nodejsscan is a static security code scanner for Node.js applications.

Open source vulnerability DB and triage service.

Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Open Threat Exchange Node SDK

Node.js bindings of getdns, a modern asynchronous DNS API.

grep rough audit - source code auditing tool

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

safely install npm packages by auditing them pre-install stage

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

Attribute Based Access Control for Lifeomic products

Auth0 verification plugin for Fastify

Cloud native secrets management for developers - never leave your command line for secrets.

Removes large or troublesome blobs like git-filter-branch does, but faster. And written in Scala

A lightweight Node.js private proxy registry

iamjs - Your complete Access Control Library with End-to-end typesafety

Infisical is the open-source platform for secrets, certificates, and privileged access management.

The open source compliance platform - Drata & Vanta Alternative