vulnerabilities
uses: lirantal/is-website-vulnerable@main
with:
scan-url: "https://yoursite.com"
You can install globally via:
npm install -g is-website-vulnerable
Please consult CONTRIBUTING for guidelines on contributing to this project.
is-website-vulnerable © Liran Tal, Released under the Apache-2.0 License.
FAQs
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
We found that is-website-vulnerable demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
Security News
CISA denies CVE funding issues amid backlash over a new CVE foundation formed by board members, raising concerns about transparency and program governance.
Product
We’re excited to announce a powerful new capability in Socket: historical data and enhanced analytics.