NodeSecure / js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns π¬.
β229Updated last week
Related projects β
Alternatives and complementary repositories for js-x-ray
- Mitigate security concerns of Dependency Confusion supply chain security risksβ40Updated 2 years ago
- β‘οΈ A package API to run a static analysis of your module's dependencies. This is the CLI engine!β28Updated this week
- JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.β367Updated last week
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.β375Updated this week
- Generic SAST Libraryβ124Updated this week
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]β42Updated 4 months ago
- Coverage-guided, in-process fuzzing for Node.jsβ290Updated 4 months ago
- A Node.js vulnerability finding tool.β95Updated 4 years ago
- β54Updated last year
- Use Snow to finally secure your web app's same origin realms!β105Updated last week
- NodeJS runtime protection for supply chain attacksβ142Updated 2 years ago
- Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).β30Updated last week
- A curated list of awesome browser security learning material.β130Updated last year
- Easy auditing & sandboxing for your JavaScript dependencies πͺ±β251Updated last year
- TC39 proposal for mitigating prototype pollutionβ43Updated last year
- A zoo for malicious NPM packagesβ20Updated last year
- Collection of community-driven CodeQL query, library and extension packsβ68Updated this week
- Find security vulnerabilities in open source npm packages while you codeβ202Updated 2 years ago
- Collection of security best practices for package managers.β159Updated 2 years ago
- TaintFlow, a framework for JavaScript dynamic information flow analysis.β17Updated last year
- javascript based browser anti debugging techniques resourcesβ109Updated 11 months ago
- Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code.β319Updated 2 months ago
- A web client port-scanner written in GO, that supports the WASM/WASI interface for Browser WebAssembly runtime execution.β141Updated last year
- ESLint plugin to detect and stop Trojan Source attacksβ76Updated last year
- π Normalized repository URLs for every package in the npm registry. Updated daily.β78Updated this week
- β175Updated this week
- Manager of third-party sources of Semgrep rules πβ76Updated 3 months ago
- β329Updated last week
- A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.β55Updated 2 months ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and versβ¦β96Updated this week