What's the best tool for Javascript security auditing?

Question

Something that can at least scan a batch of .js files looking for eval statements and other questionable code. Maybe just a regex pattern would do it, but I'd like to find a more sophisticated (and regularly maintained) tool.

Answer 1

old topic but new tool : ScanJS, developed by mozilla in order to check the Firefox OS security. https://github.com/mozilla/scanjs

Answer 2

Have you tried Douglas Crockford's JSLint? Although it doesn't scan your code for security problems, however, it does alert you on "eval" statements. OTOH, Predrag Tomasevic has wrote a JavaScript Verifier based on JSLint that can be integrated with Visual Studio (read more on this here).