This Python script scans a Node.js project for suspicious code patterns, hidden text files, and risky dependencies.
- Detects long strings in code files (default: 200 characters, configurable)
- Flags usage of
eval() - Checks for suspicious dependencies in
package.json - Finds text files disguised with binary extensions
- Skips the
node_modulesdirectory
- Python 3.x (no external packages required)
-
Clone or copy the script into your project folder.
-
Open a terminal in your project directory.
-
Run the script with default settings:
python scan_node_project.py
-
Optionally, specify the minimum long string length to flag (e.g., 300):
python scan_node_project.py 500 -
Optionally, specify the minimum long string length and the full path to the source folder:
python scan_node_project.py 500 "C:\path\to\your\project"
Or just the path (uses default string length):
python scan_node_project.py "C:\path\to\your\project" -
Review the output for any potential issues.
- The script only uses Python's standard library.
- You can customize the list of suspicious dependencies and binary extensions in
scan_node_project.py.