Skip to content

Latest commit

 

History

History
78 lines (56 loc) · 2.6 KB

README.md

File metadata and controls

78 lines (56 loc) · 2.6 KB

@snyk/protect

npm Known Vulnerabilities

Snyk

Patch vulnerable code in your project's dependencies. This package is officially maintained by Snyk.

Usage

You don't typically need to add the @snyk/protect dependency manually. It'll be introduced when it's needed as part of Snyk's Fix PR service.

To enable patches in your Fix PRs:

  • Visit https://app.snyk.io
  • Go to "Org Settings" > "Integrations"
  • Choose "Edit Settings" under your SCM integration.
  • Under the "Fix Pull Request" section, ensure patches are enabled.

Snyk will now include patches as part of its Fix PRs for your project.

How it works

If there's a patch available for a vulnerability in your project, the Fix PR:

  • Adds a patch entry to your .snyk file.
  • Adds @snyk/protect to your package.json's dependencies.
  • Adds @snyk/protect to your package.json's prepare script.
 {
   "name": "my-project",
   "scripts": {
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
+    "@snyk/protect": "^1.657.0"
   }
 }

Now after you run npm install, @snyk/protect will automatically download each patch configured in your .snyk file and apply them to your installed dependencies.

Migrating from snyk protect to @snyk/protect

@snyk/protect is a standalone replacement for snyk protect. They both do the same job, however:

  • @snyk/protect has zero dependencies.
  • You don't need to include snyk in your dependencies (which is a much larger package with many dependencies).

If you already have Snyk Protect set up, you can migrate to @snyk/protect by applying the following changes to your package.json:

 {
   "name": "my-project",
   "scripts": {
     "prepare": "npm run snyk-protect",
-    "snyk-protect": "snyk protect"
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
-    "snyk": "^1.500.0"
+    "@snyk/protect": "^1.657.0"
   }
 }

We have also created the @snyk/cli-protect-upgrade npx script which you can use to update your project automatically. To use it, cd to the location containing the package.json to be updated and run:

npx @snyk/cli-protect-upgrade

Made with 💜 by Snyk