21 Repos
Policies and controls for managing external JavaScript dependencies to mitigate supply chain and data leakage risks.
Distinguishing note: Focuses on client-side script management, distinct from server-side security.
Explore 21 awesome GitHub repositories matching security & cryptography · Third-Party Script Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Restricts external script execution to prevent unauthorized data collection and malicious behavior.
Claude Code is a command-line interface and multi-agent orchestration framework designed for autonomous software engineering. It enables AI agents to perform codebase modifications, debugging, and Git workflow management while coordinating multiple specialized agents to decompose and execute complex engineering tasks in parallel. The system distinguishes itself through a high degree of isolation and safety, utilizing Git worktrees to create independent working directories for concurrent agents and implementing a tiered permission system that combines user rules, project policies, and OS-level
Logs and monitors the specific tools used by AI agents during their execution lifecycle.
This project is a web component framework and optimized web markup standard designed for high performance web development. It provides a system for building fast-loading websites using a specialized set of HTML components and scripts, complemented by a web performance validation suite to ensure markup compliance. The framework includes a dynamic HTML template engine for rendering data-driven content without full page reloads and a dedicated ad network integration framework. This integration system manages third-party advertisements with built-in viewability metrics and optimized loading seque
Isolates external content within secure iframes to prevent third-party scripts from impacting page performance.
Partytown is a main thread performance optimizer and web worker script orchestrator. It functions as a third party script offloader that relocates resource-intensive external JavaScript from the browser's main thread into a sandboxed web worker environment. The project focuses on improving core web vitals and overall page responsiveness by reducing main thread blocking time. This isolation ensures that heavy third party scripts do not interfere with the execution of core application code and page loading speed. The system provides infrastructure for client-side script offloading through DOM
Provides a mechanism to move heavy third-party scripts into a web worker to increase page loading speed.
Partytown is a library designed to offload resource-intensive third-party scripts to background web workers. By executing these scripts outside of the main thread, it prevents them from blocking the critical rendering path, thereby maintaining a responsive user interface and improving overall page load performance. The project functions as a web worker proxy library that synchronizes browser interfaces between the main thread and background environments. It uses proxy-based access and synchronous messaging to replicate global objects like the window and document, allowing scripts to interact
Centralizes the loading and execution of external marketing and analytics tags to maintain control over site performance.
OpenReplay is a session replay platform and frontend debugging suite designed to record and play back user browser sessions. It functions as a user behavior monitoring system that captures interaction patterns and technical metadata to identify conversion issues and revenue loss. The platform is distinguished by its self-hosted infrastructure model, allowing the recording and analytics pipeline to be deployed on private servers for full control over data residency. It also includes a browser co-browsing tool for real-time screen sharing and direct communication to provide immediate technical
Recreates recorded user experiences within isolated iframes to prevent style leakage from the dashboard.
This is a visual form builder that generates Vue single-file components from a drag-and-drop canvas. It provides a complete workflow for designing forms visually, previewing them in real time, and exporting them as ready-to-use Vue code with validation rules already configured. The tool integrates a drag-and-drop canvas with a live preview pane, allowing you to see the generated form interactively as you build it. It includes an embedded code editor with hot reload, so changes to the generated code are reflected immediately in the preview. A VS Code extension bridge lets you open the designer
Renders generated Vue code inside an isolated iframe for real-time interaction and testing.
The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang
Isolates interactive UI components within sandboxed iframes to prevent unauthorized DOM access to the host.
Webstudio is a visual CMS and website builder that provides a visual development environment for designing and publishing websites. It functions as an AI-powered design tool, a REST and GraphQL API client, and an atomic CSS compiler. The platform distinguishes itself through generative AI capabilities for creating layout variants and refining visual styles from text prompts. It integrates a headless CMS workflow that maps external data sources to visual components and utilizes a specialized compiler to convert design tokens into deduplicated atomic CSS for optimized page load speeds. The sys
Manages the injection of external scripts into the project head using async and defer attributes.
Flexbox Froggy is a CSS flexbox learning game that teaches layout properties through interactive positioning puzzles. Players learn flexbox by writing CSS rules to move frogs onto lily pads, with each level presenting a new layout challenge that reinforces a specific flexbox concept. The game embeds a code editor with syntax highlighting and inline error hints, allowing players to write and test CSS rules in a live preview environment. A hint and solution system provides optional guidance for stuck players, while the visual feedback loop updates frog and lily pad positions in real-time based
Executes user-written flexbox rules in a live preview showing immediate visual results without page reload.
Dieses Projekt ist ein LLM-HTML-Artefakt-Generator und ein sandboxed Previewer, der für schnelles Prototyping und Content-Erstellung entwickelt wurde. Es fungiert als lokale KI-Agenten-Brücke, die authentifizierte Sitzungen von Command-Line-Coding-Agenten wiederverwendet, um Generierungsaufgaben auszuführen, ohne separate API-Schlüssel zu erfordern. Das System wandelt Web-Layouts über ein Social-Media-Export-Tool in plattformspezifische Formate um und nutzt inlined CSS und Metadaten, um eine konsistente Veröffentlichung sicherzustellen. Es verwendet eine sandboxed Rendering-Umgebung, um KI-generierten Code und Skripte isoliert auszuführen und den Host-Browser vor Vergiftungen zu schützen. Die Plattform handhabt die Inhaltstransformation durch die Umwandlung strukturierter Daten – einschließlich CSV, JSON und SQL – in polierte Web-Artefakte wie Landingpages, professionelle Berichte und Präsentationsdecks. Sie unterstützt visuelle Echtzeit-Updates durch das Streamen von KI-generiertem Code in den Browser via Server-Sent-Events. Exportfunktionen umfassen die Umwandlung gerenderter Web-Nodes in hochauflösende PNG-Bilder und eigenständige HTML-Dateien.
Provides an isolated iframe environment to render generated code for real-time interaction and testing.
epub.js is a JavaScript library for parsing and displaying EPUB files within a web browser. It functions as a digital publication layout engine and rendering library that enables the creation of browser-based eBook readers with support for both paginated spreads and continuous scrolling. The project provides a specialized framework for interactive eBook annotation and precise location tracking. It uses Content Fragment Identifiers to represent text positions as unique strings, allowing for stable bookmarking, text highlighting, and note-taking. The library covers a broad range of capabilitie
Renders book content within isolated iframes to prevent style leakage and ensure a controlled execution environment.
Sandpack is a browser-based toolkit for building live code editing experiences. It combines a custom Node.js runtime that executes JavaScript and npm dependencies entirely client-side with composable React components for assembling code editor interfaces, all within an iframe-sandboxed execution environment for security. The toolkit provides a hot-reload development workflow where file and dependency updates are streamed to the running preview and trigger automatic recompilation without a full page refresh. It includes a theme-override styling system for customizing the editor and preview app
Executes user code inside an isolated iframe to prevent interference with the host page.
Dieses Projekt ist ein Cookie-Consent-Manager und ein Tool zur DSGVO-Konformität, das verwendet wird, um die Zustimmung der Benutzer für Cookie-Kategorien einzuholen. Es ist als Vanilla-JavaScript-Plugin implementiert, das ohne externe Frameworks oder Abhängigkeiten auskommt. Das Tool bietet eine mehrsprachige Consent-Schnittstelle, die automatisch Browser- oder Dokument-Locales erkennt, um übersetzte Inhalte bereitzustellen. Es verwaltet Datenschutzeinstellungen, indem es Drittanbieter-Iframes und Skripte blockiert, bis eine explizite Zustimmung des Benutzers erteilt wurde. Das System deckt die Anpassung des Website-Datenschutzes durch konfigurierbare Banner und Modals ab, einschließlich Optionen für Layout-Stile und Themes. Es enthält zudem Funktionen, um die Seiteninteraktion einzuschränken, bis eine Entscheidung zur Zustimmung getroffen wurde.
Controls the loading of external frames and scripts based on the user's granted cookie consent.
Altair ist ein grafischer GraphQL-API-Client, eine integrierte Entwicklungsumgebung (IDE) und ein Schema-Explorer. Es fungiert als Debugging-Tool und Kollaborationsplattform für die Ausführung von Queries, Mutations und Subscriptions gegen GraphQL-Server. Das Projekt zeichnet sich durch cloud-synchronisierte Workspaces aus, um Query-Sammlungen innerhalb von Teams zu organisieren und zu teilen. Es bietet ein flexibles Erweiterungs-Framework, das die Installation und Ausführung von Drittanbieter-Plugins in isolierten Sandboxes ermöglicht. Die Plattform deckt eine Vielzahl von Funktionen ab, darunter KI-gestützte Query-Erstellung, visuelle Schema-Erkundung und Echtzeit-Daten-Subscriptions über mehrere Transportprotokolle. Zudem enthält sie Tools für Request-Automatisierung durch Pre- und Post-Request-Scripting sowie Dienstprogramme zur Verwaltung von Umgebungsvariablen und zur Analyse von Response-Metadaten. Altair ist als Desktop-Anwendung, Browser-Erweiterung und webbasierte Anwendung verfügbar und kann auf privaten Servern gehostet werden.
Executes third-party plugins within isolated iframes to protect the main application state and security.
vibesdk is an agentic software development platform and framework designed to coordinate autonomous agents that write, debug, and refine full-stack applications from natural language. It serves as a cloud-native application orchestrator and an LLM-powered code generation framework that converts prompts into functional code through iterative conversations and multi-phase agent behaviors. The project distinguishes itself by providing a complete toolchain for building AI development platforms. This includes the ability to integrate various model providers, construct custom LLM toolkits, and mana
Runs generated code in sandboxed containers to provide immediate visual feedback and execution testing.
mcp-ui is a toolkit and framework for rendering interactive web components and managing communication between Model Context Protocol servers and host applications. It serves as a client interface library and a sandboxed web component renderer designed to move AI tool interactions beyond text-based outputs into visual interfaces. The project is distinguished by its secure rendering system, which utilizes a double-iframe architecture and a proxy layer to isolate guest user interfaces from the host application. It employs a JSON-RPC bridge to synchronize state and route user intents, ensuring bi
Displays inline HTML or external URLs inside sandboxed iframes to isolate content and prevent host access.
Pomerium is an identity-aware reverse proxy designed to provide zero-trust access control for internal infrastructure. It functions as a centralized gateway that verifies user identity, device context, and group membership for every request before granting access to protected applications, services, or API servers. By integrating directly with external identity providers, it replaces traditional VPNs with granular, policy-based access enforcement. The platform distinguishes itself by extending zero-trust principles beyond standard web traffic to include non-HTTP protocols, such as TCP and UDP
Logs tool calls made by automated agents and enforces authorization policies to match user access levels.
uMatrix ist ein Browser-Netzwerkanfragefilter, der den Netzwerkverkehr über eine matrixbasierte Schnittstelle verwaltet. Er fungiert als granularer Traffic-Controller und Web-Privatsphäre-Firewall, die es Benutzern ermöglicht, Datenverkehr basierend auf Quelle, Ziel und Anfragetyp zu blockieren oder zuzulassen. Das Projekt zeichnet sich durch eine Point-and-Click-Schnittstelle für die Verwaltung von First-Party- und Third-Party-Traffic aus. Es bietet ein geschichtetes Regelsystem für das Content-Sicherheitsmanagement und die Härtung der Web-Privatsphäre, einschließlich der Möglichkeit, User-Agent-Strings zu fälschen und Referrer auf einer pro-Site-Basis zu kontrollieren. Das System integriert eine hostbasierte Blocklistenverwaltung zum Importieren externer Listen und verwendet eine hierarchische Logik, bei der enge Domänenbereiche globale Standards überschreiben. Traffic-Kontrollen werden durch Filterung auf Top-Level-Domänenebene und die Möglichkeit unterstützt, Regeln manuell in einem Klartextformat zu bearbeiten.
Manages first-party and third-party traffic through a layered rule system and point-and-click interface.
OpenSquilla ist ein LLM-Agent-Orchestration-Framework zur Koordination mehrstufiger KI-Workflows und Tool-Ausführungen mittels gerichteter azyklischer Graphen. Es fungiert als zentrales System zur Verwaltung spezialisierter Skill-Pakete und zur Ausführung komplexer Reasoning-Sequenzen. Das Projekt zeichnet sich durch ein Routing-Gateway aus, das Aufgaben basierend auf Komplexität, Kosten und Performance an verschiedene KI-Anbieter weiterleitet. Es nutzt ein mehrstufiges KI-Gedächtnissystem, das Arbeits-, episodisches und semantisches Wissen mittels lokaler Embeddings und SQLite organisiert, sowie eine sichere Ausführungsumgebung (Sandbox), die Agent-generierten Code über risikobasierte Berechtigungsprofile isoliert. Die Plattform deckt ein breites Spektrum an Funktionen ab, einschließlich Multi-Channel-Deployment für Web- und Messaging-Plattformen, automatisierter Aufgabenplanung via Cron und einer Model Context Protocol-Bridge zur Anbindung externer Tools. Zudem bietet sie umfassende Monitoring- und Observability-Tools zur Verfolgung von Token-Kosten, zum Auditing von Laufzeitentscheidungen und zur Verwaltung eines Katalogs wiederverwendbarer Skills. Das System enthält CLI-Utilities für die Workspace-Initialisierung und das Skill-Lifecycle-Management.
Logs and monitors the specific tools used by AI agents to diagnose failures and recover from runtime errors.