Collection of security best practices for package managers.
☆164Sep 26, 2022Updated 3 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below
Sorting:
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆992Feb 24, 2026Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆42Updated this week
- Hands-on practical use of HTTP security headers as browser security controls to help secure web applications☆19Jan 14, 2023Updated 3 years ago
- GitHub Action adding a comment with information about new npm dependencies detected in a pull request☆17Mar 30, 2024Updated last year
- An npm package for demonstration purposes using TypeScript to build for both the ECMAScript Module format (i.e. ESM or ES Module) and Com…☆15Aug 22, 2022Updated 3 years ago
- List of APIs that will be available due to IE termination☆62Oct 11, 2022Updated 3 years ago
- Policy management tool for Node.js☆22Dec 2, 2022Updated 3 years ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆213Feb 4, 2026Updated last month
- Is X faster than Y in Node.js vX.Z?☆285Nov 3, 2025Updated 4 months ago
- ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!☆37Feb 26, 2026Updated last week
- A proposal specifying package.json☆23Jun 20, 2023Updated 2 years ago
- Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and co…☆23May 2, 2024Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 3 months ago
- Security advisories for Node.js and the JavaScript ecosystem.☆39May 27, 2021Updated 4 years ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆199Dec 22, 2025Updated 2 months ago
- Intercept outgoing network TCP/TLS connections☆14Sep 23, 2022Updated 3 years ago
- A community collection of security reviews of open source software components.☆97Feb 29, 2024Updated 2 years ago
- My first RAG application☆10Jul 29, 2024Updated last year
- Top 2025 Vulnerabilities You Shouldn’t Accept in a Pentest Report☆14Feb 6, 2025Updated last year
- A shareable Renovate config for Cybozu☆11Updated this week
- Lint fenced code blocks by corresponding language tags☆12Sep 24, 2017Updated 8 years ago
- ☆13Feb 2, 2022Updated 4 years ago
- Git 2.9+(`core.hooksPath`) + Lint Staged without extra dependencies.☆10Aug 23, 2022Updated 3 years ago
- View your photo carved on a stone☆12Dec 12, 2025Updated 2 months ago
- ☆13Feb 27, 2026Updated last week
- Lint an npm or yarn lockfile to analyze and detect security issues☆841Jan 25, 2026Updated last month
- Feed parsing for language package manager updates☆82Dec 4, 2024Updated last year
- Count promises☆12Oct 26, 2023Updated 2 years ago
- Determines whether a Node file is a Module (`import`) or a Script (`require`)☆11Oct 2, 2020Updated 5 years ago
- ☆12Jan 9, 2023Updated 3 years ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- React Suspended is an educational frontend application riddled with security vulnerabilities☆10Jan 29, 2024Updated 2 years ago
- NodeSecure HTML & PDF report generator for any public and/or private git repositories.☆16Feb 4, 2026Updated last month
- Detect Glassworm & trojan source attacks that employ unicode bidi attacks to inject malicious code☆59Nov 13, 2025Updated 3 months ago
- A template literal based ESX proposal☆52Jul 31, 2024Updated last year
- Polyfill of `util.parseArgs()`☆126Jul 27, 2025Updated 7 months ago
- Find out if a git directory is clean or not☆12Sep 21, 2016Updated 9 years ago
- Introducing CICDash — an open-source dashboard for visualizing your GitHub Actions (GHA) workflow trends.☆15Jan 4, 2025Updated last year
- Monorepo of utilities for integrating Effect with different frameworks and libraries.☆34Feb 10, 2026Updated 3 weeks ago