Code execution warning for Snyk CLI

As part of examining the codebase for vulnerabilities, Snyk CLI may automatically execute code on your computer to obtain additional data for analysis.

This includes invoking the package manager, for example, pip, Gradle, Maven, Yarn, npm, and so on, to get dependency information for Snyk Open Source.

Invoking these programs on untrusted code that has malicious configurations may expose your system to malicious code execution and exploits.

Always make sure you understand and trust the code in the directory you intend to scan with Snyk CLI.

When in doubt, do not proceed with a scan.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.