Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 JavaScript security-tool Projects
-
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Project mention: What are some tools that employers can use to find your online accounts? | reddit.com/r/privacy | 2023-02-10 -
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
rEngine is one of the most famous ones I believe https://github.com/yogeshojha/rengine
-
Appwrite
Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
-
Does anybody know of a steganography app that can be containerized in docker similar to stegcloak or PixelKnot? really would like a selfhosted option for these apps.
-
CaptfEncoder
Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.
-
Project mention: The rising trend of malicious packages in open source ecosystems | Snyk | reddit.com/r/netsec | 2023-03-26
You just described my project called npq: https://github.com/lirantal/npq :-)
-
-
ethereum-lists
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
Various github repos dedicated to labeling addresses like https://github.com/MyEtherWallet/ethereum-lists and forks, pull requests, and lists derived from them
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Project mention: How to use GitLab SAST tool to detect simple DOM vulnerability? | reddit.com/r/webdev | 2023-03-10That's the one! Rules are here: https://github.com/ajinabraham/njsscan/tree/master/njsscan/rules
-
And as you add more dependencies, it’s time to also build security and compliance into your app early. Sandworm Audit is the open-source npm audit that doesn’t suck: it checks for multiple types of issues, like vulnerabilities or license compliance, it outputs SVG charts and CSVs, and you can also run it in your CI to enforce security rules. Check the docs and npx @sandworm/audit in your JavaScript app’s root to try it out 🪱.
-
-
-
rawsec-cybersecurity-inventory
An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
-
-
js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
If you are new in town, JS-X-Ray is an open source JavaScript SAST (Static Application Security Testing). The tool analyzes your JavaScript sources for patterns that may affect the security and quality of your project 😎.
-
Project mention: Show HN: No Secrets Quickly find sensitive files in your GitHub repo | news.ycombinator.com | 2022-05-28
For people in the JS ecosystem theres this eslint rule: https://github.com/nickdeis/eslint-plugin-no-secrets
-
Project mention: Show HN: Scale Up Your Cloud Security and Remediation with Modron | news.ycombinator.com | 2023-01-15
-
Project mention: Security Snapshot Testing Inside Your Jest Test Suite | reddit.com/r/cybersecurity | 2022-10-20
-
password-generator
A fast, simple and powerful open-source utility tool for generating strong, unique and random passwords. Password Generator is free to use as a secure password generator on any computer, phone, or tablet. (by sebastienrousseau)
Project mention: password-generator: Herramienta rápida y potente de código abierto para generar contraseñas fuertes, únicas y aleatoria 🔐 | reddit.com/r/u_esgeeks | 2022-04-21 -
-
applied-security
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity
Project mention: applied-security: A collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity. | reddit.com/r/CKsTechNews | 2022-11-07 -
Project mention: Easy auditing & sandboxing for your JavaScript dependencies. Fine grained permissions system for npm packages. | reddit.com/r/webdev | 2022-10-12
Yes, you can use it for security by locking down which dependencies can execute which methods in your app. But you can also use it for auditing and documenting your app's supply chain security profile, then snapshot testing against that using the Jest and Mocha plugins.
-
-
-
Sonar
Write Clean JavaScript Code. Always.. Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-03-26.
JavaScript security-tools related posts
- nginx proxy manager, v3: is someone testing/using it? Experiences?
- JS-X-Ray 6.0
- Are ASM tools worth it?
- Packj sandbox for “safe installation” of Ruby gems
- List of public / known Ethereum addresses?
- Open source projects from Nepal
- A technical tale of NodeSecure - Chapter 1
-
A note from our sponsor - Sonar
www.sonarsource.com | 31 Mar 2023
Index
What are some of the best open-source security-tool projects in JavaScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | social-analyzer | 9,887 |
| 2 | rengine | 5,234 |
| 3 | StegCloak | 2,884 |
| 4 | CaptfEncoder | 964 |
| 5 | npq | 749 |
| 6 | secureCodeBox | 581 |
| 7 | ethereum-lists | 543 |
| 8 | njsscan | 299 |
| 9 | sandworm-audit | 286 |
| 10 | kraken | 209 |
| 11 | heappy | 189 |
| 12 | rawsec-cybersecurity-inventory | 183 |
| 13 | Gotanda | 157 |
| 14 | js-x-ray | 141 |
| 15 | eslint-plugin-no-secrets | 104 |
| 16 | modron | 22 |
| 17 | sandworm-jest | 16 |
| 18 | password-generator | 13 |
| 19 | jsafer | 9 |
| 20 | applied-security | 6 |
| 21 | sandworm-mocha | 5 |
| 22 | SSHAgentSecureProxy | 0 |
| 23 | civilex | 0 |
Write Clean JavaScript Code. Always.
Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com