awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

21 Repos

Awesome GitHub RepositoriesThird-Party Script Security

Policies and controls for managing external JavaScript dependencies to mitigate supply chain and data leakage risks.

Distinguishing note: Focuses on client-side script management, distinct from server-side security.

Explore 21 awesome GitHub repositories matching security & cryptography · Third-Party Script Security. Refine with filters or upvote what's useful.

Awesome Third-Party Script Security GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • owasp/cheatsheetseriesAvatar von OWASP

    OWASP/CheatSheetSeries

    32,298Auf GitHub ansehen↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Restricts external script execution to prevent unauthorized data collection and malicious behavior.

    Pythonapplication-securityappsecbest-practices
    Auf GitHub ansehen↗32,298
  • claude-code-best/claude-codeAvatar von claude-code-best

    claude-code-best/claude-code

    20,272Auf GitHub ansehen↗

    Claude Code is a command-line interface and multi-agent orchestration framework designed for autonomous software engineering. It enables AI agents to perform codebase modifications, debugging, and Git workflow management while coordinating multiple specialized agents to decompose and execute complex engineering tasks in parallel. The system distinguishes itself through a high degree of isolation and safety, utilizing Git worktrees to create independent working directories for concurrent agents and implementing a tiered permission system that combines user rules, project policies, and OS-level

    Logs and monitors the specific tools used by AI agents during their execution lifecycle.

    TypeScript
    Auf GitHub ansehen↗20,272
  • ampproject/amphtmlAvatar von ampproject

    ampproject/amphtml

    14,905Auf GitHub ansehen↗

    This project is a web component framework and optimized web markup standard designed for high performance web development. It provides a system for building fast-loading websites using a specialized set of HTML components and scripts, complemented by a web performance validation suite to ensure markup compliance. The framework includes a dynamic HTML template engine for rendering data-driven content without full page reloads and a dedicated ad network integration framework. This integration system manages third-party advertisements with built-in viewability metrics and optimized loading seque

    Isolates external content within secure iframes to prevent third-party scripts from impacting page performance.

    JavaScript
    Auf GitHub ansehen↗14,905
  • builderio/partytownAvatar von BuilderIO

    BuilderIO/partytown

    13,707Auf GitHub ansehen↗

    Partytown is a main thread performance optimizer and web worker script orchestrator. It functions as a third party script offloader that relocates resource-intensive external JavaScript from the browser's main thread into a sandboxed web worker environment. The project focuses on improving core web vitals and overall page responsiveness by reducing main thread blocking time. This isolation ensures that heavy third party scripts do not interfere with the execution of core application code and page loading speed. The system provides infrastructure for client-side script offloading through DOM

    Provides a mechanism to move heavy third-party scripts into a web worker to increase page loading speed.

    TypeScript
    Auf GitHub ansehen↗13,707
  • qwikdev/partytownAvatar von QwikDev

    QwikDev/partytown

    13,706Auf GitHub ansehen↗

    Partytown is a library designed to offload resource-intensive third-party scripts to background web workers. By executing these scripts outside of the main thread, it prevents them from blocking the critical rendering path, thereby maintaining a responsive user interface and improving overall page load performance. The project functions as a web worker proxy library that synchronizes browser interfaces between the main thread and background environments. It uses proxy-based access and synchronous messaging to replicate global objects like the window and document, allowing scripts to interact

    Centralizes the loading and execution of external marketing and analytics tags to maintain control over site performance.

    TypeScript3rd-party3rdpartyanalytics
    Auf GitHub ansehen↗13,706
  • openreplay/openreplayAvatar von openreplay

    openreplay/openreplay

    12,104Auf GitHub ansehen↗

    OpenReplay is a session replay platform and frontend debugging suite designed to record and play back user browser sessions. It functions as a user behavior monitoring system that captures interaction patterns and technical metadata to identify conversion issues and revenue loss. The platform is distinguished by its self-hosted infrastructure model, allowing the recording and analytics pipeline to be deployed on private servers for full control over data residency. It also includes a browser co-browsing tool for real-time screen sharing and direct communication to provide immediate technical

    Recreates recorded user experiences within isolated iframes to prevent style leakage from the dashboard.

    TypeScriptanalyticsangulardevtools
    Auf GitHub ansehen↗12,104
  • jakhuang/form-generatorAvatar von JakHuang

    JakHuang/form-generator

    9,330Auf GitHub ansehen↗

    This is a visual form builder that generates Vue single-file components from a drag-and-drop canvas. It provides a complete workflow for designing forms visually, previewing them in real time, and exporting them as ready-to-use Vue code with validation rules already configured. The tool integrates a drag-and-drop canvas with a live preview pane, allowing you to see the generated form interactively as you build it. It includes an embedded code editor with hot reload, so changes to the generated code are reflected immediately in the preview. A VS Code extension bridge lets you open the designer

    Renders generated Vue code inside an isolated iframe for real-time interaction and testing.

    Vueelement-uiform-designermonaco-editor
    Auf GitHub ansehen↗9,330
  • modelcontextprotocol/inspectorAvatar von modelcontextprotocol

    modelcontextprotocol/inspector

    8,721Auf GitHub ansehen↗

    The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang

    Isolates interactive UI components within sandboxed iframes to prevent unauthorized DOM access to the host.

    TypeScript
    Auf GitHub ansehen↗8,721
  • webstudio-is/webstudioAvatar von webstudio-is

    webstudio-is/webstudio

    8,240Auf GitHub ansehen↗

    Webstudio is a visual CMS and website builder that provides a visual development environment for designing and publishing websites. It functions as an AI-powered design tool, a REST and GraphQL API client, and an atomic CSS compiler. The platform distinguishes itself through generative AI capabilities for creating layout variants and refining visual styles from text prompts. It integrates a headless CMS workflow that maps external data sources to visual components and utilizes a specialized compiler to convert design tokens into deduplicated atomic CSS for optimized page load speeds. The sys

    Manages the injection of external scripts into the project head using async and defer attributes.

    TypeScriptaccessibilityalternativecloudflare
    Auf GitHub ansehen↗8,240
  • thomaspark/flexboxfroggyAvatar von thomaspark

    thomaspark/flexboxfroggy

    7,351Auf GitHub ansehen↗

    Flexbox Froggy is a CSS flexbox learning game that teaches layout properties through interactive positioning puzzles. Players learn flexbox by writing CSS rules to move frogs onto lily pads, with each level presenting a new layout challenge that reinforces a specific flexbox concept. The game embeds a code editor with syntax highlighting and inline error hints, allowing players to write and test CSS rules in a live preview environment. A hint and solution system provides optional guidance for stuck players, while the visual feedback loop updates frog and lily pad positions in real-time based

    Executes user-written flexbox rules in a live preview showing immediate visual results without page reload.

    JavaScriptcssflexboxflexbox-froggy
    Auf GitHub ansehen↗7,351
  • nexu-io/html-anythingAvatar von nexu-io

    nexu-io/html-anything

    7,275Auf GitHub ansehen↗

    Dieses Projekt ist ein LLM-HTML-Artefakt-Generator und ein sandboxed Previewer, der für schnelles Prototyping und Content-Erstellung entwickelt wurde. Es fungiert als lokale KI-Agenten-Brücke, die authentifizierte Sitzungen von Command-Line-Coding-Agenten wiederverwendet, um Generierungsaufgaben auszuführen, ohne separate API-Schlüssel zu erfordern. Das System wandelt Web-Layouts über ein Social-Media-Export-Tool in plattformspezifische Formate um und nutzt inlined CSS und Metadaten, um eine konsistente Veröffentlichung sicherzustellen. Es verwendet eine sandboxed Rendering-Umgebung, um KI-generierten Code und Skripte isoliert auszuführen und den Host-Browser vor Vergiftungen zu schützen. Die Plattform handhabt die Inhaltstransformation durch die Umwandlung strukturierter Daten – einschließlich CSV, JSON und SQL – in polierte Web-Artefakte wie Landingpages, professionelle Berichte und Präsentationsdecks. Sie unterstützt visuelle Echtzeit-Updates durch das Streamen von KI-generiertem Code in den Browser via Server-Sent-Events. Exportfunktionen umfassen die Umwandlung gerenderter Web-Nodes in hochauflösende PNG-Bilder und eigenständige HTML-Dateien.

    Provides an isolated iframe environment to render generated code for real-time interaction and testing.

    HTML
    Auf GitHub ansehen↗7,275
  • futurepress/epub.jsAvatar von futurepress

    futurepress/epub.js

    6,873Auf GitHub ansehen↗

    epub.js is a JavaScript library for parsing and displaying EPUB files within a web browser. It functions as a digital publication layout engine and rendering library that enables the creation of browser-based eBook readers with support for both paginated spreads and continuous scrolling. The project provides a specialized framework for interactive eBook annotation and precise location tracking. It uses Content Fragment Identifiers to represent text positions as unique strings, allowing for stable bookmarking, text highlighting, and note-taking. The library covers a broad range of capabilitie

    Renders book content within isolated iframes to prevent style leakage and ensure a controlled execution environment.

    JavaScriptepub
    Auf GitHub ansehen↗6,873
  • codesandbox/sandpackAvatar von codesandbox

    codesandbox/sandpack

    6,167Auf GitHub ansehen↗

    Sandpack is a browser-based toolkit for building live code editing experiences. It combines a custom Node.js runtime that executes JavaScript and npm dependencies entirely client-side with composable React components for assembling code editor interfaces, all within an iframe-sandboxed execution environment for security. The toolkit provides a hot-reload development workflow where file and dependency updates are streamed to the running preview and trigger automatic recompilation without a full page refresh. It includes a theme-override styling system for customizing the editor and preview app

    Executes user code inside an isolated iframe to prevent interference with the host page.

    TypeScriptdocumentationhacktoberfestlive-coding
    Auf GitHub ansehen↗6,167
  • orestbida/cookieconsentAvatar von orestbida

    orestbida/cookieconsent

    5,548Auf GitHub ansehen↗

    Dieses Projekt ist ein Cookie-Consent-Manager und ein Tool zur DSGVO-Konformität, das verwendet wird, um die Zustimmung der Benutzer für Cookie-Kategorien einzuholen. Es ist als Vanilla-JavaScript-Plugin implementiert, das ohne externe Frameworks oder Abhängigkeiten auskommt. Das Tool bietet eine mehrsprachige Consent-Schnittstelle, die automatisch Browser- oder Dokument-Locales erkennt, um übersetzte Inhalte bereitzustellen. Es verwaltet Datenschutzeinstellungen, indem es Drittanbieter-Iframes und Skripte blockiert, bis eine explizite Zustimmung des Benutzers erteilt wurde. Das System deckt die Anpassung des Website-Datenschutzes durch konfigurierbare Banner und Modals ab, einschließlich Optionen für Layout-Stile und Themes. Es enthält zudem Funktionen, um die Seiteninteraktion einzuschränken, bis eine Entscheidung zur Zustimmung getroffen wurde.

    Controls the loading of external frames and scripts based on the user's granted cookie consent.

    JavaScript
    Auf GitHub ansehen↗5,548
  • altair-graphql/altairAvatar von altair-graphql

    altair-graphql/altair

    5,412Auf GitHub ansehen↗

    Altair ist ein grafischer GraphQL-API-Client, eine integrierte Entwicklungsumgebung (IDE) und ein Schema-Explorer. Es fungiert als Debugging-Tool und Kollaborationsplattform für die Ausführung von Queries, Mutations und Subscriptions gegen GraphQL-Server. Das Projekt zeichnet sich durch cloud-synchronisierte Workspaces aus, um Query-Sammlungen innerhalb von Teams zu organisieren und zu teilen. Es bietet ein flexibles Erweiterungs-Framework, das die Installation und Ausführung von Drittanbieter-Plugins in isolierten Sandboxes ermöglicht. Die Plattform deckt eine Vielzahl von Funktionen ab, darunter KI-gestützte Query-Erstellung, visuelle Schema-Erkundung und Echtzeit-Daten-Subscriptions über mehrere Transportprotokolle. Zudem enthält sie Tools für Request-Automatisierung durch Pre- und Post-Request-Scripting sowie Dienstprogramme zur Verwaltung von Umgebungsvariablen und zur Analyse von Response-Metadaten. Altair ist als Desktop-Anwendung, Browser-Erweiterung und webbasierte Anwendung verfügbar und kann auf privaten Servern gehostet werden.

    Executes third-party plugins within isolated iframes to protect the main application state and security.

    TypeScript
    Auf GitHub ansehen↗5,412
  • cloudflare/vibesdkAvatar von cloudflare

    cloudflare/vibesdk

    5,094Auf GitHub ansehen↗

    vibesdk is an agentic software development platform and framework designed to coordinate autonomous agents that write, debug, and refine full-stack applications from natural language. It serves as a cloud-native application orchestrator and an LLM-powered code generation framework that converts prompts into functional code through iterative conversations and multi-phase agent behaviors. The project distinguishes itself by providing a complete toolchain for building AI development platforms. This includes the ability to integrate various model providers, construct custom LLM toolkits, and mana

    Runs generated code in sandboxed containers to provide immediate visual feedback and execution testing.

    TypeScript
    Auf GitHub ansehen↗5,094
  • mcp-ui-org/mcp-uiAvatar von MCP-UI-Org

    MCP-UI-Org/mcp-ui

    4,949Auf GitHub ansehen↗

    mcp-ui is a toolkit and framework for rendering interactive web components and managing communication between Model Context Protocol servers and host applications. It serves as a client interface library and a sandboxed web component renderer designed to move AI tool interactions beyond text-based outputs into visual interfaces. The project is distinguished by its secure rendering system, which utilizes a double-iframe architecture and a proxy layer to isolate guest user interfaces from the host application. It employs a JSON-RPC bridge to synchronize state and route user intents, ensuring bi

    Displays inline HTML or external URLs inside sandboxed iframes to isolate content and prevent host access.

    TypeScriptaifrontendllm
    Auf GitHub ansehen↗4,949
  • pomerium/pomeriumAvatar von pomerium

    pomerium/pomerium

    4,854Auf GitHub ansehen↗

    Pomerium is an identity-aware reverse proxy designed to provide zero-trust access control for internal infrastructure. It functions as a centralized gateway that verifies user identity, device context, and group membership for every request before granting access to protected applications, services, or API servers. By integrating directly with external identity providers, it replaces traditional VPNs with granular, policy-based access enforcement. The platform distinguishes itself by extending zero-trust principles beyond standard web traffic to include non-HTTP protocols, such as TCP and UDP

    Logs tool calls made by automated agents and enforces authorization policies to match user access levels.

    Go
    Auf GitHub ansehen↗4,854
  • gorhill/umatrixAvatar von gorhill

    gorhill/uMatrix

    4,680Auf GitHub ansehen↗

    uMatrix ist ein Browser-Netzwerkanfragefilter, der den Netzwerkverkehr über eine matrixbasierte Schnittstelle verwaltet. Er fungiert als granularer Traffic-Controller und Web-Privatsphäre-Firewall, die es Benutzern ermöglicht, Datenverkehr basierend auf Quelle, Ziel und Anfragetyp zu blockieren oder zuzulassen. Das Projekt zeichnet sich durch eine Point-and-Click-Schnittstelle für die Verwaltung von First-Party- und Third-Party-Traffic aus. Es bietet ein geschichtetes Regelsystem für das Content-Sicherheitsmanagement und die Härtung der Web-Privatsphäre, einschließlich der Möglichkeit, User-Agent-Strings zu fälschen und Referrer auf einer pro-Site-Basis zu kontrollieren. Das System integriert eine hostbasierte Blocklistenverwaltung zum Importieren externer Listen und verwendet eine hierarchische Logik, bei der enge Domänenbereiche globale Standards überschreiben. Traffic-Kontrollen werden durch Filterung auf Top-Level-Domänenebene und die Möglichkeit unterstützt, Regeln manuell in einem Klartextformat zu bearbeiten.

    Manages first-party and third-party traffic through a layered rule system and point-and-click interface.

    JavaScript
    Auf GitHub ansehen↗4,680
  • opensquilla/opensquillaAvatar von opensquilla

    opensquilla/opensquilla

    4,211Auf GitHub ansehen↗

    OpenSquilla ist ein LLM-Agent-Orchestration-Framework zur Koordination mehrstufiger KI-Workflows und Tool-Ausführungen mittels gerichteter azyklischer Graphen. Es fungiert als zentrales System zur Verwaltung spezialisierter Skill-Pakete und zur Ausführung komplexer Reasoning-Sequenzen. Das Projekt zeichnet sich durch ein Routing-Gateway aus, das Aufgaben basierend auf Komplexität, Kosten und Performance an verschiedene KI-Anbieter weiterleitet. Es nutzt ein mehrstufiges KI-Gedächtnissystem, das Arbeits-, episodisches und semantisches Wissen mittels lokaler Embeddings und SQLite organisiert, sowie eine sichere Ausführungsumgebung (Sandbox), die Agent-generierten Code über risikobasierte Berechtigungsprofile isoliert. Die Plattform deckt ein breites Spektrum an Funktionen ab, einschließlich Multi-Channel-Deployment für Web- und Messaging-Plattformen, automatisierter Aufgabenplanung via Cron und einer Model Context Protocol-Bridge zur Anbindung externer Tools. Zudem bietet sie umfassende Monitoring- und Observability-Tools zur Verfolgung von Token-Kosten, zum Auditing von Laufzeitentscheidungen und zur Verwaltung eines Katalogs wiederverwendbarer Skills. Das System enthält CLI-Utilities für die Workspace-Initialisierung und das Skill-Lifecycle-Management.

    Logs and monitors the specific tools used by AI agents to diagnose failures and recover from runtime errors.

    Pythonagentaiai-agents
    Auf GitHub ansehen↗4,211
Vorherige12Nächste
  1. Home
  2. Security & Cryptography
  3. Third-Party Script Security

Unter-Tags erkunden

  • Activity Auditing1 Sub-TagTools for logging and monitoring the behavior and API interactions of third-party scripts. **Distinct from Third-Party Script Security:** Distinct from Third-Party Script Security: focuses on behavioral logging and auditing of script interactions rather than policy-based risk mitigation.
  • Iframe Sandboxing4 Sub-TagsIsolating third-party content within secure iframes to protect main page performance and security. **Distinct from Third-Party Script Security:** Focuses on the technical mechanism of iframe sandboxing rather than general script security policies.
  • Script IsolatorsTools that move non-critical scripts into isolated background threads. **Distinct from Third-Party Script Security:** Focuses on the isolation of scripts for performance, distinct from security-focused script management.
  • Third-Party Script Controllers2 Sub-TagsSystems for centralizing and managing the loading of external marketing and analytics tags. **Distinct from Third-Party Script Security:** Focuses on the management and control of script loading, distinct from security-focused script management.