Skip to content
@NodeSecure

NodeSecure

A group of people 👯 moving toward a safer Node.js and JavaScript ecosystem 🐢🚀

👋 Welcome visitor

We are building free open source tools to secure the Node.js & JavaScript ecosystem. Our biggest area of expertise is in package and code analysis.

We are mainly developers who like to build tools that bring you value for free ❤️. Our tools often provide a range of benefits and information such as:

  • Non opinionated metrics (On quality and maintainability).
  • Very useful information about the projects you use:
    • OpenSSF Scorecard.
    • SPDX license conformance.
    • Vulnerabilities (with support of multiple strategies: NPM, Sonatype, Snyk).
  • The different security threats within your codes (detected using our open source SAST JS-X-Ray).

Our tools have proven to be of great use to rigorous developers and package maintainers. But there is still a long way to go to make our tools more accessible to beginners 💪.

❤️ Contributors

We welcome new contributors. Please feel free to join us on Discord and help on the different projects.

OpenAlly

It doesn't necessarily matter if you are a beginner in security or not. Many projects require skills that are not directly related to security. So don't feel illegitimate to come and contribute and learn.

🐤 How to contribute

Learn how you can contribute by reading our guide:

Resources to learn more about the project or good security practices

Contribution Guidelines

Before contributing, please check and read our Code of conduct. There is some guides available to help developers and contributors:

👥 Open Alliance

The maintainers of Dashlog are also the creators behind projects like TopCli, Dashlog, and many more (see OpenAlly).

Pinned Loading

  1. Governance Governance Public

    NodeSecure Governance (Code of conduct & Contribution guidelines)

    13 4

  2. cli cli Public

    JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.

    JavaScript 367 39

  3. ci ci Public

    NodeSecure tool enabling secured continuous integration

    TypeScript 21 7

  4. js-x-ray js-x-ray Public

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    JavaScript 228 26

  5. scanner scanner Public

    ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!

    TypeScript 30 14

  6. vulnera vulnera Public

    Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

    TypeScript 30 14

Repositories

Showing 10 of 33 repositories
  • Governance Public

    NodeSecure Governance (Code of conduct & Contribution guidelines)

    NodeSecure/Governance’s past year of commit activity
    13 MIT 4 6 2 Updated Dec 29, 2024
  • report Public

    NodeSecure HTML & PDF report generator for any public and/or private git repositories.

    NodeSecure/report’s past year of commit activity
    JavaScript 14 MIT 13 3 (2 issues need help) 0 Updated Dec 26, 2024
  • scanner Public

    ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!

    NodeSecure/scanner’s past year of commit activity
    TypeScript 30 MIT 14 5 (1 issue needs help) 1 Updated Dec 25, 2024
  • ci Public

    NodeSecure tool enabling secured continuous integration

    NodeSecure/ci’s past year of commit activity
    TypeScript 21 MIT 7 2 (1 issue needs help) 1 Updated Dec 23, 2024
  • npm-registry-sdk Public

    Node.js SDK to fetch data from the npm API.

    NodeSecure/npm-registry-sdk’s past year of commit activity
    TypeScript 9 MIT 9 2 0 Updated Dec 23, 2024
  • cli Public

    JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.

    NodeSecure/cli’s past year of commit activity
    JavaScript 367 MIT 39 4 (2 issues need help) 0 Updated Dec 23, 2024
  • vulnera Public

    Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

    NodeSecure/vulnera’s past year of commit activity
    TypeScript 30 MIT 14 5 (1 issue needs help) 1 Updated Dec 23, 2024
  • ci-action Public

    The official GitHub action of the @nodesecure/ci package

    NodeSecure/ci-action’s past year of commit activity
    JavaScript 9 MIT 4 0 1 Updated Dec 23, 2024
  • flags Public

    NodeSecure security flags 🚩 (configuration and documentation)

    NodeSecure/flags’s past year of commit activity
    HTML 2 MIT 8 0 0 Updated Dec 23, 2024
  • utils Public

    Utilities for NodeSecure

    NodeSecure/utils’s past year of commit activity
    TypeScript 0 MIT 4 0 2 Updated Dec 23, 2024

Top languages

Loading…

Most used topics

Loading…