Sandworm Audit
Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱
Summary
Free & open source command-line tool
Works with any modern JavaScript package manager
Scans your project & dependencies for vulnerabilities, license, and misc issues
Supports workspaces
Supports marking issues as resolved
Supports custom license policies
Configurable fail conditions for CI / GIT hook workflows
Can connect to private/custom registries
Outputs:
JSON issue & license usage reports
Easy to grok SVG dependency tree & treemap visualizations
Powered by D3
Overlays security vulnerabilities
Overlays package license info
csv of all dependencies & license info
Generate a report

Navigate charts

csv output

JSON output
{
"createdAt": "...",
"packageManager": "...",
"name": "...",
"version": "...",
"rootVulnerabilities": [...],
"dependencyVulnerabilities": [...],
"licenseUsage": {...},
"licenseIssues": [...],
"metaIssues": [...],
"errors": [...],
}
Marking issues as resolved

Get involved
Have a support question? Post it here.
Have a feature request? Post it here.
Did you find a security issue? See SECURITY.md.
Did you find a bug? Post an issue.
Want to write some code? See CONTRIBUTING.md.
Beta: visualizations on sandworm.dev
Simple HTML visualizations on top of Sandworm data for all existing npm packages are available in beta on sandworm.dev. Here are a few links to get you exploring:
Last updated
Was this helpful?