Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for enhanced detection logic for javascript express js #481

Open
Nameisjohn247 opened this issue Jan 11, 2025 · 1 comment
Open

Request for enhanced detection logic for javascript express js #481

Nameisjohn247 opened this issue Jan 11, 2025 · 1 comment
Labels
🔎 detector Issue for Detector 💊 spec Issue for test codes
Milestone
v0.19.0

Comments

@Nameisjohn247
Copy link

Hi Team,

I was using noir in one of the projects and even though it was a express project noir couldn't identify and ended with the below error

⚑ Detecting technologies to base directory.
▲ No technologies detected.
  ➔ If you know the technology, use the -t flag to specify it.
  ➔ Please check tech lists using the --list-techs flag.

Checked the detection logic and it is quite straightforward - it returns true if BOTH conditions are met:

  1. The file has a .js extension (filename.includes? ".js")
  2. AND one of these patterns is found in the file contents:
  • require('express') (single quotes)
  • require("express") (double quotes)

Checked the project code and it never had require syntax in it instead it had import syntax (import express from 'express';)
Just added var router = require('express').Router() line in one of the js file present in the repo and noir was able to detect and worked like a charm

I think that the current Express.js detector could be enhanced. Here are some suggestions:

Current Limitations:

  • Only checks for basic require('express') pattern
  • Might miss modern JavaScript code patterns

Suggested Improvements:

  1. Add detection for more patterns like:

    • import express from 'express'
    • const/let/var express = require('express')
    • import { Router } from 'express'

  2. Support more file types:

    • TypeScript (.ts files)
    • Modern JavaScript modules (.mjs files)

  3. Check package.json for express dependency

This would help catch more Express.js applications and reduce false negatives.

I don't have coding experience to implement this, but I hope this suggestion helps improve the tool!
@hahwul
Copy link
Member

hahwul commented Jan 12, 2025

Hi @Nameisjohn247
First, thank you so much for reporting this issue and for the detailed suggestions!

You're absolutely right—our current Express.js detection has limitations, especially with modern JavaScript patterns.
We'll work on improving this by:

  • Adding support for import syntax and other patterns
  • Extending compatibility for .ts and .mjs files
  • Checking package.json for dependencies

We appreciate your feedback and will use it to make noir better.
Thanks again for your contribution 😊

cc, @ksg97031

@hahwul hahwul added 🔎 detector Issue for Detector 💊 spec Issue for test codes labels Jan 12, 2025
@hahwul hahwul added this to the v0.19.0 milestone Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔎 detector Issue for Detector 💊 spec Issue for test codes
Projects
None yet
Milestone
v0.19.0
Development

No branches or pull requests
2 participants
@hahwul @Nameisjohn247