!Snyk logo

*

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

| :information_source: This repository is only a plugin to be used with the Snyk CLI tool. To use this plugin to test and fix vulnerabilities in your project, install the Snyk CLI tool first. Head over to snyk.io to get started. |
| --- |

Support

- ❌ Not supported
- ❓ No issues expected but not regularly tested
- ✅ Supported and verified with tests

Supported OS

| OS | Supported |
|--------|------------|
| Windows| ✅ |
| Linux | ✅ |
| OSX | ️✅ |

Supported Node versions

| Node | Supported |
|------|------------|
| 20 | ✅ |
| 22 | ✅ |
| 24 | ✅ |

Supported Pip & Python versions (requirements.txt)

| Pip / Python |2.7|3.6|3.7|3.8|3.9|3.10|3.11|3.12|3.13|3.14
|----------------|---|---|---|---|---|---|---|---|---|---|
| 10.0.0 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 18.1.0 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |

Supported Poetry versions (pyproject.toml and poetry.lock)

All known versions are expected to be supported (current latest version is 1.1.6)

Snyk Python CLI Plugin

This plugin provides dependency metadata for Python projects that use one of the following dependency management methods:

* pip with a requirements.txt file
* pipenv with a Pipfile file
* poetry with pyproject.toml and poetry.lock

There's a special only-provenance mode that allows extracting of top-level dependencies with
their corresponding positions in the original manifest file.

Contributing

Guide

$3

Prerequisites:
- Node.js 10+
- Python 2.7 or 3.6+
- Installed outside of any virtualenv:
- pip
- the contents of dev-requirements.txt:
``
pip install --user -r dev-requirements.txt
`
- if in linux, python-dev installed with apt, or see here.

Tests can be run against multiple python versions by using tox:

`
pip install tox
tox
`

Linting and testing:
`
npm i
npm run lint
npm run test
``