{"id":18486837,"url":"https://github.com/sandworm-hq/sandworm-guard-js","last_synced_at":"2025-04-08T19:34:00.023Z","repository":{"id":47985575,"uuid":"515570659","full_name":"sandworm-hq/sandworm-guard-js","owner":"sandworm-hq","description":"Easy auditing \u0026 sandboxing for your JavaScript dependencies 🪱","archived":false,"fork":false,"pushed_at":"2023-03-15T08:35:12.000Z","size":4852,"stargazers_count":250,"open_issues_count":9,"forks_count":8,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-10-13T14:15:28.657Z","etag":null,"topics":["audit","compartments","compliance","dependencies","dependency-analysis","dynamic-analysis","hardening","intercept","lockdown","permission","permissions","sandbox","security","security-audit","security-tools","ses","supply-chain","vulnerability-scanners","zero-trust"],"latest_commit_sha":null,"homepage":"https://sandworm.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sandworm-hq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null},"funding":{"github":"sandworm-hq","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2022-07-19T12:13:12.000Z","updated_at":"2024-09-30T15:47:42.000Z","dependencies_parsed_at":"2023-02-08T09:00:56.054Z","dependency_job_id":null,"html_url":"https://github.com/sandworm-hq/sandworm-guard-js","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-guard-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-guard-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-guard-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandworm-hq%2Fsandworm-guard-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sandworm-hq","download_url":"https://codeload.github.com/sandworm-hq/sandworm-guard-js/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223343475,"owners_count":17129950,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","compartments","compliance","dependencies","dependency-analysis","dynamic-analysis","hardening","intercept","lockdown","permission","permissions","sandbox","security","security-audit","security-tools","ses","supply-chain","vulnerability-scanners","zero-trust"],"created_at":"2024-11-06T12:49:52.522Z","updated_at":"2024-11-06T12:50:31.060Z","avatar_url":"https://github.com/sandworm-hq.png","language":"JavaScript","funding_links":["https://github.com/sponsors/sandworm-hq"],"categories":["JavaScript"],"sub_categories":[],"readme":"\u003c!-- Sandworm Logo --\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"logo-dark.png\"\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"logo-light.png\"\u003e\n  \u003cimg alt=\"Sandworm\" src=\"logo-dark.png\" width=\"478\"\u003e\n\u003c/picture\u003e\n\n\u003c!-- A spacer --\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\nEasy auditing \u0026 sandboxing for your JavaScript dependencies 🪱\n\n---\n\n[![NPM][npm-version-image]][npm-version-url]\n[![License][license-image]][license-url]\n[![CircleCI][ci-image]][ci-url]\n[![Maintainability][cc-image]][cc-url]\n[![Test Coverage][coverage-image]][coverage-url]\n\n## TL;DR\n* Sandworm Guard intercepts all potentially harmful Node \u0026 browser APIs, like arbitrary code execution (`child_process.exec`) or network calls (`fetch`). It knows what packages are responsible for each call.\n* Simple obfuscation techniques can confuse static analysis tools, but Sandworm's dynamic analysis will always intercept risky calls at run time.\n* You can use Sandworm Guard to:\n  * [audit your dependencies](https://docs.sandworm.dev/#getting-started), monitor activity and permissions, and see what your code is doing under the hood using the Inspector;\n  * [generate a security profile](https://docs.sandworm.dev/test-framework-plugins) automatically from your test suite and do snapshot testing against it;\n  * [secure your app against supply chain attacks](https://docs.sandworm.dev/#enforcing-permissions) by enforcing per-module permissions.\n* Install it as an `npm` module in your existing Node or browser app.\n* Works in Node v15+ and [modern browsers](https://browsersl.ist/#q=defaults). Beta support for browsers and sourcemaps.\n\n### Getting Started\n\nAdd the Sandworm init call as the very first line of your app:\n\n```js\nrequire('@sandworm/guard').init({devMode: true}); // add `permissions: [...]` to enforce\n```\n\nThen launch the inspector tool with `npm run sandworm` or `yarn sandworm` to monitor activity and permissions.\n\n### Documentation\n\n\u003e [Read the full docs here](https://docs.sandworm.dev/guard).\n\n### Get Involved\n\n* Have a support question? [Post it here](https://github.com/sandworm-hq/sandworm-guard-js/discussions/categories/q-a).\n* Have a feature request? [Post it here](https://github.com/sandworm-hq/sandworm-guard-js/discussions/categories/ideas).\n* Did you find a security issue? [See SECURITY.md](contributing/security.md).\n* Did you find a bug? [Post an issue](https://github.com/sandworm-hq/sandworm-guard-js/issues/new/choose).\n* Want to write some code? See [CONTRIBUTING.md](contributing/).\n\n[npm-version-image]: https://img.shields.io/npm/v/sandworm?style=flat-square\n[npm-version-url]: https://www.npmjs.com/package/sandworm\n[license-image]: https://img.shields.io/npm/l/sandworm?style=flat-square\n[license-url]: https://github.com/sandworm-hq/sandworm-guard-js/blob/main/LICENSE\n[ci-image]: https://img.shields.io/circleci/build/github/sandworm-hq/sandworm-guard-js?style=flat-square\n[ci-url]: https://app.circleci.com/pipelines/github/sandworm-hq/sandworm-guard-js\n[cc-image]: https://api.codeclimate.com/v1/badges/edff60f7f06bb0c589aa/maintainability\n[cc-url]: https://codeclimate.com/github/sandworm-hq/sandworm-guard-js/maintainability\n[coverage-image]: https://api.codeclimate.com/v1/badges/edff60f7f06bb0c589aa/test_coverage\n[coverage-url]: https://codeclimate.com/github/sandworm-hq/sandworm-guard-js/test_coverage\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandworm-hq%2Fsandworm-guard-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsandworm-hq%2Fsandworm-guard-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandworm-hq%2Fsandworm-guard-js/lists"}