Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@snyk/protect

Package Overview
Dependencies
Maintainers
1
Versions
955
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@snyk/protect

Snyk protect library and utility

  • 1.1266.0
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

@snyk/protect

npm Known Vulnerabilities

Snyk

Patch vulnerable code in your project's dependencies. This package is officially maintained by Snyk.

Usage

You don't typically need to add the @snyk/protect dependency manually. It'll be introduced when it's needed as part of Snyk's Fix PR service.

To enable patches in your Fix PRs:

  • Visit https://app.snyk.io
  • Go to "Org Settings" > "Integrations"
  • Choose "Edit Settings" under your SCM integration.
  • Under the "Fix Pull Request" section, ensure patches are enabled.

Snyk will now include patches as part of its Fix PRs for your project.

How it works

If there's a patch available for a vulnerability in your project, the Fix PR:

  • Adds a patch entry to your .snyk file.
  • Adds @snyk/protect to your package.json's dependencies.
  • Adds @snyk/protect to your package.json's prepare script.
 {
   "name": "my-project",
   "scripts": {
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
+    "@snyk/protect": "^1.657.0"
   }
 }

Now after you run npm install, @snyk/protect will automatically download each patch configured in your .snyk file and apply them to your installed dependencies.

Migrating from snyk protect to @snyk/protect

@snyk/protect is a standalone replacement for snyk protect. They both do the same job, however:

  • @snyk/protect has zero dependencies.
  • You don't need to include snyk in your dependencies (which is a much larger package with many dependencies).

If you already have Snyk Protect set up, you can migrate to @snyk/protect by applying the following changes to your package.json:

 {
   "name": "my-project",
   "scripts": {
     "prepare": "npm run snyk-protect",
-    "snyk-protect": "snyk protect"
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
-    "snyk": "^1.500.0"
+    "@snyk/protect": "^1.657.0"
   }
 }

We have also created the @snyk/cli-protect-upgrade npx script which you can use to update your project automatically. To use it, cd to the location containing the package.json to be updated and run:

npx @snyk/cli-protect-upgrade

Made with 💜 by Snyk

Keywords

FAQs

Package last updated on 20 Dec 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Node.js Implements Stricter Policies for Semver-Major Pull Requests Ahead of Release Deadlines

Security News

Node.js Implements Stricter Policies for Semver-Major Pull Requests Ahead of Release Deadlines

Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.

By Sarah Gooding  -  Nov 08, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc