sandworm-audit VS sandworm-guard-js

use https://github.com/sandworm-hq/sandworm-audit. if u run it for your app the deprecated libraries will show up in the list of issues found (contributor)

And as you add more dependencies, it’s time to also build security and compliance into your app early. Sandworm Audit is the open-source npm audit that doesn’t suck: it checks for multiple types of issues, like vulnerabilities or license compliance, it outputs SVG charts and CSVs, and you can also run it in your CI to enforce security rules. Check the docs and npx @sandworm/audit in your JavaScript app’s root to try it out 🪱.

This is why we've created Sinkchart - beautiful Visualizations For Your App's Dependencies

made with https://github.com/sandworm-hq/sinkchart

When building Sandworm’s open-source security & license compliance audits for JavaScript packages, we wanted to generate a catalog of beautiful report visualizations for every library in the npm registry. That is, for every version of every library in the registry. We soon found out — that’s more than 30 million package versions. Good luck generating, uploading, and keeping that amount of HTML pages up to date in a decent amount of time, right?

No whitepaper yet, but here's where the magic happens: https://github.com/sandworm-hq/sandworm-guard-js/blob/main/src/patch.js

You can use https://sandworm.dev to quickly inspect individual licenses for packages when considering adding them as a dependency (note: I'm one of the developers).

Hey all - we’re a small team of developers working on making Javascript more secure! We’re working on a OSS product named Sandworm.JS - a sandboxing & malware detection tool for npm packages. Would love to hear your feedback and feel free to try it out and contribute if you’re passionate about this topic: https://github.com/sandworm-hq/sandworm-js