Sandworm favicon

Sandworm
Easy Security & License Audits For JavaScript And PHP Dependencies

What is Sandworm?

Sandworm performs static and dynamic analysis of millions of code packages to identify security vulnerabilities and license compliance issues within software supply chains. The platform generates detailed audit reports that cover security vulnerabilities, license permissions, metadata issues, and dependency visualization.

The tool supports multiple package managers including npm, Yarn, pnpm, and Composer, with plans to expand to CycloneDX, pip, and maven. It outputs JSON issue reports, license usage data, CSV dependency information, and provides visualizations of dependency trees and treemaps for enhanced analysis.

Features

  • Security Vulnerability Scanning: CVE scan for entire dependency tree to identify security risks
  • License Compliance Analysis: Set granular license permissions and perform OSI & SPDX compliance checks
  • Dependency Visualization: Generate easy-to-read dependency tree and treemap visualizations
  • Multiple Package Manager Support: Works with npm, Yarn, pnpm, and Composer
  • Report Generation: Outputs JSON issue reports, license usage data, and CSV dependency information

Use Cases

  • Auditing JavaScript dependencies for security vulnerabilities
  • Checking PHP project dependencies for license compliance
  • Monitoring GitHub repositories for dependency issues
  • Generating compliance reports for software supply chains
  • Visualizing dependency trees for complex applications

FAQs

  • What package managers does Sandworm support?
    Sandworm currently supports npm, Yarn, pnpm, and Composer, with plans to add support for CycloneDX, pip, and maven in the future.
  • What types of issues does Sandworm detect?
    Sandworm detects security vulnerabilities, license compliance issues, metadata problems, deprecated packages, install scripts, and repository checks.
  • How does Sandworm generate reports?
    Sandworm outputs JSON issue reports, license usage data, CSV dependency information, and provides dependency tree and treemap visualizations.
  • What is included in the free tier?
    The free tier includes one monthly security and license audit report per repository (limited to main branch), CVE scanning, license compliance checks, metadata issue detection, and visualizations with community support.

Related Queries

Helpful for people in the following professions

Blogs:

  • Best Content Automation AI tools

    Best Content Automation AI tools

    Streamline your content creation process, enhance productivity, and elevate the quality of your output effortlessly. Harness the power of cutting-edge automation technology for unparalleled results

  • AI Testimonial Videos: How to Build Social Proof That Actually Converts

    AI Testimonial Videos: How to Build Social Proof That Actually Converts

    AI testimonial videos are transforming marketing in 2026 by helping businesses create professional customer-style videos quickly and affordably. Using real customer reviews, short scripts, and AI tools like Pollo AI, brands can produce engaging testimonials for social media, landing pages, and ads while saving time and improving conversions.

  • AI thumbnail maker tools

    AI thumbnail maker tools

    Automatically generate visually appealing and optimized thumbnails for various digital content, streamlining the design process and enhancing visual engagement

Didn't find tool you were looking for?

Be as detailed as possible for better results