Security

Utility methods for escaping according to OWASP.

Safer Node.js Buffer API

A tiny (118 bytes), secure URL-friendly unique string ID generator

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

Generate a cryptographically strong random string

Security rules for eslint

New Relic Security Agent for Node.js

Build Content Security Policy directives.

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

JavaScript library of crypto standards.

JSON parse with prototype poisoning protection

JavaScript implementation of The Update Framework (TUF)

TUF metadata models

📦🐈 Fast, reliable, and secure dependency management.

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

help secure Express/Connect apps with various HTTP headers

A tiny (130B to 205B) and fast utility to randomize unique IDs of fixed length

SSH2 client and server modules written in pure JavaScript for node.js

A ready to use http and https agent for working with proxies that keeps connections alive!

Securely compare two strings, copied from cryptiles

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Calculate meta-vulnerabilities from package security advisories

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

Parse Content Security Policy directives.

A faster, secure and convenient alternative for JSON.parse

Security Context

Create a 'gud nuff' (not cryptographically secure) globally unique id

Secure, audited & minimal implementation of BIP39 mnemonic phrases

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1

SSH2 and SFTP(v3) client/server protocol streams for node.js

General purpose crypto utilities

Secure, audited & 0-dep implementation of base64, bech32, base58, base32 & base16

General purpose crypto utilities

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

An ESLint plugin providing rules that identify common security vulnerabilities for browser applications, Node.js tools, and Node.js services

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

A tiny (230B) and fast UUID (v4) generator for Node and the browser

Make a synchronous function have a timeout

Encrypt/Decrypt the values of a given object

Make a regular expression time out if it takes too long to execute

HTTP State Management Utilities

Applies best practice security headers to responses. It's a simplified port of HelmetJS

Create a security plugin for node.js

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

A library to process OpenAPI security definitions in parallel.