Sandworm
HomepageGitHub
  • Sandworm Audit
    • Getting Started
    • How It Works
    • Configuration
    • Issue Types
    • Resolved Issues
    • License Policies
    • Fail Policies
    • Custom Registries
    • Chart Info
  • Sandworm Guard
    • Overview
    • Getting Started
    • Supported Methods
    • Enforcing Permissions
    • Describing Permissions
    • Caller Module Paths
    • Configuration
    • Bundlers & Sourcemaps
  • Snapshot Testing
  • Contributing
    • Code of Conduct
    • Security Policy
Powered by GitBook
On this page
  • Treemap
  • Tree

Was this helpful?

Edit on GitHub
  1. Sandworm Audit

Chart Info

PreviousCustom RegistriesNextSandworm Guard

Last updated 2 years ago

Was this helpful?

Treemap

Sandworm Treemap
  • Node colors represent the dependency depth;

  • Node surface represents the size of the corresponding directory under node_modules;

  • A dotted pattern in a node background means the package is a shared dependency, required by multiple packages, and present multiple times in the chart;

  • Shared dependency sizes are added to every dependent package, to represent the independent size structure properly; hence, the displayed size might be larger than the actual size on disk;

  • A red package background means the package has direct vulnerabilities;

  • A purple package background means the package depends on other vulnerable packages;

  • Click on a node to make the tooltip persist; click outside to close it;

  • When representing deep dependencies, the surface area of certain packages might reach zero, making them invisible.

Tree

  • Nodes are grouped by color based on the root dependency that they belong to;

  • Red text in a package name means the package has direct vulnerabilities;

  • Purple text in a package name means the package depends on other vulnerable packages;

  • Click on a node to make the tooltip persist; click outside to close it;

  • By default, the tree chart has a maximum depth of 7, meaning only seven levels of dependencies get represented, to keep the output readable; you can override this using the --md option.

Sandworm Tree

Sample tree for Express@4.18.2
Sample treemap for Express@4.18.2