Cyberithub

How to Install Snyk CLI with NPM or YARN on Ubuntu/Debian

In this article, I will take you through the steps to install Snyk CLI with NPM or Yarn on Ubuntu/Debian based systems. Snyk is a developer recommended powerful platform that allows us to scan and detect open source vulnerabilities and license issues in our projects. This platform can also be used for open source dependencies, container images and Infrastructure as Code(IaC) configurations.

Snyk can also be used by integrating with CI/CD pipeline, IDEs and workflow to security hardened your code. There are numerous benefits of using Snyk which can be checked on its official website. Here we are going to look into the steps required to install Snyk CLI using npm or yarn on Ubuntu/Debian based systems.

 

How to Install Snyk CLI with NPM or YARN on Ubuntu/Debian

How to Install Snyk CLI with NPM or YARN on Ubuntu/Debian

Also Read: How to Install Jshon on Ubuntu 20.04 LTS (Focal Fossa)

Step 1: Prerequisites

a) You should have a running Ubuntu/Debian System.

b) You should have sudo or root access to run privileged commands.

c) You should have npm and yarn installed in your System.

 

Step 2: Update Your Server

In the first step you need to download and install all the available updates using sudo apt update command and upgrade the installed packages to the latest version by using sudo apt upgrade command as shown below.

cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade
Hit:1 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://ppa.launchpad.net/flatpak/stable/ubuntu focal InRelease
Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:4 https://dl.winehq.org/wine-builds/ubuntu focal InRelease
Get:5 https://dl.google.com/linux/chrome/deb stable InRelease [1,811 B]
Get:6 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:7 https://download.sublimetext.com apt/stable/ InRelease
Get:8 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:9 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,063 B]
Get:10 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,083 kB]
Get:11 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,465 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/main i386 Packages [574 kB]
Get:13 http://in.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [805 kB]
Get:14 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [338 kB]
Get:15 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [59.8 kB]
Get:16 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [820 kB]
Get:17 http://in.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [420 kB]
Get:18 http://security.ubuntu.com/ubuntu focal-security/universe i386 Packages [590 kB]
...........................................................

 

Step 3: Install Snyk CLI

In the next step, you can install Snyk CLI in your system by using any of the below methods.

a) Using npm

You can install snyk package from npm by using npm install snyk -g command as shown below.

root@ubuntu:~# npm install snyk -g

added 36 packages in 15s

8 packages are looking for funding
run `npm fund` for details
npm notice
npm notice New minor version of npm available! 9.5.0 -> 9.6.4
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.4
npm notice Run npm install -g npm@9.6.4 to update!
npm notice

b) Using Yarn

If you have yarn available in your system then you can also choose to install snyk through yarn by using yarn global add snyk command as shown below.

root@ubuntu:~# yarn global add snyk
yarn global v1.22.19
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Installed "snyk@1.1140.0" with binaries:
- snyk
Done in 17.23s.

 

Step 4: Check Version

After successful installation, you can check the installed version by using snyk --version command as shown below.

root@ubuntu:~# snyk --version
1.1140.0

 

Step 5: Install package-json

To use and run different snyk operations, you need to have project package.json and target file package-lock.json in project root directory. In our case, it should be in user's home directory. This will be done automatically by installing package-json using npm install package-json command as shown below. If the package-lock.json is missing, Snyk analyzes your node_modules folder.

cyberithub@ubuntu:~$ npm install package-json

added 39 packages in 9s

13 packages are looking for funding
run `npm fund` for details

 

Step 6: Authenticate Snyk

Before using synk, you need to authenticate your snyk cli to your account by using snyk auth command as shown below. This command will generate an authentication URL which you need to paste in your favorite browser to authenticate.

cyberithub@ubuntu:~$ snyk auth

Now redirecting you to our auth page, go ahead and log in,
and once the auth is complete, return to this prompt and you'll
be ready to start using snyk.

If you can't wait use this url:
https://app.snyk.io/login?token=a0135c27-cc3e-6f53-bd36-e5ac5db2deb7&utm_medium=cli&utm_source=cli&utm_campaign=CLI_V1_PLUGIN&utm_campaign_content=1.1140.0&os=linux&docker=false


Your account has been authenticated. Snyk is now ready to be used.

 

Step 7: Get Snyk API Token

If you want to check your currently generated account API token then you need to use snyk config get api command as shown below.

cyberithub@ubuntu:~$ snyk config get api
6e04d35a-2638-583b-890d-3910a4e3e692

 

Step 8: Test Your Project

To scan and test all the open source vulnerabilities and license issues in your project, you need to run snyk test command as shown below.

cyberithub@ubuntu:~$ snyk test

Testing /home/cyberithub...

Organization: cyberithub
Package manager: npm
Target file: package-lock.json
Project name: package.json
Open source: no
Project path: /home/cyberithub
Licenses: enabled

✔ Tested 39 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

 

Step 9: Monitor your Project

You can create a project in your snyk account to be continuously monitored for open source vulnerabilities and license issues by using snyk monitor command as shown below. In our case, we are monitoring user's home directory.

cyberithub@ubuntu:~$ snyk monitor

Monitoring /home/cyberithub (package.json)...

Explore this snapshot at https://app.snyk.io/org/cyberithub/project/09b09984-c527-4ee1-7a1c-d92cae81d242/history/5cb9bf8e-724c-429e-8ab0-3b315708f4b6

Notifications about newly disclosed issues related to these dependencies will be emailed to you.

 

Step 10: Uninstall Snyk CLI

On you are done using Snyk CLI, you can choose uninstall it from your system by using any of the below method.

a) Using npm

If you installed snyk through npm package manager then to uninstall you need to use npm remove snyk -g command as shown below.

root@ubuntu:~# npm remove snyk -g

up to date in 130ms

b) Using yarn

If you installed snyk through yarn then to remove you need to use yarn global remove snyk command as shown below.

cyberithub@ubuntu:~$ yarn global remove snyk
yarn global v1.22.19
warning package.json: No license field
[1/2] Removing module snyk...
[2/2] Regenerating lockfile and installing missing dependencies...
success Uninstalled packages.
Done in 0.85s.

Leave a Comment

error: Content is protected !!