davisjam / vuln-regex-detectorLinks
Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
☆329Updated 3 years ago
Alternatives and similar repositories for vuln-regex-detector
Users that are interested in vuln-regex-detector are comparing it to the libraries listed below
Sorting:
- ☆145Updated 2 years ago
- coverage guided fuzz testing for javascript☆606Updated 4 years ago
- ☆362Updated 3 months ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆401Updated 6 months ago
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆238Updated 3 weeks ago
- Detect possibly catastrophic, exponential-time regular expressions☆184Updated 2 years ago
- A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.☆110Updated 2 years ago
- Content released at NorthSec 2018 for my talk on prototype pollution☆531Updated last year
- ESLint security plugin for Node.js☆103Updated last year
- Express.js middleware for "Host" and "Referer" header validation to protect against DNS rebinding attacks.☆192Updated 2 years ago
- Find security vulnerabilities in open source npm packages while you code☆206Updated 3 years ago
- JSON.parse() drop-in replacement with prototype poisoning protection☆235Updated this week
- A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.☆624Updated 3 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆798Updated last month
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆252Updated this week
- WebAppSec Content Security Policy☆220Updated last week
- 🎖safely* install packages with npm or yarn by auditing them as part of your install process☆990Updated 8 months ago
- Some thoughts on how Node.js might respond to a changing security environment☆173Updated 6 years ago
- node.js bindings for RE2: fast, safe alternative to backtracking regular expression engines.☆519Updated last week
- A stream implementation that does more by doing less☆253Updated last year
- Coverage-guided, in-process fuzzing for Node.js☆305Updated this week
- RegEx Denial of Service (ReDos) Scanner☆163Updated 7 years ago
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 3 years ago
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆42Updated 11 months ago
- Collection of security best practices for package managers.☆162Updated 2 years ago
- JSON.parse() drop-in replacement with prototype poisoning protection☆172Updated 7 months ago
- TSLint security rules☆69Updated 4 years ago
- Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...☆425Updated 3 years ago
- A minimal port of the old, publicly archived "owasp-esapi-js" (Enterprise Security API for JavaScript) encoder.☆137Updated 2 years ago
- ☆243Updated 3 weeks ago