Beautiful security & license compliance reports for your app’s dependencies. Scans your project and dependencies for vulnerabilities, license & metadata issues, and more.
It’s free and
open source, and works with any JavaScript package manager. Run
npx @sandworm/audit@latest
in the terminal or in your CI / Git Hook workflows.
Outputs JSON issue and license usage reports, direct and transient dependency data as CSV, as well as easy to read dependency tree and treemap visualizations.
Sandworm Guard intercepts all potentially harmful Node & browser APIs, like arbitrary code execution or network calls.
Audit your dependencies, monitor activity and permissions, and see what your code is doing under the hood.
Secure your app against supply chain attacks by enforcing a per-dependency permissions policy, with granular API access.