The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more β
Top 16 TypeScript security-tool Projects
-
personal-security-checklist
π A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
-
privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
CloudGraph cli
The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent. (by cloudgraphdev)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
-
console
End-to-End encrypted application secrets and configuration management for developers. (by phasehq)
-
jfrog-docker-desktop-extension
πΈ Scans any of your local Docker images for security vulnerabilities. π
-
ignorecheck
A simple CLI/utility to ensure certain patterns are present in a project's .gitignore - Be sure to π this repository for updates!
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01
Checklists at https://github.com/Lissy93/personal-security-checklist/blob/...
Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
Itβs part of an open source cloud security platform weβre maintaining. Inspired by discussions with folks in the cloud sec community sharing challenges around assessing blast radius, potential lateral movements, and IAM context around alerts they receive.
Project mention: Phase: HashiCorp Vault and AWS Secrets Manager Alternative for Developers | news.ycombinator.com | 2024-03-24
Project mention: JavaScript registry NPM vulnerable to 'manifest confusion' abuse | news.ycombinator.com | 2023-06-27That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.
This is not a new problem, you just have another vector.
I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.
https://github.com/tanepiper/npm-lint
The example above shows that you absolutely have to validate all URLs you redirect users to if there is a chance they can be manipulated by third parties. In the Secutils.dev Web UI, specifically, I rely on the native URL class to check if the URL has the proper origin before redirecting the user. Also, check out "Preventing Unvalidated Redirects and Forwards" from OWASP for more tips.
Project mention: How to track anything on the internet or use Playwright for fun and profit | dev.to | 2024-01-16To begin, all functionality related to browser automation and web scraping lives in a dedicated service β Web Scraper. The primary rationale is that dealing with browsers and arbitrary user scripts is tricky from a security standpoint, and it's always a good idea to isolate such functionality as much as possible. You can read more about the security aspects of web scraping in the "Running web scraping service securely" post.
TypeScript security-tools related posts
- Web-check: All-in-one OSINT tool for analysing any website
- Web Check: All-in-one OSINT tool for analysing any website
- Web-Check: All-in-one OSINT tool for analysing any website
- Running web scraping service securely
- Find out which NPM packages are used on your favourite website
- Open source website bundle analyzer that shows vulnerable NPM packages
- I created a tool, that detects NPM package versions used on a website
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source security-tool projects in TypeScript? This list will help you:
Project | Stars | |
---|---|---|
1 | web-check | 18,864 |
2 | personal-security-checklist | 15,680 |
3 | ThreatMapper | 4,631 |
4 | privacy.sexy | 3,493 |
5 | lunasec | 1,406 |
6 | CloudGraph cli | 869 |
7 | ZeusCloud | 666 |
8 | gradejs | 398 |
9 | console | 236 |
10 | hashpass | 115 |
11 | jfrog-docker-desktop-extension | 74 |
12 | ots-share-app | 52 |
13 | npm-lint | 26 |
14 | secutils-webui | 7 |
15 | ignorecheck | 4 |
16 | secutils-web-scraper | 1 |
Sponsored