Kali Linux

Mininode : A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine.

Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializes entry point to package.json file’s main field if it exists. Otherwise default to index.js.

Example usage: node index.js <path to Node application root folder> --mode=(coarse|fine). Below is the list of options that can be passed to Mininode.

Options

List of command line options that can be passed to mininode.

  • --destination, -d: the path where mininode will save the reduced Node.js application. The default value: mininode.
  • --dry-run: just generates mininode.json without modifying the initial application.
  • --mode, -m: reduction mode. The value can be either coarse or fine. In coarse mode mininode will perform only coarse-grained reduction. While in fine mode mininode will perform fine-grained reduction. In general coarse-grained reduction is more reliable, because mininode will not try to reduce unused functions inside the module. Default value: coarse.
  • --silent: console output is disabled. This will improve the performance of the mininode.
  • --verbose: outputs additional information to the console. The default value: false
  • --log: mininode will generate log file inside, which contains dependency graph of the application in json format. The default value: true.
  • --log-output: the name of the log file generated by mininode. The default value: mininode.json.
  • --compress-log: compresses the final log file. By default it will dump everything into log file. In production it is advised to pass the --compress-log flag to save space.
  • --seeds: seed files from where mininode will start building dependency graph. You can provide many seed files by separating them with colon.
  • --skip-stat: skips calculating the statistics
  • --skip-reduction: if passed mininode will not reduce the JavaScript files. The default value: false.
  • --skip-remove: if passed mininode will not remove unused JavaScript files. The default value: false.

Limitaions

  • Mininode uses static analysis, which means it can not reduce the attack surface of the Node.js application which uses dynamic behaviour, such as eval. If Mininode detects dynamic behaviour in the application it exits with error DYNAMIC_BEHAVOUR_DETECTED.
R K

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

2 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

2 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

2 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

2 weeks ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

2 weeks ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago