Skip to content
@NodeSecure

NodeSecure

A group of people 👯 moving toward a safer Node.js and JavaScript ecosystem 🐢🚀

👋 Welcome visitor

We are building free open source tools to secure the Node.js & JavaScript ecosystem. Our biggest area of expertise is in package and code analysis.

We are mainly developers who like to build tools that bring you value for free ❤️. Our tools often provide a range of benefits and information such as:

  • Non opinionated metrics (On quality and maintainability).
  • Very useful information about the projects you use:
    • OpenSSF Scorecard.
    • SPDX license conformance.
    • Vulnerabilities (with support of multiple strategies: NPM, Sonatype, Snyk).
  • The different security threats within your codes (detected using our open source SAST JS-X-Ray).

Our tools have proven to be of great use to rigorous developers and package maintainers. But there is still a long way to go to make our tools more accessible to beginners 💪.

❤️ Contributors

We welcome new contributors. Please feel free to join us on Discord and help on the different projects.

OpenAlly

It doesn't necessarily matter if you are a beginner in security or not. Many projects require skills that are not directly related to security. So don't feel illegitimate to come and contribute and learn.

🐤 How to contribute

Learn how you can contribute by reading our guide:

Resources to learn more about the project or good security practices

Contribution Guidelines

Before contributing, please check and read our Code of conduct. There is some guides available to help developers and contributors:

👥 Open Alliance

The maintainers of Dashlog are also the creators behind projects like TopCli, Dashlog, and many more (see OpenAlly).

Pinned Loading

  1. Governance Governance Public

    NodeSecure Governance (Code of conduct & Contribution guidelines)

    13 4

  2. cli cli Public

    JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.

    JavaScript 367 39

  3. ci ci Public

    NodeSecure tool enabling secured continuous integration

    TypeScript 21 7

  4. js-x-ray js-x-ray Public

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    JavaScript 229 26

  5. scanner scanner Public

    ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!

    TypeScript 28 13

  6. vulnera vulnera Public

    Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

    TypeScript 30 14

Repositories

Showing 10 of 33 repositories
  • report Public

    NodeSecure HTML & PDF report generator for any public and/or private git repositories.

    NodeSecure/report’s past year of commit activity
    JavaScript 14 MIT 13 3 (2 issues need help) 4 Updated Dec 9, 2024
  • Governance Public

    NodeSecure Governance (Code of conduct & Contribution guidelines)

    NodeSecure/Governance’s past year of commit activity
    13 MIT 4 6 1 Updated Dec 9, 2024
  • cli Public

    JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.

    NodeSecure/cli’s past year of commit activity
    JavaScript 367 MIT 39 4 (2 issues need help) 0 Updated Dec 8, 2024
  • js-x-ray Public

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    NodeSecure/js-x-ray’s past year of commit activity
    JavaScript 229 MIT 26 7 (3 issues need help) 0 Updated Dec 1, 2024
  • gitlab Public

    Download and extract gitlab repository

    NodeSecure/gitlab’s past year of commit activity
    TypeScript 3 MIT 4 0 0 Updated Dec 1, 2024
  • github Public

    Download and Extract Github repository

    NodeSecure/github’s past year of commit activity
    TypeScript 4 MIT 4 0 0 Updated Dec 1, 2024
  • fs-walk Public

    Modern FileSystem (fs) utilities to lazy walk directories Asynchronously (but also Synchronously)

    NodeSecure/fs-walk’s past year of commit activity
    TypeScript 0 MIT 4 0 0 Updated Dec 1, 2024
  • scanner Public

    ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!

    NodeSecure/scanner’s past year of commit activity
    TypeScript 28 MIT 13 5 (1 issue needs help) 4 Updated Nov 11, 2024
  • npm-registry-sdk Public

    Node.js SDK to fetch data from the npm API.

    NodeSecure/npm-registry-sdk’s past year of commit activity
    TypeScript 9 MIT 9 2 2 Updated Nov 11, 2024
  • ci Public

    NodeSecure tool enabling secured continuous integration

    NodeSecure/ci’s past year of commit activity
    TypeScript 21 MIT 7 2 (1 issue needs help) 2 Updated Nov 1, 2024