Javascript

A set of tools for securing JavaScript projects against software supply chain attacks.

A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.

Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.

A library of string validators and sanitizers.

Detect users' operating systems and perform redirection with Apache mod_rewrite.

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.

A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.

UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.

A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.

A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.

Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

A tool that reveals invisible links within JavaScript files

Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.

Phish Report is inaccessible without JavaScript and cookies enabled.

A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

A Python tool for in-depth PDF analysis and modification.

Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.

Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.