Easy auditing & sandboxing for JS dependencies

Sandworm statically & dynamically analyses over 2M JavaScript packages to offer zero day, real time protection against malicious scripts.

Install Sandworm Audit

Install Sandworm Guard

Sandworm Audit

Security & License Compliance

Beautiful security & license compliance reports for your app’s dependencies. Scans your project and dependencies for vulnerabilities, license & metadata issues, and more.

It’s free and open source, and works with any JavaScript package manager. Run npx @sandworm/audit@latest in the terminal or in your CI / Git Hook workflows.

Outputs JSON issue and license usage reports, direct and transient dependency data as CSV, as well as easy to read dependency tree and treemap visualizations.

Install Sandworm Audit

Read the Sandworm Audit docs

Supports:

npm

yarn

pnpm

CycloneDX (coming soon)

pip (coming soon)

maven (coming soon)

Sandworm Guard

Sandbox & Monitor Your Dependencies

Sandworm Guard intercepts all potentially harmful Node & browser APIs, like arbitrary code execution or network calls.

Audit your dependencies, monitor activity and permissions, and see what your code is doing under the hood.

Secure your app against supply chain attacks by enforcing a per-dependency permissions policy, with granular API access.

Install Sandworm Guard

Read the Sandworm Guard docs

Supported methods

AudioContext

BackgroundFetchManager

BackgroundTasks

Beacon

Bluetooth

Clipboard

ContactsManager

ContentIndex

CookieStore

CredentialsContainer

EventSource

Fetch

child_process

cluster

dgram

dns

fetch

eval

fs

http

http

http2

https

inspector

net

os

process

timers

tls

trace_events

v8

vm

wasi

worker_threads

Latest from Sandworm

See all articles