Whenever javascript error hunting is your thingie, this YouTube video is just for you:
https://www.youtube.com/watch?v=0dgmeTy7X3I Very illustrative and instructing presentation.
It is interesting how security mechanisms within core-packages still can be circumvented by respresenting code in some other form, for instance via type manipulation. Just think about the sheer number of some 375.000 packages for node.js alone, where such insecurities may lure around the corner!
Also consider how these packages could impact each other. How they could kick up insecurity through the eco-system. Think of angular.js via %2e/%2e/etc. & alert(1) to circumvent inbuilt safety code.
Is code being skimmed and screened for such errors and insecurity, because we cannot do this automatically? Always a pair of eyes are needed to do this properly.
Fine presentation via the Snyk platform and various vulnerabilities presented for json javascript libraries and ways to compromise ready-made. Read:
https://snyk.io/ One could also test code there online.
Example in apis.google.com/js/plusone.js with errors detected in undefined function $ and a Syntax error, see:
https://gist.github.com/ashumeow/34c11dcff0f7b2920364 -> Try to open this inside codepad, Undeminished plusone.js has 377 lines of code, (info source credits go to luntrus).
enjoy, my friends, enjoy,
polonus