Sandworm Audit

Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱

Summary
Free & open source command-line tool
Works with any modern JavaScript package manager
Scans your project & dependencies for vulnerabilities, license, and misc issues
Supports workspaces
Supports marking issues as resolved​
Supports custom license policies​
​Configurable fail conditions for CI / GIT hook workflows
Can connect to private/custom registries​
Outputs:
JSON issue & license usage reports
Easy to grok SVG dependency tree & treemap visualizations
Powered by D3
Overlays security vulnerabilities
Overlays package license info
csv of all dependencies & license info
Generate a report
Running Sandworm Audit
Navigate charts
Sandworm treemap and tree dependency charts
csv output
Sandworm dependency csv
JSON output
report.json
1
{
2
  "createdAt": "...",
3
  "packageManager": "...",
4
  "name": "...",
5
  "version": "...",
6
  "rootVulnerabilities": [...],
7
  "dependencyVulnerabilities": [...],
8
  "licenseUsage": {...},
9
  "licenseIssues": [...],
10
  "metaIssues": [...],
11
  "errors": [...],
12
}
Marking issues as resolved
Using sandworm resolve
Get involved
Have a support question? Post it here.
Have a feature request? Post it here.
Did you find a security issue? See SECURITY.md.
Did you find a bug? Post an issue.
Want to write some code? See CONTRIBUTING.md.
Beta: visualizations on sandworm.dev
Simple HTML visualizations on top of Sandworm data for all existing npm packages are available in beta on sandworm.dev. Here are a few links to get you exploring:
​Apollo Client​
​AWS SDK​
​Express​
​Mocha​
​Mongoose​
​Nest.js​
​Redis​

Getting Started

Last modified 1mo ago