mir-da

Dynamically analyze JavaScript programs to extract or enforce RWX sets.

mir-da [bfmp] [i=]

File to start analysis from; defaults to index.js if it exists

-h, --help: Output (this) help
-V --version: Output version information
-v, vv, vvv, --verbosity: Add (multiple) verbosity levels

-d, --depth : Object depth to analyze (default 3)
-e, --enforce : Run in enforcement mode, where mir enforces access rules in
-r, --report : Run in reporting mode, where mir simply reports on invalid accesses in
-s, --save : File to output resuslts
-p, --print []: Stream to output results (defaults to file, see above)

--module-exclude : Comma-separated list of module IDs (absolute fs paths) to be excluded from the analysis
--module-include : Comma-separated list of module IDs (absolute fs paths) to be included (assumes module-exclude='*')
--context-exclude : Comma-separated context starting points to exclude from tracking (for contexts, see below)
--context-include : Comma-separated context starting points to include in tracking (assumes context-exclude='*')
--prop-exclude

: Comma-separated property names to exclude from analysis (e.g., 'Promise,toString,escape,setImmediate')
--prop-include

: Comma-separated property names to include in the analysis (assumes prop-exclude='*')

Contexts are coarse groups of program elements that are tracked, and fall
under these categories (can be included in their long or short form):

* module-locals, m: Module-local names such as 'require'
* node-globals, n: All Node.js-related globals, such as 'console' and 'process'
* es-globals, e: All EcmaScript 6 globals names such Math.sin or
* user-globals, g: User-defined globals accessed with a 'global' prefix, e.g., 'global.y = 3'
* with-globals, w: User-defined globals accessed without a prefix, e.g., 'y = 3' (expensive to track)