With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js. Learn more →
Top 16 TypeScript security-tool Projects
-
personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
-
privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
CloudGraph cli
The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent. (by cloudgraphdev)
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
-
console
End-to-End encrypted application secrets and configuration management for developers. (by phasehq)
-
jfrog-docker-desktop-extension
🐸 Scans any of your local Docker images for security vulnerabilities. 🐋
-
-
ignorecheck
A simple CLI/utility to ensure certain patterns are present in a project's .gitignore - Be sure to 🌟 this repository for updates!
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Web-check: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-03-01
Checklists at https://github.com/Lissy93/personal-security-checklist/blob/...
Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
Project mention: Phase: HashiCorp Vault and AWS Secrets Manager Alternative for Developers | news.ycombinator.com | 2024-03-24
Project mention: JavaScript registry NPM vulnerable to 'manifest confusion' abuse | news.ycombinator.com | 2023-06-27That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.
This is not a new problem, you just have another vector.
I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.
https://github.com/tanepiper/npm-lint
The example above shows that you absolutely have to validate all URLs you redirect users to if there is a chance they can be manipulated by third parties. In the Secutils.dev Web UI, specifically, I rely on the native URL class to check if the URL has the proper origin before redirecting the user. Also, check out "Preventing Unvalidated Redirects and Forwards" from OWASP for more tips.
Project mention: How to track anything on the internet or use Playwright for fun and profit | dev.to | 2024-01-16To begin, all functionality related to browser automation and web scraping lives in a dedicated service — Web Scraper. The primary rationale is that dealing with browsers and arbitrary user scripts is tricky from a security standpoint, and it's always a good idea to isolate such functionality as much as possible. You can read more about the security aspects of web scraping in the "Running web scraping service securely" post.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
TypeScript security-tools related posts
-
Web-check: All-in-one OSINT tool for analysing any website
-
Web Check: All-in-one OSINT tool for analysing any website
-
Web-Check: All-in-one OSINT tool for analysing any website
-
Running web scraping service securely
-
Find out which NPM packages are used on your favourite website
-
Open source website bundle analyzer that shows vulnerable NPM packages
-
I created a tool, that detects NPM package versions used on a website
-
A note from our sponsor - SurveyJS
surveyjs.io | 20 May 2024
Index
What are some of the best open-source security-tool projects in TypeScript? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | web-check | 19,128 |
| 2 | personal-security-checklist | 15,879 |
| 3 | ThreatMapper | 4,650 |
| 4 | privacy.sexy | 3,593 |
| 5 | lunasec | 1,411 |
| 6 | CloudGraph cli | 870 |
| 7 | ZeusCloud | 671 |
| 8 | gradejs | 402 |
| 9 | console | 263 |
| 10 | hashpass | 115 |
| 11 | jfrog-docker-desktop-extension | 74 |
| 12 | ots-share-app | 52 |
| 13 | npm-lint | 26 |
| 14 | secutils-webui | 7 |
| 15 | ignorecheck | 4 |
| 16 | secutils-web-scraper | 1 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com