Node-Protect 🛡️

A lightweight, zero-config security scanner for Node.js applications.
Detects vulnerabilities from the OWASP Top 10 without blocking your workflow.

!License: ISC
!Values: Warning Only

🚀 Key Features

- Non-blocking: Runs in the background and warns you about issues. It never crashes your app.
- Zero Config: Works out of the box. Just install and run.
- Comprehensive Coverage: Checks for issues across the OWASP Top 10 (2021).

$3

---

📦 Installation

Install as a development dependency:

``bash npm install --save-dev node-protect`

---

`💻 Usage`

`$3`

Great for CI/CD pipelines or local checks.

`bash

`Scan current directory`


npx protect scan .
Scan specific folder

npx protect scan ./src
Scan only for secrets and code issues (skip dependencies)

npx protect scan . --type=secrets,code


$3
Perfect for adding a security check to your server startup sequence. It runs asynchronously ("fire-and-forget").
Example: Express Server Integration

`javascript / index.js / const http = require('http'); const { protect } = require('node-protect');

console.log('--- Server Startup ---');

// 1. Run security scan in background // It will log warnings if found, but won't stop the server protect();

// 2. Start your server immediately http.createServer((req, res) => { res.writeHead(200); res.end('Hello Secure World!'); }).listen(3000, () => { console.log('Server running on port 3000'); });`

Custom Handling

If you want to wait for results or handle them manually:

`javascript const { protect, printReport } = require('node-protect');

// Await the results protect(process.cwd(), { types: ['full'], log: false }).then(results => { if (results.length > 0) { console.error(🚨 Found ${results.length} vulnerabilities!); printReport(results); // Pretty print to console // process.exit(1); // Optional: Exit if you want to block } else { console.log('✅ App is secure.'); } });`

---

`🛠️ Configuration`

The protect() function accepts an options object:

`typescript interface ScanOptions { log?: boolean; // Default: true (Auto-print warnings to console) types?: string[]; // Default: ['full']. Options: 'secrets', 'code', 'dependencies' }``

---

📝 License

ISC

Node-Protect 🛡️

A lightweight, zero-config security scanner for Node.js applications.
Detects vulnerabilities from the OWASP Top 10 without blocking your workflow.

!License: ISC
!Values: Warning Only

🚀 Key Features

$3

---

📦 Installation

Install as a development dependency:

``bash npm install --save-dev node-protect`

---

`💻 Usage`

`$3`

Great for CI/CD pipelines or local checks.

`bash

`Scan current directory`


npx protect scan .
Scan specific folder

npx protect scan ./src
Scan only for secrets and code issues (skip dependencies)

npx protect scan . --type=secrets,code


$3
Perfect for adding a security check to your server startup sequence. It runs asynchronously ("fire-and-forget").
Example: Express Server Integration

`javascript / index.js / const http = require('http'); const { protect } = require('node-protect');

console.log('--- Server Startup ---');

// 1. Run security scan in background // It will log warnings if found, but won't stop the server protect();

// 2. Start your server immediately http.createServer((req, res) => { res.writeHead(200); res.end('Hello Secure World!'); }).listen(3000, () => { console.log('Server running on port 3000'); });`

Custom Handling

If you want to wait for results or handle them manually:

`javascript const { protect, printReport } = require('node-protect');

---

`🛠️ Configuration`

The protect() function accepts an options object:

`typescript interface ScanOptions { log?: boolean; // Default: true (Auto-print warnings to console) types?: string[]; // Default: ['full']. Options: 'secrets', 'code', 'dependencies' }``

---

📝 License

ISC