24 tools and resources
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
A simple, secure framework for building scalable applications
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
Cybersecurity project for security monitoring of Node.js applications.
Exhaustive checklist for securing Node.js web services with a focus on error handling and custom error pages.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
A library for validating and accessing environment variables in Node.js programs
Check for known vulnerabilities in your Node.js installation.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A vulnerable web site in NodeJS for testing security source code analyzers.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
Yara module for Node.js
Taxii2 server for interacting with taxii services.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A honeypot tool to mimic the router backdoor 'TCP32764' found in various router firmwares, providing a way to test for vulnerabilities.
A nodejs web application honeypot designed for small environments.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
A list of disposable email domains to detect or block disposable accounts
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
A logging proxy tool created in response to the 'MongoDB Apocalypse', with Docker support.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
