sandworm
v1.18.0
Beautiful Visualizations For Your App's Dependencies 🪱
0/weekUpdated 2 years agoMITUnpacked: 653.0 KB
Published by Sandworm
npm install sandworm
Beautiful Visualizations For Your App's Dependencies 🪱
* Outputs SVGs
* Powered by D3
* Overlays security vulnerabilities
* Overlays package license info
* Works with npm, yarn, and pnpm
* Made by the team behind Sandworm - Easy auditing & sandboxing for your JavaScript dependencies
> Warning
> Sandworm does NOT currently support workspaces.
$3
* Have a support question? Post it here.
* Have a feature request? Post it here.
* Did you find a security issue? See SECURITY.md.
* Did you find a bug? Post an issue.
* Want to write some code? See CONTRIBUTING.md.
Install
``bash`
yarn global add sandworm # or npm install -g sandworm
Options
`
Options:
--version Show version number [boolean]
--help Show help [boolean]
-o, --output The name of the output directory, relative to the
application path [string] [default: ".sandworm"]
-d, --include-dev Include dev dependencies [boolean] [default: false]
-v, --show-versions Show package versions [boolean] [default: false]
-t, --type Visualization type[string] [choices: "tree", "treemap"]
-p, --path The application path [string] [default: current dir]
--md, --max-depth Max depth to represent [number]
Chart Types
$3
* Node colors represent the dependency depth;
* Node surface represents the size of the corresponding directory under node_modules
;
* A dotted pattern in a node background means the package is a shared dependency, required by multiple packages, and present multiple times in the chart;
* Shared dependency sizes are added to every dependent package, to represent the independent size structure properly; hence, the displayed size might be larger than the actual size on disk;
* A red package background means the package has direct vulnerabilities;
* A purple package background means the package depends on other vulnerable packages;
* Click on a node to make the tooltip persist; click outside to close it;
* When representing deep dependencies, the surface area of certain packages might reach zero, making them invisible.$3
* Nodes are grouped by color based on the root dependency that they belong to;
* Red text in a package name means the package has direct vulnerabilities;
* Purple text in a package name means the package depends on other vulnerable packages;
* Click on a node to make the tooltip persist; click outside to close it;
* By default, the tree chart has a maximum depth of 7, meaning only seven levels of dependencies will be represented, to keep the output readable; you can override this using the --md` option.Samples
* Apollo Client 3.7.1
* Tree
* Treemap
* AWS SDK 2.1218.0
* Tree
* Treemap
* Express 4.18.1
* Tree
* Treemap
* Mocha 10.1.0
* Tree
* Treemap
* Mongoose 6.7.0
* Tree
* Treemap
* Nest.js 9.1.2
* Tree
* Treemap
* Redis 4.3.1
* Tree
* Treemap
* NPM CLI 9.0.0
* Tree
* Treemap
* React Router 6.4.2
* Tree
* Treemap
* Webpack Dev Server 4.11.1
* Tree
* Treemap