v1.3.0 Release

• Variable scoping analysis capabilities have been added to inspect the Function and Global variable content, when available.
• Every check now has an importance and accuracy attribute which helps the auditor to determine the importance of each finding. Consequently, we also introduced some new command line flags to filter the results by severity (--severity) and by confidence (--confidence), useful for tailored Electronegativity integration in your application security pipelines or build systems.
• Add support for BrowserView and nodeIntegrationInSubFrames
• Add the -r, --relative flag to display relative path for files
• Upgraded typescript-estree to @typescript-eslint/typescript-estree
  in order to support newer versions of TypeScript
• Several bug fixes and improvements (#49, #50, 84316b1, b32b81b, 04016b3)

The official manual for this 1.3.0 release is also available.

v1.2.0 Release

• Add support for single check scans, using the -c flag (#34)
• Introduce a new check type called Global Checks and its own test logic (#37)
• Introduce CSP Global Checks (#35, #36)
• Introduce AffinityGlobalCheck (#39)
• Include node's setImmediate as dangerous function (ea63162)

We now have our official PDF documentation in docs/manual!

This is a special release for the BlackHat Asia 2019 talk "Preloading Insecurity In Your Electron" by Luca Carettoni, one of the tool's authors.

First Public Release

We’re excited to announce the first public release of Electronegativity. This tool is finally out!