Sandworm Audit

Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱

Summary

  • Free & open source command-line tool

  • Works with any modern JavaScript package manager

  • Scans your project & dependencies for vulnerabilities, license, and misc issues

  • Supports workspaces

  • Configurable fail conditions for CI / GIT hook workflows

  • Outputs:

    • JSON issue & license usage reports

    • Easy to grok SVG dependency tree & treemap visualizations

      • Powered by D3

      • Overlays security vulnerabilities

      • Overlays package license info

    • csv of all dependencies & license info

Generate a report

csv output

JSON output

report.json
{
  "createdAt": "...",
  "packageManager": "...",
  "name": "...",
  "version": "...",
  "rootVulnerabilities": [...],
  "dependencyVulnerabilities": [...],
  "licenseUsage": {...},
  "licenseIssues": [...],
  "metaIssues": [...],
  "errors": [...],
}

Marking issues as resolved

Using sandworm resolve

Get involved

Beta: visualizations on sandworm.dev

Simple HTML visualizations on top of Sandworm data for all existing npm packages are available in beta on sandworm.dev. Here are a few links to get you exploring:

Last updated