Best IT Security Software for JavaScript - Page 2
View:
Compare the Top IT Security Software that integrates with JavaScript as of September 2025 - Page 2
Sort By:
This a list of IT Security software that integrates with JavaScript. Use the filters on the left to add additional filters for products that have integrations with JavaScript. View the products that work with JavaScript in the table below.
-
1
Wink
Wink
Wink enables any institution to offer simpler and superior identity and payment experiences through biometrics. The Wink platform brings facial and voice recognition-based multi-factor authentication and payments that can eliminate passwords, SMS/OTP, usernames, card numbers, and other older technologies that are memory or device-based. Integrate the Wink streaming checkout plug-in to eliminate fraud with our unique face- and voice-based user recognition. Dramatically improve conversions and eliminate cart abandonments as consumers simply smile to check out. Make long checkout forms and forgotten passwords a thing of the past. The industry’s first multi-factor biometric authentication combines the convenience and security of face-id type experience enhanced by strong digital voice printing. Our unique and patented one-way anonymous encryption technology ensures full privacy protection as the unique Wink ID represents the user’s face and voice data as a 3D model.Starting Price: $499 per month -
2
KloudMate
KloudMate
Squash latencies, detect bottlenecks, and debug errors. Join a rapidly expanding community of businesses from around the world, that are achieving 20X value and ROI by adopting KloudMate, compared to any other observability platform. Quickly monitor crucial metrics, and dependencies, and detect anomalies through alarms and issue tracking. Instantly locate ‘break-points’ in your application development lifecycle, to proactively fix issues. View service maps for every component in your application, and uncover intricate interconnections and dependencies. Trace every request and operation, providing detailed visibility into execution paths and performance metrics. Whether it's multi-cloud, hybrid, or private architecture, access unified Infrastructure monitoring capabilities to monitor metrics and gather insights. Supercharge debugging speed and precision with a complete system view. Identify and resolve issues faster.Starting Price: $60 per month -
3
Halo Security
Halo Security
Get a complete picture of your attack surface with Halo Security. Our easy-to-use, all-in-one solution to external cybersecurity testing and monitoring helps thousands of enterprises protect their customer data. Modern business moves fast. Developers add new websites, services, and software. Old assets are forgotten and new acquisitions are brought into the fold. Every website, server, certificate, or third-party JavaScript creates another way for attackers looking to steal customer data. Our agentless and recursive discovery engine discovers the assets you’re not aware of, so you can prioritize your efforts from a single pane of glass. From firewall monitoring to penetration testing, you can easily apply the right resources to every asset from our centralized dashboard. With quick access to the specifications of each asset, you can be confident that everything you control is being monitored appropriately.Starting Price: $399 per month -
4
NextAuth.js
NextAuth.js
NextAuth.js is an open source authentication solution tailored for Next.js applications, offering seamless integration with popular services like Google, Facebook, Auth0, and Apple. It supports various authentication methods, including OAuth 1.0 & 2.0, email/passwordless sign-ins, and custom username/password systems. Designed for flexibility, NextAuth.js operates efficiently in serverless environments and supports multiple databases such as MySQL, PostgreSQL, MSSQL, and MongoDB, allowing developers to choose between database sessions or JSON Web Tokens (JWT). Security features include signed, prefixed, server-only cookies, HTTP POST with CSRF token validation, and encrypted JWTs using JWS/JWE/JWK standards. The platform facilitates easy setup, enabling developers to add authentication in minutes with minimal configuration. Comprehensive documentation and a supportive community further enhance its accessibility for developers seeking a robust authentication system.Starting Price: Free -
5
Auth.js
Auth.js
Auth.js is an open-source authentication library designed to integrate seamlessly with modern JavaScript frameworks, providing a flexible and secure authentication experience. It supports various authentication methods, including OAuth (e.g., Google, GitHub), credentials, and WebAuthn, allowing developers to choose the most suitable approach for their applications. Auth.js is compatible with multiple frameworks, such as Next.js, SvelteKit, Express, Qwik, and SolidStart, enabling developers to implement authentication across different platforms. The library offers built-in support for popular databases like Prisma, Drizzle ORM, Supabase, Firebase, and TypeORM, facilitating user data management. Security features include signed cookies, CSRF token validation, and encrypted JSON Web Tokens (JWTs), ensuring robust protection for user data. Auth.js is designed to operate efficiently in serverless environments and provides comprehensive documentation and examples.Starting Price: Free -
6
OpenFGA
The Linux Foundation
OpenFGA is an open source authorization solution that enables developers to implement fine-grained access control using a user-friendly modeling language and APIs. Inspired by Google's Zanzibar paper, it supports various access control models, including Relationship-Based Access Control (ReBAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). OpenFGA offers SDKs for multiple programming languages, such as Java, .NET, JavaScript, Go, and Python, facilitating seamless integration into diverse applications. The platform is designed for high performance, capable of processing authorization checks in milliseconds, making it suitable for projects ranging from small startups to large enterprises. Operating under the Cloud Native Computing Foundation (CNCF) as a sandbox project, OpenFGA emphasizes transparency and community collaboration, inviting contributions to its development and governance.Starting Price: Free -
7
GitHub Advanced Security
GitHub
With AI-powered remediation, static analysis, secret scanning, and software composition analysis, GitHub Advanced Security helps developers and security teams work together to eliminate security debt and keep new vulnerabilities out of code. Code scanning with Copilot Autofix detects vulnerabilities, provides contextual explanations, and suggests fixes in the pull request and for historical alerts. Solve your backlog of application security debt. Security campaigns target and generate autofixes for up to 1,000 alerts at a time, rapidly reducing the risk of application vulnerabilities and zero-day attacks. Secret scanning with push protection guards over 200 token types and patterns from more than 150 service providers, even elusive secrets like passwords and PII. Powered by security experts and a global community of more than 100 million developers, GitHub Advanced Security provides the insights and automation you need to ship more secure software on schedule.Starting Price: $49 per month per user -
8
Zebra Enterprise Browser
Zebra Technologies
Zebra's Enterprise Browser is an Android-based industrial browser that enables the development of web-based applications tailored to leverage the full capabilities of Zebra devices. It allows developers to create feature-rich applications using standard web technologies such as HTML5, CSS, and JavaScript, ensuring compatibility across various Zebra devices, including mobile computers, tablets, kiosks, wearables, and vehicle-mounted devices. The browser provides access to Zebra's extensive API library, facilitating seamless integration with device features like barcode scanning, RFID, and cameras. Additionally, Enterprise Browser supports integration with leading Enterprise Resource Planning (ERP) systems, such as SAP, through the Zebra Picking Plus API, enabling real-time updates to backend databases and streamlining operational workflows. By offering a consistent and intuitive user interface, Enterprise Browser enhances worker productivity and simplifies the development process.Starting Price: Free -
9
ThumbmarkJS
ThumbmarkJS
ThumbmarkJS is a fair, privacy-friendly fingerprinting library built by developers for developers. Offered under an MIT license, it can be installed via NPM or loaded from jsDelivr, and with just a few lines of JavaScript, importing the UMD bundle and calling tm.get(), it returns a consistent 32-character thumbmark fingerprint. For small projects requiring higher accuracy, a free API version is available, while the Pro version scales indefinitely and cost-efficiently for large-scale applications. Without complex setup or invasive tracking, ThumbmarkJS has been integrated into over 60,000 websites, handling more than 1 billion identifications and 200 thousand downloads per month. It is free, open source, and has been designed as an alternative to FingerprintJS. It generates distinct, persistent device fingerprints using web APIs like canvas, audio, fonts, WebGL, and more, enabling identification of browsers across sessions.Starting Price: €15 per month -
10
Dash0
Dash0
Dash0 is an OpenTelemetry-native observability platform that unifies metrics, logs, traces, and resources into one intuitive interface, enabling fast and context-rich monitoring without vendor lock-in. It centralizes Prometheus and OpenTelemetry metrics, supports powerful filtering of high-cardinality attributes, and provides heatmap drilldowns and detailed trace views to pinpoint errors and bottlenecks in real time. Users benefit from fully customizable dashboards built on Perses, with support for code-based configuration and Grafana import, plus seamless integration with predefined alerts, checks, and PromQL queries. Dash0's AI-enhanced tools, such as Log AI for automated severity inference and pattern extraction, enrich telemetry data without requiring users to even notice that AI is working behind the scenes. These AI capabilities power features like log classification, grouping, inferred severity tagging, and streamlined triage workflows through the SIFT framework.Starting Price: $0.20 per month -
11
Javascript Obfuscator
Javascript Obfuscator
JavaScript Obfuscator transforms readable JavaScript source code into an obfuscated and unintelligible form, preventing reverse engineering, tampering, and intellectual property theft while preserving full functionality and compatibility with the latest ECMAScript versions. It includes powerful features such as minification and compression for reduced file size and faster load times, dead code insertion to confuse static analysis, and domain- or IP-based locking to disable code execution outside authorized environments. The tool provides GUI-driven desktop batch processing that allows users to protect JavaScript embedded in HTML, PHP, JSP, or similar files with just a few clicks, and supports keeping initial comments or inserting custom headers into output files. Advanced controls let you exclude certain names from obfuscation and ensure consistent symbol renaming across multiple files.Starting Price: Free -
12
jsObf
jsObf
jsObf is a powerful, web-based JavaScript encryption and obfuscation tool that enables users to transform readable JavaScript code into obfuscated, secure versions via direct input or file uploads (up to 5 MB). It also serves developers through its API, offering two endpoints, one for raw code and another for file uploads, with configurable output formats (JSON or XML) and adjustable complexity levels. It simplifies protection workflows with intuitive, drag-and-drop interfaces and backend API support, empowering users to quickly mask logic, thwart reverse engineering, and secure proprietary scripts without complex setup or tooling.Starting Price: $49.99 per month -
13
JS-Confuser
JS-Confuser
JS-Confuser is a powerful, open source JavaScript obfuscation tool that transforms your source code into a highly unreadable form, deterring reverse engineering, tampering, and unauthorized reuse while preserving full functionality. It offers multiple obfuscation techniques, including variable renaming, control flow flattening, string concealing, and function obfuscation, along with locks such as domain-based or date-based execution constraints and integrity checks to detect runtime modifications. Designed for flexibility, it provides obfuscation presets, ranging from 10 to 21+ transformation layers, and also allows fully customizable configurations to suit performance and protection needs. The tool operates entirely in the browser for fast, private obfuscation workflows, and includes advanced tooling features such as a playground for interactive experimentation, customizable options via JavaScript, integrated code prettification, and debugging support.Starting Price: Free -
14
Rafter
Rafter
Rafter is a developer-friendly security scanning platform that lets you detect and address vulnerabilities in your GitHub repositories with a single click or command. It integrates seamlessly via a browser-based dashboard, CLI, or REST API to scan JavaScript, TypeScript, and Python code for a range of issues, including exposed API keys, SQL injection, XSS flaws, insecure dependencies, hardcoded credentials, and authentication weaknesses. Results are clearly categorized into “Errors,” “Warnings,” and “Improvements,” each offering detailed explanations, code locations, remediation steps, and formatted prompts ready to paste into AI coding assistants. You can view findings in JSON or Markdown, automate scans within CI/CD pipelines, and pull scan results directly into your workflows. Whether you prefer no-code, low-code, or full-code environments, Rafter adapts flexibly to your setup, making proactive security early in development effortless and scalable.Starting Price: $39 -
15
Qwiet AI
Qwiet AI
The Fastest Code Analysis, Hands Down. 40X faster scan times so developers never have to wait for results after submitting pull requests. The Most Accurate Results. Qwiet AI has the highest OWASP Benchmark score, which is nearly triple the commercial average and more than double the 2nd highest score. Developer-Centric Security Workflows. 96% of developers report that disconnected security and development workflows inhibit their productivity. Implementing developer-centric AppSec workflows decreases mean-time-to-remediation (MTTR), typically by 5X - enhancing both security and developer productivity. Automatically Find Business Logic Flaws in Dev. Identify vulnerabilities that are unique to your code base before they reach production. Achieve Compliance. Demonstrate and maintain compliance with security and privacy regulations such as SOC 2, PCI-DSS, GDPR, and CCPA.Starting Price: Free -
16
GuardRails
GuardRails
Empowering modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration. Empowering modern development teams to find, fix, and prevent security vulnerabilities in their applications. Continuous security scanning reduces cycle times and speeds up the shipping of features. Our expert system reduces the amount of false alerts and only informs about relevant security issues. Consistent security scanning across the entire product portfolio results in more secure software. GuardRails provides a completely frictionless integration with modern Version Control Systems like Github and GitLab. GuardRails seamlessly selects the right security engines to run based on the languages in a repository. Every single rule is curated to decide whether it has a high security impact issue resulting in less noise. Has built an expert system that detects false positives that is continuously tuned to be more accurate.Starting Price: $35 per user per month -
17
ActiveState
ActiveState
ActiveState delivers Intelligent Remediation for vulnerability management, which enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured. Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. ActiveState’s solution provides your DevSecOps with a comprehensive view of open source vulnerability status across your application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths. The ActiveState platform centers on open source languages packaged as runtimes that can be deployed in various form factors. Low-to-no CVE container images are also available for plug-in and play needs. -
18
Phylum
Phylum
Phylum defends applications at the perimeter of the open-source ecosystem and the tools used to build software. Its automated analysis engine scans third-party code as soon as it’s published into the open-source ecosystem to vet software packages, identify risks, inform users and block attacks. Think of Phylum like a firewall for open-source code. Phylum’s database of open-source software supply chain risks is the most comprehensive and scalable offering available, and can be deployed throughout the development lifecycle depending on an organization’s infrastructure and appsec program maturity: in front of artifact repository managers, directly with package managers or in CI/CD pipelines. The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more. Users can also leverage OPA to create custom policies. -
19
DexProtector
Licel
Instant protection for iOS and Android apps from static and dynamic attacks. A global leader in app and SDK defense with over ten billion installations. DexProtector’s approach to defending your apps is unique. Its Runtime Application Self Protection (RASP) native engine works at a system level deep within the app. From there, it interacts directly with the OS components. This helps it to control key processes and secure the most sensitive parts of your apps and libraries. DexProtector builds layers of protection on top of one another, creating a solid shield around your valuable code and assets. This hardens your apps and prevents real-time attacks. Instant, one-click integration into your CI/CD with no coding required. Protects your apps as well as the communication channel with servers. Provides a secure layer between your app and the operating system. Defends your app against both static and dynamic attacks. -
20
FortiIsolator
Fortinet
FortiIsolator allows organizations to keep their most critical, high-value targets secure from the onslaught of threats. Remote browser isolation allows users to browse the web in an isolated environment, which renders safe content in a remote container. FortiIsolator is a complete remote browser isolation solution that does not require an install on a user’s computer or device. User activity on the web passes through a remote isolation environment, protecting the end user. Clientless browser isolation quickly renders safe web content for the end user. This added layer of advanced protection increases security for your high-value data. Rendering lighter-weight web content can help prevent PC issues and let personnel focus on support. -
21
Kontra
Security Compass
Kontra was built by industry veterans who invented and pioneered the first interactive application security training platform. We don't offer secure coding quizzes, that are effectively re-skinned multiple-choice questions. If that's your idea of educating developers about software security, we are not the company for you. Developers are who we serve. Adding artificial metrics, meaningless rewards, and silly badges is not what we do. We respect their time far too much to patronize them with these gimmicks. The days of heavily scripted OWASP Top 10 training videos with robotic voice-overs are over. Interactive storytelling with realness and purpose in short bursts is what puts developers in the middle of the action and drives a truly engaging learning experience. Developers are more engaged in training if the content has a basis in reality rather than contrived examples. We set out to design the most beautiful application security training experience ever built.Starting Price: $400 per year -
22
CredoLab
CredoLab
Help your risk, fraud, and marketing teams make better decisions with advanced behavioral analytics based on smartphone and web metadata. Join 150+ financial companies, banks, and fintech unicorns already using CredoLab platform to enrich their data and unlock revenue opportunities for sustainable growth and innovation. Designed to be seamlessly embedded into your products, providing unparalleled real-time data-driven solutions for your business needs. Greater predictive power, 100% hit rate, lower cost of risk, higher approval rate. Top-of-the-funnel data, real-time device velocity checks, and predictive behavior-based scores. Better user engagement with personality-based and outcome-based marketing campaigns. Granular and real-time behavioral insights for a deeper understanding of all users. Once embedded in your products, it delivers value across the entire organization. It also works as a standalone or as a complement to existing risk, fraud, and marketing solutions.Starting Price: $600 per month -
23
DeviceID
DeviceID
Our ML-powered platform instantly reveals your traffic allowing you to identify your users even if they try to hide their identity. detect attacks and bots, access extensive real-time analytics, and enjoy the most advanced identification method. We support the most popular browsers and programming languages so you can easily identify your users across all devices and browsers. The culmination of our meticulous identification process is the delivery of a comprehensive response. This response includes a unique and persistent identifier for the device, ensuring reliable user recognition across sessions. Furthermore, you'll receive a detailed analysis of the client's device, encompassing a wealth of information gleaned from our advanced fingerprinting techniques and machine learning analysis. This includes data points such as the user's browser version, operating system, and potential threat scores.Starting Price: $50 per month -
24
Imperva Client-Side Protection
Imperva
Client-Side Protection provides real-time monitoring of all client-side resources and JavaScript behavior. Gain control over all first and third-party JavaScript code embedded on your website. Actionable insights make it easy to identify risky resources and scripts that should not load on your client side. And if any JavaScript code is compromised, your security team is the first to know. Provides comprehensive inventorying, authorization, dynamic integrity verification, and real-time monitoring, helping streamline regulatory compliance with the new client-side security requirements introduced in PCI DSS 4.0. Protect your website against client-side attacks and streamline regulatory compliance with PCI DSS 4.0. Client-side attacks increase as web applications shift to client-side logic and incorporate more third-party code and resources. These attacks can directly steal sensitive customer data, resulting in breaches and noncompliance with data privacy regulations. -
25
Client-Side Protection helps protect against end-user data exfiltration and shield websites from JavaScript threats. It analyzes script behavior in real-time, provides actionable insights in a single dashboard view, and delivers alerts to mitigate harmful script activity. Designed for PCI DSS v4.0, the solution helps businesses meet new script security requirements and safeguards against client-side attacks. Inject simple scripts into each monitored page without meaningfully impacting performance. Monitor and assess script activity from the browser while machine learning techniques analyze the risk of unauthorized action. Get real-time alerts, with detailed information about mitigation, if an active threat or attack is found. Immediately restrict malicious scripts from accessing and exfiltrating sensitive data on protected pages with one click. Defend your site from client-side threats. Ease compliance with PCI DSS v4.0. Strengthen your web page integrity.
-
26
ZeroThreat
ZeroThreat
ZeroThreat.ai is an advanced AI-driven cybersecurity platform designed to help organizations proactively detect, prevent, and respond to cyber threats before they cause damage. Focused on human risk management, ZeroThreat.ai addresses the growing challenge of social engineering attacks, such as phishing and spear-phishing, which often target employees as entry points for breaches. By using artificial intelligence and machine learning, ZeroThreat.ai monitors communication channels in real-time, identifying suspicious behaviors, risky links, and potentially malicious content. The platform provides automated threat detection and alerts, enabling security teams to act quickly and neutralize risks. Additionally, ZeroThreat.ai includes personalized training modules that help educate employees on how to recognize and avoid cyber threats, creating a security-aware workforce. Its intuitive dashboard offers clear analytics and risk scoring. -
27
Pixee
Pixee
Pixee is an AI-powered automated product security engineer that integrates seamlessly into your development workflow, monitoring repositories and pull requests to provide high-quality fixes instantly. It triages scanner alerts from tools like Sonar, Snyk, and Semgrep, delivering code fixes and unlocking the velocity of GenAI-driven development. Pixee operates like a trusted specialist teammate, fitting into your workflow and current tooling without being a distraction, supporting languages such as Java, Python, JavaScript, Node.js, .NET/C#, and Go. It provides expert security context on each finding to filter out false positives, elevate true positives, and recommend actions, freeing your team from endless manual review. Pixee turns findings into actionable pull requests that developers can review and merge, enabling auto-remediation at scale without the grind.Starting Price: $29 per month -
28
BlueClosure
Minded Security
BlueClosure can analyse any codebase written with JavaScript frameworks like Angular.js, jQuery, Meteor.js, React.js and many more. Realtime Dynamic Data Tainting. BlueClosure Detect uses an advanced Javascript Instrumentation engine to understand the code. By leveraging our proprietary technology the BC engine can inspect any code, no matter how obfuscated it is. Scanning Automation. BlueClosure technology can automatically scan an entire website. This is the fastest way to scan and analyse BIG enterprise portals with rich Javascript content as a tester would with his browser. Near-Zero False Positives. Data Validation and Context Awareness makes the use of a dynamic runtime tainting model on strings even more powerful, as it understands if a client side vulnerability is actually exploitable. -
29
Edgio
Edgio
Securely deliver sub-second web applications, stream high quality OTT and live events, or distribute large file quickly to customers around the globe. Supported by Edgio experts in security, web applications, CDN, and managed streaming services. Edgio Uplynk: Optimize streaming with Edgio Uplynk our streaming management and orchestration platform backed by our OTT/live event services team. Cut costs, increase ad revenue, and delivery high quality experiences Edgio Delivery: Power your streaming media and large file downloads on one of the world’s largest, most advanced global CDNs. Edgio Open Edge: Improve the viewing experience by embedding the edge into your own network with Edgio’s fully managed CDN. -
30
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision.
