☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
eslint-plugin-security
- ESLint rules for Node Security.eslint-plugin-no-unsanitized
- ESLint rules to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike.eslint-config-sec
- ESLint rules for writing safe and secure client code.dompurify
- XSS sanitizer for HTML, MathML and SVGsanitize-html
- Clean up user-submitted HTML.serialize-javascript
- Serialize JavaScript safely - HTML characters and JS line terminators are escaped automatically.audit-ci
- NPM and Yarn dependencies audit for CI/CD.dtrack-audit
- OWASP Dependency Track API client for CI/CD.csp-html-webpack-plugin
- Generates meta content for your Content Security Policy tag.script-src
and style-src
directives to disallow inline scripts and styles. More here.