Explore 28 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A Node.js middleware module that automatically enforces HTTPS connections by redirecting HTTP requests to HTTPS URLs in Express.js applications.
A Node.js middleware module that automatically enforces HTTPS connections by redirecting HTTP requests to HTTPS URLs in Express.js applications.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool to run YARA rules against node_module folders to identify suspicious scripts
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
A Node.js CLI tool that automates the setup of CTF events using OWASP Juice Shop challenges across multiple CTF frameworks.
A Node.js CLI tool that automates the setup of CTF events using OWASP Juice Shop challenges across multiple CTF frameworks.
Reverts sha1 integrity back to sha512 in lock files for enhanced security.
Reverts sha1 integrity back to sha512 in lock files for enhanced security.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
A CLI tool for signing and verifying npm and yarn packages.
A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.
A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that checks for hijackable packages in NPM and Python Pypi registries
A tool that checks for hijackable packages in NPM and Python Pypi registries
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
Identifies 137 malicious npm packages and gathers system information to a remote server.
Identifies 137 malicious npm packages and gathers system information to a remote server.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Lint lockfiles for improved security and trust policies.
npm security team foils plot to steal $13 million in cryptocurrency
npm security team foils plot to steal $13 million in cryptocurrency
Package verification tool for npm with various verification and testing capabilities.
Package verification tool for npm with various verification and testing capabilities.
Detailed analysis of the event-stream incident and actions taken by npm Security.
Detailed analysis of the event-stream incident and actions taken by npm Security.