Skip to content
Logo Theodo

Finding vulnerabilities for your dependencies with snyk

Woody Rousseau2 min read


Trusting your dependencies a bit too much?

I just attended a great keynote at Velocity 2015 in Amsterdam, by Guy Podjarny (@guypod) and Assaf Hefetz, founders of, a tool in beta which was just unveiled. The keynote highlighted how most developers are blindly trusting third-party open-source dependencies. It also introduced a package and a service making it easy for one to find vulnerabilities, and in some case to fix them.

About 11% of npm dependencies include vulnerabilities, and it often takes a very long time for those to be fixed, if it ever happens. Still think your package is as secure as it gets?


Snyk is a Node.js CLI package, which can thus be very easily globally installed with

npm install -g snyk

It provides a command which will test, using the Snyk API, your Node.js dependencies in a recursive fashion, not only finding your package’s dependencies, but also your package’s dependencies’ dependencies.

snyk test

If snyk has nothing on you, snyk won’t be able to help any further. But if not, it also provides another command to fix dependencies by:


All those features are available through an interactive prompt using the following command:

snyk protect -i

Sounds good?

Snyk seems like a promising tool, as it automatically detects some security flaws, which are often overlooked when building applications with development speed as the main focus.

Since it just launched in Beta, I’m guessing’s team is eager to get some feedback.


Liked this article?