davisjam / vuln-regex-detector

Related projects ⓘ

Alternatives and complementary repositories for vuln-regex-detector

• davisjam / safe-regex
  Detect possibly catastrophic, exponential-time regular expressions
  ☆168Updated 2 years ago
• NicolaasWeideman / RegexStaticAnalysis
  A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.
  ☆110Updated 2 years ago
• snyk / vulncost
  Find security vulnerabilities in open source npm packages while you code
  ☆202Updated 2 years ago
• w3c / trusted-types
  A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
  ☆606Updated this week
• google / csp-evaluator
  ☆330Updated 3 weeks ago
• NodeSecure / js-x-ray
  JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
  ☆229Updated 2 weeks ago
• superhuman / rxxr2
  ☆141Updated last year
• ajinabraham / njsscan
  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
  ☆375Updated last week
• HoLyVieR / prototype-pollution-nsec18
  Content released at NorthSec 2018 for my talk on prototype pollution
  ☆515Updated 5 months ago
• mozilla / eslint-plugin-no-unsanitized
  Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
  ☆231Updated this week
• w3c / webappsec-csp
  WebAppSec Content Security Policy
  ☆210Updated last month
• sonatype-nexus-community / auditjs
  Audits an NPM package.json file to identify known vulnerabilities.
  ☆223Updated last week
• uhop / node-re2
  node.js bindings for RE2: fast, safe alternative to backtracking regular expression engines.
  ☆502Updated 2 months ago
• brannondorsey / host-validation
  Express.js middleware for "Host" and "Referer" header validation to protect against DNS rebinding attacks.
  ☆191Updated 2 years ago
• fuzzitdev / jsfuzz
  coverage guided fuzz testing for javascript
  ☆608Updated 3 years ago
• gkouziik / eslint-plugin-security-node
  ESLint security plugin for Node.js
  ☆101Updated 9 months ago
• jagracey / RegEx-DoS
  RegEx Denial of Service (ReDos) Scanner
  ☆162Updated 7 years ago
• ESAPI / node-esapi
  A minimal port of the old, publicly archived "owasp-esapi-js" (Enterprise Security API for JavaScript) encoder.
  ☆131Updated 2 years ago
• fastify / secure-json-parse
  JSON.parse() drop-in replacement with prototype poisoning protection
  ☆225Updated this week
• hapijs / bourne
  JSON.parse() drop-in replacement with prototype poisoning protection
  ☆169Updated 3 weeks ago
• nodejs / security-wg
  Node.js Ecosystem Security Working Group
  ☆501Updated 3 weeks ago
• lirantal / npq
  🎖safely* install packages with npm or yarn by auditing them as part of your install process
  ☆955Updated 2 months ago
• google / node-sec-roadmap
  Some thoughts on how Node.js might respond to a changing security environment
  ☆172Updated 5 years ago
• sola-da / ReDoS-vulnerabilities
  A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-con…
  ☆58Updated 6 years ago
• yaakov123 / hagana
  NodeJS runtime protection for supply chain attacks
  ☆142Updated 2 years ago
• webschik / tslint-config-security
  TSLint security rules
  ☆70Updated 4 years ago
• CodeIntelligenceTesting / jazzer.js
  Coverage-guided, in-process fuzzing for Node.js
  ☆289Updated 5 months ago
• sola-da / Synode
  Automatically Preventing Code Injection Attacks on Node.js
  ☆78Updated 2 years ago
• gajus / http-terminator
  Gracefully terminates HTTP(S) server.
  ☆324Updated last year