Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@snyk/code-client
Advanced tools
Typescript consumer of the Snyk Code public API
This package is published using:
$ npm install --save @snyk/code-client
import codeClient from '@snyk/code-client';
// An address of server which will be used in order to send code and analyse it.
const baseURL = 'https://www.snyk.io';
const loginResponse = await codeClient.startSession({
baseURL,
// An identificator for the editor using the Snyk APIs
source: 'atom',
});
if (loginResponse.type === 'error') {
// Handle error and alert user
}
const { sessionToken, loginURL } = loginResponse.value;
const sessionResponse = await codeClient.checkSession({ baseURL, sessionToken });
if (sessionResponse.type === 'error') {
// Handle error and alert user
}
const isLoggedIn = sessionResponse.value; // boolean
/** Building bundle process started with provided data */
codeClient.emitter.on('scanFilesProgress', (processed: number) => {
console.log(`Indexed ${processed} files`);
});
/** Bundle upload process is started with provided data */
codeClient.emitter.on('uploadBundleProgress', (processed: number, total: number) => {
console.log(`Upload bundle progress: ${processed}/${total}`);
});
/** Receives an error object and logs an error message */
codeClient.emitter.on('sendError', error => {
console.log(error);
});
/** Logs HTTP requests sent to the API **/
codeClient.emitter.on('apiRequestLog', message => {
console.log(message);
});
Complete list of events:
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
limitToFiles: ['recently-changed-file.js'],
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
reportOptions: {
enabled: true,
projectName: 'example-project',
},
});
const results = await codeClient.extendAnalysis({
...previousAnalysisResults,
files: {
'/home/user/repo/main.js',
'/home/user/repo/app.js',
},
});
const results = await codeClient.analyzeScmProject({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
reportOptions: {
projectId: '<Snyk Project UUID>',
commitId: '<Commit SHA to scan>',
},
});
If there are any errors the result of every call will contain the following:
const { error, statusCode, statusText } = result;
There is a way to run separate calls using a CLI
Help manifest: time npm run cli -- help bundle:create
Usage: CLI bundle:create [options]
create a new bundle and return its ID with meta info
Options:
--patterns [string...] supported file patterns
--ignore [path...] ignored path glob
--path [path...] source code dir
--url <url> service URL
--token <hash> user token
--org <string> organization
--source <string> source identifier (default: "code-client")
-H, --headers [string...] custom headers e.g. "X-Custom-Header: some value". Can have multiple values diveded by space
--debug enable debug mode
-h, --help display help for command
Example call:
npm run cli -- bundle:create --url="<service url>" --token="<snyk token>" --headers="<extra>" --patterns=".*" --path="<absolute path>"
FAQs
Typescript consumer of SnykCode public API
The npm package @snyk/code-client receives a total of 8,940 weekly downloads. As such, @snyk/code-client popularity was classified as popular.
We found that @snyk/code-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.