Links

Sandworm Audit

Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱

Summary

  • Free & open source command-line tool
  • Works with any modern JavaScript package manager
  • Scans your project & dependencies for vulnerabilities, license, and misc issues
  • Supports workspaces
  • Configurable fail conditions for CI / GIT hook workflows
  • Can connect to private/custom registries
  • Outputs:
    • JSON issue & license usage reports
    • Easy to grok SVG dependency tree & treemap visualizations
      • Powered by D3
      • Overlays security vulnerabilities
      • Overlays package license info
    • csv of all dependencies & license info

Generate a report

Running Sandworm Audit
Sandworm treemap and tree dependency charts

csv output

Sandworm dependency csv

JSON output

report.json
1
{
2
"createdAt": "...",
3
"packageManager": "...",
4
"name": "...",
5
"version": "...",
6
"rootVulnerabilities": [...],
7
"dependencyVulnerabilities": [...],
8
"licenseUsage": {...},
9
"licenseIssues": [...],
10
"metaIssues": [...],
11
"errors": [...],
12
}

Marking issues as resolved

Using sandworm resolve

Get involved

Beta: visualizations on sandworm.dev

Simple HTML visualizations on top of Sandworm data for all existing npm packages are available in beta on sandworm.dev. Here are a few links to get you exploring:
Last modified 6mo ago