Find Deep Bugs

in Node JS Apps.

Pay Down Technical Debt and Ship Sooner

 1 // unhandled.js
 2 function bar(x) {
 3   // x is declared but undefined - this is missed by eslint and jshint
 4 = 'dave';
 5 }
 7 function foo(age) {
 8  var y;
10  // Technical debt here: developer assumed 'age' is always less than 100
11  if (age < 100) {
12    y = {}
13  }
14  bar(y);
15 }

This unhandled TypeError was missed by all leading static analysis tools.

Our dynamic analysis engine found it by sending foo() unexpected input.

You get a clean stack trace and the exact function call to reproduce the bug.

Zero false positives means no wheel spinning.

We auto generate a mocha test for the bug - paste it right into the test file.

You get help on understanding and fixing the bug along with curated StackOverflow links.

TypeError: Cannot set property 'name' of undefined
    at bar (lib/unhandled.js:4)
    at foo (lib/unhandled.js:14)
    at Object.<anonymous> (lib/unhandled.js:18)

How to Reproduce

Autogenerated Test
// FuzzStati0n: Auto generated chai/mocha.js test - modify as required
var assert = chai.assert;
describe('...', function() {
  describe('...', function() {
    it('should not throw a TypeError when age equals 101', function(){
      assert.doesNotThrow(function () { foo(101) }, Error, 
        "Cannot set property 'name' of undefined");

How to Fix
This kind of TypeError occurs when you try to set a property to a variable which is of type undefined This error is usually due to a typo - check that the variable x has been assigned a value.

Please also see: StackOverflow - Uncaught TypeError: Cannot read property 'value' of undefined

    Why Fuzz Stati0n:

  • DONT LEAVE CLIENTS IN A BAD STATE: Find Uncaught Exceptions before they crash your Node app.

  • FIND DEEP BUGS: Our proprietary dynamic analysis engine finds bugs missed by unit tests and static analysis.

  • INCREASED TEST COVERAGE: We extend the coverage of your unit tests by uncovering more paths through the application.

  • ZERO FALSE POSITIVES: Bugs are discovered by forcing the application into a critical state.

Sign Up

How Fuzz Stati0n Works

1. Specify any GitHub repo to check. We need a package.json file and operational tests.

The tests (as specified by the scripts property of the package.json file) are scanned to determine which functions are most important. We support all major Node test frameworks (mocha, jest, tape, etc.)

2. The code is instrumented at the source level.

Instrumenting the source allows us to track control flow during runtime and improve test coverage.

3. We run dynamic analysis on the application automatically every 24 hours.

Uncaught exceptions and other critical errors are forced by fuzzing the application at runtime with unexpected input.

4. The results are delivered via email, Slack or GitHub.

Sign Up


David Moore - Founder/CEO

831 204-8838

849C Almar Ave #470

Santa Cruz, CA