Top 23 JavaScript Security Projects

• nginxconfig.io

  5 27,057 6.3 JavaScript

  ⚙️ NGINX config generator on steroids 💉

  

• openzeppelin-contracts

  233 24,109 9.5 JavaScript

  OpenZeppelin Contracts is a library for secure smart contract development.

  

Project mention: Blockchain transactions decoding: making wallet activity understandable | dev.to | 2023-10-27

Lets look the events of Open Zeppelin’s ERC20 token contract:

• SurveyJS

  surveyjs.io sponsored

  Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  

• DOMPurify

  42 12,766 8.5 JavaScript

  DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Project mention: JavaScript Libraries for Implementing Trendy Technologies in Web Apps in 2024 | dev.to | 2024-04-09

DOMPurify

• KeeWeb

  59 12,054 0.0 JavaScript

  Free cross-platform password manager compatible with KeePass

  

Project mention: Bitwarden: Free, open-source password manager | news.ycombinator.com | 2023-09-25

• BeEF

  42 9,377 9.2 JavaScript

  The Browser Exploitation Framework Project

  

Project mention: Upside-Down-Ternet | news.ycombinator.com | 2024-03-18

Ha, fun to see this again! Back before everything was HTTPS, it was fun to use the Browser Exploitation Framework (https://beefproject.com) which had a script included that did this. Though in those cases I wasn't in control of the gateway, so ARP spoofing was required to get other devices to route through me.

• awesome-ctf

  10 9,174 0.0 JavaScript

  A curated list of CTF frameworks, libraries, resources and softwares

Project mention: Pwn/RE platforms for study/practice | /r/securityCTF | 2023-05-13

https://github.com/devploit/ctf-awesome-resources https://github.com/apsdehal/awesome-ctf

• user.js

  682 9,104 7.1 JavaScript

  Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

  

Project mention: It's getting hard to use and recommend Firefox, I'm afraid for the free web | news.ycombinator.com | 2024-04-08

Re: firefox and privacy, if you want to use firefox for privacy, consider using https://github.com/arkenfox/user.js . There is a case to be made that Firefox (with arkenfox's user.js) is one of the best privacy-respecting but still fairly usable browsers.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• howtheysre

  14 8,918 6.4 JavaScript

  A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

Project mention: 5 GitHub Projects to Help You Become a Better DevOps Engineer ⚡ | dev.to | 2023-06-23

1. How they SRE

• nuclei-templates

  13 8,024 10.0 JavaScript

  Community curated list of templates for the nuclei engine to find security vulnerabilities.

  

Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08

Check https://github.com/projectdiscovery/nuclei mostly for CVEs.

• arkime

  13 6,114 9.6 JavaScript

  Arkime is an open source, large scale, full packet capturing, indexing, and database system.

  

• cloudmapper

  8 5,830 3.6 JavaScript

  CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

  

• ClearURLs-Addon

  64 3,902 3.5 JavaScript

  ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

  

Project mention: Implement URL cleaner | /r/signal | 2023-06-10

Ever heard of the ClearURLs Browser-Addon. It's also available for Firefox for Android.

• vm2

  14 3,827 4.5 JavaScript

  Advanced vm/sandbox for Node.js

Project mention: Vm2 discontinued due to unfixable security issues | news.ycombinator.com | 2023-07-12

• shhgit

  7 3,787 0.0 JavaScript

  Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

• sanitize-html

  4 3,613 7.4 JavaScript

  Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

  

Project mention: What tools do you use to generate css/xpath selectors? | /r/webscraping | 2023-07-19

Sometimes I use sanitize-html to clean up the html and ask chatgpt to help me refine my selectors.

• Retire.js

  3 3,508 8.9 JavaScript

  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

  

Project mention: Understanding security in React Native applications | dev.to | 2024-04-03

Retire.js

• Betterfox

  66 3,495 8.2 JavaScript

  Firefox user.js for speed, privacy, and security. Your favorite browser, but better.

Project mention: Mozilla Firefox or Chrome which is best for MOBILE PHONE.? | /r/browsers | 2023-12-11

You can apply Betterfox using USB debugging, but it takes time to set it up: https://github.com/yokoffing/Betterfox/issues/240

• cloudsploit

  6 3,172 9.9 JavaScript

  Cloud Security Posture Management (CSPM)

  

• StegCloak

  5 3,171 0.0 JavaScript

  Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

  

Project mention: It's the Job of My Dreams, but I'd Have to Write a Cover Letter, So Nevermind | news.ycombinator.com | 2023-11-08

• express-gateway

  3 2,938 0.0 JavaScript

  A microservices API Gateway built on top of Express.js

  

Project mention: 5 Ways to Improve Your API Reliability | dev.to | 2023-07-25

Express Gateway: A microservices API Gateway built on Express.js. It's entirely extensible and framework agnostic, delivering robust, scalable solutions in no time.

• rate-limiter-flexible

  9 2,871 8.9 JavaScript

  Atomic counters and rate limiting tools. Limit resource access at any scale.

Project mention: API Limiting: Best Practices and Implementation | dev.to | 2023-05-01

Implementing API rate limiting in your Node.js project is an important step toward maintaining the stability and reliability of your application. With the use of packages like express-rate-limit or rate-limiter-flexible, you can easily set limits on requests and prevent abuse of your API by malicious users.

• user.js

  45 2,713 6.4 JavaScript

  user.js -- Firefox configuration hardening (by pyllyukko)

• Cosmos-Server

  30 2,686 9.5 JavaScript

  ☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)

Project mention: The Hater's Guide to Kubernetes | news.ycombinator.com | 2024-03-03

That's basically just a docker-compose.

If you want something crazy all-in-one for homelab check out https://github.com/azukaar/Cosmos-Server

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

JavaScript Security related posts

• SQL Injection Isn't Dead Yet
  2 projects | dev.to | 15 Apr 2024
• How to use Lefthooks in your node project?
  4 projects | dev.to | 11 Apr 2024
• It's getting hard to use and recommend Firefox, I'm afraid for the free web
  1 project | news.ycombinator.com | 8 Apr 2024
• Lessons from open-source: Use window.trustedTypes to prevent DOM XSS.
  2 projects | dev.to | 8 Apr 2024
• Show HN: German-Language Diceware
  1 project | news.ycombinator.com | 29 Mar 2024
• 6 Tools To Help Keep Your Dependencies And Code More Secure
  2 projects | dev.to | 18 Mar 2024
• Upside-Down-Ternet
  1 project | news.ycombinator.com | 18 Mar 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 25 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

The modern identity platform for B2B SaaS

The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

workos.com

Do not miss the trending JavaScript projects with our weekly report!