Top 23 JavaScript Security Projects
-
-
Openzeppelin ERC-20-Permit (in draft status)
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Project mention: How to allow custom entered HTML in item description, but make sure no JS gets entered? | reddit.com/r/webdev | 2022-01-02You can use an input sanitizer. I'd use something like DOMPurify if you don't want to write the sanitizer yourself. But yeah you should not allow or remove a certain tags like script and img.
-
https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading
-
Project mention: be warned, there's this new thing going around that nobody is talking about but it sends a link and i think your account gets taken over and you can't get it back. it seems to start with "hey can i ask you for a quick favor?" and if you respond, it seems to actually talk back | reddit.com/r/discordapp | 2022-01-03
-
arkime
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Project mention: I'm currently studying to transition from a SIEM administrator to a network forensics analyst. What's are good workflows/resources for analyzing PCAPs? | reddit.com/r/computerforensics | 2021-12-14Full PCAP's? Look at https://arkime.com/ or network miner. Arkime is probably more what you're looking for. But I love network miner
-
SonarLint
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
-
-
user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Project mention: An extension seems to have logged a bung of information, what should I do first? | reddit.com/r/firefox | 2022-01-22Looks like the same situation as here. As recommended there, check your about:debugging for extension UUID that matches with what you called "(some string)".
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Project mention: My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour | news.ycombinator.com | 2022-01-06Assuming that the person you were working with didn't drain your wallet, there are many tools which can be used to actively monitor for commits being done on GitHub with secrets of sort.
The first one that comes to my mind is shhgit (https://github.com/eth0izzle/shhgit)
Anyone can self host it and then add multiple GitHub Dev keys to it. Then this can be used to monitor GitHub commits being done, majority of which can be categorized as "secrets".
-
ClearURLs-Addon
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
Project mention: DeGoogling google.com with my tag is the cherry on top...(left)... | reddit.com/r/degoogle | 2021-11-12 -
Project mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | dev.to | 2021-09-14
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
-
sanitize-html
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
-
Project mention: The Perfect Configuration Format? Try TypeScript | news.ycombinator.com | 2021-11-17
This could be solved by having some kind of sandbox (https://github.com/patriksimek/vm2), but I agree it complicates it.
It would be cool if tsc had a flag —sandboxed or similar that does not allow any sideeffects (fs access, output, forking, net requests, etc)
-
This post will show you how to build a policy (middleware) for your express gateway. Before creating a policy, we need to create a plugin.
-
1 https://github.com/KuroLabs/stegcloak
-
Project mention: [24 Jan 2022] Privacy lovers of India, what are your best tips for online safety & privacy in 2022? | reddit.com/r/india | 2022-01-24
As for configuring firefox - https://github.com/pyllyukko/user.js/. There are many different configurations. Read the thing and configure based on your needs. I use 2 different profiles in firefox. one has strict rules other not so much. Umatrix, temporary containers, ublock,vim vixen, https everywhere are the addon i use. can use facebook container if you want to use instagram and such.
-
Project mention: Threat Intelligence platform recommendations | reddit.com/r/blueteamsec | 2021-11-02
If you haven’t yet, check out OpenCTI https://github.com/OpenCTI-Platform/opencti
-
rate-limiter-flexible
Node.js rate limit requests by key with atomic increments in single process or distributed environment.
Project mention: Trouble adding rate limiter to API route in Nextjs | reddit.com/r/node | 2021-07-31I published this issue with my code: https://github.com/animir/node-rate-limiter-flexible/issues/124
-
-
nothing-private
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
Project mention: GitHub - gautamkrishnar/nothing-private: Do you think you are safe using private browsing or incognito mode?. This will prove that you're wrong. | reddit.com/r/devopsish | 2021-10-24 -
is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Project mention: Finds publicly known security vulnerabilities in front end JavaScript libs | news.ycombinator.com | 2021-08-06 -
Mapping cloud security controls to compliance standards not possible in totality (e.g. cloud security tools on their own won't be able to see what's on an EC2 instance to see if you have PCI-DSS compliant ciphers enabled for SSH/HTTPS/etc.), but I'd recommend you take a look into github.com/aquasecurity/cloudsploit and github.com/nccgroup/ScoutSuite as starting points!
JavaScript Security related posts
- Approved Hardware Upgrade List
- An extension seems to have logged a bung of information, what should I do first?
- The success of web browser Brave is a bad sign for Google – here’s why
- 5 Tips & Tricks in UniswapV2 Contracts for DeFi Developers
- NFT Minting Process: Best Practice for dealing with metadata
- "Were you able to subpoena ProtonMail?"
- 2022 Jan 10 Stickied 𝐇𝐄𝐋𝐏𝐃𝐄𝐒𝐊 thread - Boot problems? Power supply problems? Display problems? Networking problems? Need ideas? Get help with these and other questions! 𝑨𝑺𝑲 𝑯𝑬𝑹𝑬 𝑭𝑰𝑹𝑺𝑻
Index
What are some of the best open-source Security projects in JavaScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | nginxconfig.io | 15,179 |
| 2 | openzeppelin-contracts | 15,160 |
| 3 | KeeWeb | 10,662 |
| 4 | DOMPurify | 8,305 |
| 5 | awesome-ctf | 6,554 |
| 6 | BeEF | 6,277 |
| 7 | arkime | 5,024 |
| 8 | cloudmapper | 4,826 |
| 9 | user.js | 4,628 |
| 10 | shhgit | 3,337 |
| 11 | ClearURLs-Addon | 2,959 |
| 12 | Retire.js | 2,939 |
| 13 | sanitize-html | 2,834 |
| 14 | vm2 | 2,796 |
| 15 | express-gateway | 2,610 |
| 16 | StegCloak | 2,403 |
| 17 | user.js | 2,381 |
| 18 | opencti | 2,216 |
| 19 | rate-limiter-flexible | 1,994 |
| 20 | awesome-nodejs-security | 1,811 |
| 21 | nothing-private | 1,770 |
| 22 | is-website-vulnerable | 1,728 |
| 23 | cloudsploit | 1,713 |
Are you hiring? Post a new remote job listing for free.
