Sandworm
Keep Your JavaScript Code Secure and Compliant with Sandworm
Start new thread
SebiVaduva

Sandworm - Keep your JavaScript code secure and compliant with Sandworm

by
Sandworm
ā€¢
Sandworm audits your project and dependencies for vulnerabilities, license issues, and more. Works with any JS package manager, generates visualizations and a CSV report about license info. Secure and ensure compliance for your app's dependencies.

Add a comment

Replies

Best
SebiVaduva
Maker
šŸ“Œ
Hey everyone, I'm excited to share with you Sandworm Audit! As a developer, I know how important it is to keep your app's dependencies secure and compliant. That's why I created Sandworm Audit, a free and open source command-line tool that helps you scan your project and dependencies for vulnerabilities, license issues, and other misc problems. With Sandworm, you can easily generate JSON reports on issue and license usage, visualize your dependency tree and treemap with SVG charts powered by D3, and even overlay security vulnerabilities and package license info. Plus, you get a handy CSV of all your dependencies and their license information. Here's what you get with Sandworm: āœ” Beautiful, easy-to-read charts to help you visualize your dependency structure āœ” Machine-readable JSON output of all the audit data āœ” A comprehensive CSV of all your dependencies with license, size, and parent info āœ” Scans for CVE vulnerabilities and common indicators of risk or poor quality And it's super easy to use - just install with npm, yarn, or pnpm, and run the `sandworm-audit` command in your project root directory. Get started with Sandworm today and keep your app's dependencies secure and compliant! Have any questions or feedback? Let me know in the comments. āœØ"
Tabrez Syed
This looks really useful!
Yousaf Ishaq
@sebivaduva This looks amazing. I will definitely give it a try.
Gabe Moronta
@sebivaduva Congrats on this launch!
Jo Rond
@sebivaduva looks like a very helpful project, congrats!
Dmitry Sytsevich
Hello šŸ‘‹ Great job on getting your startup on the Product Hunt! šŸ¤ I'm going to check out this product. I've just got a single question. What inspired you to create it?
Andrei Marinescu
Maker
@dmitry_sytsevich Thanks Dmitry! We've started building Sandworm because we faced all these issues as developers ourselves. Given enough time, we've all depended on a library that turned rogue and published malicious code. It's all to easy to just pull a library in your codebase, just to later find out that it's licensed under a restrictive OSS license or it's vulnerable to one thing or another. Sandworm aims to make this whole management process just a bit more predictable and secure.
Paolo De Giglio šŸš€
Wow! šŸ¤© Congratulations on the launch of Sandworm Audit on Product Hunt! šŸŽ‰ I'm definitely gonna be recommending this to all the developers I know - it looks like an incredibly useful tool for keeping our apps secure and compliant. šŸ” Plus, the charts and JSON reports look so helpful for visualizing and understanding our dependencies! šŸ“Š I'm sure I'll be using Sandworm Audit for all my future projects. šŸ’» Thanks for making this awesome tool available to everyone. šŸ™Œ
Andrei Marinescu
Maker
@paolo_degiglio Thank you so much Paolo! We're extremely excited to share this with the world. Looking forward to seeing what Sandworm will uncover in the wild!
John Smith
Greetings! Fantastic work on getting Sandworm on the Product Hunt! I'll experiment with this product. How many users do you have so far?
Doğukan Tezcan
Good job team Congrats!
Aliaksei Saskevich
Wow hunters . Well done on getting your startup on the Product Hunt! Looks like it's a game-changer! I'll test it! Let me ask you something. What do you think makes it stand out from the competition?
Abdullah Chaudhry
Open Source license compliance is one of the more commonly overlooked things in any org I've been a part of.
SebiVaduva
Maker
@abdullah_chaudhry1 Thanks for your input - indeed this is a topic we feel needs more awareness going forward
Andrew Philip
I've been using this for a few weeks now and I love it - it's so easy to track all vulnerabilities and license issues inside our app
SebiVaduva
Maker
@andrew_philip1 That's awesome to hear - looking forward to more feedback from happy users!
Mohcine Heddi
Great work! here is the github repo if anyone wants to inspect the code: https://github.com/sandworm-hq/s...
Christopher Ries
šŸ’” Bright idea
Super useful. Are you able to determine app layer vulnerabilities (I.E. OWASP Top Ten) with Sandworm?
Andrei Marinescu
Maker
@cjries Hey, Christopher! While we're not scanning for these specifically, we should be able to detect if any of these vulnerabilities are being actively used for an exploit. For example, we might not detect that you're leaking sensitive information in the front-end layer. We will however detect any attempts to hijack this data and send it elsewhere.
1234
Next
Last