Table of Contents
In this article, I will take you through the steps to install Snyk CLI with NPM or Yarn on Ubuntu/Debian based systems. Snyk is a developer recommended powerful platform that allows us to scan and detect open source vulnerabilities and license issues in our projects. This platform can also be used for open source dependencies, container images and Infrastructure as Code(IaC) configurations.
Snyk can also be used by integrating with CI/CD pipeline, IDEs and workflow to security hardened your code. There are numerous benefits of using Snyk which can be checked on its official website. Here we are going to look into the steps required to install Snyk CLI using npm or yarn on Ubuntu/Debian based systems.
How to Install Snyk CLI with NPM or YARN on Ubuntu/Debian
Also Read: How to Install Jshon on Ubuntu 20.04 LTS (Focal Fossa)
Step 1: Prerequisites
a) You should have a running Ubuntu/Debian System.
b) You should have sudo or root access to run privileged commands.
c) You should have npm and yarn installed in your System.
Step 2: Update Your Server
In the first step you need to download and install all the available updates using sudo apt update command and upgrade the installed packages to the latest version by using sudo apt upgrade command as shown below.
cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade
Hit:1 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://ppa.launchpad.net/flatpak/stable/ubuntu focal InRelease
Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:4 https://dl.winehq.org/wine-builds/ubuntu focal InRelease
Get:5 https://dl.google.com/linux/chrome/deb stable InRelease [1,811 B]
Get:6 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:7 https://download.sublimetext.com apt/stable/ InRelease
Get:8 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:9 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,063 B]
Get:10 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2,083 kB]
Get:11 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,465 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/main i386 Packages [574 kB]
Get:13 http://in.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [805 kB]
Get:14 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [338 kB]
Get:15 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [59.8 kB]
Get:16 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [820 kB]
Get:17 http://in.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [420 kB]
Get:18 http://security.ubuntu.com/ubuntu focal-security/universe i386 Packages [590 kB]
...........................................................
Step 3: Install Snyk CLI
In the next step, you can install Snyk CLI in your system by using any of the below methods.
a) Using npm
You can install snyk package from npm by using npm install snyk -g command as shown below.
root@ubuntu:~# npm install snyk -g
added 36 packages in 15s
8 packages are looking for funding
run `npm fund` for details
npm notice
npm notice New minor version of npm available! 9.5.0 -> 9.6.4
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.4
npm notice Run npm install -g npm@9.6.4 to update!
npm notice
b) Using Yarn
If you have yarn available in your system then you can also choose to install snyk through yarn by using yarn global add snyk command as shown below.
root@ubuntu:~# yarn global add snyk
yarn global v1.22.19
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Installed "snyk@1.1140.0" with binaries:
- snyk
Done in 17.23s.
Step 4: Check Version
After successful installation, you can check the installed version by using snyk --version command as shown below.
root@ubuntu:~# snyk --version 1.1140.0
Step 5: Install package-json
To use and run different snyk operations, you need to have project package.json and target file package-lock.json in project root directory. In our case, it should be in user's home directory. This will be done automatically by installing package-json using npm install package-json command as shown below. If the package-lock.json is missing, Snyk analyzes your node_modules folder.
cyberithub@ubuntu:~$ npm install package-json
added 39 packages in 9s
13 packages are looking for funding
run `npm fund` for details
Step 6: Authenticate Snyk
Before using synk, you need to authenticate your snyk cli to your account by using snyk auth command as shown below. This command will generate an authentication URL which you need to paste in your favorite browser to authenticate.
cyberithub@ubuntu:~$ snyk auth
Now redirecting you to our auth page, go ahead and log in,
and once the auth is complete, return to this prompt and you'll
be ready to start using snyk.
If you can't wait use this url:
https://app.snyk.io/login?token=a0135c27-cc3e-6f53-bd36-e5ac5db2deb7&utm_medium=cli&utm_source=cli&utm_campaign=CLI_V1_PLUGIN&utm_campaign_content=1.1140.0&os=linux&docker=false
Your account has been authenticated. Snyk is now ready to be used.
Step 7: Get Snyk API Token
If you want to check your currently generated account API token then you need to use snyk config get api command as shown below.
cyberithub@ubuntu:~$ snyk config get api 6e04d35a-2638-583b-890d-3910a4e3e692
Step 8: Test Your Project
To scan and test all the open source vulnerabilities and license issues in your project, you need to run snyk test command as shown below.
cyberithub@ubuntu:~$ snyk test
Testing /home/cyberithub...
Organization: cyberithub
Package manager: npm
Target file: package-lock.json
Project name: package.json
Open source: no
Project path: /home/cyberithub
Licenses: enabled
✔ Tested 39 dependencies for known issues, no vulnerable paths found.
Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.
Step 9: Monitor your Project
You can create a project in your snyk account to be continuously monitored for open source vulnerabilities and license issues by using snyk monitor command as shown below. In our case, we are monitoring user's home directory.
cyberithub@ubuntu:~$ snyk monitor
Monitoring /home/cyberithub (package.json)...
Explore this snapshot at https://app.snyk.io/org/cyberithub/project/09b09984-c527-4ee1-7a1c-d92cae81d242/history/5cb9bf8e-724c-429e-8ab0-3b315708f4b6
Notifications about newly disclosed issues related to these dependencies will be emailed to you.
Step 10: Uninstall Snyk CLI
On you are done using Snyk CLI, you can choose uninstall it from your system by using any of the below method.
a) Using npm
If you installed snyk through npm package manager then to uninstall you need to use npm remove snyk -g command as shown below.
root@ubuntu:~# npm remove snyk -g
up to date in 130ms
b) Using yarn
If you installed snyk through yarn then to remove you need to use yarn global remove snyk command as shown below.
cyberithub@ubuntu:~$ yarn global remove snyk
yarn global v1.22.19
warning package.json: No license field
[1/2] Removing module snyk...
[2/2] Regenerating lockfile and installing missing dependencies...
success Uninstalled packages.
Done in 0.85s.