🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

Perform advanced MiTM attacks on websites with ease 💉

Use DOMPurify on server and client in the same way

An implementation of PHP's strip_tags in Typescript.

渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript

Safe replacement for the v-html directive

Inclusive Angular API for DOMPurify

Markdown to HTML using marked and DOMPurify. Safe by default.

Detect security flaws in Joi validation schemas (XSS, SQL injection, ...) 🔥

A Beautiful, Responsive Periodic Table Web Application made using Next JS 13, Tailwind CSS, Framer Motion, Typescript, Shadcn UI

NeXSS is a modern, self-hosted Blind XSS (Cross-Site Scripting) hunter and callback listener built with Next.js. It helps security researchers and penetration testers discover and validate blind XSS vulnerabilities by capturing detailed information when payloads execute on target systems.

🛡 Security plugin for Next.js based on OWASP and Helmet

Security training for the apps you actually ship. Open your browser and start hacking.

A package of security tools for your application. ( beta-testing )

A Nuxt 3 module for sanitizing HTML content using DOMPurify to protect against XSS attacks.

Jaga is an ultra-lightweight, zero-dependency security layer for HTML templates, providing context-aware XSS protection between user input and the DOM.

Backend for a complete session-based user authentication: Bun, Hono, Drizzle, SQLite.

One-line security middleware for Node.js and Python. XSS, SQLi, SSRF, rate limiting, CORS, security headers

The first browser MCP built for security testing. Give your AI agent a real Firefox browser and let it find vulnerabilities.

DOMPurify-powered HTML sanitizer for Svelte — SSR-safe, browser-ready, TypeScript-first.