Snyk for Node.js

What type of Node.js projects does Snyk support?

Snyk for Node.js supports testing and fixing Node.js projects that have their dependencies managed by npm or Yarn. It is available for GitHub repositories, and via the Snyk CLI.

Testing Node.js projects

We scan Node.js projects by examining your package.json (and installed packages, when using the CLI) to compare the specific versions of every direct and deep dependency in your project against our npm vulnerability database. We ignore development dependencies by default, but they can be included from the CLI.

Fixing Node.js projects

We fix by updating your package.json to upgrade vulnerable packages to safe versions, where possible. We also have patches for many vulnerabilities, applied when safe upgrades are not available.