Easy auditing & sandboxing for your JavaScript dependencies 🪱
- Sandworm Guard intercepts all potentially harmful Node & browser APIs, like arbitrary code execution (
child_process.exec
) or network calls (fetch
). It knows what packages are responsible for each call. - Simple obfuscation techniques can confuse static analysis tools, but Sandworm's dynamic analysis will always intercept risky calls at run time.
- You can use Sandworm Guard to:
- audit your dependencies, monitor activity and permissions, and see what your code is doing under the hood using the Inspector;
- generate a security profile automatically from your test suite and do snapshot testing against it;
- secure your app against supply chain attacks by enforcing per-module permissions.
- Install it as an
npm
module in your existing Node or browser app. - Works in Node v15+ and modern browsers. Beta support for browsers and sourcemaps.
Add the Sandworm init call as the very first line of your app:
require('@sandworm/guard').init({devMode: true}); // add `permissions: [...]` to enforce
Then launch the inspector tool with npm run sandworm
or yarn sandworm
to monitor activity and permissions.
- Have a support question? Post it here.
- Have a feature request? Post it here.
- Did you find a security issue? See SECURITY.md.
- Did you find a bug? Post an issue.
- Want to write some code? See CONTRIBUTING.md.