NodeSecure / js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns π¬.
β229Updated 2 weeks ago
Related projects β
Alternatives and complementary repositories for js-x-ray
- β‘οΈ A package API to run a static analysis of your module's dependencies. This is the CLI engine!β28Updated last week
- JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.β367Updated last week
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.β375Updated last week
- A curated list of awesome browser security learning material.β130Updated 2 years ago
- Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).β30Updated 2 weeks ago
- Easy auditing & sandboxing for your JavaScript dependencies πͺ±β251Updated last year
- Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.β320Updated 2 years ago
- A Node.js vulnerability finding tool.β95Updated 4 years ago
- Collection of security best practices for package managers.β159Updated 2 years ago
- π Normalized repository URLs for every package in the npm registry. Updated daily.β78Updated this week
- Coverage-guided, in-process fuzzing for Node.jsβ289Updated 5 months ago
- An extended Node.js runtime with additional security mechanisms built-in. Protects your Node.js applications from injection attacks such β¦β31Updated 3 years ago
- TC39 proposal for mitigating prototype pollutionβ44Updated last year
- Find security vulnerabilities in open source npm packages while you codeβ202Updated 2 years ago
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]β42Updated 4 months ago
- Secure DOM trees isolation and encapsulation leveraging ShadowDOMβ25Updated 3 weeks ago
- How GitHub Actions workflows can be hackedβ105Updated 2 months ago
- NodeJS runtime protection for supply chain attacksβ142Updated 2 years ago
- Snyk Node Runtime Agentβ16Updated 2 years ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and versβ¦β98Updated this week
- β54Updated last year
- A zoo for malicious NPM packagesβ20Updated last year
- Overlay is a browser extension helping developers evaluate open source packages before picking themβ222Updated 9 months ago
- Collection of community-driven CodeQL query, library and extension packsβ74Updated last week
- ESLint plugin to detect and stop Trojan Source attacksβ76Updated last year
- NodeSecure HTML & PDF report generator for any public and/or private git repositories.β14Updated 3 weeks ago
- Hands-on practical use of HTTP security headers as browser security controls to help secure web applicationsβ18Updated last year
- Manager of third-party sources of Semgrep rules πβ76Updated 3 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ98Updated 9 months ago
- A curated list of awesome GraphQL Security frameworks, libraries, software and resourcesβ299Updated 9 months ago