Snyk Documentation

CLI - Installation

Snyk’s CLI helps you find and fix known vulnerabilities in your dependencies, both ad hoc and as part of your CI (Build) system.
The Snyk CLI requires you to authenticate with your account before using it. It supports Node.js, Ruby, Python, Java, Scala, Go, PHP and .NET.


Snyk is installed in one of two methods, either as an npm module, or via a Snyk created Docker container.

Before you begin, ensure:

  • npm is installed on the same machine or you use our Snyk Docker deployment.
  • To run Snyk on Alpine Linux, first install libstdc++. See this doc for more help.
Installation via npm

Run these commands to install it for local use:

npm install -g snyk

Once installed, you need to authenticate with your Snyk account:

snyk auth

To test your installation change directory into a folder containing a supported package manifest file (package.json, pom.xml, composer.lock, etc.) and run:

cd /my/project/
snyk test

Alternatively you can perform a quick test on a public npm package, for instance:

snyk test ionic

As you can see, Snyk found and reported several vulnerabilities in the package. For each issue found, Snyk provides the severity of the issue, a link to a detailed description, the path through which the vulnerable module got into your system, and guidance on how to fix the problem.

Installation via Docker container

For environments where npm isn't installed you can use a Snyk created Docker container that has npm, the Snyk CLI and other necessary components already installed. Please follow the detailed instructions here


Example output

$ snyk test
✗ High severity vulnerability found on minimatch@0.3.0
- desc: Regular Expression Denial of Service
- info:
- from: ionic@2.1.17 > gulp@3.8.8 > liftoff@0.12.1 > findup-sync@0.1.3 > glob@3.2.11 > minimatch@0.3.0
  Upgrade direct dependency gulp@3.8.8 to gulp@3.8.11 (triggers upgrades to liftoff@2.2.0 > findup-sync@0.3.0 > glob@5.0.15 > minimatch@3.0.2)

✗ Medium severity vulnerability found on moment@2.11.1
- desc: Regular Expression Denial of Service
- info:
- from: ionic@2.1.17 > moment@2.11.1
  Upgrade direct dependency moment@2.11.1 to moment@2.15.2

✗ Medium severity vulnerability found on send@0.10.1
- desc: Root Path Disclosure
- info:
- from: ionic@2.1.17 > serve-static@1.7.1 > send@0.10.1
  Upgrade direct dependency serve-static@1.7.1 to serve-static@1.8.1 (triggers upgrades to send@0.11.1)