Top 8 JavaScript supply-chain Projects

SES-shim

13 736 9.9 JavaScript

Endo is a distributed secure JavaScript sandbox, based on SES

Project mention: Malicious libraries can steal all your application secrets in Elixir | news.ycombinator.com | 2023-07-22

I used E in the 90s: http://erights.org/
I haven't kept up with newer systems but I've heard of https://github.com/endojs/endo and just came across http://reports-archive.adm.cs.cmu.edu/anon/home/anon/isr2017... (which says "in the style of the E programming language" -- that's as far as I've read) while looking that up.
WebAssembly was designed to follow the same capability security principles. CHERI too as someone else just brought up.

sandworm-audit

6 462 8.4 JavaScript

Security & License Compliance For Your App's Dependencies 🪱

Project mention: Anyone else’s project use so many deprecated packages | /r/node | 2023-06-08

use https://github.com/sandworm-hq/sandworm-audit. if u run it for your app the deprecated libraries will show up in the list of issues found (contributor)

SurveyJS

surveyjs.io sponsored

Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
cdxgen

3 448 9.5 JavaScript

Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05

Today, it gives me great pleasure to announce OWASP dep-scan v5. Like everyone, I was constantly frustrated with the amount of false positives generated by all Software Composition Analysis tools (including mine) and wanted to do something. I worked closely with a few colleagues (Caroline, Tim, Saket, and David) for a year to build the various capabilities that together form depscan v5.

supplychainpy

1 270 0.0 JavaScript

Supplychainpy is a Python library for supply chain analysis, modelling and simulation. The library assists a workflow that is reliant on Excel and VBA.
sandworm-guard-js

9 248 0.0 JavaScript

Easy auditing & sandboxing for your JavaScript dependencies 🪱
overlay

2 207 7.4 JavaScript

Overlay is a browser extension helping developers evaluate open source packages before picking them (by os-scar)

Project mention: Overlay - a browser extension helping developers evaluate open-source packages before picking them | /r/golang | 2023-05-04

os-scar/overlay

ot-node

54 180 9.7 JavaScript

OriginTrail Decentralized Knowledge Graph network node

Project mention: [ANNOUNCEMENT ] The new OriginTrail ecosystem website is now live! | /r/OriginTrail | 2023-06-28

👉 https://origintrail.io/

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Pharma-Chain

2 30 0.0 JavaScript

A supply chain for the safe distribution of medicines using Blockchain and AI

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).