@snyk/code-client
Advanced tools
Typescript consumer of the Snyk Code public APi
This package is published using:
$ npm install --save @snyk/code-client
import codeClient from '@snyk/code-client';
// An address of server which will be used in order to send code and analyse it.
const baseURL = 'https://www.snyk.io';
const loginResponse = await codeClient.startSession({
baseURL,
// An identificator for the editor using the Snyk APIs
source: 'atom',
});
if (loginResponse.type === 'error') {
// Handle error and alert user
}
const { sessionToken, loginURL } = loginResponse.value;
const sessionResponse = await codeClient.checkSession({ baseURL, sessionToken });
if (sessionResponse.type === 'error') {
// Handle error and alert user
}
const isLoggedIn = sessionResponse.value; // boolean
/** Building bundle process started with provided data */
codeClient.emitter.on('scanFilesProgress', (processed: number) => {
console.log(`Indexed ${processed} files`);
});
/** Bundle upload process is started with provided data */
codeClient.emitter.on('uploadBundleProgress', (processed: number, total: number) => {
console.log(`Upload bundle progress: ${processed}/${total}`);
});
/** Receives an error object and logs an error message */
codeClient.emitter.on('sendError', error => {
console.log(error);
});
/** Logs HTTP requests sent to the API **/
codeClient.emitter.on('apiRequestLog', message => {
console.log(message);
});
Complete list of events:
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
limitToFiles: ['recently-changed-file.js'],
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
reportOptions: {
enabled: true,
projectName: 'example-project',
},
});
const results = await codeClient.extendAnalysis({
...previousAnalysisResults,
files: {
'/home/user/repo/main.js',
'/home/user/repo/app.js',
},
});
const results = await codeClient.analyzeScmProject({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
reportOptions: {
projectId: '<Snyk Project UUID>',
commitId: '<Commit SHA to scan>',
},
});
If there are any errors the result of every call will contain the following:
const { error, statusCode, statusText } = result;
There is a way to run separate calls using a CLI
Help manifest: time npm run cli -- help bundle:create
Usage: CLI bundle:create [options]
create a new bundle and return its ID with meta info
Options:
--patterns [string...] supported file patterns
--ignore [path...] ignored path glob
--path [path...] source code dir
--url <url> service URL
--token <hash> user token
--org <string> organization
--source <string> source identifier (default: "code-client")
-H, --headers [string...] custom headers e.g. "X-Custom-Header: some value". Can have multiple values diveded by space
--debug enable debug mode
-h, --help display help for command
Example call:
npm run cli -- bundle:create --url="<service url>" --token="<snyk token>" --headers="<extra>" --patterns=".*" --path="<absolute path>"
FAQs
Typescript consumer of SnykCode public API
The npm package @snyk/code-client receives a total of 3,723 weekly downloads. As such, @snyk/code-client popularity was classified as popular.
We found that @snyk/code-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.