Easy auditing & sandboxing for your JavaScript dependencies
TL;DR
- Sandworm intercepts all sensitive Node & browser APIs, like
child_process.exec
orfetch
. - It also knows what modules are responsible for each call.
- You can use it to:
- audit your dependencies and see what your code is doing under the hood;
- secure your app against supply chain attacks by enforcing per-module permissions.
- Install it as an
npm
module in your existing Node or browser app. - Use the Inspector CLI tool to monitor activity and permissions.
- Works in Node v15+ and modern browsers.
- Beta support for browsers and sourcemaps.
Getting Started
Add the Sandworm init call as the very first line of your app:
require('sandworm').init({devMode: true}); // add `permissions: [...]` when moving to prod
Then launch the inspector tool with npm run sandworm
or yarn sandworm
to monitor activity and permissions.
Documentation
Get Involved
- Have a support question? Post it here.
- Have a feature request? Post it here.
- Did you find a security issue? See SECURITY.md.
- Did you find a bug? Post an issue.
- Want to write some code? See CONTRIBUTING.md.