@nodesecure/sec-literal

Package created to analyze JavaScript literals

Usage no npm install needed!

<script type="module">
  import nodesecureSecLiteral from 'https://cdn.skypack.dev/@nodesecure/sec-literal';
</script>

README

Sec-literal

version Maintenance Security Responsible Disclosure mit build

This package is a security utilities library created to analyze ESTree Literal and JavaScript string primitive. This project was originally created to simplify and better test the functionalities required for the SAST Scanner JS-X-Ray.

Features

  • Detect Hexadecimal, Base64, Hexa and Unicode sequences.
  • Detect patterns (prefix, suffix) on groups of identifiers.
  • Detect suspicious string and return advanced metrics on it (char diversity etc).

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/sec-literal
# or
$ yarn add @nodesecure/sec-literal

API

Hex

isHex(anyValue): boolean

Detect if the given string is an Hexadecimal value

isSafe(anyValue): boolean

Detect if the given string is a safe Hexadecimal value. The goal of this method is to eliminate false-positive.

Hex.isSafe("1234"); // true
Hex.isSafe("abcdef"); // true

Literal

isLiteral(anyValue): boolean

toValue(anyValue): string

toRaw(anyValue): string

defaultAnalysis(literalValue)

Utils

isSvg(strValue): boolean

isSvgPath(strValue): boolean

Detect if a given string is a svg path or not.

stringCharDiversity(str): number

Get the number of unique chars in a given string

stringSuspicionScore(str): number

Analyze a given string an give it a suspicion score (higher than 1 or 2 mean that the string is highly suspect).

Patterns

commonStringPrefix(leftStr, rightStr): string | null

commonStringSuffix(leftStr, rightStr): string | null

commonHexadecimalPrefix(identifiersArray: string[])

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):


Gentilhomme
💻 📖 👀 🛡️ 🐛
Nicolas Hallaert
📖

License

MIT