Alternatives and similar repositories for vulncost:

Users that are interested in vulncost are comparing it to the libraries listed below

• mozilla / eslint-plugin-no-unsanitized
  Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
  ☆235Updated 4 months ago
• ossf / package-manager-best-practices
  Collection of security best practices for package managers.
  ☆162Updated 2 years ago
• nodejs / security-advisories
  Security advisories for Node.js and the JavaScript ecosystem.
  ☆41Updated 3 years ago
• UlisesGascon / check-my-headers
  Fast and simple way to check any HTTP Headers
  ☆45Updated last year
• lirantal / eslint-plugin-anti-trojan-source
  ESLint plugin to detect and stop Trojan Source attacks
  ☆76Updated 2 years ago
• GoogleCloudPlatform / wombat-dressing-room
  proxy designed to reduce the attack surface of npm publish
  ☆115Updated 2 weeks ago
• lirantal / detect-secrets
  A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
  ☆50Updated 2 years ago
• sonatype-nexus-community / auditjs
  Audits an NPM package.json file to identify known vulnerabilities.
  ☆227Updated 4 months ago
• fregante / ghat
  🛕 Reuse GitHub Actions workflows across repositories
  ☆265Updated 4 years ago
• lirantal / anti-trojan-source
  Detect trojan source attacks that employ unicode bidi attacks to inject malicious code
  ☆47Updated 2 years ago
• spaceraccoon / npm-scan
  An extensible, heuristic-based vulnerability scanning tool for installed npm packages
  ☆50Updated 3 years ago
• webschik / tslint-config-security
  TSLint security rules
  ☆70Updated 4 years ago
• microsoft / sarif-js-sdk
  JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…
  ☆27Updated 10 months ago
• yaakov123 / hagana
  NodeJS runtime protection for supply chain attacks
  ☆141Updated 2 years ago
• mozilla / observatory-cli
  ☆190Updated 5 months ago
• GoogleChromeLabs / perf-track
  Tracking framework performance and usage at scale
  ☆152Updated 6 months ago
• davisjam / vuln-regex-detector
  Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
  ☆321Updated 3 years ago
• zaproxy / zap-api-nodejs
  ☆49Updated last week
• watson / ci-info
  Get details about the current Continuous Integration environment
  ☆335Updated 3 weeks ago
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆56Updated 6 months ago
• npm / ci-detect
  Detect what kind of CI environment the program is in
  ☆53Updated last year
• github / ossar-action
  Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).
  ☆96Updated 11 months ago
• pkg-size / action
  📦📊 GitHub Action to reports on the size of your npm package
  ☆90Updated last year
• nickdeis / eslint-plugin-no-secrets
  An eslint plugin to find strings that might be secrets/credentials
  ☆145Updated last month
• NodeSecure / js-x-ray
  JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
  ☆238Updated 3 weeks ago
• npm / arborist
  npm's tree doctor
  ☆371Updated 3 years ago
• gkouziik / eslint-plugin-security-node
  ESLint security plugin for Node.js
  ☆103Updated last year
• nice-registry / all-the-package-repos
  🌍 Normalized repository URLs for every package in the npm registry. Updated daily.
  ☆82Updated this week
• NodeSecure / cli
  JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
  ☆367Updated 3 weeks ago
• salesforce / lobster-pot
  Scans every git push to your Github organisations to find unwanted secrets.
  ☆87Updated last year