node package manager

run-jst-snyk

Snyk.io Component

This is a run-jst component that detects vulnerable dependencies according to package.json submitted to Snyk.io backend.

Prerequisites

Installation

  • npm install -g run-jst-snyk

Configuration

.jst.yml configuration:

$:
  preprocess:
    '$.snyk.token': 'eval'
  snyk:
    token: 'process.env.JST_SNYK_API_TOKEN'     # Snyk.io API token
    # actionable: true                          # Show actionable items
    # dev: false                                # Analyze 'devDependencies'

.travis.yml configuration:

script: 'jst run unit -c run-jst-snyk'  
before_install:
  # other before_install scripts...
  - 'npm install -g run-jst-snyk'

Add the Snyk.io API Token to .travis.yml:

jst travis encrypt -x 'JST_SNYK_API_TOKEN=1234'

If you are using Travis Pro read this guide to properly encrypt the environment variable

Usage

JST_SNYK_API_TOKEN=1234 jst run unit -c run-jst-snyk