{"id":13462763,"url":"https://github.com/rustcohlnikov/awesome-frontend-security","last_synced_at":"2025-03-25T05:32:14.330Z","repository":{"id":218323657,"uuid":"215488473","full_name":"rustcohlnikov/awesome-frontend-security","owner":"rustcohlnikov","description":"☔️A curated list of tools, articles \u0026 resources to help take your frontend security to the next level. Feel free to contribute!","archived":false,"fork":false,"pushed_at":"2022-07-29T03:44:10.000Z","size":200,"stargazers_count":65,"open_issues_count":1,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-05-20T20:43:37.753Z","etag":null,"topics":["appsec","awesome","awesome-list","best-practices","content-security-policy","csp","fe-sec","frontend","frontend-security","npm-audit","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rustcohlnikov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-10-16T07:47:22.000Z","updated_at":"2024-03-27T03:28:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"64f34313-94a2-4dfd-8d5d-d3deb579d75a","html_url":"https://github.com/rustcohlnikov/awesome-frontend-security","commit_stats":null,"previous_names":["rustcohlnikov/awesome-frontend-security"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rustcohlnikov%2Fawesome-frontend-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rustcohlnikov%2Fawesome-frontend-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rustcohlnikov%2Fawesome-frontend-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rustcohlnikov%2Fawesome-frontend-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rustcohlnikov","download_url":"https://codeload.github.com/rustcohlnikov/awesome-frontend-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245407577,"owners_count":20610227,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","awesome","awesome-list","best-practices","content-security-policy","csp","fe-sec","frontend","frontend-security","npm-audit","security"],"created_at":"2024-07-31T13:00:29.855Z","updated_at":"2025-03-25T05:32:14.059Z","avatar_url":"https://github.com/rustcohlnikov.png","language":null,"funding_links":[],"categories":["Other Lists","Education Best Practices"],"sub_categories":["TeX Lists","Secure OSes"],"readme":"\u003cp\u003e\u003cimg src=\"/logo.png\" alt=\"awesome-frontend-security\" srcset=\"/logo.png 2x\"/\u003e\u003c/p\u003e\n\n[![Awesome](https://awesome.re/badge-flat2.svg)](https://github.com/sindresorhus/awesome)\n\n## Contents\n- [Code](#code)\n  - [Linters](#linters)\n  - [Sanitizers](#sanitizers)\n  - [Serializers](#serializers)\n- [Dependencies](#dependencies)\n- [Headers](#headers)\n  - [Content-Security-Policy](#content-security-policy)\n  - [X-XSS-Protection](#x-xss-protection)\n  - [X-Frame-Options](#x-frame-options)\n- [Articles](#articles)\n- [Other lists](#other-lists)\n\n\n## Code\n- [JavaScript Secure Coding Practices](https://checkmarx.gitbooks.io/js-scp/content/) - A guide written for anyone who is using the JavaScript for web development.\n- [Security Policy](https://help.github.com/en/articles/adding-a-security-policy-to-your-repository) - How to add a security policy to your Github repository.\n- [AJAX Security Cheatsheet](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/AJAX_Security_Cheat_Sheet.md) - A starting point for AJAX security.\n\n### Linters\n- [`eslint-plugin-security`](https://github.com/nodesecurity/eslint-plugin-security) - ESLint rules for Node Security.\n- [`eslint-plugin-no-unsanitized`](https://github.com/mozilla/eslint-plugin-no-unsanitized) - ESLint rules to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike.\n- [`eslint-config-sec`](https://github.com/rustcohlnikov/eslint-config-sec) - ESLint rules for writing safe and secure client code.\n\n### Sanitizers\n- [`dompurify`](https://github.com/cure53/DOMPurify) - XSS sanitizer for HTML, MathML and SVG\n- [`sanitize-html`](https://github.com/apostrophecms/sanitize-html) - Clean up user-submitted HTML.\n\n### Serializers\n- [`serialize-javascript`](https://github.com/yahoo/serialize-javascript) - Serialize JavaScript safely - HTML characters and JS line terminators are escaped automatically.\n\n## Dependencies\n- [`audit-ci`](https://github.com/IBM/audit-ci) - NPM and Yarn dependencies audit for CI/CD.\n- [`dtrack-audit`](https://github.com/ozonru/dtrack-audit) - OWASP Dependency Track API client for CI/CD.\n- [Github Automated Security Fixes](https://help.github.com/en/articles/configuring-automated-security-fixes) - How to use automated or manual pull requests to easily update vulnerable dependencies.\n- [Vulnerable Dependency Management](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md#tools) - About tools for detecting vulnerable third-party dependencies.\n\n## Headers\n- [Security Headers](https://securityheaders.com/) - Check your website's HTTP response headers for security.\n\n### Content-Security-Policy \n#### 📚Learn\n- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) - An article on MDN.\n- [CSP Is Dead, Long Live CSP!](https://storage.googleapis.com/pub-tools-public-publication-data/pdf/45542.pdf) - On the Insecurity of Whitelists and the Future of Content Security Policy.\n- [Strict CSP](https://csp.withgoogle.com/docs/strict-csp.html) - To get real value out of CSP, your policy must prevent the execution of untrusted scripts.\n\n#### 🧪Create\n- [Webpack CSP configuration](https://webpack.js.org/guides/csp/) - Webpack is capable of adding nonce(number used once) to all scripts that it loads.\n- [`csp-html-webpack-plugin`](https://github.com/slackhq/csp-html-webpack-plugin) - Generates meta content for your Content Security Policy tag.\n- [CSP Hash Generator](https://report-uri.com/home/hash) - Script and style hasher for `script-src` and `style-src` directives to disallow inline scripts and styles. More [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Unsafe_inline_script).\n\n#### 🔍Validate\n- [CSP Evaluator](https://csp-evaluator.withgoogle.com/) - Paste your policy and check if its safe and strong enough.\n- [CSP Header Inspector](https://cspvalidator.org) - Validate your policies as served from the given URL.\n- [CSP Tester](https://github.com/yandex/csp-tester) - Browser extension for testing Content Security Policy (CSP).\n\n#### 🤔Analyse\n- [CSP WTF?](https://github.com/nico3333fr/CSP-useful/blob/master/csp-wtf/explained.md) - Explanations for strange CSP Report notifications.\n\n### X-XSS-Protection \n#### 📚Learn\n- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) - An article on MDN.\n\n### X-Frame-Options \n#### 📚Learn\n- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) - An article on MDN.\n\n## Articles\n- [Trusted Types help prevent Cross-Site Scripting](https://developers.google.com/web/updates/2019/02/trusted-types) - About new browser API that might help obliterate DOM XSS.\n- [Cybersecurity threatscape](https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2019-q2/) - Positive Technologies' quarter report on cyber threats and recommendations on how to stay safe.\n- [The Most Common XSS Vulnerability in React.js Applications](https://medium.com/node-security/the-most-common-xss-vulnerability-in-react-js-applications-2bdffbcc1fa0)\n\n## Other lists\n- [CSP useful](https://github.com/nico3333fr/CSP-useful) - A collection of parsers, examples and tips for Content Security Policy.\n- [Awesome Web Security](https://github.com/qazbnm456/awesome-web-security) - A curated list of Web Security materials and resources.\n\n## License\n[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frustcohlnikov%2Fawesome-frontend-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frustcohlnikov%2Fawesome-frontend-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frustcohlnikov%2Fawesome-frontend-security/lists"}