JavaScript Audit

Open-source JavaScript projects categorized as Audit | Edit details

Top 8 JavaScript Audit Projects

  • lighthouse

    Automated auditing, performance metrics, and best practices for the web.

    Project mention: Portfolio feedback | reddit.com/r/webdev | 2022-05-21

    https://developers.google.com/web/tools/lighthouse/ or in the chrome devtools

  • pwndoc

    Pentest Report Generator

    Project mention: What do pentesters do? | reddit.com/r/cybersecurity | 2022-04-16

    Please look into something like PwnDoc https://github.com/pwndoc/pwndoc or even paid things like Plextrac. Automated templates will save you so much time I guarantee it.

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • wallace-cli

    Pretty CSS analytics on the CLI

    Project mention: Web Directions Hover 2022 Day 1 notes | dev.to | 2022-05-10

    Wallace CLI: can run in CI

  • Smart-Contract-Security-Audits

    Certified Smart Contract Audits for Ethereum, Solana, Near, xDAI, Huobi ECO Chain, Binance Smart Chain, Fantom, EOS, Tezos by Chainsulting

    Project mention: 👨‍💻From the Chainsulting audit....👀🤝 | reddit.com/r/EverRise | 2022-04-04

    LINK HERE TO FULL AUDIT: https://github.com/chainsulting/Smart-Contract-Security-Audits/blob/master/EverRise/02_Smart_Contract_Audit_EverRise_Token_Staking_v3.pdf

  • audit-ci

    Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories

    Project mention: NPM Audit: Broken by Design | news.ycombinator.com | 2021-07-07

    For those hoping to run npm audit in your CI/CD pipeline, I recommend this tool from IBM: https://github.com/IBM/audit-ci

    In highly regulated industries, shipping code flagged as having a vuln without a manual approval could be a liability.

    This wrapper around npm takes an allowlist argument, and our procedure is for an engineer to review the failing build, determine if the vulnerability (ugh, usually regex ddos or prototype pollution) is present in code that runs only at build time with trusted inputs, only on the client which is by definition untrusted, or in our webserver which takes in untrusted input.

    As long as it's either of the first two, we document it in a commit and comment and redeploy. It's annoying, but it's far better than npm audit forcing a fix.

  • evaluatory

    Web page evaluation with a focus on accessibility

    Project mention: The A11Y Project Checklist | news.ycombinator.com | 2022-05-11

    I wrote Evaluatory [1] for this, which started mainly as an axe-core wrapper (which is what Lighthouse uses as well) with a visual results page. Now it contains more tools and checks as well.

    [1] https://darekkay.com/evaluatory/

  • DomainAccessibilityAudit

    Web application to create domain and subdomain accessibility audits, with violation statistics.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • scanner

    ⚡️ A package API to run a static analysis of your module's dependencies. (by NodeSecure)

    Project mention: How to respond to growing supply chain security risks? | dev.to | 2022-04-03

    And it is happening right now. Github is opening the GitHub Advisory Database to community submissions. Awesome community NodeSecure builds cool things like scanner and js-x-ray. There are also lockfile-lint, LavaMoat, Jfrog-npm-tools (and I am sure there is more).

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-21.

JavaScript Audit related posts

Index

What are some of the best open-source Audit projects in JavaScript? This list will help you:

Project Stars
1 lighthouse 24,599
2 pwndoc 1,008
3 wallace-cli 454
4 Smart-Contract-Security-Audits 376
5 audit-ci 201
6 evaluatory 57
7 DomainAccessibilityAudit 43
8 scanner 12
Find remote jobs at our new job board 99remotejobs.com. There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
www.sonarlint.org