Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

awesome-nodejs-security

Awesome Node.js Security resources
https://github.com/lirantal/awesome-nodejs-security

Last synced: 5 minutes ago
JSON representation

  • Vulnerabilities and Security Advisories

    • node-release-lines - Introspection API for Node.js release metadata. Provides information about release lines, their relative status along with details of each release.
    • npm-audit - Runs a security audit based on your package.json using npm.
    • npm-audit-resolver - Manage npm-audit results, including options to ignore specific issues in clear and auditable way.
    • patch-package - Allows app authors to create fixes for npm dependencies (in node_modules) without forking or waiting for merged PRs, by creating and applying patches.
    • npq - Safely install packages with npm or yarn by auditing them as part of your install process.
    • gammaray - Runs a security audit based on your package.json using the [Node.js Security Working Group vulnerability data](https://github.com/nodejs/security-wg/).
    • check-my-headers - Fast and simple way to check any HTTP Headers.
    • confused - Tool to check for dependency confusion vulnerabilities in multiple package management systems. See [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610) for reference on the reasoning for this tool.
    • nodejs-cve-checker - A simple tool that validates CVEs were published to NVD after a Node.js Security Release.
    • is-website-vulnerable - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
    • npm-audit - Runs a security audit based on your package.json using npm.
    • joi-security - Detect security flaws in Joi validation schemas.
    • zizmor - Static analysis for GitHub Actions and CI/CD workflows.
    • auditjs - Audits an NPM package.json file to identify known vulnerabilities using the [OSSIndex](https://ossindex.sonatype.org/rest).
    • releaserun - Scan project dependencies for end-of-life runtimes, known CVEs, and version health grades across 300+ products.
    • clawsearch-guard - Pre-install security check for AI agent skills and npm packages. Runs Trust Score analysis before installation to detect malicious patterns, data exfiltration, and prompt injection.

  • Web Framework Hardening

    • Helmet - Helmet helps you secure your Express apps by setting various HTTP headers.
    • koa-helmet - koa-helmet helps you secure your Koa apps by setting various HTTP headers.
    • blankie - CSP plugin for [hapi](https://github.com/hapijs/hapi).
    • fastify-helmet - fastify-helmet helps you secure your [fastify](https://www.fastify.io/) apps by setting important security headers.
    • nuxt-security - 🛡 Security Module for Nuxt based on OWASP Top 10 and Helmet.
    • reporting-api - Setup and collect CSP, Reporting API v0 and v1 reports to reliabily parse them to be processed by the user
    • nis2-express-middleware - Comprehensive Express.js middleware for EU NIS2 compliance (logging, active defense, and secure defaults).
Programming Languages
JavaScript 27 TypeScript 10 Go 4 Python 2 Rust 1 CSS 1 Shell 1 C# 1 HTML 1
Categories
npm and JavaScript specific security incidents and supply chain security issues 283 Security Hardening 28 Static Code Analysis 25 Vulnerabilities and Security Advisories 17 Articles 15 Input Validation & Output Encoding 10 Roadmaps 7 Books 7 Protestware supply chain security issues 7 Web Framework Hardening 7 CSRF 3 Hacking Playground 3 Secure Composition 3 GitHub Actions and CI/CD Security 2 Dynamic Application Security Testing 2 Research Papers 2 License 1 Newsletters 1
Sub Categories
Keywords
security 17 nodejs 11 npm 11 javascript 10 security-tools 5 static-analysis 3 python 3 sast 3 security-audit 3 typescript 3 supply-chain-security 3 vulnerabilities 3 fastify-plugin 3 fastify 3 node 3 devsecops 2 rate-limiting 2 appsec 2 security-scanner 2 lint 2 xss 2 linter 2 pypi 2 csrf 2 module 2 owasp 2 privacy 2 sensor 1 environment 1 check 1 validation 1 vulnerability 1 fastify-library 1 json-parser 1 code-analysis 1 static-code-analysis 1 security-automation 1 code-review 1 gdpr 1 node-security 1 devsecops-tools 1 nodejsscan 1 dataflow 1 compliance 1 code-quality 1 docker 1 heroku 1 nodegoat 1 owasp-top-ten 1 owasp-zap 1