how can I check the JS code, if the the JS code inside my page posts or requests any data without my knowledge ?

Dear Experts,
I use PHP 7.2 and MySql 5.6,

I found an open source html - javascript html-JS form on Github, which could work perfectly fine for me .

https://github.com/jessepollak/card  The link is here.
I used Javascript version of this form.

This is a credit card form. It's a very useful form. However, I'm new to JS and I know that data can be manuplated with JS.
It can be posted without my knowledge with JS of JQuery and credit card information is a very sensitive data as you can imagine.

I check the JS file, I didn't see any part that POST data or another 3rd party links. How can I be sure that the form is safe and do not send or post any of my users data?

thank you
LVL 1
BRDigital MarketingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leakim971MultitechnicianCommented:
lookin at the code you should see strange data representing an address, a target URL
you can also check network activity using a web browse, for example Chrome : https://developers.google.com/web/tools/chrome-devtools/network/
Julian HansenCommented:
Leak's suggestion is good - run the code and check your Network console to see if it triggers any activity.
You have examined the code as well - check for any obfuscation - code that you cannot easily read. While doing this check the scroll bars on the editor - make sure there is no code hiding off screen.

Finally, check the GitHub stats Screenshot_2019-03-10-jessepollak-ca.png
10K stars with 1K forks - says this is an active bit of code. If it were untrustworthy then those stats would not look like that.

Also check the issues section - look for comments in there that might indicate problems with the plugin.

None of the above should qualify as a safety check on its own - you should do all of them as part of your security check.

And finally don't use a remote link for the code - download a version that you have checked and then use that from your server. That way you know that the code on the link won't be tampered with.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BRDigital MarketingAuthor Commented:
thank you both
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JavaScript

From novice to tech pro — start learning today.