ossf / package-manager-best-practicesLinks
Collection of security best practices for package managers.
☆162Updated 2 years ago
Alternatives and similar repositories for package-manager-best-practices
Users that are interested in package-manager-best-practices are comparing it to the libraries listed below
Sorting:
- ☆139Updated last week
- Find security vulnerabilities in open source npm packages while you code☆210Updated 3 years ago
- ESLint plugin to detect and stop Trojan Source attacks☆77Updated 2 years ago
- ☆46Updated 11 months ago
- JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…☆29Updated last year
- GitHub action to generate a CycloneDX SBOM for Node.js☆22Updated last month
- ESLint Plugin focused on common security issues and misconfigurations.☆43Updated 6 months ago
- Detect trojan source attacks that employ unicode bidi attacks to inject malicious code☆47Updated 2 years ago
- ☆134Updated 2 weeks ago
- proxy designed to reduce the attack surface of npm publish☆119Updated last month
- Code-signing for npm packages☆167Updated this week
- Orchestrate GitHub Actions Security☆295Updated 2 weeks ago
- Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.☆95Updated this week
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆131Updated last week
- JavaScript implementation of The Update Framework (TUF)☆80Updated last week
- Bundles of multiple resources, to improve loading JS and the Web.☆107Updated last year
- Node 18's node:test, as an npm package☆98Updated 8 months ago
- Lint an npm or yarn lockfile to analyze and detect security issues☆812Updated 4 months ago
- Get a list of licenses used by a projects dependencies☆19Updated 2 years ago
- GitHub token permissions Monitor and Advisor actions☆322Updated last month
- Hands-on practical use of HTTP security headers as browser security controls to help secure web applications☆18Updated 2 years ago
- A proposal specifying package.json☆23Updated 2 years ago
- JavaScript package.json License Checker☆181Updated last year
- ESLint security plugin for Node.js☆104Updated last year
- UUID V4☆63Updated 2 years ago
- Polyfill of `util.parseArgs()`☆124Updated last month
- rewrite constructor arguments, call DOMPurify, profit☆69Updated 11 months ago
- ESLint plugin about ECMAScript syntactic features.☆110Updated 3 years ago
- A CLI tool to find out if your dependencies support a given version of node.☆104Updated 2 years ago
- A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets☆51Updated 3 years ago