JavaScript security-tools

Open-source JavaScript projects categorized as security-tools

Top 23 JavaScript security-tool Projects

  • social-analyzer

    API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

  • StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

    Project mention: It's the Job of My Dreams, but I'd Have to Write a Cover Letter, So Nevermind | | 2023-11-08
  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • CaptfEncoder

    Captfencoder is opensource a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.

  • npq

    🎖safely* install packages with npm or yarn by auditing them as part of your install process

    Project mention: I wish more developers understood the constant stream of malware that is posted to npm | /r/node | 2023-06-25

    You might also want to look at npq which is an open source project that helps you proactively defend against potentially bad (malicious) npm packages before installing them.

  • secureCodeBox

    secureCodeBox (SCB) - continuous secure delivery out of the box

  • ethereum-lists

    A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

  • sandworm-audit

    Security & License Compliance For Your App's Dependencies 🪱

    Project mention: Anyone else’s project use so many deprecated packages | /r/node | 2023-06-08

    use if u run it for your app the deprecated libraries will show up in the list of issues found (contributor)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • njsscan

    njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

    Project mention: How to use GitLab SAST tool to detect simple DOM vulnerability? | /r/webdev | 2023-03-10

    That's the one! Rules are here:

  • faction

    Pen Test Report Generation and Assessment Collaboration

    Project mention: Open Source Security Assessment Collaboration Platform | /r/RedSec | 2023-11-29
  • kraken

    Kraken: A multi-platform distributed brute-force password cracking system (by arcaneiceman)

  • sandworm-guard-js

    Easy auditing & sandboxing for your JavaScript dependencies 🪱

    Project mention: Sandworm: Keep Your JavaScript Code Secure and Compliant | | 2023-03-07
  • js-x-ray

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

  • heappy

    A happy heap editor to support your exploitation process :slightly_smiling_face:

  • Gotanda

    Gotanda is browser Web Extension for OSINT.

  • eslint-plugin-no-secrets

    An eslint plugin to find strings that might be secrets/credentials

  • super

    SPR is a secure programmable router. (by spr-networks)

    Project mention: You shouldn't run NSA-grade Wi-Fi at home | | 2024-01-04

    Somewhat related -- with the project I work on,, we do support wireguard peers (and also support combining that wireguard identity with a wifi peer identity as well).

    Devices are provisioned by assigning or generating a wireguard keypair in the API.

    Next the peers are routed together by policy and by default can't access one another. There's support for bidirectional network groups or one-way firewall rules with NAT.

    One are of improvement is multicast support with wireguard, it's doable, just not ready yet.

  • modron

    Modron - Cloud security compliance

  • defangjs

    URL / IP / Email defanging with Javascript. Make IoC harmless.

    Project mention: IoC defanging using Javascript | /r/opensourcesecurity | 2023-07-22 helps defanging URLs (all protocols), Emails and Ip addresses using Javascript.

  • password-generator

    A fast, simple, and powerful open-source utility tool for generating strong, unique, and random passwords. The Password Generator supports various types of passwords including base64-encoded, memorable, and complex strong passwords. (by sebastienrousseau)

  • sandworm-jest

    Security Snapshot Testing Inside Your Jest Test Suite 🪱

  • jsafer

    A simple JS source code obfuscator/minifier that doesn't hurt consistency or speed.

  • applied-security

    A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity

  • Prowl-API

    Prowl is an API that allows you to send IP and in return obtain the reputation of the IP as well as indicators of attacks and indicators of compromise associated with the address. Lupovis monitors the web in real time and identifies malicious IP addresses for you.

    Project mention: An IP Reputation integration on NPM to stop the baddies | | 2023-05-11
  • Onboard AI

    ChatGPT with full context of any GitHub repo. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-04.

JavaScript security-tools related posts


What are some of the best open-source security-tool projects in JavaScript? This list will help you:

Project Stars
1 social-analyzer 10,933
2 StegCloak 3,134
3 CaptfEncoder 1,111
4 npq 834
5 secureCodeBox 689
6 ethereum-lists 599
7 sandworm-audit 464
8 njsscan 336
9 faction 306
10 kraken 269
11 sandworm-guard-js 247
12 js-x-ray 192
13 heappy 192
14 Gotanda 172
15 eslint-plugin-no-secrets 119
16 super 83
17 modron 29
18 defangjs 19
19 password-generator 18
20 sandworm-jest 17
21 jsafer 11
22 applied-security 6
23 Prowl-API 6
ChatGPT with full context of any GitHub repo.
Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at