snyk v1.164.0 releases: find & fix known vulnerabilities in open-source dependencies
snyk
Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.
Features
- Find known vulnerabilities by running snyk test on a project either as a one-off or as part of your CI process.
- Fix vulnerabilities using snyk wizard and snyk protect.
- snyk wizard walks you through finding and fixing known vulnerabilities in your project. Remediation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only)
- snyk protect your code from vulnerabilities by applying patches and optionally suppressing specific vulnerabilities.
- Alert snyk monitor records
the state of dependencies and any vulnerabilities on snyk.io so you can
be alerted when new vulnerabilities or updates/patches are disclosed
that affect your repositories.
- Prevent new vulnerable dependencies from being added to your project by running snyk test as part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added.
Changelog
1.164.0 (2019-05-14)
Features
- improve error handling when no files detected (49c7fb9)
Installation
- Install the Snyk utility using npm install -g snyk.
- Once installed you will need to authenticate with your Snyk account: snyk auth
For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
Use
The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.
$ snyk test
✗ High severity vulnerability found on [email protected]
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:minimatch:20160620
- from: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected] (triggers upgrades to [email protected] > [email protected] > [email protected] > [email protected])
✗ Medium severity vulnerability found on [email protected]
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:moment:20161019
- from: [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected]
✗ Medium severity vulnerability found on [email protected]
- desc: Root Path Disclosure
- info: https://snyk.io/vuln/npm:send:20151103
- from: [email protected] > [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected] (triggers upgrades to [email protected])
Copyright 2015 Snyk Ltd.
Source: https://github.com/snyk/