DEPEN-FIND is a tool designed to validate NPM dependencies and check their availability in the NPM registry. This tool is specifically built to identify potential vulnerabilities related to Dependency Confusion Attacks by ensuring that all dependencies listed in a package.json or package-lock.json file is missing in the official NPM registry.
- Fetches dependency lists from a GitHub URL or a local file.
- Checks whether each dependency exists in the NPM registry.
- Displays results in a structured table format.
- Helps prevent Dependency Confusion Attacks by identifying missing dependencies.
Ensure you have Python installed on your system, then clone the project and install the required dependencies:
git clone https://github.com/0xAkarii/depen-findcd depen-findpip install -r requirements.txtRun the script and provide a GitHub URL or a file path to package.json or package-lock.json:
python depen_find.pyExample input:
- Using a GitHub URL:
Enter the URL or file path of package.json or package-lock.json: https://github.com/user/repo/blob/main/package.json - Using a local file:
Enter the URL or file path of package.json or package-lock.json: /path/to/package.json
Contributions are welcome! Feel free to open an issue or submit a pull request to improve the tool.
This project is licensed under the MIT License.
Created by @0xAkarii (ChatGPT helped me to fix some codes)
🔗 LinkedIn: Alva Radian
☕ Support Me: Buy Me a Coffee