Snyk Documentation

Dependencies

The Dependencies area of Reports acts as a bill of materials for all the direct dependencies in all of the projects in the selected organization, similar to the following:

This area assists in determining dependency health—or in other words, the health of your packages, by displaying important details per package.

Details displayed include:

  • General details about the packages included in your projects, such as their full names, the version of the package currently used in your projects, the projects in which they are used, as well as a summary of the vulnerability and license issues they contain, if any
  • Transitive dependencies and the vulnerabilities they contain, when relevant
  • For supported packages, dependency health details about the package are displayed, not only for the version used in your projects but also for the overall health of the package, as follows:
    • A warning icon is displayed for packages that are deprecated, meaning the maintainers are no longer updating it.
    • The Latest Version and Latest Publish dates. With these dates, you can more easily determine maturity of the package, as well as activity frequency.
    • The version used in your project (Version) and the Latest Version available are both listed, enabling you understand the delta between your current package version and the most recent package version available, and evaluate outdatedness.

These and more details are fully described in Elements.

Note: Data in each of the four tabs is displayed based on the organization in which you are working.

Elements

Following is a close-up of the first four columns of the Reports area:

The following table describes the different parts of the Dependencies area as displayed when viewing issues either grouped or ungrouped:

Element Possible values Description
Dependency   The full package names of the dependencies contained in at least one of your projects. Click the link to view the detailed Package page.
For example: boom
Warning icon   If a package is deprecated, a warning icon appears next to the package name. 
Version   The version of this package as is used in your projects.
For example: 0.4.2
Latest version The most recent version updated by a maintainer for this package in its repository.
For example: 7.3.0
Last publish   The last time a new version of the package was published by a maintainer.
For example: 7 months ago
Vulnerabilities  (high)
(medium)
(low)
The icon of the associated severity for this issue.
License The license or licenses used by this package.
Projects The projects in which you use this package.
Dependencies with issues   A link to the dependencies in the package that have issues, with details about those issues.

Actions

These controls appear at the top of the window:

  • Search for Dependencies—start typing to search for a package. To view the results of multiple packages, select them from the dropdown list that opens when you click in the field. In addition, you can also click the Select All or Deselect All links in the upper right-hand corner of the dropdown list.
  • Search for Projects—the dynamic search field enables you to enter free text and begins searching with the first character you type; alternatively, select multiple packages from the dropdown list that opens when you click in the field. In addition, you can click the Select All or Deselect All links that dynamically appear in the upper right-hand corner of the dropdown list.
  • Dependency filters—mark the packages to be displayed by selecting specific project types as well as by dependency health status. Only issues matching all selected criteria are displayed. When
  • Deprecated is selected, only packages that are marked as deprecated will be displayed.
  • Hide fields—remove any of the default columns from the display in order to focus on details that are important to your current tasks.
  • Export as CSV—export issue data in CSV file format.