Top 23 JavaScript Security Projects
-
-
-
-
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
As mentioned in Fit your need, many packages try to solve a general problem (thus the size of the package is large). You may only need a small part of the package. Sometimes, your problem is unique and there are no existing third party packages out there that solve it. In those cases, it's a great time for you to do it yourself. I found myself in the early days in the industry spending much time finding a third party package to help me build features. But over time, I more rarely used external packages for my daily tasks. It doesn't mean that I always reinvent the wheel. It means that I know what I am doing and I can seek help from the community when I truly need to (for example I will never sanitize user input by myself, but use DOMPurify)
-
https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading
-
-
arkime
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
I used moloch which is now https://arkime.com/. It used to be free and was a great tool for pcaps. Uses elastic underneath.
-
Scout APM
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
-
user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Project mention: Firefox Privacy: 2021 update | Privacy Guides | reddit.com/r/PrivacyGuides | 2021-12-01 -
Tutanota makes encryption easy
Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
You get 5 aliases with tutanota, yes. One of them being your custom domain, say, [email protected] The others are tutanota.com or tuta.io addresses that you set up.
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Project mention: Ask HN: What are the best automated tools for keeping credentials out of GitHub? | news.ycombinator.com | 2021-08-09 -
ClearURLs-Addon
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
Project mention: DeGoogling google.com with my tag is the cherry on top...(left)... | reddit.com/r/degoogle | 2021-11-12 -
Project mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | dev.to | 2021-09-14
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
-
sanitize-html
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
-
Project mention: The Perfect Configuration Format? Try TypeScript | news.ycombinator.com | 2021-11-17
This could be solved by having some kind of sandbox (https://github.com/patriksimek/vm2), but I agree it complicates it.
It would be cool if tsc had a flag —sandboxed or similar that does not allow any sideeffects (fs access, output, forking, net requests, etc)
-
This post will show you how to build a policy (middleware) for your express gateway. Before creating a policy, we need to create a plugin.
-
1 https://github.com/KuroLabs/stegcloak
-
Project mention: Don't you feel that Firefox is now father than Chromium ? | reddit.com/r/archlinux | 2021-11-25
-
Project mention: Threat Intelligence platform recommendations | reddit.com/r/blueteamsec | 2021-11-02
If you haven’t yet, check out OpenCTI https://github.com/OpenCTI-Platform/opencti
-
rate-limiter-flexible
Node.js rate limit requests by key with atomic increments in single process or distributed environment.
Project mention: Trouble adding rate limiter to API route in Nextjs | reddit.com/r/node | 2021-07-31I published this issue with my code: https://github.com/animir/node-rate-limiter-flexible/issues/124
-
For the PERN stack you can check out the vulnerabilities and their solutions here, you may also like the Secure Code Warrior Free Node.js express training. Also check out the Awesome Node.js Security list.
-
nothing-private
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
Project mention: GitHub - gautamkrishnar/nothing-private: Do you think you are safe using private browsing or incognito mode?. This will prove that you're wrong. | reddit.com/r/devopsish | 2021-10-24 -
is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Project mention: Finds publicly known security vulnerabilities in front end JavaScript libs | news.ycombinator.com | 2021-08-06
JavaScript Security related posts
- how do i install BeEF?
- Split NFT Royalties to Multiple Addresses
- Does this kind of funnel already exist?
- Split NFT Royalies to Multiple Addresses
- Backend Ethereum Smart Contracts
- UPDATE: FOUND MATCHING CODE IN THE GAMESTOP CONTRACT AND NEW LRC EXCHANGEV3 CONTRACT ON ETHERSCAN. 2 EXAMPLES SO FAR
- I can't verify my smart contract on polygonscan
Index
What are some of the best open-source Security projects in JavaScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | nginxconfig.io | 14,863 |
| 2 | openzeppelin-contracts | 14,009 |
| 3 | KeeWeb | 10,539 |
| 4 | DOMPurify | 8,095 |
| 5 | awesome-ctf | 6,432 |
| 6 | BeEF | 6,173 |
| 7 | arkime | 4,982 |
| 8 | cloudmapper | 4,762 |
| 9 | user.js | 4,317 |
| 10 | Tutanota makes encryption easy | 4,293 |
| 11 | shhgit | 3,309 |
| 12 | ClearURLs-Addon | 2,919 |
| 13 | Retire.js | 2,894 |
| 14 | sanitize-html | 2,788 |
| 15 | vm2 | 2,715 |
| 16 | express-gateway | 2,584 |
| 17 | StegCloak | 2,370 |
| 18 | user.js | 2,343 |
| 19 | opencti | 2,142 |
| 20 | rate-limiter-flexible | 1,929 |
| 21 | awesome-nodejs-security | 1,778 |
| 22 | nothing-private | 1,734 |
| 23 | is-website-vulnerable | 1,720 |
Are you hiring? Post a new remote job listing for free.
