New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
snyk - npm Package Compare versions
Comparing version 1.2.0-alpha5 to 1.2.0-alpha6
@@ -159,5 +159,3 @@ module.exports = test; | ||
| res += 'No direct dependency upgrade can address this issue.\n' + | ||
| chalk.bold('Run `snyk wizard` to patch this vulnerability' + | ||
| '\nAlternatively, manually upgrade deep dependency ' + | ||
| vuln.from[idx] + ' to ' + upgradeText); | ||
| chalk.bold('Run `snyk wizard` to explore remediation options.'); | ||
| } | ||
@@ -164,0 +162,0 @@ break; |
@@ -14,4 +14,4 @@ var Promise = require('es6-promise').Promise; // jshint ignore:line | ||
| notfound: 'The package could not be found or does not exist', | ||
| patchfail: 'The patch against "%s" failed. We may not have a patch for ' + | ||
| 'this version yet.', | ||
| patchfail: 'The patch against "%s" failed.\nEmail support@snyk.io if this ' + | ||
| 'problem persists.', | ||
| nodeModules: 'This directory looks like a node project, but is missing the ' + | ||
@@ -18,0 +18,0 @@ 'contents of the node_modules directory.\nPlease run `npm install` and ' + |
@@ -429,4 +429,3 @@ var protect = module.exports = { | ||
| // wrong, so we'll ask the user for help to diganose. | ||
| var e = new Error(source + '\nEmail support@snyk.io if this ' + | ||
| 'problem persists?'); | ||
| var e = new Error(path.relative(process.cwd(), source)); | ||
| e.code = 'FAIL_PATCH'; | ||
@@ -433,0 +432,0 @@ console.log(chalk.red(errors.message(e))); |
@@ -63,3 +63,3 @@ module.exports = test; | ||
| if (res.statusCode !== 200) { | ||
| var err = new Error(body.error || res.statusCode); | ||
| var err = new Error(body ? body.error : res.statusCode); | ||
@@ -66,0 +66,0 @@ // this is the case where a local module has been tested, but |
@@ -5,3 +5,3 @@ { | ||
| "main": "lib/index.js", | ||
| "version": "1.2.0-alpha5", | ||
| "version": "1.2.0-alpha6", | ||
| "directories": { | ||
@@ -8,0 +8,0 @@ "test": "test" |
@@ -10,5 +10,4 @@ # Snyk - So Now You Know! | ||
| To get up and running quickly, run these commands to install, authenticate and perform a quick test. You don’t need to be authenticated to test and protect packages, but authentication is required for monitoring your projects. | ||
| ```shell | ||
| # If you're using node 0.10, first install npm 2 to support scoped modules, like so: | ||
| # npm install -g npm@2 | ||
| npm install -g snyk | ||
@@ -31,2 +30,3 @@ snyk test ionic@1.6.5 | ||
| `snyk test` can also get a folder name as an argument, which is especially handy if you want to test multiple projects. For instance, the following command tests all the projects under a certain folder for known vulnerabilities: | ||
| ```shell | ||
@@ -43,20 +43,25 @@ cd ~/projects/ | ||
| If you ran snyk locally and found vulnerabilities, you should proceed to use `snyk protect` to address them. | ||
| If you ran snyk locally and found vulnerabilities, you should proceed to use `snyk wizard` to address them. | ||
| ## protect | ||
| ## wizard | ||
| Snyk's `protect` helps you address the known vulnerabilities `snyk test` found. | ||
| To get started, run `protect` in interactive mode: | ||
| Snyk's `wizard` helps you address the known vulnerabilities `snyk test` found. | ||
| To get started, run: | ||
| ```shell | ||
| snyk protect -i | ||
| snyk wizard | ||
| ``` | ||
| Protect's interactive mode will run `test` again, and ask you what to do for each found issue. Here are the possible remediation steps for each vulnerability: | ||
| Snyk's interactive wizard mode will run `test` again, and ask you what to do for each found issue. Here are the possible remediation steps for each vulnerability: | ||
| - `Upgrade` - if upgrading a direct dependency can fix the current vulnerability, `snyk protect` can automatically modify your Package.json file to use the newer version. Note that you'll still need to run `npm update` afterwards to get the new packages. | ||
| - `Ignore` - If you believe this vulnerability does not apply to you, or if the dependent module in question never runs on a production system, you can choose to ignore the vulnerability. By default, we will ignore the vulnerability for 30 days, to avoid easily hiding a true issue. If you want to ignore it permanently, you can manually edit the generated `.snyk` file. | ||
| - `Ignore` - If you believe this vulnerability does not apply to you, or if the dependent module in question never runs on a production system, you can choose to ignore the vulnerability. By default, we will ignore the vulnerability for 30 days, to avoid easily hiding a true issue. If you want to ignore it permanently, you can manually edit the generated `.snyk` policy file. | ||
| - `Patch` - Sometimes there is no direct upgrade that can address the vulnerability, or there is one but you cannot upgrade due to functional reasons (e.g. it's a major breaking change). For such cases, `snyk protect` lets you patch the issue with a patch applied locally to the relevant dependency files. We manually create and maintain these patches, and may not have one for every issue. If you cannot upgrade, patch is often a better option than doing nothing *Note: patch is not yet enabled in the private beta, it will be soon. In the meantime, patch will be replaced with a short ignore*. | ||
| Once completed, `snyk protect -i` will create a local `.snyk` file that guides non-interactive executions of `snyk protect`. Note that `snyk protect` will never unilaterally decide to ignore or patch a vulnerability - it will simply follow the guidance captured in the `.snyk` file. | ||
| Once completed, `snyk wizard` will create a local `.snyk` policy file that guides executions of `snyk protect`. Note that `snyk protect` will never unilaterally decide to ignore or patch a vulnerability - it will simply follow the guidance captured in the `.snyk` policy file. | ||
| ## protect | ||
| Snyk's `protect` will take your `.snyk` policy file and apply patches that you've defined in the `snyk wizard` process. The wizard (above) will ask if you want to include `snyk protect` as part of your package's `postinstall` process (so that users of your package will automatically be protected from vulnerabilities). See the next section for more details. | ||
| ## Integrating Snyk into your dev workflow | ||
@@ -63,0 +68,0 @@ |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.07%
103206
- Number of lines in readme file
- increased by3.62%
143
Worsened metrics
- Lines of code
- decreased by-0.11%
2676
No dependency changes