Build cloud backends with Infrastructure-from-Code (IfC), a revolutionary technique for generating and updating cloud infrastructure. Try IfC with AWS and Klotho now (Now open-source) Learn more →
Top 23 JavaScript Security Projects
-
It'd be weird to exclude any repositories, even the sponsors' ones. Like, sure, it's an ad for them (so is wearing a t-shirt with their logo), but at the same time, they maintain some cool projects, like digitalocean/nginxconfig.io. It'd be a shame if people who genuinely want to improve this tool wouldn't get rewarded for that, only because it's DigitalOcean's.
-
Project mention: Fork mainnet using hardhat to test and build on DeFi protocols and more | dev.to | 2023-01-23
Now create a folder named IERC20.sol inside your contracts folder and paste the following code into it. This is the ERC20 interface we will need to interact with the USDC contract. You can also find this code here
-
Klotho
AWS Cloud-aware infrastructure-from-code toolbox [NEW]. Build cloud backends with Infrastructure-from-Code (IfC), a revolutionary technique for generating and updating cloud infrastructure. Try IfC with AWS and Klotho now (Now open-source)
-
Project mention: The quest for a family-friendly password manager | news.ycombinator.com | 2023-01-02
https://github.com/antelle/argon2-browser
Per their README it seems it’s implemented into “KeeWeb”.
KeeWeb is a free cross-platform password manager compatible with KeePass“
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
It's also important to sanitize user input to prevent the injection of malicious code. There are several libraries that can help you with this such as xss-clean, dompurify or santize-html.
-
Project mention: realistically, how much hacking can you do using a link only ( no executables ) | reddit.com/r/HowToHack | 2022-12-27
Take a look at BeEF framework - https://beefproject.com/ that's pretty much all the things you can do from a browser.
-
howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
-
Project mention: Resources for pentesting/CTF-related courses/online resources | reddit.com/r/HowToHack | 2022-11-08
-
Appwrite
Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
-
user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Project mention: I accidentally used my browser with my adblock turned off. I had totally forgotten how ugly the Internet was | reddit.com/r/privacy | 2023-01-28 -
arkime
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Project mention: Where can I get hands on practice for cybersecurity as a beginner over internet for free? | reddit.com/r/cybersecurity | 2023-01-25Arkime: https://arkime.com/ Packet capture and search
-
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Project mention: Tencent WeChat is now a GitHub secret scanning partner | news.ycombinator.com | 2022-12-20 -
Project mention: Does reinitializing a new vm cause memory leak when using vm2? | reddit.com/r/node | 2023-01-19
-
ClearURLs-Addon
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
Project mention: China accused of illegal police stations in Netherlands | reddit.com/r/worldnews | 2022-10-26You can use the ClearURLs addon. I've been using it for years. It's not perfect, but it automatically removes a lot of tracking stuff. Everyone should be using it actually.
-
An image - OpenCTI IOC Visualisation The system - OpenCTI Github
-
sanitize-html
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
One thing to watch out for is that the content of each reply is HTML. To be safe (paranoid), I'm running the HTML through sanitize-html to make sure nobody can inject sketchy HTML into my site.
-
Retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
-
-
Next, review deployment complexity such as DB-less versus database-backed deployments. For example, Kong does require running Cassandra or Postgres. Apigee requires Cassandra, Zookeeper, and Postgres to run, while other solutions like Express Gateway and Tyk only require Redis. Apache APISIX uses etcd as its data store, it stores and manages routing-related and plugin-related configurations in etcd in the Data Plane.
-
Project mention: Bringing attention to the potential of Firefox’s customisation | reddit.com/r/firefox | 2022-12-11
-
-
rate-limiter-flexible
Count and limit requests by key with atomic increments in single process or distributed environment.
-
-
nothing-private
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-01-28.
JavaScript Security related posts
- Russhian Roulette: 1/6 chance of posting your SSH private key on pastebin
- I accidentally used my browser with my adblock turned off. I had totally forgotten how ugly the Internet was
- Fork mainnet using hardhat to test and build on DeFi protocols and more
- Warum braucht die JÖ App 600mb Speicherplatz am Handy ?!
- 3 Quick Tips for Input Validation
- Anything new in 'about:config' i should turn on?
- user.js suggestion
-
A note from our sponsor - Klotho
klo.dev | 28 Jan 2023
Index
What are some of the best open-source Security projects in JavaScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | nginxconfig.io | 24,911 |
| 2 | openzeppelin-contracts | 21,219 |
| 3 | KeeWeb | 11,407 |
| 4 | DOMPurify | 10,304 |
| 5 | BeEF | 8,075 |
| 6 | howtheysre | 8,070 |
| 7 | awesome-ctf | 7,697 |
| 8 | user.js | 6,885 |
| 9 | arkime | 5,443 |
| 10 | cloudmapper | 5,346 |
| 11 | shhgit | 3,618 |
| 12 | vm2 | 3,443 |
| 13 | ClearURLs-Addon | 3,397 |
| 14 | opencti | 3,258 |
| 15 | sanitize-html | 3,196 |
| 16 | Retire.js | 3,187 |
| 17 | StegCloak | 2,820 |
| 18 | express-gateway | 2,776 |
| 19 | user.js | 2,505 |
| 20 | cloudsploit | 2,459 |
| 21 | rate-limiter-flexible | 2,386 |
| 22 | awesome-nodejs-security | 2,099 |
| 23 | nothing-private | 1,948 |
Write Clean JavaScript Code. Always.
Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com