Security

Safer Node.js Buffer API

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

A tiny (116 bytes), secure URL-friendly unique string ID generator

Generate a cryptographically strong random string

JavaScript library of crypto standards.

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

Create a 'gud nuff' (not cryptographically secure) globally unique id

📦🐈 Fast, reliable, and secure dependency management.

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

help secure Express/Connect apps with various HTTP headers

JSON parse with prototype poisoning protection

SSH2 client and server modules written in pure JavaScript for node.js

General purpose crypto utilities

Calculate meta-vulnerabilities from package security advisories

Securely compare two strings, copied from cryptiles

SSH2 and SFTP(v3) client/server protocol streams for node.js

A ready to use http and https agent for working with proxies that keeps connections alive!

General purpose crypto utilities

HTTP Strict Transport Security middleware.

Content Security Policy middleware

Middleware to disable the X-XSS-Protection header

Build Content Security Policy directives.

HTTP Public Key Pinning (HPKP) middleware

Middleware to remove the X-Powered-By header

Middleware to prevent mimetype from being sniffed

Middleware to set the Referrer-Policy HTTP header

Middleware to set the Feature-Policy HTTP header

Set the X-Permitted-Cross-Domain-Policies header in Express apps

Given a response from the npm security api, render it into a variety of security reports

HTTP State Management Utilities

A faster, secure and convenient alternative for JSON.parse

Security rules for eslint

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

snyk library and cli utility

realistic password strength estimation

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

Encrypt/Decrypt the values of a given object

Secure random numbers of any size in any base

Secure and easy Axios integration with Nuxt.js

Fast and simple MD5 hashing utility with zero module dependencies. View MD5 Shootout results, http://jsperf.com/md5-shootout/39

Security header middleware collection for koa

Audited & minimal 0-dependency JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2, Scrypt

Fastest JS implementation of secp256k1. Independently audited, high-security, 0-dependency ECDSA & Schnorr signatures

Makes it possible to use DOMPurify on server and client in the same way.

Middleware to set X-Frame-Options headers

Middleware to set `X-Download-Options` header for IE8 security