Need help with is-website-vulnerable?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

1.6K Stars 92 Forks Apache License 2.0 59 Commits 0 Opened issues


finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Services available


Need anything else?

Contributors list


finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

npm version license downloads build codecov Known Vulnerabilities Responsible Disclosure Policy

Screenshot of npm module called is website vulnerable that detects security vulnerabilities in websites based on Snyk database

Many thanks to for supporting open source security


Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.


Command line

Using Node.js's

to run a one-off scan of a website:
npx is-website-vulnerable [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: ›

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0.

Exit Code 0: Everything is fine. No vulnerabilities found.

Exit Code 1: An error happened during the execution. Check the logs for details.

Exit Code 2: Vulnerabilities were found. Check the logs for details.


To build and run the container locally:

# Clone Repo:
git clone

Change to repo's cloned directory:

cd is-website-vulnerable

Build Image locally:

docker build --no-cache -t lirantal/is-website-vulnerable:latest .

Run container:

docker run --rm -e SCAN_URL="" lirantal/is-website-vulnerable:latest

is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

If you wish to provide command line arguments to

and customize the run, such as providing
or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:
docker run --rm lirantal/is-website-vulnerable:latest --json

:warning: A modern version of Chrome is assumed to be available when using

. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push jobs: security: runs-on: ubuntu-latest steps: - name: Test for public javascript library vulnerabilities uses: lirantal/[email protected] with: scan-url: ""


You can install globally via:

npm install -g is-website-vulnerable


Please consult CONTRIBUTING for guidelines on contributing to this project.


is-website-vulnerable © Liran Tal, Released under the Apache-2.0 License.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.