JavaScript Security

Open-source JavaScript projects categorized as Security

Top 23 JavaScript Security Projects


    ⚙️ NGINX config generator on steroids 💉

    Project mention: On Hacktoberfest | | 2022-10-31

    It'd be weird to exclude any repositories, even the sponsors' ones. Like, sure, it's an ad for them (so is wearing a t-shirt with their logo), but at the same time, they maintain some cool projects, like digitalocean/ It'd be a shame if people who genuinely want to improve this tool wouldn't get rewarded for that, only because it's DigitalOcean's.

  • openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: Fork mainnet using hardhat to test and build on DeFi protocols and more | | 2023-01-23

    Now create a folder named IERC20.sol inside your contracts folder and paste the following code into it. This is the ERC20 interface we will need to interact with the USDC contract. You can also find this code here

  • Klotho

    AWS Cloud-aware infrastructure-from-code toolbox [NEW]. Build cloud backends with Infrastructure-from-Code (IfC), a revolutionary technique for generating and updating cloud infrastructure. Try IfC with AWS and Klotho now (Now open-source)

  • KeeWeb

    Free cross-platform password manager compatible with KeePass

    Project mention: The quest for a family-friendly password manager | | 2023-01-02

    Per their README it seems it’s implemented into “KeeWeb”.

    KeeWeb is a free cross-platform password manager compatible with KeePass“

  • DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

    Project mention: 3 Quick Tips for Input Validation | | 2023-01-22

    It's also important to sanitize user input to prevent the injection of malicious code. There are several libraries that can help you with this such as xss-clean, dompurify or santize-html.

  • BeEF

    The Browser Exploitation Framework Project

    Project mention: realistically, how much hacking can you do using a link only ( no executables ) | | 2022-12-27

    Take a look at BeEF framework - that's pretty much all the things you can do from a browser.

  • howtheysre

    A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

    Project mention: Good CI/CD and SRE Blogs | | 2022-09-16
  • awesome-ctf

    A curated list of CTF frameworks, libraries, resources and softwares

    Project mention: Resources for pentesting/CTF-related courses/online resources | | 2022-11-08
  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • user.js

    Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

    Project mention: I accidentally used my browser with my adblock turned off. I had totally forgotten how ugly the Internet was | | 2023-01-28
  • arkime

    Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

    Project mention: Where can I get hands on practice for cybersecurity as a beginner over internet for free? | | 2023-01-25

    Arkime: Packet capture and search

  • cloudmapper

    CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

    Project mention: Diagram Aws account | | 2022-11-06
  • shhgit

    Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories:

    Project mention: Tencent WeChat is now a GitHub secret scanning partner | | 2022-12-20
  • vm2

    Advanced vm/sandbox for Node.js

    Project mention: Does reinitializing a new vm cause memory leak when using vm2? | | 2023-01-19
  • ClearURLs-Addon

    ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

    Project mention: China accused of illegal police stations in Netherlands | | 2022-10-26

    You can use the ClearURLs addon. I've been using it for years. It's not perfect, but it automatically removes a lot of tracking stuff. Everyone should be using it actually.

  • opencti

    Open Cyber Threat Intelligence Platform

    Project mention: Threat analysis visualization? | | 2022-08-02

    An image - OpenCTI IOC Visualisation The system - OpenCTI Github

  • sanitize-html

    Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

    Project mention: Add Mastodon replies to your blog | | 2022-12-27

    One thing to watch out for is that the content of each reply is HTML. To be safe (paranoid), I'm running the HTML through sanitize-html to make sure nobody can inject sketchy HTML into my site.

  • Retire.js

    scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

    Project mention: Retire.js | | 2022-02-22
  • StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

    Project mention: StegCloak | | 2022-11-17
  • express-gateway

    A microservices API Gateway built on top of Express.js

    Project mention: How to choose the right API Gateway | | 2022-11-22

    Next, review deployment complexity such as DB-less versus database-backed deployments. For example, Kong does require running Cassandra or Postgres. Apigee requires Cassandra, Zookeeper, and Postgres to run, while other solutions like Express Gateway and Tyk only require Redis. Apache APISIX uses etcd as its data store, it stores and manages routing-related and plugin-related configurations in etcd in the Data Plane.

  • user.js

    user.js -- Firefox configuration hardening (by pyllyukko)

    Project mention: Bringing attention to the potential of Firefox’s customisation | | 2022-12-11
  • cloudsploit

    Cloud Security Posture Management (CSPM)

    Project mention: CSPM opensource suggestions | | 2023-01-15
  • rate-limiter-flexible

    Count and limit requests by key with atomic increments in single process or distributed environment.

  • awesome-nodejs-security

    Awesome Node.js Security resources

  • nothing-private

    Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-01-28.

JavaScript Security related posts


What are some of the best open-source Security projects in JavaScript? This list will help you:

Project Stars
1 24,911
2 openzeppelin-contracts 21,219
3 KeeWeb 11,407
4 DOMPurify 10,304
5 BeEF 8,075
6 howtheysre 8,070
7 awesome-ctf 7,697
8 user.js 6,885
9 arkime 5,443
10 cloudmapper 5,346
11 shhgit 3,618
12 vm2 3,443
13 ClearURLs-Addon 3,397
14 opencti 3,258
15 sanitize-html 3,196
16 Retire.js 3,187
17 StegCloak 2,820
18 express-gateway 2,776
19 user.js 2,505
20 cloudsploit 2,459
21 rate-limiter-flexible 2,386
22 awesome-nodejs-security 2,099
23 nothing-private 1,948
Write Clean JavaScript Code. Always.
Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.