| description |
|---|
Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱 |
- Free & open source command-line tool
- Works with any modern JavaScript package manager
- Scans your project & dependencies for vulnerabilities, license, and misc issues
- Supports workspaces
- Supports marking issues as resolved
- Supports custom license policies
- Configurable fail conditions for CI / GIT hook workflows
- Can connect to private/custom registries
- Outputs:
- JSON issue & license usage reports
- Easy to grok SVG dependency tree & treemap visualizations
- Powered by D3
- Overlays security vulnerabilities
- Overlays package license info
- csv of all dependencies & license info
{% code title="report.json" overflow="wrap" lineNumbers="true" %}
{
"createdAt": "...",
"packageManager": "...",
"name": "...",
"version": "...",
"rootVulnerabilities": [...],
"dependencyVulnerabilities": [...],
"licenseUsage": {...},
"licenseIssues": [...],
"metaIssues": [...],
"errors": [...],
}{% endcode %}
- Have a support question? Post it here.
- Have a feature request? Post it here.
- Did you find a security issue? See SECURITY.md.
- Did you find a bug? Post an issue.
- Want to write some code? See CONTRIBUTING.md.
Simple HTML visualizations on top of Sandworm data for all existing npm packages are available in beta on sandworm.dev. Here are a few links to get you exploring: