Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
luna-scanner
Advanced tools
☾ LUNA - Library Usage in Node.js Analyzer
Description
LUNA is a software development tool for node.js (and other javascript) projects, with a focus on libraries. The goal of LUNA is to aid developers in better understanding how libraries are being utilized in their projects.
Requirements
- Node.js
- Your node.js project
Usage
Inside any node.js project, run:
npx luna-scanner
After analyzing the source code, it will generate a LUNA report, which includes a visualization about the interaction between source code and libraries.
LUNA Report Manual
- Drag (click and hold) the mouse to pan around or move nodes around
- Use the mouse wheel to zoom in or out
- Hovering over a node will display information on the bottom left and highlight connected nodes
- Using Shift + Click on a node will lock it, so that focus remains on this node (Shift + Click node again to unlock)
- Double Click nodes or groups in the graph or menu to collapse/expand them
- Use the menu on the left to manipulate the graph:
- Adjust the scale of the graph / space between nodes
- Adjust the layout of the graph / position of the nodes
- Hide a selection of nodes (representing libraries or files)
- Highlight a selection of nodes (representing libraries or files)
- Hover your mouse above menu items to find more information about their functionality
Configuration
Via package.json (defaults):
{
...
"luna": {
"debug": false, // toggle debug mode
"components": { // toggle components of LUNA
"callGraph": true, // detection of function calls within files
"dependencyTree": true, // detection of dependency chains
"libraryAPI": true, // detection of used API of libraries
},
"ignore": [], // array of glob patterns for LUNA's scanner to ignore
},
...
}
Via command line arguments (limited):
npx luna-scanner [path_to_project] [debug]
Known Issues
- The library used to handle collapsing and expanding of nodes may break in some situations. Best to avoid excessive collapsing/expanding.
Feedback
Much appreciated! I encourage you to use my feedback form.
FAQs
LUNA: Library Usage in Node.js Analyzer
The npm package luna-scanner receives a total of 11 weekly downloads. As such, luna-scanner popularity was classified as not popular.
We found that luna-scanner demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Oct 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024