Badges

Once you’re vulnerability free, you can put a badge on your README showing your package has no known security holes. This will show your users you care about security, and tell them that they should care too.

If there are no vulnerabilities, this is indicated by a green badge.

Known Vulnerabilities

If vulnerabilities have been found, the red badge will show the number of vulnerabilities.

Known Vulnerabilities

GitHub badge

To show a badge for a given Node.js or Ruby GitHub repository, copy the relevant snippet below and replace “user/name” with the GitHub username and repo you want to test.

HTML:

<img src="https://snyk.io/test/github/snyk/goof/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/snyk/goof" style="max-width:100%;"/>

Markdown:

[![Known Vulnerabilities](https://snyk.io/test/github/snyk/goof/badge.svg)](https://snyk.io/test/github/snyk/goof)

The badge will reflect the vulnerability state of the latest commit on the master branch. To show the vulnerability state of a specific branch, release or tag, simply add its name after the repo name in the URL.

For example, to show a badge for the 4.x branch of the express repo, use the URL https://snyk.io/test/github/expressjs/express/4.x/badge.svg.

npm badge

To show a badge for a given npm package, copy the relevant snippet below and replace “name” with the name of your package.

HTML:

<img src="https://snyk.io/test/npm/name/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/npm/name" style="max-width:100%;"/>

Markdown:

[![Known Vulnerabilities](https://snyk.io/test/npm/name/badge.svg)](https://snyk.io/test/npm/name)

The badge will reflect the vulnerability state of the latest version of this package. To show the vulnerability state of a specific package, you can specify the specific version in the URL.

For example, to test version 1.2.3 of package name, use the URL https://snyk.io/test/npm/name/1.2.3/badge.svg.

Private packages and repos

Badges currently only work for public npm packages and GitHub repositories, and will fail if pointed at a private repository.

To continuously watch for vulnerabilities in your GitHub repositories, both public and private, consider integrating them with Snyk.