Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component...
JS Analyzer Skill
2
0
# Install this skill:
npx skills add xrip/claude-skill-analyze-js --skill "JS Analyzer Skill"
Install specific skill from multi-skill repository
# Description
Analyze JavaScript files for API endpoints, secrets, URLs, emails, sensitive files, and bundler versions
# SKILL.md
name: analyze-js
description: Analyze JavaScript files for API endpoints, secrets, URLs, emails, sensitive files, and bundler versions
examples:
- analyze-js bundle.js
- analyze-js src/
- analyze-js --verbose dist/
JS Analyzer Skill
Analyzes JavaScript files for security-relevant information using npx js-analyzer-cli.
Works in any project without installation.
Command
npx js-analyzer-cli [OPTIONS] <paths...>
Detection Categories
- endpoints: REST APIs, GraphQL, OAuth, admin panels
- urls: External links, cloud storage, WebSockets
- secrets: API keys, tokens, JWT, credentials (auto-masked)
- emails: Valid addresses (test emails filtered)
- files: Sensitive file references (.env, configs, backups)
- bundlers: Detected bundlers with versions (Webpack, Vite, Rollup, etc.)
Auto-filters noise: build artifacts, module imports, XML namespaces.
Options
--verbose- Show progress details--format=json- JSON output (default: toon)--pretty- Pretty print JSON--no-recursive- Skip subdirectories
Directory Scanning
Default behavior:
- Finds .js, .jsx, .mjs files
- Skips node_modules/ and hidden dirs
- Recursive by default
Output Format
TOON format (default) - compact, LLM-optimized:
summary:
total: 18
endpoints: 4
secrets: 1
findings:
endpoints[4 ]{value location}:
/api/v1/users bundle.js:42:15
/admin/dashboard bundle.js:234:12
secrets[1 ]{value location}:
AKIA...MPLE (AWS Key) bundle.js:312:25
Location format: file:line:column (clickable in IDEs)
How to Present Results
Start with summary, highlight critical findings (secrets, admin endpoints), group by category.
Example:
📊 Analysis: bundle.js (18 findings)
🔴 Critical:
• AWS Key at bundle.js:312:25
• Admin endpoint at bundle.js:234:12
Endpoints (4): /api/v1/users (bundle.js:42:15), /admin/dashboard (bundle.js:234:12), ...
Bundler: Webpack 5.88.2
Usage Flow
- Identify paths
- Add flags if needed
- Run:
npx js-analyzer-cli [flags] <paths> - Parse and present
Note: First run downloads package (~2s), then cached.
Security
For authorized testing only: pentesting, bug bounties, own applications, security audits.
# Related Skills
Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support...
Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and...
Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.