ossf / package-manager-best-practices
Collection of security best practices for package managers.
☆159Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for package-manager-best-practices
- ☆128Updated last week
- ESLint plugin to detect and stop Trojan Source attacks☆76Updated last year
- Find security vulnerabilities in open source npm packages while you code☆202Updated 2 years ago
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆231Updated this week
- ☆54Updated last year
- ☆110Updated this week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆119Updated 5 months ago
- ☆228Updated 2 months ago
- ☆43Updated 2 months ago
- Orchestrate GitHub Actions Security☆256Updated 2 months ago
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆229Updated 2 weeks ago
- Security & License Compliance For Your App's Dependencies 🪱☆471Updated 2 months ago
- Code-signing for npm packages☆156Updated this week
- Generate SBOMs with gh CLI☆166Updated 2 months ago
- Easy auditing & sandboxing for your JavaScript dependencies 🪱☆251Updated last year
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆27Updated 5 months ago
- Coverage-guided, in-process fuzzing for Node.js☆289Updated 5 months ago
- Data on the share of ESM vs CJS on the public npm registry☆148Updated 2 months ago
- a minimal npm-compatible package registry☆125Updated last week
- ESLint Plugin focused on common security issues and misconfigurations.☆38Updated this week
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆73Updated this week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆177Updated 9 months ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆32Updated 4 months ago
- proxy designed to reduce the attack surface of npm publish☆111Updated this week
- TSLint security rules☆70Updated 4 years ago
- Official GitHub Action for OpenSSF Scorecard.☆266Updated this week
- Use Snow to finally secure your web app's same origin realms!☆105Updated 3 weeks ago
- web-platform-tests Interop project☆318Updated 3 weeks ago
- Publish from GitHub Actions using multi-factor authentication☆276Updated last month
- rewrite constructor arguments, call DOMPurify, profit☆67Updated last month