Security

Safer Node.js Buffer API

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

A tiny (116 bytes), secure URL-friendly unique string ID generator

Generate a cryptographically strong random string

JavaScript library of crypto standards.

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!

Create a 'gud nuff' (not cryptographically secure) globally unique id

📦🐈 Fast, reliable, and secure dependency management.

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

help secure Express/Connect apps with various HTTP headers

JSON parse with prototype poisoning protection

math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available

Calculate meta-vulnerabilities from package security advisories

SSH2 client and server modules written in pure JavaScript for node.js

General purpose crypto utilities

snyk library and cli utility

Securely compare two strings, copied from cryptiles

A ready to use http and https agent for working with proxies that keeps connections alive!

General purpose crypto utilities

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

SSH2 and SFTP(v3) client/server protocol streams for node.js

HTTP Strict Transport Security middleware.

Content Security Policy middleware

Build Content Security Policy directives.

Middleware to disable the X-XSS-Protection header

Middleware to set the Referrer-Policy HTTP header

Middleware to prevent mimetype from being sniffed

Middleware to remove the X-Powered-By header

HTTP Public Key Pinning (HPKP) middleware

Middleware to set the Feature-Policy HTTP header

Set the X-Permitted-Cross-Domain-Policies header in Express apps

A faster, secure and convenient alternative for JSON.parse

HTTP State Management Utilities

Given a response from the npm security api, render it into a variety of security reports

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

Security rules for eslint

Audited & minimal 0-dependency JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2, Scrypt

jsSHA implements the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC

realistic password strength estimation

Encrypt/Decrypt the values of a given object

Secure random numbers of any size in any base

Fastest JS implementation of secp256k1. Independently audited, high-security, 0-dependency ECDSA & Schnorr signatures

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

Makes it possible to use DOMPurify on server and client in the same way.

Secure Smart Contract library for Solidity

Secure and easy Axios integration with Nuxt.js

A tiny (230B) and fast UUID (v4) generator for Node and the browser

Security header middleware collection for koa