@snyk/code-client
Advanced tools
Readme
Typescript consumer of the Snyk Code public API
This package is published using:
$ npm install --save @snyk/code-client
import codeClient from '@snyk/code-client';
// An address of server which will be used in order to send code and analyse it.
const baseURL = 'https://www.snyk.io';
const loginResponse = await codeClient.startSession({
baseURL,
// An identificator for the editor using the Snyk APIs
source: 'atom',
});
if (loginResponse.type === 'error') {
// Handle error and alert user
}
const { sessionToken, loginURL } = loginResponse.value;
const sessionResponse = await codeClient.checkSession({ baseURL, sessionToken });
if (sessionResponse.type === 'error') {
// Handle error and alert user
}
const isLoggedIn = sessionResponse.value; // boolean
/** Building bundle process started with provided data */
codeClient.emitter.on('scanFilesProgress', (processed: number) => {
console.log(`Indexed ${processed} files`);
});
/** Bundle upload process is started with provided data */
codeClient.emitter.on('uploadBundleProgress', (processed: number, total: number) => {
console.log(`Upload bundle progress: ${processed}/${total}`);
});
/** Receives an error object and logs an error message */
codeClient.emitter.on('sendError', error => {
console.log(error);
});
/** Logs HTTP requests sent to the API **/
codeClient.emitter.on('apiRequestLog', message => {
console.log(message);
});
Complete list of events:
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
limitToFiles: ['recently-changed-file.js'],
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
});
const results = await codeClient.analyzeFolders({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
fileOptions: {
paths: ['/home/user/repo'],
symlinksEnabled: false,
},
reportOptions: {
enabled: true,
projectName: 'example-project',
},
});
const results = await codeClient.extendAnalysis({
...previousAnalysisResults,
files: {
'/home/user/repo/main.js',
'/home/user/repo/app.js',
},
});
const results = await codeClient.analyzeScmProject({
connection: { baseURL, sessionToken, source },
analysisOptions: {
severity: 1,
},
reportOptions: {
projectId: '<Snyk Project UUID>',
commitId: '<Commit SHA to scan>',
},
});
If there are any errors the result of every call will contain the following:
const { error, statusCode, statusText } = result;
There is a way to run separate calls using a CLI
Help manifest: time npm run cli -- help bundle:create
Usage: CLI bundle:create [options]
create a new bundle and return its ID with meta info
Options:
--patterns [string...] supported file patterns
--ignore [path...] ignored path glob
--path [path...] source code dir
--url <url> service URL
--token <hash> user token
--org <string> organization
--source <string> source identifier (default: "code-client")
-H, --headers [string...] custom headers e.g. "X-Custom-Header: some value". Can have multiple values diveded by space
--debug enable debug mode
-h, --help display help for command
Example call:
npm run cli -- bundle:create --url="<service url>" --token="<snyk token>" --headers="<extra>" --patterns=".*" --path="<absolute path>"
FAQs
Typescript consumer of SnykCode public API
The npm package @snyk/code-client receives a total of 8,952 weekly downloads. As such, @snyk/code-client popularity was classified as popular.
We found that @snyk/code-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Learn how Socket's 'Non-Existent Author' alert helps safeguard your dependencies by identifying npm packages published by deleted accounts. This is one of the fastest ways to determine if a package may be abandoned.
Security News
In July, the Python Software Foundation mounted a quick response to address a leaked GitHub token, elected new board members, and added more members to the team supporting PSF and PyPI infrastructure.
Security News
Emerging ransomware groups drive a surge in activity in early 2024, with increasing software supply chain attacks predicted to impact critical industries reliant on third-party software.