sandworm-mocha
sandworm-guard-js
Our great sponsors
| sandworm-mocha | sandworm-guard-js | |
|---|---|---|
| 1 | 9 | |
| 5 | 248 | |
| - | 0.4% | |
| 0.0 | 0.0 | |
| over 1 year ago | about 1 year ago | |
| JavaScript | JavaScript | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sandworm-mocha
-
Easy auditing & sandboxing for your JavaScript dependencies. Fine grained permissions system for npm packages.
Yes, you can use it for security by locking down which dependencies can execute which methods in your app. But you can also use it for auditing and documenting your app's supply chain security profile, then snapshot testing against that using the Jest and Mocha plugins.
sandworm-guard-js
- Sandworm: Keep Your JavaScript Code Secure and Compliant
-
Running Eleventy Serverless On AWS Lambda@Edge
When building Sandworm’s open-source security & license compliance audits for JavaScript packages, we wanted to generate a catalog of beautiful report visualizations for every library in the npm registry. That is, for every version of every library in the registry. We soon found out — that’s more than 30 million package versions. Good luck generating, uploading, and keeping that amount of HTML pages up to date in a decent amount of time, right?
-
FOSS: Sandworm - Easy auditing & sandboxing for JS dependencies
No whitepaper yet, but here's where the magic happens: https://github.com/sandworm-hq/sandworm-guard-js/blob/main/src/patch.js
-
[AskJS] Open source license compliance
You can use https://sandworm.dev to quickly inspect individual licenses for packages when considering adding them as a dependency (note: I'm one of the developers).
- Sandworm.JS - dynamically analyses over 2M javascript packages to offer zero day, real time protection against malicious scripts.
- Dynamic analysis for JS dependencies + intercepts all potentially harmful Node & browser APIs, like arbitrary code execution or network calls
- Show HN: Sandworm.js-Security audit& fine grained permissions for NPM packages
-
Sandworm.JS - npm module permissions system
Hey all - we’re a small team of developers working on making Javascript more secure! We’re working on a OSS product named Sandworm.JS - a sandboxing & malware detection tool for npm packages. Would love to hear your feedback and feel free to try it out and contribute if you’re passionate about this topic: https://github.com/sandworm-hq/sandworm-js
What are some alternatives?
sandworm-jest - Security Snapshot Testing Inside Your Jest Test Suite 🪱
CodeBox - A sandbox coding environment - desktop app, inspired by CodePen and JSFiddle
Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
sandworm-audit - Security & License Compliance For Your App's Dependencies 🪱
SES-shim - Endo is a distributed secure JavaScript sandbox, based on SES
fetch-intercept - Interceptor library for the native fetch command inspired by angular http intercepts.
overlay - Overlay is a browser extension helping developers evaluate open source packages before picking them
Next.js - The React Framework
serverless-graphql - Serverless GraphQL Examples for AWS AppSync and Apollo
eleventy 🕚⚡️ - A simpler site generator. Transforms a directory of templates (of varying types) into HTML.
Gatsby - The best React-based framework with performance, scalability and security built in.
11ty-lambda-edge-demo - A simple tutorial for running Eleventy Serverless on AWS Lambda@Edge