Tools to detect possible attacks

[ju-sh]

Are there any tools to examine the source code and point out parts where attacks are possible?

For different languages?

Maybe there are linting tools which can catch them as well?

Or tools with under-development features for this?

[lirantal]

Today most IDEs such as Visual Studio Code already added visual cues to show unicode characters, GitHub UI does the same. Also, in an article I wrote about How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint I am referencing an ESlint plugin I built and an npm package that detects them if you care to add to your CI / git hooks: https://github.com/lirantal/anti-trojan-source