NodeSecure / js-x-rayLinks
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns π¬.
β252Updated this week
Alternatives and similar repositories for js-x-ray
Users that are interested in js-x-ray are comparing it to the libraries listed below
Sorting:
- Mitigate security concerns of Dependency Confusion supply chain security risksβ47Updated 2 years ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.β402Updated 7 months ago
- β‘οΈ A package API to run a static analysis of your module's dependencies. This is the CLI engine!β35Updated this week
- Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).β30Updated this week
- JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.β374Updated this week
- TC39 proposal for mitigating prototype pollutionβ47Updated last year
- π Normalized repository URLs for every package in the npm registry. Updated daily.β89Updated 2 weeks ago
- A curated list of awesome browser security learning material.β140Updated 2 years ago
- Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registrationβ295Updated this week
- Collection of community-driven CodeQL query, library and extension packsβ168Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilitβ¦β314Updated this week
- Find security vulnerabilities in open source npm packages while you codeβ207Updated 3 years ago
- Collection of security best practices for package managers.β162Updated 2 years ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β120Updated last week
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and gitβ94Updated last week
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.β211Updated last week
- Manager of third-party sources of Semgrep rules πβ87Updated 11 months ago
- get popular npm packagesβ39Updated 3 months ago
- NodeJS runtime protection for supply chain attacksβ141Updated 2 years ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ120Updated 4 months ago
- How GitHub Actions workflows can be hackedβ157Updated 10 months ago
- Coverage-guided, in-process fuzzing for Node.jsβ306Updated this week
- Generic SAST Libraryβ131Updated last week
- A Node.js vulnerability finding tool.β95Updated 4 years ago
- A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.β57Updated 3 weeks ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebasβ¦β145Updated last year
- Scans your Github Actions for security issuesβ74Updated this week
- Test Case Generator Based on Branch Coverage and Fuzzingβ36Updated last year
- Dependency Combobulatorβ93Updated last year
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]β42Updated last year