Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-frontend-security
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
https://github.com/rustcohlnikov/awesome-frontend-security
Last synced: 4 days ago
JSON representation
-
Code
-
Linters
- `eslint-plugin-no-unsanitized` - ESLint rules to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike.
- `eslint-config-sec` - ESLint rules for writing safe and secure client code.
- `eslint-plugin-security` - ESLint rules for Node Security.
-
Sanitizers
- `dompurify` - XSS sanitizer for HTML, MathML and SVG
- `sanitize-html` - Clean up user-submitted HTML.
-
Serializers
- `serialize-javascript` - Serialize JavaScript safely - HTML characters and JS line terminators are escaped automatically.
-
- JavaScript Secure Coding Practices - A guide written for anyone who is using the JavaScript for web development.
- Security Policy - How to add a security policy to your Github repository.
- AJAX Security Cheatsheet - A starting point for AJAX security.
-
-
Dependencies
-
Serializers
- `audit-ci` - NPM and Yarn dependencies audit for CI/CD.
- `dtrack-audit` - OWASP Dependency Track API client for CI/CD.
- Github Automated Security Fixes - How to use automated or manual pull requests to easily update vulnerable dependencies.
- Vulnerable Dependency Management - About tools for detecting vulnerable third-party dependencies.
- `dtrack-audit` - OWASP Dependency Track API client for CI/CD.
-
-
Headers
-
Content-Security-Policy
- `csp-html-webpack-plugin` - Generates meta content for your Content Security Policy tag.
- CSP Tester - Browser extension for testing Content Security Policy (CSP).
- MDN - An article on MDN.
- CSP Is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of Content Security Policy.
- Strict CSP - To get real value out of CSP, your policy must prevent the execution of untrusted scripts.
- Webpack CSP configuration - Webpack is capable of adding nonce(number used once) to all scripts that it loads.
- CSP Hash Generator - Script and style hasher for `script-src` and `style-src` directives to disallow inline scripts and styles. More [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Unsafe_inline_script).
- CSP Evaluator - Paste your policy and check if its safe and strong enough.
- CSP WTF? - Explanations for strange CSP Report notifications.
-
Serializers
- Security Headers - Check your website's HTTP response headers for security.
-
X-XSS-Protection
- MDN - An article on MDN.
-
X-Frame-Options
- MDN - An article on MDN.
-
-
Other lists
-
X-Frame-Options
- CSP useful - A collection of parsers, examples and tips for Content Security Policy.
- Awesome Web Security - A curated list of Web Security materials and resources.
-
-
Articles
-
X-Frame-Options
- Trusted Types help prevent Cross-Site Scripting - About new browser API that might help obliterate DOM XSS.
- Cybersecurity threatscape - Positive Technologies' quarter report on cyber threats and recommendations on how to stay safe.
- The Most Common XSS Vulnerability in React.js Applications
-
Programming Languages
Categories
Sub Categories
Keywords
security
7
eslint-plugin
2
eslint
2
web
2
javascript
2
component-analysis
2
security-tools
2
software-composition-analysis
2
csp
2
bun
1
audit-ci
1
audit
1
serialize
1
json
1
xss
1
svg
1
sanitizer
1
prevent-xss-attacks
1
mathml
1
html
1
dompurify
1
dom
1
cross-site-scripting
1
linter
1
websecurity
1
penetration-testing
1
list
1
awesome-list
1
awesome
1
report-uri
1
notifications
1
csp3
1
csp2
1
csp1
1
csp-parsers
1
csp-directives
1
content-security-policy
1
webpack
1
html-webpack-plugin
1
yarn
1
pnpm
1
npm
1
github-actions
1
ci
1
fe-sec
1