152 Best Node.js Security Libraries

Curated by the Openbase team and community.Learn more

Curated by the Openbase team and community. Learn more

nan

nanoid

A tiny (108 bytes), secure, URL-friendly, unique string ID generator for JavaScript

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
4.9/ 5
20
Top Feedback
great-docs
11Great Documentation
easy-to-use
11Easy to Use
performant
10Performant
GitHub Stars
Github Icon
13K
Weekly Downloads
Weekly Downloads Icon
12M
Last Commit
24d ago
Bundle Size (min+gzip)
0.49KB
Tree-Shakeable
dom

dompurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

License Icon
License: (MPL-2.0 OR Apache-2.0)
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
easy-to-use
2Easy to Use
performant
1Performant
GitHub Stars
Github Icon
7K
Weekly Downloads
Weekly Downloads Icon
1M
Last Commit
22d ago
Bundle Size (min+gzip)
N/A
Tree-Shakeable

keycloak-js

Open Source Identity and Access Management For Modern Applications and Services

License Icon
License: Apache-2.0
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
2
Top Feedback
N/A
GitHub Stars
Github Icon
9K
Weekly Downloads
Weekly Downloads Icon
151K
Last Commit
5d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

uuid

Generate RFC-compliant UUIDs in JavaScript

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.7/ 5
41
Top Feedback
easy-to-use
28Easy to Use
great-docs
21Great Documentation
performant
19Performant
GitHub Stars
Github Icon
11K
Weekly Downloads
Weekly Downloads Icon
49M
Last Commit
4mo ago
Bundle Size (min+gzip)
3.35KB
Tree-Shakeable

node-forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

License Icon
License: (BSD-3-Clause OR GPL-2.0)
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
2
Top Feedback
performant
1Performant
GitHub Stars
Github Icon
4K
Weekly Downloads
Weekly Downloads Icon
12M
Last Commit
4mo ago
Bundle Size (min+gzip)
73.6KB
Not Tree-Shakeable
xss

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
4K
Weekly Downloads
Weekly Downloads Icon
2M
Last Commit
3mo ago
Bundle Size (min+gzip)
5.43KB
Not Tree-Shakeable

jwt-decode

Decode JWT tokens; useful for browser applications.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
4.8/ 5
6
Top Feedback
easy-to-use
4Easy to Use
great-docs
3Great Documentation
performant
1Performant
GitHub Stars
Github Icon
2K
Weekly Downloads
Weekly Downloads Icon
2M
Last Commit
5mo ago
Bundle Size (min+gzip)
0.78KB
Tree-Shakeable

express-validator

An express.js middleware for validator.js.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
4.7/ 5
13
Top Feedback
easy-to-use
9Easy to Use
great-docs
8Great Documentation
performant
6Performant
GitHub Stars
Github Icon
5K
Weekly Downloads
Weekly Downloads Icon
302K
Last Commit
5d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
jsr

jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token in pure JavaScript.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
great-docs
1Great Documentation
hard-to-use
1Hard to Use
GitHub Stars
Github Icon
3K
Weekly Downloads
Weekly Downloads Icon
177K
Last Commit
24d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

cors

Node.js CORS middleware

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.7/ 5
24
Top Feedback
easy-to-use
16Easy to Use
great-docs
11Great Documentation
performant
6Performant
GitHub Stars
Github Icon
5K
Weekly Downloads
Weekly Downloads Icon
5M
Last Commit
10mo ago
Bundle Size (min+gzip)
1.84KB
Not Tree-Shakeable

crypto-js

JavaScript library of crypto standards.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.8/ 5
12
Top Feedback
great-docs
6Great Documentation
easy-to-use
5Easy to Use
performant
1Performant
GitHub Stars
Github Icon
11K
Weekly Downloads
Weekly Downloads Icon
4M
Last Commit
6d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.7/ 5
52
Top Feedback
great-docs
22Great Documentation
easy-to-use
22Easy to Use
performant
18Performant
GitHub Stars
Github Icon
14K
Weekly Downloads
Weekly Downloads Icon
6M
Last Commit
4mo ago
Bundle Size (min+gzip)
11.6KB
Not Tree-Shakeable
il

iconv-lite

Convert character encodings in pure javascript.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
2
Top Feedback
N/A
GitHub Stars
Github Icon
3K
Weekly Downloads
Weekly Downloads Icon
34M
Last Commit
18d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
ell

elliptic

Fast Elliptic Curve Cryptography in plain javascript

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
12M
Last Commit
6mo ago
Bundle Size (min+gzip)
46.4KB
Not Tree-Shakeable
su

short-uuid

Translate standard UUIDs into shorter formats and back.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
1
Top Feedback
great-docs
1Great Documentation
easy-to-use
1Easy to Use
highly-custom
1Highly Customizable
GitHub Stars
Github Icon
231
Weekly Downloads
Weekly Downloads Icon
121K
Last Commit
2mo ago
Bundle Size (min+gzip)
4.27KB
Not Tree-Shakeable
it

io-ts

Runtime type system for IO decoding/encoding

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
4.5/ 5
2
Top Feedback
hard-to-use
2Hard to Use
bleeding-edge
1Bleeding Edge
GitHub Stars
Github Icon
5K
Weekly Downloads
Weekly Downloads Icon
301K
Last Commit
3mo ago
Bundle Size (min+gzip)
5.17KB
Tree-Shakeable
po

passport-oauth2

OAuth 2.0 authentication strategy for Passport and Node.js.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
easy-to-use
1Easy to Use
GitHub Stars
Github Icon
500
Weekly Downloads
Weekly Downloads Icon
351K
Last Commit
1mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
pas

passport

Simple, unobtrusive authentication for Node.js.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.3/ 5
72
Top Feedback
performant
12Performant
easy-to-use
11Easy to Use
highly-custom
9Highly Customizable
GitHub Stars
Github Icon
19K
Weekly Downloads
Weekly Downloads Icon
1M
Last Commit
1mo ago
Bundle Size (min+gzip)
2.57KB
Not Tree-Shakeable
ea

email-addresses

An RFC 5322 email address parser

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
206
Weekly Downloads
Weekly Downloads Icon
251K
Last Commit
2mo ago
Bundle Size (min+gzip)
2.74KB
Not Tree-Shakeable

express-session

Simple session middleware for Express

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
4.2/ 5
5
Top Feedback
great-docs
1Great Documentation
easy-to-use
1Easy to Use
performant
1Performant
GitHub Stars
Github Icon
5K
Weekly Downloads
Weekly Downloads Icon
985K
Last Commit
2mo ago
Bundle Size (min+gzip)
6.79KB
Not Tree-Shakeable

simple-oauth2

A simple Node.js client library for Oauth2

License Icon
License: Apache-2.0
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
74K
Last Commit
2mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

@feathersjs/authentication-jwt

A framework for real-time applications and REST APIs with JavaScript and TypeScript

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
13K
Weekly Downloads
Weekly Downloads Icon
3K
Last Commit
16d ago
Bundle Size (min+gzip)
20.3KB
Not Tree-Shakeable
arg

argon2

Node.js bindings for Argon2 hashing algorithm

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
2
Top Feedback
great-docs
1Great Documentation
performant
1Performant
bleeding-edge
1Bleeding Edge
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
49K
Last Commit
1mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

cyberchef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

License Icon
License: Apache-2.0
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
5.0/ 5
2
Top Feedback
N/A
GitHub Stars
Github Icon
13K
Weekly Downloads
Weekly Downloads Icon
475
Last Commit
4mo ago
Bundle Size (min+gzip)
N/A
Tree-Shakeable

buttercup

🎩 The mighty NodeJS password vault

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
359
Weekly Downloads
Weekly Downloads Icon
308
Last Commit
2mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
pl

passport-local

Username and password authentication strategy for Passport and Node.js.

License Icon
License: Unknown
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
easy-to-use
1Easy to Use
GitHub Stars
Github Icon
3K
Weekly Downloads
Weekly Downloads Icon
452K
Last Commit
1mo ago
Bundle Size (min+gzip)
0.66KB
Not Tree-Shakeable
niv

node-input-validator

Validation library for node.js

License Icon
License: ISC
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
4.9/ 5
17
Top Feedback
great-docs
10Great Documentation
easy-to-use
9Easy to Use
performant
5Performant
GitHub Stars
Github Icon
63
Weekly Downloads
Weekly Downloads Icon
6K
Last Commit
2mo ago
Bundle Size (min+gzip)
145.6KB
Not Tree-Shakeable
oau

oauth

OAuth wrapper for node.js

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
2K
Weekly Downloads
Weekly Downloads Icon
506K
Last Commit
5y ago
Bundle Size (min+gzip)
4.78KB
Not Tree-Shakeable
val

validatorjs

A data validation library in JavaScript for the browser and Node.js, inspired by Laravel's Validator.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
5.0/ 5
3
Top Feedback
great-docs
1Great Documentation
easy-to-use
1Easy to Use
highly-custom
1Highly Customizable
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
37K
Last Commit
8mo ago
Bundle Size (min+gzip)
38.4KB
Not Tree-Shakeable
vu

vue-uuid

Add UUID to Vue instance.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
1
Top Feedback
great-docs
1Great Documentation
easy-to-use
1Easy to Use
performant
1Performant
GitHub Stars
Github Icon
51
Weekly Downloads
Weekly Downloads Icon
21K
Last Commit
1y ago
Bundle Size (min+gzip)
3.28KB
Tree-Shakeable
val

valivar

Javascript/Typescript schema-based validation and sanitation

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
5.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
4
Weekly Downloads
Weekly Downloads Icon
7
Last Commit
2mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

svg-captcha

generate svg captcha in node

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
5.0/ 5
2
Top Feedback
easy-to-use
1Easy to Use
performant
1Performant
highly-custom
1Highly Customizable
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
10K
Last Commit
2y ago
Bundle Size (min+gzip)
41.7KB
Not Tree-Shakeable

kickbox

Email Address Verification for Node.js

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
5.0/ 5
2
Top Feedback
N/A
GitHub Stars
Github Icon
42
Weekly Downloads
Weekly Downloads Icon
1K
Last Commit
3y ago
Bundle Size (min+gzip)
187.4KB
Not Tree-Shakeable

socketio-jwt

Authenticate socket.io incoming connections with JWTs

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
4.0/ 5
2
Top Feedback
great-docs
2Great Documentation
bleeding-edge
1Bleeding Edge
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
14K
Last Commit
4mo ago
Bundle Size (min+gzip)
13.3KB
Not Tree-Shakeable

contentful-management

JavaScript library for Contentful's Management API (node & browser)

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
173
Weekly Downloads
Weekly Downloads Icon
453K
Last Commit
2d ago
Bundle Size (min+gzip)
N/A
Tree-Shakeable

x-xss-protection

Help secure Express apps with various HTTP headers

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
8K
Weekly Downloads
Weekly Downloads Icon
683K
Last Commit
1mo ago
Bundle Size (min+gzip)
0.22KB
Not Tree-Shakeable

uuidv4

uuidv4 creates v4 UUIDs.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
110
Weekly Downloads
Weekly Downloads Icon
197K
Last Commit
15d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

email-verifier

The best possible way to verify and validate an email address.

License Icon
License: Unlicense
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
4.0/ 5
1
Top Feedback
N/A
GitHub Stars
Github Icon
37
Weekly Downloads
Weekly Downloads Icon
580
Last Commit
2y ago
Bundle Size (min+gzip)
188.6KB
Not Tree-Shakeable
gra

grant

OAuth Proxy

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
3K
Weekly Downloads
Weekly Downloads Icon
85K
Last Commit
10d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable

fastify-cors

Fastify CORS

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
157
Weekly Downloads
Weekly Downloads Icon
129K
Last Commit
8d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
jre

json-rules-engine

A rules engine expressed in JSON

License Icon
License: ISC
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
35K
Last Commit
2mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
oh

object-hash

Generate hashes from javascript objects in node and the browser.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
1K
Weekly Downloads
Weekly Downloads Icon
7M
Last Commit
2mo ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
md5

md5

a JavaScript function for hashing messages with MD5

License Icon
License: BSD-3-Clause
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
N/A
Top Feedback
great-docs
1Great Documentation
GitHub Stars
Github Icon
785
Weekly Downloads
Weekly Downloads Icon
4M
Last Commit
6mo ago
Bundle Size (min+gzip)
2.22KB
Not Tree-Shakeable
xc

xml-crypto

Xml digital signature and encryption library for Node.js

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
160
Weekly Downloads
Weekly Downloads Icon
445K
Last Commit
5d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
has

hasha

Hashing made simple. Get the hash of a buffer/string/stream/file.

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
N/A
Top Feedback
great-docs
1Great Documentation
GitHub Stars
Github Icon
866
Weekly Downloads
Weekly Downloads Icon
3M
Last Commit
7mo ago
Bundle Size (min+gzip)
1.00KB
Not Tree-Shakeable

swagger-parser

Swagger 2.0 and OpenAPI 3.0 parser/validator

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
750
Weekly Downloads
Weekly Downloads Icon
514K
Last Commit
1mo ago
Bundle Size (min+gzip)
87.1KB
Not Tree-Shakeable
dec

decoders

Elegant validation library for type-safe input data (for TypeScript and Flow)

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Built-In
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
262
Weekly Downloads
Weekly Downloads Icon
9K
Last Commit
23d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable
cps

connect-pg-simple

A simple, minimal PostgreSQL session store for Connect/Express

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: DefinitelyTyped
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
174
Weekly Downloads
Weekly Downloads Icon
15K
Last Commit
2d ago
Bundle Size (min+gzip)
31.0KB
Not Tree-Shakeable

crypto-browserify

partial implementation of node's `crypto` for the browser

License Icon
License: MIT
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
484
Weekly Downloads
Weekly Downloads Icon
11M
Last Commit
3y ago
Bundle Size (min+gzip)
155.4KB
Not Tree-Shakeable

supertokens-node

Node driver for SuperTokens core

License Icon
License: Apache-2.0
TypeScript Icon
TypeScript Definitions: Not Found
User Rating
N/A
Top Feedback
N/A
GitHub Stars
Github Icon
41
Weekly Downloads
Weekly Downloads Icon
308
Last Commit
5d ago
Bundle Size (min+gzip)
N/A
Not Tree-Shakeable