sandworm

1.18.0 • Public • Published
Sandworm

 

Beautiful Visualizations For Your App's Dependencies 🪱

  • Outputs SVGs
  • Powered by D3
  • Overlays security vulnerabilities
  • Overlays package license info
  • Works with npm, yarn, and pnpm
  • Made by the team behind Sandworm - Easy auditing & sandboxing for your JavaScript dependencies

Sandworm Tooltips

Warning Sandworm does NOT currently support workspaces.

Get Involved

Install

yarn global add sandworm # or npm install -g sandworm

Options

Options:
      --version          Show version number                           [boolean]
      --help             Show help                                     [boolean]
  -o, --output           The name of the output directory, relative to the
                         application path        [string] [default: ".sandworm"]
  -d, --include-dev      Include dev dependencies     [boolean] [default: false]
  -v, --show-versions    Show package versions        [boolean] [default: false]
  -t, --type             Visualization type[string] [choices: "tree", "treemap"]
  -p, --path             The application path    [string] [default: current dir]
      --md, --max-depth  Max depth to represent                         [number]

Chart Types

Treemap

  • Node colors represent the dependency depth;
  • Node surface represents the size of the corresponding directory under node_modules;
  • A dotted pattern in a node background means the package is a shared dependency, required by multiple packages, and present multiple times in the chart;
  • Shared dependency sizes are added to every dependent package, to represent the independent size structure properly; hence, the displayed size might be larger than the actual size on disk;
  • A red package background means the package has direct vulnerabilities;
  • A purple package background means the package depends on other vulnerable packages;
  • Click on a node to make the tooltip persist; click outside to close it;
  • When representing deep dependencies, the surface area of certain packages might reach zero, making them invisible.

Sandworm Treemap Chart

Tree

  • Nodes are grouped by color based on the root dependency that they belong to;
  • Red text in a package name means the package has direct vulnerabilities;
  • Purple text in a package name means the package depends on other vulnerable packages;
  • Click on a node to make the tooltip persist; click outside to close it;
  • By default, the tree chart has a maximum depth of 7, meaning only seven levels of dependencies will be represented, to keep the output readable; you can override this using the --md option.

Sandworm Tree Chart

Samples

Package Sidebar

Install

npm i sandworm

Homepage

sandworm.dev

Weekly Downloads

2,181

Version

1.18.0

License

MIT

Unpacked Size

653 kB

Total Files

20

Last publish

Collaborators

  • gabidobocan