ResourcesTutorialThreat MonitorAutomated Vulnerability Report For NPM Packages

Automated Vulnerability Report For NPM Packages

In this tutorial, we will create our very first workflow using the AI Agent Sandbox example in GripoFlow.

JavaScript Package Vulnerability Scanner Workflow

This workflow will:

  • Fetch JavaScript packages from a GitHub repository
  • Scan packages for vulnerabilities
  • Generate a detailed security report
  • Automatically send the report through email

Prerequisites

Before starting, make sure:

  • You already have a GripoGPT connection configured
  • You already have sandboxes created that will be used in this workflow

Step 1: Create Workflow

Go to the Workflow section and click on Create Workflow.

Fill in the workflow details:

  • Name: JavaScript Package Vulnerability Scanner
  • Description: Workflow to scan JavaScript packages and send vulnerability reports
  • Retries: Configure if needed
  • Tags: Add tags according to your project
  • Trigger Type: Select On Demand

You can skip the second step or optionally add variables.

Click on the Submit button.

Step 2: Add Get Packages Sandbox

Now the workflow is created.

Click on the Plus (+) button to add a new node.

From the applications list:

  1. Select Sandbox
  2. Choose Bash from the action list

A form will appear.

Inside the form:

  • Select Get Packages JSON Sandbox from the dropdown
  • Go to the Script field
  • Paste the script for fetching packages from the GitHub repository

This script will fetch package JSON files from the repository.

Click on the Submit button.

The first sandbox is now added successfully.

Step 3: Add Review Packages Sandbox

Click on the Plus (+) button again.

From the applications list:

  1. Select Sandbox
  2. Choose Bash

Now select:

Review Packages JSON Sandbox

Go to the Script field and paste the review script.

This sandbox will:

  • Scan all JSON packages
  • Detect vulnerabilities
  • Identify outdated versions
  • Review security issues

Click on the Submit button.

Now the workflow will automatically review and analyze all package files.

Step 4: Create Final Report

To generate the final vulnerability report, add another sandbox.

Click on the Plus (+) button.

Then:

  1. Select Sandbox
  2. Choose Bash

From the dropdown, select:

Template Report Sandbox

Now go to the Script field and paste the report generation script.

This sandbox will generate a complete formatted vulnerability report using the scan results.

Click on the Submit button.

Step 5: Send Report Through Email

Now we will send the generated report through email automatically.

Click on the Plus (+) button again.

From the applications list:

  1. Select Email

A form will appear.

Fill in the required details:

  • Recipient email
  • Sender email
  • connection
  • Message body
  • Email format
  • Email Subject

After filling out the form, click on the Submit button.

Step 6: Save and Run Workflow

Now your workflow is ready.

Click on the Save button to save the workflow.

After saving, click on the Run button to test whether the workflow is working correctly.

The workflow will now:

  • Fetch packages from the GitHub repository
  • Review package vulnerabilities
  • Generate a detailed report
  • Send the report automatically through email

Step 7: Monitor Workflow Execution

You can monitor every step of the workflow from the Execution section.

Inside Execution logs, you can view:

  • Activity logs
  • Outputs
  • Errors
  • Sandbox execution details
  • Email delivery status

This helps you debug and monitor your workflow in real time.

Conclusion

With GripoFlow, you can automate complex security and DevOps tasks using AI agents and sandbox environments without manual effort.

Using reusable sandboxes and automated workflows, teams can build faster, smarter, and more reliable security operations directly inside GripoFlow.

For a complete visual walkthrough of this workflow, you can watch the video tutorial below to see each step in action.
Watch the full demo video here 👇