pkgsign is a CLI tool for signing and verifying npm and yarn packages. It allows for signing packages with PGP private keys or keybase.io for simplicity. Recently, several packages went missing from the npm registry, highlighting the importance of package signing to prevent unauthorized modifications and ensure trust in package sources.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
Docker file for building Androguard dependencies with an optional interactive shell environment.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.
Bane is an automated AppArmor profile generator for Docker containers that simplifies the creation of security policies with file globbing support and Docker integration.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.