Security

Utility methods for escaping according to OWASP.

Safer Node.js Buffer API

A tiny (118 bytes), secure URL-friendly unique string ID generator

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

Generate a cryptographically strong random string

Security rules for eslint

New Relic Security Agent for Node.js

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Build Content Security Policy directives.

JavaScript library of crypto standards.

JSON parse with prototype poisoning protection

📦🐈 Fast, reliable, and secure dependency management.

JavaScript implementation of The Update Framework (TUF)

TUF metadata models

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

help secure Express/Connect apps with various HTTP headers

Secure, collision-resistant ids optimized for horizontal scaling and performance. Next generation UUIDs.

A tiny (130B to 205B) and fast utility to randomize unique IDs of fixed length

SSH2 client and server modules written in pure JavaScript for node.js

A faster, secure and convenient alternative for JSON.parse

Secure, audited & minimal implementation of BIP39 mnemonic phrases

Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1

Calculate meta-vulnerabilities from package security advisories

Secure, audited & 0-dep implementation of base64, bech32, base58, base32 & base16

Securely compare two strings, copied from cryptiles

A ready to use http and https agent for working with proxies that keeps connections alive!

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

Parse Content Security Policy directives.

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

Create a 'gud nuff' (not cryptographically secure) globally unique id

Security Context

Convert Security Identifiers between strings and buffers

SSH2 and SFTP(v3) client/server protocol streams for node.js

AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native

An ESLint plugin providing rules that identify common security vulnerabilities for browser applications, Node.js tools, and Node.js services

Secure Smart Contract library for Solidity

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

A tiny (230B) and fast UUID (v4) generator for Node and the browser

General purpose crypto utilities

Given a response from the npm security api, render it into a variety of security reports

Make a synchronous function have a timeout

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

Make a regular expression time out if it takes too long to execute

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

General purpose crypto utilities

HTTP State Management Utilities

Applies best practice security headers to responses. It's a simplified port of HelmetJS