Easy auditing & sandboxing for your JavaScript dependencies 🪱
- Sandworm Guard intercepts all potentially harmful Node & browser APIs, like arbitrary code execution (
child_process.exec) or network calls (fetch). It knows what packages are responsible for each call. - Simple obfuscation techniques can confuse static analysis tools, but Sandworm's dynamic analysis will always intercept risky calls at run time.
- You can use Sandworm Guard to:
- audit your dependencies, monitor activity and permissions, and see what your code is doing under the hood using the Inspector;
- generate a security profile automatically from your test suite and do snapshot testing against it;
- secure your app against supply chain attacks by enforcing per-module permissions.
- Install it as an
npmmodule in your existing Node or browser app. - Works in Node v15+ and modern browsers. Beta support for browsers and sourcemaps.
Add the Sandworm init call as the very first line of your app:
require('@sandworm/guard').init({devMode: true}); // add `permissions: [...]` to enforceThen launch the inspector tool with npm run sandworm or yarn sandworm to monitor activity and permissions.
- Have a support question? Post it here.
- Have a feature request? Post it here.
- Did you find a security issue? See SECURITY.md.
- Did you find a bug? Post an issue.
- Want to write some code? See CONTRIBUTING.md.
