Security

Utility methods for escaping according to OWASP.

Safer Node.js Buffer API

A tiny (118 bytes), secure URL-friendly unique string ID generator

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

Security rules for eslint

Generate a cryptographically strong random string

New Relic Security Agent for Node.js

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Build Content Security Policy directives.

JavaScript library of crypto standards.

JSON parse with prototype poisoning protection

JavaScript implementation of The Update Framework (TUF)

📦🐈 Fast, reliable, and secure dependency management.

TUF metadata models

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

Secure, collision-resistant ids optimized for horizontal scaling and performance. Next generation UUIDs.

help secure Express/Connect apps with various HTTP headers

A tiny (130B to 205B) and fast utility to randomize unique IDs of fixed length

SSH2 client and server modules written in pure JavaScript for node.js

A faster, secure and convenient alternative for JSON.parse

security holding package

A ready to use http and https agent for working with proxies that keeps connections alive!

Securely compare two strings, copied from cryptiles

Secure, audited & minimal implementation of BIP39 mnemonic phrases

Calculate meta-vulnerabilities from package security advisories

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

Secure, audited & 0-dep implementation of base64, bech32, base58, base32 & base16

Parse Content Security Policy directives.

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

Convert Security Identifiers between strings and buffers

Create a 'gud nuff' (not cryptographically secure) globally unique id

General purpose crypto utilities

AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native

SSH2 and SFTP(v3) client/server protocol streams for node.js

A tiny (230B) and fast UUID (v4) generator for Node and the browser

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

Make a synchronous function have a timeout

Make a regular expression time out if it takes too long to execute

An ESLint plugin providing rules that identify common security vulnerabilities for browser applications, Node.js tools, and Node.js services

Security Context

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

General purpose crypto utilities

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

Makes it possible to use DOMPurify on server and client in the same way.

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

HTTP State Management Utilities