Snyk-pnpm-deptree-api-tool NPM

This repository is not in active development and critical bug fixes only will be considered.

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Snyk snyk-pnpm-deptree-api-tool

Build a deptree, convert it into a depGraph and scan it via the SNYK API

Installation

npm i -g snyk-pnpm-deptree-api-tool\ OR
Download release binary for your OS

Prerequisite

This tool uses an experimenal Snyk API /depgraph which can only be enabled by contacting Snyk. See https://snyk.docs.apiary.io/#reference/test/dep-graph. Ensure you have this enabled before proiceeding to use this tool.

Usage

This tool is designed to be used in a Github action. Run the tool with the following arguments:

--root
Path to the directory that contains the lockfile
Example: --root ./
--orgId
Snyk organization ID can be located in the organization settings
Example: --orgId 0e9373a6-f858-11ec-b939-0242ac120002
--includeDev Select if the scan should include development dependencies as well as productin dependencoes. Supported values are: true or false. Defaults to false
Example: --includeDev true
--manifestFilePath optional
Path to the package.json file. Provide this only if the root package.json is located in a different directory to the lockfile.
Example: --manifestFilePath ./project
--help
List all available options