jotadev-bug/javascript-doctor — explained in plain English
Analysis updated 2026-05-18
Scan a project folder for exposed secrets, SQL injection, and command injection risks before shipping.
Run in CI with a non-zero exit code when high or critical issues are found.
Check npm dependencies against the npm audit and OSV.dev advisory databases.
Watch a project for changes and rescan automatically.
| jotadev-bug/javascript-doctor | 0xradioac7iv/tempfs | abboskhonov/hermium | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 2/5 | 3/5 | 4/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Ships as an npm package with no external services required to run a scan.
JS Doctor is a command-line security scanner for JavaScript and TypeScript projects, designed especially for code generated or accelerated by AI coding assistants. The idea is that AI-generated code can introduce security vulnerabilities without the developer noticing, and JS Doctor provides a fast way to check for common issues before shipping. Running it against a project folder produces plain-English findings that each include a diagnosis (what the problem is), a risk assessment, a recommended treatment, a severity level, a confidence level, and the exact file and line where the issue was found. The scanner checks for a broad range of security problems: exposed secrets, missing authorization checks on update and delete operations, unsafe HTML rendering that could enable script injection, runtime code execution, command injection, SQL injection, server-side request forgery (SSRF), open redirects, path traversal, weak or insecure cryptography, permissive CORS settings, disabled TLS verification, insecure cookie configuration, prototype pollution, unsafe deserialization, and JWT tokens decoded without signature verification. It can also check third-party npm dependencies against the npm audit database and the OSV.dev vulnerability advisory database. A watch mode rescans files as they change. JSON output is available for integration into other tools. By default the tool exits with a non-zero code when high or critical issues are found, making it suitable for CI pipelines. The rule system is file-based, each rule pack is a JSON or YAML file, so new checks can be added without modifying the core engine. The project is written in TypeScript and ships as an npm package.
A command-line security scanner for JavaScript and TypeScript projects that flags vulnerabilities often introduced by AI coding assistants.
Mainly TypeScript. The stack also includes TypeScript, Node.js, npm.
No license file was found in the README.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.