@sandworm/guard

Easy auditing & sandboxing for your JavaScript dependencies 🪱

TL;DR

• Sandworm Guard intercepts all potentially harmful Node & browser APIs, like arbitrary code execution (child_process.exec) or network calls (fetch). It knows what packages are responsible for each call.
• Simple obfuscation techniques can confuse static analysis tools, but Sandworm's dynamic analysis will always intercept risky calls at run time.
• You can use Sandworm Guard to:
  • audit your dependencies, monitor activity and permissions, and see what your code is doing under the hood using the Inspector;
  • generate a security profile automatically from your test suite and do snapshot testing against it;
  • secure your app against supply chain attacks by enforcing per-module permissions.
• Install it as an npm module in your existing Node or browser app.
• Works in Node v15+ and modern browsers. Beta support for browsers and sourcemaps.

Getting Started

Add the Sandworm init call as the very first line of your app:

require('@sandworm/guard').init({devMode: true}); // add `permissions: [...]` to enforce

Then launch the inspector tool with npm run sandworm or yarn sandworm to monitor activity and permissions.

Documentation

Read the full docs here.

Get Involved

• Have a support question? Post it here.
• Have a feature request? Post it here.
• Did you find a security issue? See SECURITY.md.
• Did you find a bug? Post an issue.
• Want to write some code? See CONTRIBUTING.md.

Repos

• The JavaScript Core
• Mocha Tests Plugin
• Jest Tests Plugin