Application Security for Javascript

A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.

A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.

Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.

JavaScript library scanner and SBOM generator

Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.

Hapi is a Node.js web application framework that provides built-in functionality for building scalable server-side applications and APIs with security features and plugin architecture.

AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.

NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.

A Node.js library for validating environment variables and providing immutable access to configuration values in applications.

A set of tools for securing JavaScript projects against software supply chain attacks.

A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.

A library of string validators and sanitizers.

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.

UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.

A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

A tool that reveals invisible links within JavaScript files

Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.

A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.

A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.