package-lock.jsonfiles, to build a full structured dependency tree. If the
package-lock.jsonis missing, we analyze your
peerDependenciesMetaobject of the
package.json(In npm v6.x add
--peer-dependenciesto your command, as these are not installed by default).
yarn.lockfiles, to build a full structured dependency tree. If the
yarn.lockis missing, we analyze your
--all-projectsflag to test and monitor your packages alongside other projects or
--yarn-workspacesto specifically scan Yarn workspaces projects only. The root lock file is referenced when scanning all the packages. Use the
--detection-depthparameter to find sub-folders that are not auto-discovered by default.
snyk test --all-projects --strict-out-of-sync=false --detection-depth=6which will scan the packages that belong to any discovered workspaces this directly and 5 sub-directories deep as well as any other projects detected.
snyk test --yarn-workspaces --strict-out-of-sync=false --detection-depth=6which will scan only the Yarn workspace packages that belong to any discovered workspaces this directly and 5 sub-directories deep.
snyk test --all-projects --strict-out-of-sync=false --policy-path=src/.snyk
snyk monitor --file=packages/example-package/package.json
ls packages | xargs -I PKG_NAME snyk monitor --file=packages/PKG_NAME/package.json
package.jsonthat matches the
packagespattern from the root level
package.jsonand root level