👋 Welcome visitor
We are building free open source tools to secure the Node.js & JavaScript ecosystem. Our biggest area of expertise is in package and code analysis.
We are mainly developers who like to build tools that bring you value for free
- Non opinionated metrics (On quality and maintainability).
- Very useful information about the projects you use:
- The different security threats within your codes (detected using our open source SAST JS-X-Ray).
Our tools have proven to be of great use to rigorous developers and package maintainers. But there is still a long way to go to make our tools more accessible to beginners
❤️ Contributors
We welcome new contributors. Please feel free to join us on Discord and help on the different projects.
It doesn't necessarily matter if you are a beginner in security or not. Many projects require skills that are not directly related to security. So don't feel illegitimate to come and contribute and learn.
🐤 How to contribute
Learn how you can contribute by reading our guide:
Resources to learn more about the project or good security practices
- We frequently write articles about our different tools on https://dev.to/nodesecure.
- OpenSSF - Concise Guide for Evaluating Open Source Software 2023-01-03
- OpenSSF - Concise Guide for Developing More Secure Software 2023-01-03
- Build a software bill of materials (SBOM) for open source supply chain security
- A curated list of awesome Node.js Security resources.
