{"id":13621566,"url":"https://github.com/sandworm-hq/sandworm-audit","last_synced_at":"2025-04-15T01:33:09.772Z","repository":{"id":63917424,"uuid":"557192273","full_name":"sandworm-hq/sandworm-audit","owner":"sandworm-hq","description":"Security \u0026 License Compliance For Your App's Dependencies 🪱","archived":false,"fork":false,"pushed_at":"2024-09-01T12:49:11.000Z","size":1530,"stargazers_count":471,"open_issues_count":3,"forks_count":5,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-10-31T16:02:23.952Z","etag":null,"topics":["audit","cli","compliance","d3-visualization","dependencies","dependencies-graph","dependencies-tree","license-checking","license-compliance","license-management","sbom","security","security-tools","supply-chain","vulnerabilities","vulnerability","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://sandworm.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sandworm-hq.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"sandworm-hq","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2022-10-25T08:38:53.000Z","updated_at":"2024-10-29T13:19:11.000Z","dependencies_parsed_at":"2024-06-18T19:57:41.638Z","dependency_job_id":"003bf3ec-55ab-42a4-bd7d-8634ede60fa3","html_url":"https://github.com/sandworm-hq/sandworm-audit","commit_stats":{"total_commits":159,"total_committers":4,"mean_commits":39.75,"dds":0.02515723270440251,"last_synced_commit":"84c90c513ea3a0634c8d435bb26301c50f9e40c4"},"previous_names":["sandworm-hq/sandworm"],"tags_count":88,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sandworm-hq","download_url":"https://codeload.github.com/sandworm-hq/sandworm-audit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223545971,"owners_count":17163002,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cli","compliance","d3-visualization","dependencies","dependencies-graph","dependencies-tree","license-checking","license-compliance","license-management","sbom","security","security-tools","supply-chain","vulnerabilities","vulnerability","vulnerability-scanners"],"created_at":"2024-08-01T21:01:08.064Z","updated_at":"2024-11-08T08:31:06.617Z","avatar_url":"https://github.com/sandworm-hq.png","language":"JavaScript","funding_links":["https://github.com/sponsors/sandworm-hq"],"categories":["JavaScript","cli","security-tools"],"sub_categories":[],"readme":"\u003c!-- Sandworm Logo --\u003e\n\u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"logo-dark.png\"\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"logo-light.png\"\u003e\n \u003cimg alt=\"Sandworm Audit\" src=\"logo-dark.png\" width=\"478\"\u003e\n\u003c/picture\u003e\n\n\u003c!-- A spacer --\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\nBeautiful Security \u0026 License Compliance Reports For Your App's Dependencies 🪱\n\n## Summary\n\n- Free \u0026 open source command-line tool\n- Works with [npm](http://npmjs.com/), [Yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [Composer](https://getcomposer.org/)\n- Scans your project \u0026 dependencies for vulnerabilities, license, and metadata issues\n- Supports npm/Yarn/pnpm workspaces\n- Supports [marking issues as resolved](https://docs.sandworm.dev/audit/resolving-issues)\n- Supports [custom license policies](https://docs.sandworm.dev/audit/license-policies)\n- [Configurable fail conditions](https://docs.sandworm.dev/audit/fail-policies) for CI / GIT hook workflows\n- Can connect to [private/custom npm registries](https://docs.sandworm.dev/audit/custom-registries)\n- Outputs:\n - JSON issue \u0026 license usage reports\n - Easy to grok SVG dependency tree \u0026 treemap visualizations\n - Powered by D3\n - Overlays security vulnerabilities\n - Overlays package license info\n - CSV of all dependencies \u0026 license info\n\n### Generate a report\n\n![Running Sandworm Audit](https://assets.sandworm.dev/showcase/audit-terminal-output.gif)\n\n### Navigate charts\n\n![Sandworm treemap and tree dependency charts](https://assets.sandworm.dev/showcase/treemap-and-tree.png)\n\n### CSV output\n\n![Sandworm dependency CSV](https://assets.sandworm.dev/showcase/csv-snip.png)\n\n### JSON output\n\n```json\n{\n \"createdAt\": \"...\",\n \"packageManager\": \"...\",\n \"name\": \"...\",\n \"version\": \"...\",\n \"rootVulnerabilities\": [...],\n \"dependencyVulnerabilities\": [...],\n \"licenseUsage\": {...},\n \"licenseIssues\": [...],\n \"metaIssues\": [...],\n \"errors\": [...],\n}\n```\n\n![Marking issues as resolved](https://user-images.githubusercontent.com/5381731/224849330-226ef881-ffbf-4819-ba32-e434c8358f60.png)\n\n### Get Involved\n\n- Have a support question? [Post it here](https://github.com/sandworm-hq/sandworm-audit/discussions/categories/q-a).\n- Have a feature request? [Post it here](https://github.com/sandworm-hq/sandworm-audit/discussions/categories/ideas).\n- Did you find a security issue? [See SECURITY.md](SECURITY.md).\n- Did you find a bug? [Post an issue](https://github.com/sandworm-hq/sandworm-audit/issues/new/choose).\n- Want to write some code? See [CONTRIBUTING.md](CONTRIBUTING.md).\n\n## Get Started\n\n\u003e **Note**\n\u003e Sandworm Audit requires Node 14.19+.\n\nInstall `sandworm-audit` globally via your favorite package manager:\n\n```bash\nnpm install -g @sandworm/audit\n# or yarn global add @sandworm/audit\n# or pnpm add -g @sandworm/audit\n```\n\nThen, run `sandworm-audit` in the root directory of your application. Make sure there's a manifest and a lockfile.\n\nYou can also directly run without installing via:\n\n```bash\nnpx @sandworm/audit@latest\n# or yarn dlx -p @sandworm/audit sandworm\n# or pnpm --package=@sandworm/audit dlx sandworm\n```\n\nAvailable options:\n\n```\nOptions:\n -v, --version Show version number [boolean]\n --help Show help [boolean]\n -o, --output-path The path of the output directory, relative to the\n application path [string] [default: \"sandworm\"]\n -d, --include-dev Include dev dependencies[boolean] [default: false]\n --sv, --show-versions Show package versions in chart names\n [boolean] [default: false]\n -p, --path The path to the application to audit [string]\n --md, --max-depth Max depth to represent in charts [number]\n --ms, --min-severity Min issue severity to represent in charts [string]\n --lp, --license-policy Custom license policy JSON string [string]\n -f, --from Load data from \"registry\" or \"disk\"\n [string] [default: \"registry\"]\n --fo, --fail-on Fail policy JSON string [string] [default: \"[]\"]\n -s, --summary Print a summary of the audit results to the\n console [boolean] [default: true]\n --root-vulnerabilites Include vulnerabilities for the root project\n [boolean] [default: false]\n --skip-license-issues Skip scanning for license issues\n [boolean] [default: false]\n --skip-meta-issues Skip scanning for meta issues\n [boolean] [default: false]\n --skip-tree Don't output the dependency tree chart\n [boolean] [default: false]\n --force-tree Force build large dependency tree charts\n [boolean] [default: false]\n --skip-treemap Don't output the dependency treemap chart\n [boolean] [default: false]\n --skip-csv Don't output the dependency csv file\n [boolean] [default: false]\n --skip-report Don't output the report json file\n [boolean] [default: false]\n --skip-all Don't output any file [boolean] [default: false]\n --show-tips Show usage tips [boolean] [default: true]\n```\n\n### Documentation\n\n\u003e [Read the full docs here](https://docs.sandworm.dev/audit).\n\n## Samples on Sandworm.dev\n\n- [Apollo Client](https://sandworm.dev/npm/package/apollo-client)\n- [AWS SDK](https://sandworm.dev/npm/package/aws-sdk)\n- [Express](https://sandworm.dev/npm/package/express)\n- [Mocha](https://sandworm.dev/npm/package/mocha)\n- [Mongoose](https://sandworm.dev/npm/package/mongoose)\n- [Nest.js](https://sandworm.dev/npm/package/@nestjs/cli)\n- [Redis](https://sandworm.dev/npm/package/redis)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandworm-hq%2Fsandworm-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsandworm-hq%2Fsandworm-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandworm-hq%2Fsandworm-audit/lists"}