Table of Contents
In this article, I will take you through the steps to install Snyk CLI with NPM or Yarn on Ubuntu/Debian based systems. Snyk is a developer recommended powerful platform that allows us to scan and detect open source vulnerabilities and license issues in our projects. This platform can also be used for open source dependencies, container images and Infrastructure as Code(IaC) configurations.
Snyk can also be used by integrating with CI/CD pipeline, IDEs and workflow to security hardened your code. There are numerous benefits of using Snyk which can be checked on its official website. Here we are going to look into the steps required to install Snyk CLI using npm or yarn on Ubuntu/Debian based systems.
How to Install Snyk CLI with NPM or YARN on Ubuntu/Debian
Step 1: Prerequisites
a) You should have a running
b) You should have
root access to run privileged commands.
c) You should have
yarn installed in your System.
Step 2: Update Your Server
In the first step you need to download and install all the available updates using
sudo apt update command and upgrade the installed packages to the latest version by using
sudo apt upgrade command as shown below.
cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade Hit:1 http://in.archive.ubuntu.com/ubuntu focal InRelease Hit:2 http://ppa.launchpad.net/flatpak/stable/ubuntu focal InRelease Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB] Hit:4 https://dl.winehq.org/wine-builds/ubuntu focal InRelease Get:5 https://dl.google.com/linux/chrome/deb stable InRelease [1,811 B] Get:6 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB] Hit:7 https://download.sublimetext.com apt/stable/ InRelease Get:8 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB] Get:9 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,063 B] Get:10 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,083 kB] Get:11 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,465 kB] Get:12 http://security.ubuntu.com/ubuntu focal-security/main i386 Packages [574 kB] Get:13 http://in.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [805 kB] Get:14 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [338 kB] Get:15 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [59.8 kB] Get:16 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [820 kB] Get:17 http://in.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [420 kB] Get:18 http://security.ubuntu.com/ubuntu focal-security/universe i386 Packages [590 kB] ...........................................................
Step 3: Install Snyk CLI
In the next step, you can install Snyk CLI in your system by using any of the below methods.
a) Using npm
You can install snyk package from npm by using
npm install snyk -g command as shown below.
root@ubuntu:~# npm install snyk -g added 36 packages in 15s 8 packages are looking for funding run `npm fund` for details npm notice npm notice New minor version of npm available! 9.5.0 -> 9.6.4 npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.4 npm notice Run npm install -g firstname.lastname@example.org to update! npm notice
b) Using Yarn
If you have yarn available in your system then you can also choose to install snyk through yarn by using
yarn global add snyk command as shown below.
root@ubuntu:~# yarn global add snyk yarn global v1.22.19 [1/4] Resolving packages... [2/4] Fetching packages... [3/4] Linking dependencies... [4/4] Building fresh packages... success Installed "email@example.com" with binaries: - snyk Done in 17.23s.
Step 4: Check Version
After successful installation, you can check the installed version by using
snyk --version command as shown below.
root@ubuntu:~# snyk --version 1.1140.0
Step 5: Install package-json
To use and run different snyk operations, you need to have project
package.json and target file
package-lock.json in project root directory. In our case, it should be in user's home directory. This will be done automatically by installing
npm install package-json command as shown below. If the
package-lock.json is missing, Snyk analyzes your
cyberithub@ubuntu:~$ npm install package-json added 39 packages in 9s 13 packages are looking for funding run `npm fund` for details
Step 6: Authenticate Snyk
Before using synk, you need to authenticate your snyk cli to your account by using
snyk auth command as shown below. This command will generate an authentication URL which you need to paste in your favorite browser to authenticate.
cyberithub@ubuntu:~$ snyk auth Now redirecting you to our auth page, go ahead and log in, and once the auth is complete, return to this prompt and you'll be ready to start using snyk. If you can't wait use this url: https://app.snyk.io/login?token=a0135c27-cc3e-6f53-bd36-e5ac5db2deb7&utm_medium=cli&utm_source=cli&utm_campaign=CLI_V1_PLUGIN&utm_campaign_content=1.1140.0&os=linux&docker=false Your account has been authenticated. Snyk is now ready to be used.
Step 7: Get Snyk API Token
If you want to check your currently generated account API token then you need to use
snyk config get api command as shown below.
cyberithub@ubuntu:~$ snyk config get api 6e04d35a-2638-583b-890d-3910a4e3e692
Step 8: Test Your Project
To scan and test all the open source vulnerabilities and license issues in your project, you need to run
snyk test command as shown below.
cyberithub@ubuntu:~$ snyk test Testing /home/cyberithub... Organization: cyberithub Package manager: npm Target file: package-lock.json Project name: package.json Open source: no Project path: /home/cyberithub Licenses: enabled ✔ Tested 39 dependencies for known issues, no vulnerable paths found. Next steps: - Run `snyk monitor` to be notified about new related vulnerabilities. - Run `snyk test` as part of your CI/test.
Step 9: Monitor your Project
You can create a project in your snyk account to be continuously monitored for open source vulnerabilities and license issues by using
snyk monitor command as shown below. In our case, we are monitoring user's home directory.
cyberithub@ubuntu:~$ snyk monitor Monitoring /home/cyberithub (package.json)... Explore this snapshot at https://app.snyk.io/org/cyberithub/project/09b09984-c527-4ee1-7a1c-d92cae81d242/history/5cb9bf8e-724c-429e-8ab0-3b315708f4b6 Notifications about newly disclosed issues related to these dependencies will be emailed to you.
Step 10: Uninstall Snyk CLI
On you are done using Snyk CLI, you can choose uninstall it from your system by using any of the below method.
a) Using npm
If you installed snyk through npm package manager then to uninstall you need to use
npm remove snyk -g command as shown below.
root@ubuntu:~# npm remove snyk -g up to date in 130ms
b) Using yarn
If you installed snyk through yarn then to remove you need to use
yarn global remove snyk command as shown below.
cyberithub@ubuntu:~$ yarn global remove snyk yarn global v1.22.19 warning package.json: No license field [1/2] Removing module snyk... [2/2] Regenerating lockfile and installing missing dependencies... success Uninstalled packages. Done in 0.85s.