I wanted a quick local way to review my own Docker Compose stacks before assuming a service was private, behind a reverse proxy, or only bound to localhost.
ExposeMap is a small open-source CLI that reads a docker-compose.yml file and reports exposure hints: internal, localhost-only, directly exposed from Compose config, reverse-proxy exposed, or unknown.
It generates a Markdown report and Mermaid diagram. It checks common port mappings, localhost bindings, Traefik-style labels, likely reverse proxy services, and risky directly published database/admin ports.
Important limitation: it does not prove internet reachability, run network scans, connect to containers, modify Compose files, inspect secrets, or upload anything.
GitHub: https://github.com/kaibuild/exposemap
I’m especially looking for sanitized Compose edge cases where the classification is misleading or the wording should be clearer.
I don’t get why people don’t try to use other languages for these type of CLI tools. I get that they are familiar with JavaScript, but npm is a nightmare right now and I wouldn’t install anything with it for some time.
There’s always shell scripting available, also Go, Rust and lots of other options (I specifically don’t mention Python, as pip is also a bit problematic).