JavaScript Security

Open-source JavaScript projects categorized as Security | Edit details

Top 23 JavaScript Security Projects

  • GitHub repo

    ⚙️ NGINX config generator on steroids 💉

    Project mention: [software] NGINX configuration generator | | 2021-11-10
  • GitHub repo openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: Split NFT Royalties to Multiple Addresses | | 2021-12-06
  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo KeeWeb

    Free cross-platform password manager compatible with KeePass

    Project mention: Mercredi Tech - 2021-12-01 | | 2021-12-01
  • GitHub repo DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

    Project mention: How to choose a third party package | | 2021-12-04

    As mentioned in Fit your need, many packages try to solve a general problem (thus the size of the package is large). You may only need a small part of the package. Sometimes, your problem is unique and there are no existing third party packages out there that solve it. In those cases, it's a great time for you to do it yourself. I found myself in the early days in the industry spending much time finding a third party package to help me build features. But over time, I more rarely used external packages for my daily tasks. It doesn't mean that I always reinvent the wheel. It means that I know what I am doing and I can seek help from the community when I truly need to (for example I will never sanitize user input by myself, but use DOMPurify)

  • GitHub repo awesome-ctf

    A curated list of CTF frameworks, libraries, resources and softwares

    Project mention: How to solve CTF ☠️ (Capture_the_flags) | | 2021-10-31 - Comprehensive list of tools and further reading

  • GitHub repo BeEF

    The Browser Exploitation Framework Project

    Project mention: how do i install BeEF? | | 2021-12-07
  • GitHub repo arkime

    Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

    Project mention: Wireshark pcap in elastic search | | 2021-11-24

    I used moloch which is now It used to be free and was a great tool for pcaps. Uses elastic underneath.

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo cloudmapper

    CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

    Project mention: Is there a tool to map a AWS/vpc environment? | | 2021-09-03
  • GitHub repo user.js

    Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

    Project mention: Firefox Privacy: 2021 update | Privacy Guides | | 2021-12-01
  • GitHub repo Tutanota makes encryption easy

    Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

    Project mention: It's a hard e-mail to verbally give | | 2021-12-06

    You get 5 aliases with tutanota, yes. One of them being your custom domain, say, [email protected] The others are or addresses that you set up.

  • GitHub repo shhgit

    Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories:

    Project mention: Ask HN: What are the best automated tools for keeping credentials out of GitHub? | | 2021-08-09
  • GitHub repo ClearURLs-Addon

    ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

    Project mention: DeGoogling with my tag is the cherry on top...(left)... | | 2021-11-12
  • GitHub repo Retire.js

    scanner detecting the use of JavaScript libraries with known vulnerabilities

    Project mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | | 2021-09-14

    In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.

  • GitHub repo sanitize-html

    Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

    Project mention: How To Parse and Render Markdown In Vuejs | | 2021-08-26

    Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.

  • GitHub repo vm2

    Advanced vm/sandbox for Node.js

    Project mention: The Perfect Configuration Format? Try TypeScript | | 2021-11-17

    This could be solved by having some kind of sandbox (, but I agree it complicates it.

    It would be cool if tsc had a flag —sandboxed or similar that does not allow any sideeffects (fs access, output, forking, net requests, etc)

  • GitHub repo express-gateway

    A microservices API Gateway built on top of Express.js

    Project mention: Building an Express Gateway Policy | | 2021-08-29

    This post will show you how to build a policy (middleware) for your express gateway. Before creating a policy, we need to create a plugin.

  • GitHub repo StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

    Project mention: r/cryptography | | 2021-05-31


  • GitHub repo user.js

    user.js -- Firefox configuration hardening (by pyllyukko)

    Project mention: Don't you feel that Firefox is now father than Chromium ? | | 2021-11-25
  • GitHub repo opencti

    Open Cyber Threat Intelligence Platform

    Project mention: Threat Intelligence platform recommendations | | 2021-11-02

    If you haven’t yet, check out OpenCTI

  • GitHub repo rate-limiter-flexible

    Node.js rate limit requests by key with atomic increments in single process or distributed environment.

    Project mention: Trouble adding rate limiter to API route in Nextjs | | 2021-07-31

    I published this issue with my code:

  • GitHub repo awesome-nodejs-security

    Awesome Node.js Security resources

    Project mention: What is secure code? | | 2021-01-18

    For the PERN stack you can check out the vulnerabilities and their solutions here, you may also like the Secure Code Warrior Free Node.js express training. Also check out the Awesome Node.js Security list.

  • GitHub repo nothing-private

    Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.

    Project mention: GitHub - gautamkrishnar/nothing-private: Do you think you are safe using private browsing or incognito mode?. This will prove that you're wrong. | | 2021-10-24
  • GitHub repo is-website-vulnerable

    finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

    Project mention: Finds publicly known security vulnerabilities in front end JavaScript libs | | 2021-08-06
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-12-07.

JavaScript Security related posts


What are some of the best open-source Security projects in JavaScript? This list will help you:

Project Stars
1 14,863
2 openzeppelin-contracts 14,009
3 KeeWeb 10,539
4 DOMPurify 8,095
5 awesome-ctf 6,432
6 BeEF 6,173
7 arkime 4,982
8 cloudmapper 4,762
9 user.js 4,317
10 Tutanota makes encryption easy 4,293
11 shhgit 3,309
12 ClearURLs-Addon 2,919
13 Retire.js 2,894
14 sanitize-html 2,788
15 vm2 2,715
16 express-gateway 2,584
17 StegCloak 2,370
18 user.js 2,343
19 opencti 2,142
20 rate-limiter-flexible 1,929
21 awesome-nodejs-security 1,778
22 nothing-private 1,734
23 is-website-vulnerable 1,720
Find remote jobs at our new job board There are 32 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives