ossf / package-manager-best-practicesLinks
Collection of security best practices for package managers.
☆162Updated 2 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below
Sorting:
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆91Updated this week
- ☆133Updated last week
- Find security vulnerabilities in open source npm packages while you code☆207Updated 3 years ago
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆128Updated last month
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆238Updated last month
- Orchestrate GitHub Actions Security☆289Updated 3 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆122Updated 5 months ago
- ESLint plugin to detect and stop Trojan Source attacks☆77Updated 2 years ago
- ☆123Updated last week
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆28Updated last year
- Generate SBOMs with gh CLI☆188Updated 3 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆184Updated last year
- Do you have a boatload of speaking gigs? Use this CLI to manage them all!☆35Updated 2 years ago
- ☆46Updated 9 months ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆35Updated last month
- GitHub token permissions Monitor and Advisor actions☆315Updated last month
- ☆51Updated last week
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆252Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 10 months ago
- ESLint Plugin focused on common security issues and misconfigurations.☆43Updated 4 months ago
- Security advisories for Node.js and the JavaScript ecosystem.☆41Updated 4 years ago
- A CLI tool to find out if your dependencies support a given version of node.☆104Updated last year
- proxy designed to reduce the attack surface of npm publish☆117Updated last month
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆105Updated 2 weeks ago
- SARIF Microsoft Visual Studio Code extension☆117Updated 2 weeks ago
- Code-signing for npm packages☆164Updated last week
- Official GitHub Action for OpenSSF Scorecard.☆311Updated last week
- ☆243Updated last month
- Lint an npm or yarn lockfile to analyze and detect security issues☆804Updated last month
- Bundles of multiple resources, to improve loading JS and the Web.☆106Updated last year