doug-wade / gulp-snyk Goto Github PK

View Code? Open in Web Editor NEW

9.0 4.0 2.0 2.74 MB

A gulp wrapper for snyk

License: MIT License

JavaScript 100.00%

gulp snyk dependency-analysis

gulp-snyk's Introduction

gulp-snyk

gulp plugin for using Snyk

Install

$ npm install --save-dev gulp-snyk

$ yarn add --dev gulp-snyk

Usage

To only break the build on vulnerabilities, use snyk without any options

const snyk = require('gulp-snyk');
gulp.task('protect', function(cb) {
  return snyk({ command: 'protect' }, cb);
});
gulp.task('prepare', 'protect');

A more feature-ful configuration might be

const snyk = require('gulp-snyk');
gulp.task('protect', function(cb) {
  return snyk({ command: 'protect' }, cb);
});
gulp.task('auth', function() {
  return snyk({ command: 'auth' }, cb);
});
gulp.task('test', ['auth'], function() {
  return snyk({ command: 'test' }, cb);
});
gulp.task('prepare', 'protect');

Note the dependency on auth for the test task -- Snyk now requires authentication, so we make sure that the user is logged in before running the test. You will also need to add a Snyk token as an environment variable to your CI server.

And then, in your package.json

{
  "scripts": {
    "prepublish": "gulp prepublish",
    "test": "gulp test"
  }
}

You may also consider adding an npm alias for gulp auth.

For a real-world use-case, check out the clefs plugin generator

API

snyk([options], cb)

options

A hash of options to configure snyk. If this is omitted, then it is the equivalent of passing the following options hash.

gulp.task('snyk-test', function(cb) {
	return snyk({command: 'test', directory: process.cwd(), debug: false, options: { dev: true }}, cb);
});

command

Type: string
Default: test Example:

gulp.task('protect', function(cb) {
	return snyk({command: 'protect'}, cb);
});

One of the snyk command-line commands. For instance: auth, test, wizard, protect, monitor, policy.

options

Type: object
Default: { dev: true } Example:

gulp.task('snyk-wizard', function(cb) {
	return snyk({command: 'wizard', options: {help: true}}, cb);
});

The options supported by the snyk command line.

debug

Type: boolean
Default: false Example:

gulp.task('snyk-help', function(cb) {
	return snyk({command: 'test', debug: true}, cb);
});

Turns on debug logging

cb

The callback from the asynchronous gulp task, the function passed as the first argument to the gulp task callback. For example:

gulp.task('protect', function(cb) {
  return snyk({ command: 'protect' }, cb);
});

License

MIT © Doug Wade

gulp-snyk's People

Contributors

Stargazers

Watchers

Forkers

tkadlec adastradev

gulp-snyk's Issues

Make options optional

Currently, with the minimal config,

gulp.task('snyk-protect', function(cb) {
	return snyk({command: 'protect'}, cb);
});

gulp.task('snyk-test', function (cb) {
	return snyk({command: 'test'}, cb);
});

I get the following error:

doug-UX301LAA packages/generator-clefs-plugin ‹switch-to-snyk› » gulp prepublish                                                                                                                                                  1 ↵
[14:59:45] Using gulpfile ~/workplace/clefs/packages/generator-clefs-plugin/gulpfile.js
[14:59:45] Starting 'snyk-protect'...
[14:59:45] 'snyk-protect' errored after 262 μs
[14:59:45] TypeError: Cannot convert undefined or null to object
    at hashToString (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/gulp-snyk/index.js:43:9)
    at module.exports (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/gulp-snyk/index.js:26:75)
    at Gulp.<anonymous> (/home/doug/workplace/clefs/packages/generator-clefs-plugin/gulpfile.js:20:9)
    at module.exports (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/orchestrator/lib/runTask.js:34:7)
    at Gulp.Orchestrator._runTask (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/orchestrator/index.js:273:3)
    at Gulp.Orchestrator._runStep (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/orchestrator/index.js:214:10)
    at Gulp.Orchestrator.start (/home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/orchestrator/index.js:134:8)
    at /usr/local/lib/node_modules/gulp-cli/lib/versioned/^3.7.0/index.js:46:20
    at _combinedTickCallback (internal/process/next_tick.js:67:7)
    at process._tickCallback (internal/process/next_tick.js:98:9)

However, when I add the options hash

gulp.task('snyk-protect', function(cb) {
	return snyk({command: 'protect', debug: true, options: {}}, cb);
});

gulp.task('snyk-test', function (cb) {
	return snyk({command: 'test', debug: true, options: {}}, cb);
});

it works as intended

doug-UX301LAA packages/generator-clefs-plugin ‹switch-to-snyk*› » gulp prepublish                                                                                                                                                 1 ↵
[15:00:12] Using gulpfile ~/workplace/clefs/packages/generator-clefs-plugin/gulpfile.js
[15:00:12] Starting 'snyk-protect'...
[15:00:12] running command /home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/.bin/snyk protect 
[15:00:27] Successfully applied Snyk patches

[15:00:27] Finished 'snyk-protect' after 15 s
[15:00:27] Starting 'prepublish'...
[15:00:27] Finished 'prepublish' after 18 μs

An in-range update of codecov is breaking the build 🚨

The devDependency codecov was updated from `3.6.2` to `3.6.3`.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

codecov is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Status Details

✅ continuous-integration/travis-ci/push: The Travis CI build passed (Details).
❌ continuous-integration/appveyor/branch: AppVeyor build failed (Details).

Release Notes for v3.6.3

AWS Codebuild fixes + package updates

Commits

The new version differs by 10 commits.

7856231 v3.6.3
96e6d96 Merge pull request #166 from codecov/chore/updates
c8ea169 update deps
7c4cdc4 Merge pull request #149 from aiell0/master
62389fa Merge pull request #162 from codecov/dependabot/npm_and_yarn/handlebars-4.5.3
73ae008 Add dependabot config
ccf3862 Update README.md
467a495 Bump handlebars from 4.1.2 to 4.5.3
8acbe96 Retest
acd92f4 Test when codebuild isn't triggered by webhooks.

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

An in-range update of resolve is breaking the build 🚨

The dependency resolve was updated from `1.14.0` to `1.14.1`.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

resolve is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Status Details

❌ continuous-integration/travis-ci/push: The Travis CI build is in progress (Details).
❌ continuous-integration/appveyor/branch: AppVeyor build failed (Details).

Commits

The new version differs by 2 commits.

7eb98ea 1.14.1
fe73a76 [Fix] core: wasi was mistakenly available as a core module in v13.4.0

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

Protect emits error

Currently, a protect task with no config

gulp.task('snyk-protect', function (cb) {
	return snyk({command: 'protect'}, cb);
});

throws the following error

doug-UX301LAA packages/generator-clefs-plugin ‹switch-to-snyk› » yarn 
yarn install v0.15.1
info No lockfile found.
[1/4] Resolving packages...
warning gulp-exclude-gitignore > gulp-ignore > gulp-match > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp > vinyl-fs > glob-stream > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp-xo > xo > [email protected]: Use eslint-plugin-import instead (order rule)
warning gulp > vinyl-fs > glob-watcher > gaze > globule > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp > vinyl-fs > glob-watcher > gaze > globule > glob > [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
[2/4] Fetching packages...
warning [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
warning [email protected]: The engine "rhino" appears to be invalid.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
$ gulp prepublish
[18:06:41] Using gulpfile ~/workplace/clefs/packages/generator-clefs-plugin/gulpfile.js
[18:06:41] Starting 'snyk-protect'...
[18:06:41] 'snyk-protect' errored after 11 ms
[18:06:41] Error: Command failed: /bin/sh -c /home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/.bin/snyk protect 
/bin/sh: 1: /home/doug/workplace/clefs/packages/generator-clefs-plugin/node_modules/.bin/snyk: not found

    at ChildProcess.exithandler (child_process.js:213:12)
    at emitTwo (events.js:87:13)
    at ChildProcess.emit (events.js:172:7)
    at maybeClose (internal/child_process.js:829:16)
    at Socket.<anonymous> (internal/child_process.js:319:11)
    at emitOne (events.js:77:13)
    at Socket.emit (events.js:169:7)
    at Pipe._onclose (net.js:486:12)
error Command failed with exit code 1.
info Visit http://yarnpkg.com/en/docs/cli/install for documentation about this command.

it's looking for the snyk installed by the user, but that kind of defeats the purpose ;)

An in-range update of snyk is breaking the build 🚨

The dependency snyk was updated from `1.116.4` to `1.117.0`.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Status Details

✅ continuous-integration/appveyor/branch: AppVeyor build succeeded (Details).
❌ continuous-integration/travis-ci/push: The Travis CI build failed (Details).

Release Notes for v1.117.0

1.117.0 (2018-12-11)

Features

bump snyk-docker-plugin version (6d1d546)

Commits

The new version differs by 3 commits.

749f154 Merge pull request #305 from snyk/feat/bump-snyk-docker-plugin
c3b5843 Merge branch 'master' into feat/bump-snyk-docker-plugin
6d1d546 feat: bump snyk-docker-plugin version

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

npm test doesn't terminate

The test target prints the following

doug-UX301LAA workplace/gulp-snyk ‹master› » npm test                                                                                                                                                                           130 ↵
(node:16263) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
(node:16263) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
(node:16263) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
(node:16263) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.

> [email protected] test /home/doug/workplace/gulp-snyk
> xo && ava

[13:56:34] Snyk found vulnerabilities []

and then hangs. We won't be able to accept prs until it completes

Error: Cannot find module 'snyk'

» npm test

> [email protected] test
> gulp test

Error: Cannot find module 'snyk'
Require stack:
- /Users/dougwade/code/gulp-snyk-client/node_modules/gulp-snyk/index.js
- /Users/dougwade/code/gulp-snyk-client/gulpfile.js
- /Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/lib/shared/require-or-import.js
- /Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/lib/versioned/^4.0.0/index.js
- /Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/index.js
- /Users/dougwade/code/gulp-snyk-client/node_modules/gulp/bin/gulp.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:956:15)
    at Function.Module._load (node:internal/modules/cjs/loader:804:27)
    at Module.require (node:internal/modules/cjs/loader:1028:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/Users/dougwade/code/gulp-snyk-client/node_modules/gulp-snyk/index.js:3:14)
    at Module._compile (node:internal/modules/cjs/loader:1126:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
    at Module.load (node:internal/modules/cjs/loader:1004:32)
    at Function.Module._load (node:internal/modules/cjs/loader:839:12)
    at Module.require (node:internal/modules/cjs/loader:1028:19) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/Users/dougwade/code/gulp-snyk-client/node_modules/gulp-snyk/index.js',
    '/Users/dougwade/code/gulp-snyk-client/gulpfile.js',
    '/Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/lib/shared/require-or-import.js',
    '/Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/lib/versioned/^4.0.0/index.js',
    '/Users/dougwade/code/gulp-snyk-client/node_modules/gulp-cli/index.js',
    '/Users/dougwade/code/gulp-snyk-client/node_modules/gulp/bin/gulp.js'
  ]
}

An in-range update of snyk is breaking the build 🚨

The dependency snyk was updated from `1.128.0` to `1.129.0`.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Status Details

❌ continuous-integration/appveyor/branch: AppVeyor build failed (Details).
✅ continuous-integration/travis-ci/push: The Travis CI build passed (Details).

Release Notes for v1.129.0

1.129.0 (2019-02-13)

Features

bump snyk-docker-plugin to include openjdk analyser fix (2545dbe)

Commits

The new version differs by 2 commits.

61fd0bd Merge pull request #365 from snyk/feat/bump-version
2545dbe feat: bump snyk-docker-plugin to include openjdk analyser fix

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

Improve no errors message

Currently, when you have no errors found, the message isn't very congratulatory

doug-UX301LAA packages/generator-clefs-plugin ‹switch-to-snyk› » gulp snyk-test
[15:10:01] Using gulpfile ~/workplace/clefs/packages/generator-clefs-plugin/gulpfile.js
[15:10:01] Starting 'snyk-test'...
[15:10:16] Snyk found vulnerabilities []

We should add a "Congratulations, Snyk found no vulnerabilities" message instead.

An in-range update of nyc is breaking the build 🚨

Version 10.2.0 of nyc just got published.

Branch	Build failing 🚨
Dependency	nyc
Current Version	10.1.2
Type	devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As nyc is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Status Details

❌ continuous-integration/appveyor/branch Waiting for AppVeyor build to complete Details
❌ continuous-integration/travis-ci/push The Travis CI build could not complete due to an error Details

Commits

The new version differs by 6 commits .

455619f chore(release): 10.2.0
95cc09a feat: upgrade to version of yargs with extend support (#541)
43535f9 chore: explicit update of istanbuljs dependencies (#535)
98ebdff feat: allow babel cache to be enabled (#517)
50adde4 feat: exclude the coverage/ folder by default 🚀 (#502)
6a59834 chore(package): update tap to version 10.0.0 (#507)

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

documenting how to run synk from Gulp

I've been getting errors when using Gulp with the examples form the README. I found out that I need to run gulp-snyk from the command line to make the other tasks work. Is there a way to run gulp-syk to create an auth task or to log a message to user that auth needs to be run first?

It may also help point this out in the README for people who are not familiar with snyk.

doug-wade / gulp-snyk Goto Github PK

gulp-snyk's Introduction

gulp-snyk

Install

Usage

API

snyk([options], cb)

options

command

directory

options

debug

cb

License

gulp-snyk's People

Contributors

Stargazers

Watchers

Forkers

gulp-snyk's Issues

The devDependency codecov was updated from 3.6.2 to 3.6.3.

The dependency resolve was updated from 1.14.0 to 1.14.1.

The dependency snyk was updated from 1.116.4 to 1.117.0.

1.117.0 (2018-12-11)

Features

The dependency snyk was updated from 1.128.0 to 1.129.0.

1.129.0 (2019-02-13)

Features

Version 10.2.0 of nyc just got published.

Recommend Projects

Recommend Topics

Recommend Org

The devDependency codecov was updated from `3.6.2` to `3.6.3`.

The dependency resolve was updated from `1.14.0` to `1.14.1`.

The dependency snyk was updated from `1.116.4` to `1.117.0`.

The dependency snyk was updated from `1.128.0` to `1.129.0`.