snyk-pnpm-deptree-api-tool

---

This repository is not in active development and critical bug fixes only will be considered.

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Snyk snyk-pnpm-deptree-api-tool

Build a deptree, convert it into a depGraph and scan it via the SNYK API

Installation

• npm i -g snyk-pnpm-deptree-api-tool
  OR
• Download release binary for your OS

Prerequisite

This tool uses an experimenal Snyk API /depgraph which can only be enabled by contacting Snyk. See https://snyk.docs.apiary.io/#reference/test/dep-graph. Ensure you have this enabled before proiceeding to use this tool.

Usage

This tool is designed to be used in a Github action. Run the tool with the following arguments:

• --root

  Path to the directory that contains the lockfile

  Example: --root ./

• --orgId

  Snyk organization ID can be located in the organization settings

  Example: --orgId 0e9373a6-f858-11ec-b939-0242ac120002

• --includeDev Select if the scan should include development dependencies as well as productin dependencoes. Supported values are: true or false. Defaults to false

  Example: --includeDev true

• --manifestFilePath optional

  Path to the package.json file. Provide this only if the root package.json is located in a different directory to the lockfile.

  Example: --manifestFilePath ./project

• --help

  List all available options

Example: snyk-pnpm-deptree-api-tool --root ./ -orgId xxx-xxx-xxx-xxx --snykToken xxxxx --includeDev false