davisjam / vuln-regex-detector
Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
☆321Updated 3 years ago
Alternatives and similar repositories for vuln-regex-detector:
Users that are interested in vuln-regex-detector are comparing it to the libraries listed below
- Detect possibly catastrophic, exponential-time regular expressions☆179Updated 2 years ago
- A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.☆616Updated 3 weeks ago
- Find security vulnerabilities in open source npm packages while you code☆205Updated 2 years ago
- coverage guided fuzz testing for javascript☆606Updated 3 years ago
- A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-con…☆59Updated 7 years ago
- ☆350Updated last month
- Content released at NorthSec 2018 for my talk on prototype pollution☆522Updated 10 months ago
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆235Updated 4 months ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆393Updated 4 months ago
- A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.☆109Updated 2 years ago
- node.js bindings for RE2: fast, safe alternative to backtracking regular expression engines.☆513Updated 7 months ago
- ESLint security plugin for Node.js☆103Updated last year
- Express.js middleware for "Host" and "Referer" header validation to protect against DNS rebinding attacks.☆191Updated 2 years ago
- Robust ZIP decoder with defenses against dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local a…☆262Updated 4 years ago
- Detects node eventloop block and reports where it started☆328Updated 2 years ago
- Coverage-guided, in-process fuzzing for Node.js☆298Updated 9 months ago
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆238Updated 3 weeks ago
- A stream implementation that does more by doing less☆251Updated 10 months ago
- Some thoughts on how Node.js might respond to a changing security environment☆173Updated 6 years ago
- JSON.parse() drop-in replacement with prototype poisoning protection☆230Updated 3 weeks ago
- An extensible, heuristic-based vulnerability scanning tool for installed npm packages☆50Updated 3 years ago
- Audits an NPM package.json file to identify known vulnerabilities.☆227Updated 4 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆791Updated 6 months ago
- JSON.parse() drop-in replacement with prototype poisoning protection☆173Updated 5 months ago
- JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.☆367Updated 3 weeks ago
- RegEx Denial of Service (ReDos) Scanner☆163Updated 7 years ago
- NodeJS runtime protection for supply chain attacks☆141Updated 2 years ago
- 🎖safely* install packages with npm or yarn by auditing them as part of your install process☆977Updated 6 months ago
- Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...☆424Updated 3 years ago
- Create a V8 heap snapshot right before an "Out of Memory" error occurs, or create a heap snapshot or CPU profile on request.☆98Updated 3 months ago