👋 Welcome visitor
We are building free open source tools to secure the Node.js & JavaScript ecosystem. Our biggest area of expertise is in package and code analysis (SCA).
We are mainly developers who like to build tools that bring you value for free ❤️. Our tools often provide a range of benefits and information such as:
- Non opinionated metrics (On quality and maintainability).
- Very useful information about the projects you use:
- The different security threats within your codes (detected using our open source SAST JS-X-Ray).
Our tools have proven to be of great use to rigorous developers and package maintainers. But there is still a long way to go to make our tools more accessible to beginners 💪.
❤️ Contributors
We welcome new contributors. Please feel free to join us on Discord and help on the different projects.
It doesn't necessarily matter if you are a beginner in security or not. Many projects require skills that are not directly related to security. So don't feel illegitimate to come and contribute and learn.
🐤 How to contribute
Learn how you can contribute by reading our guide:
Resources to learn more about the project or good security practices
- We frequently write articles about our different tools on https://dev.to/nodesecure.
- OpenSSF - Concise Guide for Evaluating Open Source Software 2023-01-03
- OpenSSF - Concise Guide for Developing More Secure Software 2023-01-03
- Build a software bill of materials (SBOM) for open source supply chain security
- A curated list of awesome Node.js Security resources.
- Collection of npm package manager Security Best Practices
Contribution Guidelines
Before contributing, please check and read our Code of conduct. There is some guides available to help developers and contributors:
👥 Open Alliance
The maintainers of NodeSecure are also the creators behind projects like TopCli, Dashlog, and many more (see OpenAlly).