NodeSecure
Building a safer Node.js and JavaScript ecosystem
We are a community of developers building free open source tools to secure the Node.js & JavaScript ecosystem. Our area of expertise is in package and code analysis.
Building a safer Node.js and JavaScript ecosystem
We are a community of developers building free open source tools to secure the Node.js & JavaScript ecosystem. Our area of expertise is in package and code analysis.
# Installing the project globally with NPM $ npm i @nodesecure/cli -g # Analyze a package on a remote registry $ nsecure auto fastify # Analyze a local package.json $ nsecure auto # Fetch OpenSSF scorecard for a specific package or GIT. $ nsecure scorecard express # Performs a deep analysis of a specified NPM package. $ nsecure verify mocha
🐤 New to NodeSecure? Check out our beginner guides to start contributing.
We do not just provide cool tools, we also build our own open source back-end to power them. You can easily install and use them in your own projects or build your own tools on top of them.
A collection of tools to run a static analysis of your module's dependencies tree and NPM metadata.
JavaScript open-source SAST scanner. A static analyser crafted for detecting most common malicious patterns.
Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, OSV...).
We welcome new contributors! Whether you're a security expert or just starting out, there's a place for you in our community.
