We are building free open source tools to secure the Node.js & JavaScript ecosystem. Our biggest area of expertise is in package and code analysis (SCA).
We are mainly developers who like to build tools that bring you value for free ❤️. Our tools often provide a range of benefits and information such as:
- Non opinionated metrics (On quality and maintainability).
- Very useful information about the projects you use:
- The different security threats within your codes (detected using our open source SAST JS-X-Ray).
Our tools have proven to be of great use to rigorous developers and package maintainers. But there is still a long way to go to make our tools more accessible to beginners 💪.
We welcome new contributors. Please feel free to join us on Discord and help on the different projects.
It doesn't necessarily matter if you are a beginner in security or not. Many projects require skills that are not directly related to security. So don't feel illegitimate to come and contribute and learn.
Learn how you can contribute by reading our guide:
Resources to learn more about the project or good security practices
- We frequently write articles about our different tools on https://dev.to/nodesecure.
- OpenSSF - Concise Guide for Evaluating Open Source Software 2023-01-03
- OpenSSF - Concise Guide for Developing More Secure Software 2023-01-03
- Build a software bill of materials (SBOM) for open source supply chain security
- A curated list of awesome Node.js Security resources.
Before contributing, please check and read our Code of conduct. There is some guides available to help developers and contributors:
The maintainers of NodeSecure are also the creators behind projects like TopCli, Dashlog, and many more (see OpenAlly).
