monitoractions, supported by an interactive workflow.
yarn.lockfile is detected in your folder, the wizard asks you whether to treat the project as a Yarn project (the default answer), or as an npm project.
.snyk, which will guide future Snyk commands.
snyk wizardwill optionally integrate some tests and protection steps into your package.json file:
snyk testto the test script, which will query your local dependencies for vulnerabilities and err if found (except those you chose to ignore).
snyk protectto your project as a post-install step. This is helpful if you publish this module, as it will repeatedly patch the issues specified in .
snykevery time a module is installed.
package.jsonand use npm or yarn to apply the changes. To monitor your project for new vulnerabilities, the wizard takes a snapshot of your current dependencies (similar to running
snyk monitor). You can see all the snapshots for a project on the snyk website. We'll notify you via email if you're affected by newly disclosed vulnerabilities in them, or when a previously unavailable patch or upgrade path are available.