Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.
npm install -g snyk.
For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
snyk [options] [command] [package]
snyk --help to get a quick overview of all commands or for full details on the CLI read the snyk.io CLI docs.
The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.
snyk teston a project either as a one off or as part of your CI process.
snyk wizardwalks you through finding and fixing know vulnerabilities in your project. Remidiation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only)
snyk protectyour code from vulnerabilities by applying patches and optionally suppressing specific vulnerabilities.
snyk monitorrecords the state of dependencies and any vulnerabilities on snyk.io so you can be alerted when new vulnerabilities or updates/patches are disclosed that affect your repositories.
snyk testas part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added.
If using this package from the repo directly, you'll need to first build the custom lodash by running:
npm run build
This will create a
dist directory with the minimal lodash file.
When using the package via npm, the build is not needed as the
dist directory is already included in the npm package.
Once you’re vulnerability free, you can put a badge on your README showing your package has no known security holes. This will show your users you care about security, and tell them that they should care too.
If there are no vulnerabilities, this is indicated by a green badge.
If vulnerabilities have been found, the red badge will show the number of vulnerabilities.
Get the badge by copying the relevant snippet below and replacing "name" with the name of your package.
<img src="https://snyk.io/package/npm/name/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/package/npm/name style="max-width:100%;">