Skip to content

a0viedo/snyk

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

298 Commits

.github

.github

 
 

cli

cli

 
 

help

help

 
 

lib

lib

 
 

scripts

scripts

 
 

test

test

 
 

.babelrc

.babelrc

 
 

.gitignore

.gitignore

 
 

.jscsrc

.jscsrc

 
 

.jshintrc

.jshintrc

 
 

.npmignore

.npmignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.default.json

config.default.json

 
 

package.json

package.json

 
 

Repository files navigation

Documentation

Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm packages, both ad hoc and as part of your CI (Build) system.

Note: Snyk is currently in beta. Email us your feedback.

CLI

snyk [options] [command] [package]

The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.

Run snyk --help to get a quick overview of all commands.

Integrating Snyk into your dev workflow

To continuously avoid known vulnerabilities in your dependencies, integrate Snyk into your continuous integration (CI, a.k.a. build) system. Here are the steps required to to so:

  1. Install the Snyk utility using npm install -g snyk.
  2. Run snyk wizard in the directory of your project following the prompts which will also generate a .snyk policy file.
  3. Ensure the .snyk file you generated was added to your source control (git add .snyk).
  4. If you selected to, Snyk will include snyk test as part of your npm test command, so if there are new vulnerabilities in the future, your CI will fail protecting you from introducing vulnerabilities to production.

Badge

Once you’re vulnerability free, you can put a badge on your README showing your package has no known security holes. This will show your users you care about security, and tell them that they should care too.

If there are no vulnerabilities, this is indicated by a green badge.

Known Vulnerabilities

If vulnerabilities have been found, the red badge will show the number of vulnerabilities.

Known Vulnerabilities

Get the badge by copying the relevant snippet below and replacing "name" with the name of your package.

HTML:

<img src="https://snyk.io/package/npm/name/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/package/npm/name style="max-width:100%;">

Markdown:

[![Known Vulnerabilities](https://snyk.io/package/npm/name/badge.svg)](https://snyk.io/package/npm/name)

Credits

We monitor existing node.js security portals and tools, such as Node Security Project, the nodejs-sec Google Group, SRC:CLR, or Retire.js. We also monitor Github activity and other online sources for new vulnerabilities.

Analytics

About

CLI and build-time tool to find & fix known vulnerabilities in npm dependencies

snyk.io

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

34 tags

Packages

No packages published

Languages

  • JavaScript 97.6%
  • Python 2.2%
  • Shell 0.2%