ossf / package-manager-best-practices
Collection of security best practices for package managers.
☆159Updated last year
Related projects: ⓘ
- ☆122Updated last week
- Find security vulnerabilities in open source npm packages while you code☆201Updated 2 years ago
- ESLint plugin to detect and stop Trojan Source attacks☆76Updated last year
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆228Updated 2 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆117Updated 3 months ago
- ESLint Plugin focused on common security issues and misconfigurations.☆37Updated 10 months ago
- proxy designed to reduce the attack surface of npm publish☆111Updated this week
- Orchestrate GitHub Actions Security☆255Updated this week
- Easy auditing & sandboxing for your JavaScript dependencies 🪱☆249Updated last year
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆24Updated 3 months ago
- Generate SBOMs with gh CLI☆164Updated 9 months ago
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆121Updated 2 months ago
- ☆41Updated 2 weeks ago
- GitHub token permissions Monitor and Advisor actions☆252Updated 2 months ago
- ☆105Updated this week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆175Updated 7 months ago
- Get details about the current Continuous Integration environment☆320Updated 10 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆781Updated last week
- [GitHub] A Command Line ToolKit for GitHub Security Alert.☆25Updated 2 weeks ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆177Updated last month
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆71Updated this week
- rewrite constructor arguments, call DOMPurify, profit☆66Updated this week
- A CLI tool to find out if your dependencies support a given version of node.☆102Updated last year
- ☆54Updated 11 months ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆31Updated 2 months ago
- A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets☆48Updated 2 years ago
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆224Updated this week
- JavaScript SDK for OpenFeature☆140Updated this week
- Code-signing for npm packages☆155Updated this week
- GitHub action to generate a CycloneDX SBOM for Node.js☆20Updated 2 months ago