Top 8 JavaScript supply-chain Projects
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
cdxgen
Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
-
supplychainpy
Supplychainpy is a Python library for supply chain analysis, modelling and simulation. The library assists a workflow that is reliant on Excel and VBA.
-
overlay
Overlay is a browser extension helping developers evaluate open source packages before picking them (by os-scar)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Malicious libraries can steal all your application secrets in Elixir | news.ycombinator.com | 2023-07-22I used E in the 90s: http://erights.org/
I haven't kept up with newer systems but I've heard of https://github.com/endojs/endo and just came across http://reports-archive.adm.cs.cmu.edu/anon/home/anon/isr2017... (which says "in the style of the E programming language" -- that's as far as I've read) while looking that up.
WebAssembly was designed to follow the same capability security principles. CHERI too as someone else just brought up.
use https://github.com/sandworm-hq/sandworm-audit. if u run it for your app the deprecated libraries will show up in the list of issues found (contributor)
Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05Today, it gives me great pleasure to announce OWASP dep-scan v5. Like everyone, I was constantly frustrated with the amount of false positives generated by all Software Composition Analysis tools (including mine) and wanted to do something. I worked closely with a few colleagues (Caroline, Tim, Saket, and David) for a year to build the various capabilities that together form depscan v5.
Project mention: Overlay - a browser extension helping developers evaluate open-source packages before picking them | /r/golang | 2023-05-04os-scar/overlay
Project mention: [ANNOUNCEMENT ] The new OriginTrail ecosystem website is now live! | /r/OriginTrail | 2023-06-28👉 https://origintrail.io/
Index
What are some of the best open-source supply-chain projects in JavaScript? This list will help you:
Project | Stars | |
---|---|---|
1 | SES-shim | 736 |
2 | sandworm-audit | 462 |
3 | cdxgen | 448 |
4 | supplychainpy | 270 |
5 | sandworm-guard-js | 248 |
6 | overlay | 207 |
7 | ot-node | 180 |
8 | Pharma-Chain | 30 |
Sponsored