Theme Scanner
The Theme Scanner is a crucial security tool in the Shopfence app that performs a full Theme Health Check of your Shopify store. It helps store owners identify risks and vulnerabilities within their store’s codebase.
What It Does
When you click the “Scan Theme” button, Shopfence initiates a comprehensive scan of your store’s currently active theme.
Key Capabilities
- Security Vulnerabilities
Detects exposed code patterns, unsafe scripts, or references to insecure endpoints. - Outdated Packages / Libraries
Flags old versions of dependencies that may pose security or performance issues. and main focus on finding outdated library and package from theme and show(e.g.<script src=”https://code.jquery.com/jquery-1.7.2.min.js”></script> - Malicious Code Detection
Detects any suspicious scripts or unauthorized third-party injections, such as hidden iframes, codeInjection, obfuscation, maliciousDomains, shopify-pattern script, dataExfiltration, creditCardSkimmers, cryptoMiners, scriptURL or known malware signatures.(e.g.<iframe src=”javascript:alert(‘XSS’)”></iframe>
Output After Scan
A detailed report is shown outlining all findings
- A Theme Name
- File-Scanned
- Security Issue
- Total-Scan time
- List of Outdated Package/Library also Which File
- List of Security Issue also Which File
- Security Summary
- Recommendations for improvement or cleanup are provided for each issue.
Buttons & Actions
- Scan Theme: Starts the scan.
- Export Report (disabled until a scan completes): Download a json file of the scan results.
- Clear Results: Resets previous scan results.
