akanchha-snyk-pnpm-deptree-api-tool v0.9.1
This repository is not in active development and critical bug fixes only will be considered.
Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.
Akanchha-snyk-pnpm-deptree-api-tool
Build a deptree, convert it into a depGraph and scan it via the SNYK API. Please note: this is a test version of the official Snyk tool -located at https://github.com/snyk-tech-services/snyk-pnpm-deptree-api-tool package name: snyk-pnpm-deptree-api-tool
Installation
npm i -g akanchha-snyk-pnpm-deptree-api-tool\
Prerequisite
This tool uses an experimenal Snyk API /depgraph which can only be enabled by contacting Snyk. See https://snyk.docs.apiary.io/#reference/test/dep-graph. Ensure you have this enabled before proiceeding to use this tool.
Usage
This tool is designed to be used in a Github action. Run the tool with the following arguments:
--rootPath to the directory that contains the lockfile
Example:
--root ./--orgIdSnyk organization ID can be located in the organization settings
Example:
--orgId 0e9373a6-f858-11ec-b939-0242ac120002--includeDevSelect if the scan should include development dependencies as well as productin dependencoes. Supported values are:trueorfalse. Defaults tofalseExample:
--includeDev true--manifestFilePathoptionalPath to the
package.jsonfile. Provide this only if the rootpackage.jsonis located in a different directory to the lockfile.Example:
--manifestFilePath ./project--monitoroptionalProvide this only if the project should be monitored on Snyk UI.
Example:
--manifestFilePath ./project--helpList all available options
Example: akanchha-snyk-pnpm-deptree-api-tool --root ./ -orgId xxx-xxx-xxx-xxx --snykToken xxxxx --includeDev false --monitor