Collection of security best practices for package managers.
☆164Sep 26, 2022Updated 3 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆1,041Updated this week
- Hands-on practical use of HTTP security headers as browser security controls to help secure web applications☆22Jun 14, 2026Updated 3 weeks ago
- An npm package for demonstration purposes using TypeScript to build for both the ECMAScript Module format (i.e. ESM or ES Module) and Com…☆15Aug 22, 2022Updated 3 years ago
- ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!☆38Jul 1, 2026Updated last week
- A shareable Renovate config for Cybozu☆11Updated this week
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- GitHub Action adding a comment with information about new npm dependencies detected in a pull request☆18Jun 22, 2026Updated 2 weeks ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆48Jun 23, 2026Updated 2 weeks ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆203May 22, 2026Updated last month
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆139Apr 20, 2026Updated 2 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆223Feb 4, 2026Updated 5 months ago
- ☆12Jan 9, 2023Updated 3 years ago
- Policy management tool for Node.js☆22Dec 2, 2022Updated 3 years ago
- Blog template to use Google Docs as article editor.☆14May 5, 2022Updated 4 years ago
- A proposal specifying package.json☆24Jun 20, 2023Updated 3 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Count promises☆12Oct 26, 2023Updated 2 years ago
- Is X faster than Y in Node.js vX.Z?☆285Mar 24, 2026Updated 3 months ago
- Find out if a git directory is clean or not☆12Sep 21, 2016Updated 9 years ago
- Feed parsing for language package manager updates☆86Jun 1, 2026Updated last month
- ☆31Jul 1, 2026Updated last week
- List of APIs that will be available due to IE termination☆63Oct 11, 2022Updated 3 years ago
- Polyfill of `util.parseArgs()`☆125Jul 27, 2025Updated 11 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆866Jun 20, 2026Updated 2 weeks ago
- Matteo Collina's portfolio of public speaking engagements☆47Feb 14, 2026Updated 4 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Write acceptance tests easily for your CLI program.☆21Nov 25, 2023Updated 2 years ago
- Vuln Disclosure WG's new SIG☆11Jan 2, 2024Updated 2 years ago
- Public feedback discussions for npm☆144Dec 4, 2023Updated 2 years ago
- Security advisories for Node.js and the JavaScript ecosystem.☆39May 27, 2021Updated 5 years ago
- a repository for documenting and coordinating the foundation's security collaboration space☆45Apr 23, 2026Updated 2 months ago
- CLI to sort and fix your package.json with npm official logic☆17Dec 29, 2024Updated last year
- Programmatically fetch security vulnerabilities with one or many strategies (GitHub Advisory, Sonatype, OSV, Snyk).☆32Updated this week
- CLI tool to move JavaScript(ES2015) or TypeScript module files☆34Dec 8, 2022Updated 3 years ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,557Updated this week
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- A super fast nodejs addon for html parsing and manipulation written in rust.☆13Dec 17, 2025Updated 6 months ago
- Software Component Verification Standard (SCVS)☆160Apr 1, 2025Updated last year
- ESLint plugin to detect and stop Trojan Source attacks☆80Jun 22, 2026Updated 2 weeks ago
- Monorepo for NodeLib libraries☆80Updated this week
- UI for fastify-overview☆32Updated this week
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆29Sep 27, 2023Updated 2 years ago
- ☆13Updated this week