Javascript Non Upgradeable Dependencies

Description

Detects JavaScript/Node.js dependencies that are directly included in the repository source code, preventing security updates. This creates security risk by forcing the application to use potentially vulnerable package versions even when patches are available.

Weakness:

079 - Non-upgradable dependencies

Category: Functionality Abuse

Detection Strategy

• Review repository files to check if there are dependencies inside of the source code

• Files under given paths like (*/Scripts*/bootstrap*, JQuery files) and such

• Report those dependencies since they are not managed by a package manager or obtained from a CDN

• Only reports code files and not assets like svg, jgp and others

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.