SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 JavaScript Security Projects
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
bettercap
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Let's take a look at how we implement sanitization in the secure version of our vulnerable application. Since this application is primarily written using JavaScript, we use the dompurify library for the client side and the isomorphic-dompurify library for server-side sanitization. In the app.js program that acts as our web server, you will find an express endpoint /sanitized with a GET and POST implementation:
-
user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Project mention: Double-Keyed Caching: How Browser Cache Partitioning Changed the Web | news.ycombinator.com | 2025-01-10 -
Project mention: A curated list of Capture The Flag (CTF) frameworks, libraries and resources | news.ycombinator.com | 2024-08-26
-
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
-
howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
-
Project mention: Firefox update added more sponsored content on new-tab page | news.ycombinator.com | 2024-09-09
https://github.com/yokoffing/BetterFox
I set this up once, sometimes do a git pull, and honestly, I can't see "annoyances" others always complain about. Maybe I look at the wrong places / learned to ignore them. Or maybe it's BetterFox removing them. Worth a try
-
-
-
ClearURLs-Addon
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
-
Cosmos-Server
☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)
Project mention: coolify VS Cosmos-Server - a user suggested alternative | libhunt.com/r/coolify | 2024-09-26both docker and server managers
-
sanitize-html
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Since marked doesn't do it for you, make sure you sanitize the user input (the text on the user profiles) before rendering it to visitors.
Some libraries for doing that with good defaults:
- https://github.com/cure53/DOMPurify
- https://github.com/apostrophecms/sanitize-html
- https://github.com/bevacqua/insane
(right now your site looks vulnerable to XSS)
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
Retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Retire.js
-
twofactorauth
List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
-
-
-
reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
-
-
-
JavaScript Security discussion
JavaScript Security related posts
-
Double-Keyed Caching: How Browser Cache Partitioning Changed the Web
-
Your rich text could be a cross-site scripting vulnerability
-
Understanding Cross-Site Scripting (XSS): A Quick Reference
-
Canvas Fingerprinting – BrowserLeaks
-
How to Encrypt JavaScript Code for Web Security
-
First Contribution
-
OpenZeppelin Contracts: Secure Smart Contract Development Made Easy
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Jan 2025
Index
What are some of the best open-source Security projects in JavaScript? This list will help you:
# | Project | Stars |
---|---|---|
1 | nginxconfig.io | 27,914 |
2 | bettercap | 17,041 |
3 | DOMPurify | 14,420 |
4 | user.js | 10,504 |
5 | awesome-ctf | 9,988 |
6 | BeEF | 9,987 |
7 | nuclei-templates | 9,572 |
8 | howtheysre | 9,199 |
9 | Betterfox | 6,767 |
10 | arkime | 6,459 |
11 | cloudmapper | 6,038 |
12 | ClearURLs-Addon | 4,121 |
13 | Cosmos-Server | 3,981 |
14 | sanitize-html | 3,886 |
15 | shhgit | 3,844 |
16 | Retire.js | 3,738 |
17 | twofactorauth | 3,400 |
18 | cloudsploit | 3,398 |
19 | StegCloak | 3,350 |
20 | reverse-shell-generator | 3,150 |
21 | rate-limiter-flexible | 3,120 |
22 | express-gateway | 2,982 |
23 | user.js | 2,773 |