Collection of security best practices for package managers.
☆164Sep 26, 2022Updated 3 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Hands-on practical use of HTTP security headers as browser security controls to help secure web applications☆21Updated this week
- An npm package for demonstration purposes using TypeScript to build for both the ECMAScript Module format (i.e. ESM or ES Module) and Com…☆15Aug 22, 2022Updated 3 years ago
- ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!☆38Jun 8, 2026Updated last week
- A shareable Renovate config for Cybozu☆11Jun 12, 2026Updated last week
- GitHub Action adding a comment with information about new npm dependencies detected in a pull request☆17Mar 30, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆48Updated this week
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆203May 22, 2026Updated 3 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆137Apr 20, 2026Updated last month
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆220Feb 4, 2026Updated 4 months ago
- ☆12Jan 9, 2023Updated 3 years ago
- Policy management tool for Node.js☆22Dec 2, 2022Updated 3 years ago
- A proposal specifying package.json☆24Jun 20, 2023Updated 2 years ago
- Is X faster than Y in Node.js vX.Z?☆285Mar 24, 2026Updated 2 months ago
- Find out if a git directory is clean or not☆12Sep 21, 2016Updated 9 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Feed parsing for language package manager updates☆86Jun 1, 2026Updated 2 weeks ago
- List of APIs that will be available due to IE termination☆62Oct 11, 2022Updated 3 years ago
- Polyfill of `util.parseArgs()`☆125Jul 27, 2025Updated 10 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆863Updated this week
- Write acceptance tests easily for your CLI program.☆21Nov 25, 2023Updated 2 years ago
- https://jxck.io☆46Jun 5, 2026Updated 2 weeks ago
- A modern and light Node.js http client 🐢🚀 (built with undici under the hood).☆15Mar 10, 2025Updated last year
- The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…☆223Apr 23, 2024Updated 2 years ago
- a repository for documenting and coordinating the foundation's security collaboration space☆44Apr 23, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- CLI to sort and fix your package.json with npm official logic☆17Dec 29, 2024Updated last year
- Programmatically fetch security vulnerabilities with one or many strategies (GitHub Advisory, Sonatype, OSV, Snyk).☆32Jun 8, 2026Updated last week
- Privateer plugin for scanning the security hygiene of a GitHub repository.☆27Updated this week
- A super fast nodejs addon for html parsing and manipulation written in rust.☆13Dec 17, 2025Updated 6 months ago
- example.on('end', mustCall(() => {})); Check the callback function is called.☆11Nov 20, 2022Updated 3 years ago
- Detect Glassworm & trojan source attacks that employ unicode bidi attacks to inject malicious code☆79Jun 12, 2026Updated last week
- ESLint plugin to detect and stop Trojan Source attacks☆81Jun 12, 2026Updated last week
- Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report☆14Feb 6, 2025Updated last year
- A community collection of security reviews of open source software components.☆99Feb 29, 2024Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Package verification for npm☆62Feb 12, 2022Updated 4 years ago
- UI for fastify-overview☆32Updated this week
- Textlint rules for Japanese official documents [in Japanese]☆20May 23, 2021Updated 5 years ago
- ☆13Jun 8, 2026Updated last week
- Change a Rich Text input area to Markdown input area on kintone☆23Apr 1, 2026Updated 2 months ago
- Tor detect middleware for express☆14Dec 6, 2023Updated 2 years ago
- Lint fenced code blocks by corresponding language tags☆13Sep 24, 2017Updated 8 years ago