Top 23 JavaScript Security Projects
-
Project mention: Store all passwords in the same Excel... what could go wrong!? | reddit.com/r/sysadmin | 2021-04-13
It's open source and built with security in mind https://keeweb.info/
-
Project mention: Trying to get the payable function to work in my code: | reddit.com/r/ethdev | 2021-04-15
If import does not work, you can simply copy&paste the Ownable-code above your own contract in the same file. Works the same. So you can try to copy the contract from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol and https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Context.sol (as Ownable uses Context) into your contract file and then start using Ownable:
-
Scout APM
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Since we are dealing with user input sanitizing it is a good security practice, you can set up any user input sanitizing method you are familiar with, a good start can be DOMPurify.
-
Project mention: Hey guys can anyone show me the right way?? | reddit.com/r/Hacking_Tutorials | 2021-03-27
https://github.com/apsdehal/awesome-ctf#readme
-
If you want to have some more understanding of what might be possible, have a look at https://github.com/beefproject/beef
-
arkime
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Project mention: Best FOSS Tools For Scripted Auto-Analysis of PCAPs? | reddit.com/r/networking | 2021-04-09You can build your own pipeline with tools like a Geoip database, Zeek, p0f, ngrep etc, or check out Arkime (previously Moloch) https://arkime.com/
-
Project mention: How to map all resources in an account I don't know | reddit.com/r/aws | 2021-02-24
You could try https://github.com/duo-labs/cloudmapper
-
Tutanota makes encryption easy
Tutanota is an email client with a strong focus on security and privacy that lets you encrypt emails on all your devices.
Project mention: Roadmap question, no clear information on the site or github. | reddit.com/r/tutanota | 2021-04-16But I agree, not much seems to be changing lately. They built the calendar in just three months, but conversation view (a crucial feature, in my opinion) has been in the works for 6 years.
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
-
PrivateBin
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
Project mention: Pastey - a self-hosted Pastebin alternative with language detection and on-disk encryption | reddit.com/r/selfhosted | 2021-04-13Have you looked at https://privatebin.info ?
-
user.js
Firefox privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening
Project mention: No, Vivaldi is not private, It's even worse than edge | reddit.com/r/privacytoolsIO | 2021-04-14The easy way to start is to use the arkenfox user.js is recomended by privacytools so not worry, and with time learn how to tweak it yourself if you want or need.
-
-
sanitize-html
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
-
Project mention: dom.event.clipboardevents.enabled = false can broken WYSIWYG editor | reddit.com/r/privacytoolsIO | 2021-04-14
user.js has this WARNING: https://github.com/pyllyukko/user.js/blob/d6ce4ebf9e30e846b9e383384f7a20d121fb4030/user.js#L107
-
StegCloak
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐ (by KuroLabs)
-
rate-limiter-flexible
Node.js rate limit requests by key with atomic increments in single process or distributed environment.
Project mention: Is there any request limiter compatible with "oak" framework? | reddit.com/r/Deno | 2021-04-09 -
is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
-
They clearly mention the reasons in a Gitlab issue.
-
nothing-private
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
Project mention: Chrome incognito mode is useless on hiding identity and any website can track you , see http://www.nothingprivate.ml | reddit.com/r/chrome | 2021-04-09Source :https://github.com/gautamkrishnar/nothing-private
-
Project mention: CloudSploit: Análisis de seguridad en la nube ☁☁ | reddit.com/r/u_esgeeks | 2021-03-16
-
For the PERN stack you can check out the vulnerabilities and their solutions here, you may also like the Secure Code Warrior Free Node.js express training. Also check out the Awesome Node.js Security list.
-
ViewFinderJS
:camera: ViewFinder - NodeJS product to make the browser into a web app. WTF RBI. CBII. Remote browser isolation, embeddable browserview, secure chrome saas. Licenses, managed, self-hosted. Like S2, WebGap, Bromium, Authentic8, Menlo Security and Broadcom, but open source with free live demos available now! Also, integrated RBI/CDR with CDR from https://github.com/dosyago/p2%2e
Project mention: Show HN: Run puppeteer scripts from the Browser, open DevTools on remote pages | news.ycombinator.com | 2021-04-142 known issues:
- DevTools doesn't display the viewport. I'm not sure if this is due to a change in the latest Chrome to which I just updated (~90) or because I broke my serving of it by updating it. A workaround will be serving a static snapshot of the devtools front-end rather than just (simply, as I'm doing right now) pulling it out of Chrome's RDP endpoint each time. This may take some time to do.
- DevTools doesn't seem to work on iOS (as I've tested it, Safari or Chrome).
- There are many more issues, and a lot, but not all, of them are edge cases but they'll be fixed eventually.
More bug reports, UI/UX tips and advice, and other feedback are very welcome! Unfortunately the whole app is not open source but some parts are open source, namely, the virtualized browser[0], and the devtools-front-end[1].
-
Index
What are some of the best open-source Security projects in JavaScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | KeeWeb | 9,929 |
| 2 | openzeppelin-contracts | 9,894 |
| 3 | DOMPurify | 6,919 |
| 4 | awesome-ctf | 5,643 |
| 5 | BeEF | 5,627 |
| 6 | arkime | 4,716 |
| 7 | cloudmapper | 4,292 |
| 8 | Tutanota makes encryption easy | 3,895 |
| 9 | shhgit | 3,078 |
| 10 | PrivateBin | 3,031 |
| 11 | user.js | 3,016 |
| 12 | Retire.js | 2,722 |
| 13 | sanitize-html | 2,510 |
| 14 | user.js | 2,196 |
| 15 | StegCloak | 2,077 |
| 16 | rate-limiter-flexible | 1,590 |
| 17 | is-website-vulnerable | 1,583 |
| 18 | Librefox | 1,532 |
| 19 | nothing-private | 1,406 |
| 20 | cloudsploit | 1,377 |
| 21 | awesome-nodejs-security | 1,312 |
| 22 | ViewFinderJS | 1,198 |
| 23 | Auto SNI | 1,179 |