JavaScript Security

Open-source JavaScript projects categorized as Security

Top 23 JavaScript Security Projects

  • GitHub repo KeeWeb

    Free cross-platform password manager compatible with KeePass

    Project mention: Store all passwords in the same Excel... what could go wrong!? | | 2021-04-13

    It's open source and built with security in mind

  • GitHub repo openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: Trying to get the payable function to work in my code: | | 2021-04-15

    If import does not work, you can simply copy&paste the Ownable-code above your own contract in the same file. Works the same. So you can try to copy the contract from and (as Ownable uses Context) into your contract file and then start using Ownable:

  • GitHub repo DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

    Project mention: Sending Contact Form Messages to Your Email Inbox | | 2021-02-21

    Since we are dealing with user input sanitizing it is a good security practice, you can set up any user input sanitizing method you are familiar with, a good start can be DOMPurify.

  • GitHub repo awesome-ctf

    A curated list of CTF frameworks, libraries, resources and softwares

    Project mention: Hey guys can anyone show me the right way?? | | 2021-03-27

  • GitHub repo BeEF

    The Browser Exploitation Framework Project

    Project mention: Selfhosted keychain/password manager | | 2021-01-14

    If you want to have some more understanding of what might be possible, have a look at

  • GitHub repo arkime

    Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

    Project mention: Best FOSS Tools For Scripted Auto-Analysis of PCAPs? | | 2021-04-09

    You can build your own pipeline with tools like a Geoip database, Zeek, p0f, ngrep etc, or check out Arkime (previously Moloch)

  • GitHub repo cloudmapper

    CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

    Project mention: How to map all resources in an account I don't know | | 2021-02-24

    You could try

  • GitHub repo Tutanota makes encryption easy

    Tutanota is an email client with a strong focus on security and privacy that lets you encrypt emails on all your devices.

    Project mention: Roadmap question, no clear information on the site or github. | | 2021-04-16

    But I agree, not much seems to be changing lately. They built the calendar in just three months, but conversation view (a crucial feature, in my opinion) has been in the works for 6 years.

  • GitHub repo shhgit

    Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories:

  • GitHub repo PrivateBin

    A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

    Project mention: Pastey - a self-hosted Pastebin alternative with language detection and on-disk encryption | | 2021-04-13

    Have you looked at ?

  • GitHub repo user.js

    Firefox privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening

    Project mention: No, Vivaldi is not private, It's even worse than edge | | 2021-04-14

    The easy way to start is to use the arkenfox user.js is recomended by privacytools so not worry, and with time learn how to tweak it yourself if you want or need.

  • GitHub repo Retire.js

    scanner detecting the use of JavaScript libraries with known vulnerabilities

  • GitHub repo sanitize-html

    Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

  • GitHub repo user.js

    user.js -- Firefox configuration hardening (by pyllyukko)

    Project mention: dom.event.clipboardevents.enabled = false can broken WYSIWYG editor | | 2021-04-14

    user.js has this WARNING:

  • GitHub repo StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐ (by KuroLabs)

  • GitHub repo rate-limiter-flexible

    Node.js rate limit requests by key with atomic increments in single process or distributed environment.

    Project mention: Is there any request limiter compatible with "oak" framework? | | 2021-04-09
  • GitHub repo is-website-vulnerable

    finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

  • GitHub repo Librefox

    Librefox: Firefox with privacy enhancements

    Project mention: https everywhere....something happen? | | 2021-04-10

    They clearly mention the reasons in a Gitlab issue.

  • GitHub repo nothing-private

    Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.

    Project mention: Chrome incognito mode is useless on hiding identity and any website can track you , see | | 2021-04-09

    Source :

  • GitHub repo cloudsploit

    Cloud Security Posture Management (CSPM)

    Project mention: CloudSploit: Análisis de seguridad en la nube ☁☁ | | 2021-03-16
  • GitHub repo awesome-nodejs-security

    Awesome Node.js Security resources

    Project mention: What is secure code? | | 2021-01-18

    For the PERN stack you can check out the vulnerabilities and their solutions here, you may also like the Secure Code Warrior Free Node.js express training. Also check out the Awesome Node.js Security list.

  • GitHub repo ViewFinderJS

    :camera: ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from

    Project mention: Show HN: Run puppeteer scripts from the Browser, open DevTools on remote pages | | 2021-04-14

    2 known issues:

    - DevTools doesn't display the viewport. I'm not sure if this is due to a change in the latest Chrome to which I just updated (~90) or because I broke my serving of it by updating it. A workaround will be serving a static snapshot of the devtools front-end rather than just (simply, as I'm doing right now) pulling it out of Chrome's RDP endpoint each time. This may take some time to do.

    - DevTools doesn't seem to work on iOS (as I've tested it, Safari or Chrome).

    - There are many more issues, and a lot, but not all, of them are edge cases but they'll be fixed eventually.

    More bug reports, UI/UX tips and advice, and other feedback are very welcome! Unfortunately the whole app is not open source but some parts are open source, namely, the virtualized browser[0], and the devtools-front-end[1].



  • GitHub repo Auto SNI

    🔐 Free, automated HTTPS for NodeJS made easy.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-16.


What are some of the best open-source Security projects in JavaScript? This list will help you:

Project Stars
1 KeeWeb 9,929
2 openzeppelin-contracts 9,894
3 DOMPurify 6,919
4 awesome-ctf 5,643
5 BeEF 5,627
6 arkime 4,716
7 cloudmapper 4,292
8 Tutanota makes encryption easy 3,895
9 shhgit 3,078
10 PrivateBin 3,031
11 user.js 3,016
12 Retire.js 2,722
13 sanitize-html 2,510
14 user.js 2,196
15 StegCloak 2,077
16 rate-limiter-flexible 1,590
17 is-website-vulnerable 1,583
18 Librefox 1,532
19 nothing-private 1,406
20 cloudsploit 1,377
21 awesome-nodejs-security 1,312
22 ViewFinderJS 1,198
23 Auto SNI 1,179