Open-source alternatives to Helmet

Nitter is a privacy-focused, alternative web interface for viewing public social media content. It functions as a server-side proxy that fetches and renders external posts, allowing users to browse content without requiring a personal account or executing third-party tracking scripts. By stripping away user identifiers and tracking mechanisms, the application provides a lightweight, anonymous viewing experience. The project distinguishes itself through its emphasis on network-level privacy and self-sovereignty. It supports routing traffic through Tor and I2P networks to bypass censorship and

This project is a comprehensive sample library and implementation guide for ASP.NET Core. It provides a collection of practical examples and projects that demonstrate how to build web applications, RESTful APIs, and high-performance services. The repository focuses on a variety of architectural patterns, including the development of Minimal APIs, contract-first gRPC services, and real-time communication using WebSockets and Server-Sent Events. It includes detailed implementations for user identity and security, such as token-based authentication and CSRF protection. The codebase covers a bro

all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on

This repository contains the HTML specification, which defines the core standards for web page structuring, content organization, and document rendering. It establishes the fundamental algorithms for state-machine-based tokenization, tree construction for the document object model, and origin-based security isolation. The specification provides a framework for defining custom elements with independent lifecycles and registries. It also details the requirements for cross-document communication, session history management, and the synchronization of interface properties with content attributes.

Highcharts is a JavaScript charting library and interactive data visualization framework used to render complex datasets as visual charts and maps. It functions as a customizable SVG charting engine that produces scalable vector graphics for data series. The library allows for the creation of interactive data visualizations with configurable colors, labels, and themes. It also provides a cross-platform visualization wrapper to embed these web-based charts into native iOS and Android mobile applications. The toolkit supports the development of custom dashboards and provides options to build c

Libreddit is a privacy-focused Reddit client and front-end that acts as a privacy-preserving web proxy. It provides a lightweight web interface for viewing Reddit threads and media through an intermediary server to prevent the original platform from tracking user activity and identity. The project removes advertisements, tracking scripts, and JavaScript execution to enable ad-free content consumption and JavaScript-free web browsing. It utilizes server-side proxying and media proxying to fetch content and re-serve images and videos, masking the user's IP address from the external platform. T

node-fetch is a promise-based HTTP client library that provides a lightweight implementation of the Fetch API for the Node.js runtime. It serves as a network interface for performing asynchronous HTTP requests, handling server communication, and managing headers. The library utilizes a promise-based request lifecycle to wrap network calls, ensuring asynchronous behavior. It incorporates stream-based handling for both requests and responses to process large payloads efficiently without overloading system memory. Its capabilities cover a broad range of network communication tasks, including th

ByeByeDPI is a network utility designed to circumvent regional blocking and censorship by evading deep packet inspection. It functions as a traffic tunnel and local SOCKS5 proxy server that modifies network packets to prevent filters from identifying and blocking specific content. The project employs a user-mode network stack to manipulate traffic at the application level. It achieves bypass capabilities through TCP packet fragmentation and the modification of HTTP request header formatting and case sensitivity. The system includes application-level tunneling control to determine which progr

This project is a Node.js HTTP proxy server that enables cross-domain API requests from browsers by injecting Cross-Origin Resource Sharing headers into HTTP responses. It functions as a reverse proxy gateway and header manipulator, allowing for the interception and modification of traffic between a client and a target server. The proxy provides mechanisms to bypass browser same-origin policy restrictions through automated header injection. It includes capabilities for origin-based rate limiting and request interception to control traffic flow and prevent unauthorized usage of the proxy servi

nginxconfig.io is a web-based NGINX configuration generator designed to build and optimize server configuration files through a visual interface. It functions as a management tool to help avoid manual syntax errors when defining server blocks. The project provides specialized utilities for implementing Gzip and Brotli compression, configuring caching strategies, and managing the deployment and renewal of SSL certificates. It also includes a reverse proxy configurator for defining routing rules and backend application server mappings to distribute network traffic. Additional capabilities cove

HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L

This repository provides a collection of interactive sample applications and reference implementations for the Electron framework. It serves as a library of API reference demos designed to help developers learn how to implement core desktop features. The project features visual demonstrations of cross-platform GUI management and practical examples of native operating system integration. It includes dedicated samples for handling native modules, crash reports, and the configuration of security implementations such as content security policies and process sandboxing. The codebase covers a broa

Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo

Ladder is a web proxy server and HTTP response modifier designed to circumvent bot protections, CORS restrictions, and paywalls. It functions by intercepting traffic to modify HTML, CSS, and JavaScript via regular expressions and altering HTTP headers to reveal restricted content. The project distinguishes itself through its ability to bypass anti-scraping mechanisms and specialized bot detection, such as Cloudflare, by integrating with external challenge-solving services. It also enables client identity emulation by spoofing user agents and network identifiers to masquerade as different brow

BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme

DOMPurify is a security-focused library designed to sanitize untrusted HTML input, preventing cross-site scripting attacks by stripping malicious code while preserving safe content. It functions as a utility for secure document object model manipulation, ensuring that user-provided rich text can be rendered safely within web applications. The library distinguishes itself through a single-pass, mutation-observer-free processing model that operates on detached document fragments to avoid triggering unintended side effects. It employs recursive node traversal and context-aware logic to inspect a

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

ClamAV antivirus scanning for Node.js — scan file uploads with a single function call. Zero dependencies. Typed Symbol verdicts. Local or Docker/clamd.

Your users download a 4GB AI model, the connection drops at 3.8GB, verifyfetch resumes from 3.8GB and verifies every byte. Drop-in integrity verification for Transformers.js, WebLLM, and any large file in the browser.

js-xss is an HTML XSS sanitizer and whitelist-based HTML filter designed to remove malicious code from untrusted HTML. It serves as a tool for cross-site scripting prevention and user-generated content management by cleaning HTML strings to ensure safe browser rendering. The library includes a CSS style validator to scrub inline styles against a whitelist and an HTML content purifier capable of stripping all tags to extract raw text. It allows for custom HTML filtering through the definition of specific rules and handler functions to control permitted elements and attributes. The tool covers

WebFundamentals is a documentation build system and static site generator designed to automate the lifecycle of technical content. It provides a comprehensive web content pipeline that transforms markdown, HTML, and YAML source files into structured, navigable documentation sites. The project distinguishes itself through integrated support for multi-language content localization and automated build pipeline management. It handles complex site requirements by managing user language preferences, enforcing consistent code quality and style standards, and applying security-header middleware to re

Bootbox is a programmatic dialog library and JavaScript modal interface designed to create non-blocking alert, confirm, and prompt dialogs. It functions as a wrapper for the Bootstrap CSS framework, providing a toolkit to add stylized popup interactions to web interfaces. The library simulates native browser dialog behaviors through a programmatic API, replacing blocking alerts with asynchronous modal windows. It distinguishes itself by offering a localized interface design, allowing for the translation of dialog buttons and content across multiple languages using built-in or custom translati

TypeSpec is a language for defining cloud API shapes and generating OpenAPI, JSON Schema, and client/server code from a single source of truth. It functions as a protocol-agnostic API designer that models REST, gRPC, and other API protocols using a unified, extensible syntax, with a decorator-based metadata system for attaching metadata, validation rules, and lifecycle visibility to API models and operations. The compiler produces OpenAPI 3.0 specifications and other artifacts, and the tool supports declaring API versions and tracking changes to models, properties, and operations across releas

Koa is a lightweight web framework for Node.js designed for building HTTP applications and servers. It functions as an asynchronous middleware engine that processes network requests through a sequence of functions sharing a common context. The framework distinguishes itself by using an onion-model middleware stack and promise-based flow control. This architecture allows requests to flow downstream and responses to flow back upstream through the same chain, enabling non-blocking request cycles and a modular approach to handling network traffic. The system provides high-level capabilities for

Axios is an isomorphic, promise-based HTTP client designed for making asynchronous network requests across different JavaScript execution environments, including the browser and Node.js. It functions as a JSON API client that serializes JavaScript objects into JSON and parses server responses into structured data. The project features a system for managing reusable client instances with shared configurations, such as base URLs and default settings. It includes a mechanism for intercepting outgoing requests and incoming responses globally, allowing data to be transformed before it reaches the