JavaScript Security

Open-source JavaScript projects categorized as Security

Top 23 JavaScript Security Projects


    ⚙️ NGINX config generator on steroids 💉

  • openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

  • Project mention: Blockchain transactions decoding: making wallet activity understandable | | 2023-10-27

    Lets look the events of Open Zeppelin’s ERC20 token contract:

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
  • DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

  • Project mention: JavaScript Libraries for Implementing Trendy Technologies in Web Apps in 2024 | | 2024-04-09


  • KeeWeb

    Free cross-platform password manager compatible with KeePass

  • Project mention: Bitwarden: Free, open-source password manager | | 2023-09-25
  • BeEF

    The Browser Exploitation Framework Project

  • Project mention: Upside-Down-Ternet | | 2024-03-18

    Ha, fun to see this again! Back before everything was HTTPS, it was fun to use the Browser Exploitation Framework ( which had a script included that did this. Though in those cases I wasn't in control of the gateway, so ARP spoofing was required to get other devices to route through me.

  • awesome-ctf

    A curated list of CTF frameworks, libraries, resources and softwares

  • Project mention: Pwn/RE platforms for study/practice | /r/securityCTF | 2023-05-13

  • user.js

    Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

  • Project mention: It's getting hard to use and recommend Firefox, I'm afraid for the free web | | 2024-04-08

    Re: firefox and privacy, if you want to use firefox for privacy, consider using . There is a case to be made that Firefox (with arkenfox's user.js) is one of the best privacy-respecting but still fairly usable browsers.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • howtheysre

    A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

  • Project mention: 5 GitHub Projects to Help You Become a Better DevOps Engineer ⚡ | | 2023-06-23

    1. How they SRE

  • nuclei-templates

    Community curated list of templates for the nuclei engine to find security vulnerabilities.

  • Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08

    Check mostly for CVEs.

  • arkime

    Arkime is an open source, large scale, full packet capturing, indexing, and database system.

  • cloudmapper

    CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

  • ClearURLs-Addon

    ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

  • Project mention: Implement URL cleaner | /r/signal | 2023-06-10

    Ever heard of the ClearURLs Browser-Addon. It's also available for Firefox for Android.

  • vm2

    Advanced vm/sandbox for Node.js

  • Project mention: Vm2 discontinued due to unfixable security issues | | 2023-07-12
  • shhgit

    Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

  • sanitize-html

    Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

  • Project mention: What tools do you use to generate css/xpath selectors? | /r/webscraping | 2023-07-19

    Sometimes I use sanitize-html to clean up the html and ask chatgpt to help me refine my selectors.

  • Retire.js

    scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

  • Project mention: Understanding security in React Native applications | | 2024-04-03


  • Betterfox

    Firefox user.js for speed, privacy, and security. Your favorite browser, but better.

  • Project mention: Mozilla Firefox or Chrome which is best for MOBILE PHONE.? | /r/browsers | 2023-12-11

    You can apply Betterfox using USB debugging, but it takes time to set it up:

  • StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

  • Project mention: It's the Job of My Dreams, but I'd Have to Write a Cover Letter, So Nevermind | | 2023-11-08
  • cloudsploit

    Cloud Security Posture Management (CSPM)

  • express-gateway

    A microservices API Gateway built on top of Express.js

  • Project mention: 5 Ways to Improve Your API Reliability | | 2023-07-25

    Express Gateway: A microservices API Gateway built on Express.js. It's entirely extensible and framework agnostic, delivering robust, scalable solutions in no time.

  • rate-limiter-flexible

    Atomic counters and rate limiting tools. Limit resource access at any scale.

  • Project mention: API Limiting: Best Practices and Implementation | | 2023-05-01

    Implementing API rate limiting in your Node.js project is an important step toward maintaining the stability and reliability of your application. With the use of packages like express-rate-limit or rate-limiter-flexible, you can easily set limits on requests and prevent abuse of your API by malicious users.

  • user.js

    user.js -- Firefox configuration hardening (by pyllyukko)

  • Cosmos-Server

    ☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)

  • Project mention: The Hater's Guide to Kubernetes | | 2024-03-03

    That's basically just a docker-compose.

    If you want something crazy all-in-one for homelab check out

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

JavaScript Security related posts


What are some of the best open-source Security projects in JavaScript? This list will help you:

Project Stars
1 27,057
2 openzeppelin-contracts 24,079
3 DOMPurify 12,766
4 KeeWeb 12,054
5 BeEF 9,360
6 awesome-ctf 9,174
7 user.js 9,081
8 howtheysre 8,904
9 nuclei-templates 8,024
10 arkime 6,101
11 cloudmapper 5,830
12 ClearURLs-Addon 3,902
13 vm2 3,827
14 shhgit 3,787
15 sanitize-html 3,613
16 Retire.js 3,508
17 Betterfox 3,495
18 StegCloak 3,167
19 cloudsploit 3,167
20 express-gateway 2,938
21 rate-limiter-flexible 2,871
22 user.js 2,713
23 Cosmos-Server 2,686

The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.