Security

Utility methods for escaping according to OWASP.

Safer Node.js Buffer API

A tiny (118 bytes), secure URL-friendly unique string ID generator

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

Generate a cryptographically strong random string

Security rules for eslint

New Relic Security Agent for Node.js

Build Content Security Policy directives.

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

JavaScript library of crypto standards.

JSON parse with prototype poisoning protection

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

JavaScript implementation of The Update Framework (TUF)

TUF metadata models

📦🐈 Fast, reliable, and secure dependency management.

SSH2 client and server modules written in pure JavaScript for node.js

A tiny (130B to 205B) and fast utility to randomize unique IDs of fixed length

help secure Express/Connect apps with various HTTP headers

Securely compare two strings, copied from cryptiles

Calculate meta-vulnerabilities from package security advisories

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

Parse Content Security Policy directives.

A faster, secure and convenient alternative for JSON.parse

Secure, audited & minimal implementation of BIP39 mnemonic phrases

A ready to use http and https agent for working with proxies that keeps connections alive!

Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1

Secure, audited & 0-dep implementation of base64, bech32, base58, base32 & base16

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

SSH2 and SFTP(v3) client/server protocol streams for node.js

Create a 'gud nuff' (not cryptographically secure) globally unique id

AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native

Security Context

An ESLint plugin providing rules that identify common security vulnerabilities for browser applications, Node.js tools, and Node.js services

General purpose crypto utilities

A tiny (230B) and fast UUID (v4) generator for Node and the browser

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

General purpose crypto utilities

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

Make a synchronous function have a timeout

Make a regular expression time out if it takes too long to execute

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

Applies best practice security headers to responses. It's a simplified port of HelmetJS

HTTP State Management Utilities

AWS SDK for JavaScript Securitylake Client for Node.js, Browser and React Native

A library to process OpenAPI security definitions in parallel.

Makes it possible to use DOMPurify on server and client in the same way.