feat: Vulns to use exit code 1, all other errors 2 #531

lili2311 · 2019-05-22T12:15:09Z

Ready for review
Follows CONTRIBUTING rules
Reviewed by Snyk internal team

What does this PR do?

Use exit code 1 for when vulnerabilities are found, 2 for everything else as before;
Delete vulnerabilities before sending to analytics
Fix 'VULNS" error code as it was never coming back with anything

Additional questions

src/cli/index.ts

darscan

some of those need to go back to console.log()

miiila · 2019-05-24T08:35:05Z

@darscan Could you please elaborate a bit on why we need to go back to console.log instead of console.error? Thanks.

miiila

I'm completely OK with the changes, but let's takes @darscan's points into account.

darscan · 2019-05-24T09:27:41Z

Also, we shouldn't use process.exit() as console.log() etc are async, and need to complete before we terminate the process. See: https://nodejs.org/api/process.html#process_process_exit_code

Right now, we're truncating the output by terminating too aggressively.

Instead, let's set the exit code, and let node terminate normally. i.e. process.exitCode = 1;

Note: this might be hard

lili2311 · 2019-05-24T10:58:12Z

src/cli/index.ts

  }

  if (!args.options.json) {
    console.log(alerts.displayAlerts());
  }

  if (!process.env.TAP && failed) {
-    process.exit(1);
+    debug('Exit code: ' + exitCode);
+    process.exitCode = exitCode;


Let it finish before exiting

src/cli/index.ts

lili2311 · 2019-05-24T13:07:11Z

Before

snyk analytics { args:
   [ 'no-vulns-bundler-app/',
     { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'bad-command',
  metadata:
   { local: true,
     policies: 1,
     packageManager: 'rubygems',
     packageName: 'no-vulns-bundler-app',
     packageVersion: undefined,
     package: 'no-vulns-bundler-app@undefined',
     payloadSize: 2301,
     gzippedPayloadSize: 673,
     'vulns-pre-policy': 9,
     vulns: 5,
      'error-message': ''
       version: '1.135.1',
  os: 'macOS High Sierra',
  nodeVersion: 'v6.14.1',
  id: '036d074b6f27b7d7ad4e2f7c679cf74b6b086c42',
  ci: false,
  durationMs: 565 } +3ms

After

  { args:
   [ 'no-vulns-bundler-app',
     { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'test',
  metadata:
   { local: true,
     policies: 1,
     packageManager: 'npm',
     packageName: 'no-vulns-bundler-app',
     packageVersion: undefined,
     package: 'no-vulns-bundler-app@undefined',
     payloadSize: 2301,
     gzippedPayloadSize: 677,
     'vulns-pre-policy': 9,
     vulns: 5,
     'error-message': 'Vulnerabilities found',
     error: undefined,
     'error-code': 'VULNS',
     command: 'test' },
  version: 'feat/error-exit-code-1: abf1e7860803fc93c46f26a8eb9645e40ca067d5 (1 dirty files)',
  os: 'macOS High Sierra',
  nodeVersion: 'v6.14.1',
  id: 'd34ba959e6fee0be31913947127b1d8c83143bbd',
  ci: false,
  durationMs: 1295 }

darscan · 2019-05-28T12:07:03Z

I'm getting packageManager: 'npm' for a Maven project

lili2311 · 2019-05-28T12:35:35Z

I'm getting packageManager: 'npm' for a Maven project

fixed in a separate PR and released #537

lili2311 · 2019-05-28T16:32:14Z

normal, single target, with without vulns

output exactly the same as before

Before

Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

After

Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

normal, single target, with vulns

Output OK, analytics size is now much reduced from:
snyk gzipped request body size: 418 +0ms
snyk gzipped request body size: 1145 +0ms

Dropped vulns from the analytics meta
Order of debug changed a little, analytics are now last after the result of the test
The test results is printed now only once not twice.
Exit code logged 1 for vulns, 2 for other errors

Before

  snyk test { _: [ [Circular] ], debug: true } +0ms
  snyk analytics add local true +0ms
  snyk analytics add local true +3ms
  snyk analytics add generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '/Users/lili/www/monorepo-simple' ] +0ms
  snyk analytics add policies 1 +21ms
  snyk analytics add packageManager npm +0ms
  snyk analytics add packageName shallow-goof +0ms
  snyk analytics add packageVersion 0.0.1 +0ms
  snyk analytics add package shallow-goof@0.0.1 +0ms
  snyk converting dep-tree to dep-graph { name: 'shallow-goof', targetFile: 'package.json' } +2ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 3 } +9ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 607 +0ms
  snyk gzipped request body size: 272 +0ms
  snyk analytics add payloadSize 607 +13ms
  snyk analytics add gzippedPayloadSize 272 +0ms
  snyk not using proxy +1ms
  snyk analytics add vulns-pre-policy 4 +2s
  snyk analytics add vulns 4 +6ms
  snyk analytics add error-message
Testing /Users/lili/www/monorepo-simple...

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      /Users/lili/www/monorepo-simple
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues. +129ms
  snyk analytics add error Error:
Testing /Users/lili/www/monorepo-simple...

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      /Users/lili/www/monorepo-simple
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.
    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7) +0ms
  snyk analytics add error-code undefined +1ms
  snyk analytics add command test +0ms
Error:
Testing /Users/lili/www/monorepo-simple...

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      /Users/lili/www/monorepo-simple
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.
    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7)
  snyk analytics { args: [ { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'bad-command',
  metadata:
   { local: [ true, true ],
     'generating-node-dependency-tree': { lockFile: false, targetFile: 'package.json' },
     policies: 1,
     packageManager: 'npm',
     packageName: 'shallow-goof',
     packageVersion: '0.0.1',
     package: 'shallow-goof@0.0.1',
     payloadSize: 607,
     gzippedPayloadSize: 272,
     'vulns-pre-policy': 4,
     vulns: 4,
     'error-message': '\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting /Users/lili/www/monorepo-simple...\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Event Loop Blocking)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806-1\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mnode-uuid\u001b[24m\u001b[39m\u001b[22m\n  Description: Insecure Randomness\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:node-uuid:20160328\u001b[24m\n  Introduced through: node-uuid@1.4.0\n  From: node-uuid@1.4.0\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Memory Exhaustion)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Prototype Override Protection Bypass\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20170213\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)\u001b[22m\n\n\n\n\n\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m/Users/lili/www/monorepo-simple\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\nTested 2 dependencies for known issues, \u001b[31m\u001b[1mfound 4 issues, 4 vulnerable paths.\u001b[22m\u001b[39m\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32mRun `snyk wizard` to address these issues.\u001b[39m\u001b[22m',
     error: 'Error: \u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting /Users/lili/www/monorepo-simple...\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Event Loop Blocking)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806-1\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mnode-uuid\u001b[24m\u001b[39m\u001b[22m\n  Description: Insecure Randomness\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:node-uuid:20160328\u001b[24m\n  Introduced through: node-uuid@1.4.0\n  From: node-uuid@1.4.0\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Memory Exhaustion)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Prototype Override Protection Bypass\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20170213\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)\u001b[22m\n\n\n\n\n\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m/Users/lili/www/monorepo-simple\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\nTested 2 dependencies for known issues, \u001b[31m\u001b[1mfound 4 issues, 4 vulnerable paths.\u001b[22m\u001b[39m\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32mRun `snyk wizard` to address these issues.\u001b[39m\u001b[22m\n    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19\n    at Generator.next (<anonymous>)\n    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:189:7)',
     'error-code': undefined,
     command: 'test' },
  version: '1.168.0',
  os: 'macOS High Sierra',
  nodeVersion: 'v8.12.0',
  id: '6c377c318c2077d366b53980ffbc4ef8309a0f8a',
  ci: false,
  durationMs: 2157 } +2ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +2s
  snyk request body size: 6066 +0ms
  snyk gzipped request body size: 1146 +0ms
  snyk not using proxy +0ms

After

  snyk test { _: [ [Circular] ], debug: true } +0ms
  snyk analytics adding to metadata:  local true +0ms
  snyk analytics adding to metadata:  local true +6ms
  snyk analytics adding to metadata:  generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +1ms
  snyk policies found [ '/Users/lili/www/monorepo-simple' ] +0ms
  snyk analytics adding to metadata:  policies 1 +30ms
  snyk analytics adding to metadata:  packageManager npm +1ms
  snyk analytics adding to metadata:  packageName shallow-goof +0ms
  snyk analytics adding to metadata:  packageVersion 0.0.1 +0ms
  snyk analytics adding to metadata:  package shallow-goof@0.0.1 +0ms
  snyk converting dep-tree to dep-graph { name: 'shallow-goof', targetFile: 'package.json' } +3ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 3 } +10ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 607 +0ms
  snyk gzipped request body size: 272 +0ms
  snyk analytics adding to metadata:  payloadSize 607 +23ms
  snyk analytics adding to metadata:  gzippedPayloadSize 272 +0ms
  snyk not using proxy +1ms
  snyk analytics adding to metadata:  vulns-pre-policy 4 +2s
  snyk analytics adding to metadata:  vulns 4 +5ms

Testing /Users/lili/www/monorepo-simple...

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      /Users/lili/www/monorepo-simple
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.
  snyk analytics adding to metadata:  error-message Vulnerabilities found +12ms
  snyk analytics adding to metadata:  error undefined +0ms
  snyk analytics adding to metadata:  error-code VULNS +0ms
  snyk analytics adding to metadata:  command test +1ms

  snyk Exit code: 1 +0ms
  snyk analytics { args: [ { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'test',
  metadata:
   { local: [ true, true ],
     'generating-node-dependency-tree': { lockFile: false, targetFile: 'package.json' },
     policies: 1,
     packageManager: 'npm',
     packageName: 'shallow-goof',
     packageVersion: '0.0.1',
     package: 'shallow-goof@0.0.1',
     payloadSize: 607,
     gzippedPayloadSize: 272,
     'vulns-pre-policy': 4,
     vulns: 4,
     'error-message': 'Vulnerabilities found',
     error: undefined,
     'error-code': 'VULNS',
     command: 'test' },
  version: 'feat/error-exit-code-1: 636628f2afa77c26e1d11cc95146b166295d9cea',
  os: 'macOS High Sierra',
  nodeVersion: 'v6.14.1',
  id: '087203b946472632aeeafacf93a1f92e47209b9c',
  ci: false,
  durationMs: 2932 } +375ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +3s
  snyk request body size: 662 +0ms
  snyk gzipped request body size: 419 +0ms
  snyk not using proxy +0ms

normal, multiple target, with vulns

Before

Testing no-vulns-bundler-app...

✗ Medium severity vulnerability found in sinatra
  Description: Timing Attack
  Info: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8
  Remediation:
    Upgrade direct dependency sinatra@1.4.8 to sinatra@2.0.0 (triggers upgrades to sinatra@2.0.0)

✗ Medium severity vulnerability found in sinatra
  Description: Cross-site Scripting (XSS)
  Info: https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8
  Remediation:
    Upgrade direct dependency sinatra@1.4.8 to sinatra@2.0.2 (triggers upgrades to sinatra@2.0.2)

✗ Medium severity vulnerability found in rack-protection
  Description: Directory Traversal
  Info: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8 > rack-protection@1.5.3
  Remediation:
    Your dependencies are out of date, otherwise you would be using a newer version of rack-protection.
    Try running `bundle update rack-protection` and running `snyk test` again.

✗ Medium severity vulnerability found in rack
  Description: Cross-site Scripting (XSS)
  Info: https://snyk.io/vuln/SNYK-RUBY-RACK-72567
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8 > rack@1.6.5
  From: sinatra@1.4.8 > rack-protection@1.5.3 > rack@1.6.5
  Remediation:
    Your dependencies are out of date, otherwise you would be using a newer version of rack.
    Try running `bundle update rack` and running `snyk test` again.




Organisation:      lili2311
Package manager:   rubygems
Target file:       Gemfile
Open source:       no
Project path:      no-vulns-bundler-app
Local Snyk policy: found
Licenses:          enabled

Tested 7 dependencies for known issues, found 4 issues, 5 vulnerable paths.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 2 contained vulnerable paths.

After

Testing no-vulns-bundler-app...

✗ Medium severity vulnerability found in sinatra
  Description: Timing Attack
  Info: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8
  Remediation:
    Upgrade direct dependency sinatra@1.4.8 to sinatra@2.0.0 (triggers upgrades to sinatra@2.0.0)

✗ Medium severity vulnerability found in sinatra
  Description: Cross-site Scripting (XSS)
  Info: https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8
  Remediation:
    Upgrade direct dependency sinatra@1.4.8 to sinatra@2.0.2 (triggers upgrades to sinatra@2.0.2)

✗ Medium severity vulnerability found in rack-protection
  Description: Directory Traversal
  Info: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8 > rack-protection@1.5.3
  Remediation:
    Your dependencies are out of date, otherwise you would be using a newer version of rack-protection.
    Try running `bundle update rack-protection` and running `snyk test` again.

✗ Medium severity vulnerability found in rack
  Description: Cross-site Scripting (XSS)
  Info: https://snyk.io/vuln/SNYK-RUBY-RACK-72567
  Introduced through: sinatra@1.4.8
  From: sinatra@1.4.8 > rack@1.6.5
  From: sinatra@1.4.8 > rack-protection@1.5.3 > rack@1.6.5
  Remediation:
    Your dependencies are out of date, otherwise you would be using a newer version of rack.
    Try running `bundle update rack` and running `snyk test` again.




Organisation:      lili2311
Package manager:   rubygems
Target file:       Gemfile
Open source:       no
Project path:      no-vulns-bundler-app
Local Snyk policy: found
Licenses:          enabled

Tested 7 dependencies for known issues, found 4 issues, 5 vulnerable paths.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 2 contained vulnerable paths.

lili2311 · 2019-05-28T16:42:19Z

normal, multiple paths, with vulns -d

Exist code is 1 if at least 1 result has vulns

Before

  snyk test { _: [ '../snyk/snyk', '.', [Circular] ], debug: true } +0ms
  snyk analytics add local true +0ms
  snyk analytics add local true +5ms
  snyk analytics add generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '../snyk/snyk',k/snyk
  '/Users/lili/www/snyk/snyk/node_modules/snyk-docker-plugin',
  '/Users/lili/www/snyk/snyk/node_modules/snyk-go-plugin' ] +0ms
  snyk analytics add policies 3 +1s
  snyk analytics add packageManager npm +0ms
  snyk analytics add packageName snyk +0ms
  snyk analytics add packageVersion null +0ms
  snyk analytics add package snyk@null +0ms
  snyk converting dep-tree to dep-graph { name: 'snyk', targetFile: 'package.json' } +16ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 284 } +49ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 53268 +0ms
  snyk gzipped request body size: 8564 +0ms
  snyk analytics add payloadSize 53268 +74ms
  snyk analytics add gzippedPayloadSize 8564 +0ms
  snyk not using proxy +2ms
  snyk analytics add vulns-pre-policy 0 +3s
  snyk analytics add vulns 0 +1ms
  snyk analytics add local true +1ms
  snyk analytics add local true +0ms
  snyk analytics add generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +1ms
  snyk policies found [ '.' ] +3s
  snyk analytics add policies 1 +5ms
  snyk analytics add packageManager npm +1ms
  snyk analytics add packageName shallow-goof +0ms
  snyk analytics add packageVersion 0.0.1 +0ms
  snyk analytics add package shallow-goof@0.0.1 +0ms
  snyk converting dep-tree to dep-graph { name: 'shallow-goof', targetFile: 'package.json' } +1ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 3 } +0ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +3s
  snyk request body size: 607 +0ms
  snyk gzipped request body size: 272 +0ms
  snyk analytics add payloadSize 607 +1ms
  snyk analytics add gzippedPayloadSize 272 +0ms
  snyk not using proxy +1ms
  snyk analytics add vulns-pre-policy 4 +1s
  snyk analytics add vulns 4 +1ms
  snyk analytics add error-message
Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 1 contained vulnerable paths.
 +28ms
  snyk analytics add error Error:
Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 1 contained vulnerable paths.

    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7) +0ms
  snyk analytics add error-code undefined +1ms
  snyk analytics add command test +0ms
Error:
Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 1 contained vulnerable paths.

    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19
    at Generator.next (<anonymous>)
    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7)
  snyk analytics { args:
   [ '../snyk/snyk',
     '.',
     { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'bad-command',
  metadata:
   { local: [ true, true, true, true ],
     'generating-node-dependency-tree': [ [Object], [Object] ],
     policies: [ 3, 1 ],
     packageManager: [ 'npm', 'npm' ],
     packageName: [ 'snyk', 'shallow-goof' ],
     packageVersion: '0.0.1',
     package: [ 'snyk@null', 'shallow-goof@0.0.1' ],
     payloadSize: [ 53268, 607 ],
     gzippedPayloadSize: [ 8564, 272 ],
     'vulns-pre-policy': 4,
     vulns: 4,
     'error-message': '\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting ../snyk/snyk...\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m../snyk/snyk\n\u001b[1mLocal Snyk policy: \u001b[22m\u001b[32mfound\u001b[39m\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\n\u001b[32m✓ Tested 283 dependencies for known issues, no vulnerable paths found.\u001b[39m\n\nNext steps:\n- Run `snyk monitor` to be notified about new related vulnerabilities.\n- Run `snyk test` as part of your CI/test.\n\n-------------------------------------------------------\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting ....\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Event Loop Blocking)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806-1\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mnode-uuid\u001b[24m\u001b[39m\u001b[22m\n  Description: Insecure Randomness\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:node-uuid:20160328\u001b[24m\n  Introduced through: node-uuid@1.4.0\n  From: node-uuid@1.4.0\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Memory Exhaustion)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Prototype Override Protection Bypass\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20170213\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)\u001b[22m\n\n\n\n\n\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m.\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\nTested 2 dependencies for known issues, \u001b[31m\u001b[1mfound 4 issues, 4 vulnerable paths.\u001b[22m\u001b[39m\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32mRun `snyk wizard` to address these issues.\u001b[39m\u001b[22m\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31mTested 2 projects, 1 contained vulnerable paths.\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m',
     error: 'Error: \u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting ../snyk/snyk...\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m../snyk/snyk\n\u001b[1mLocal Snyk policy: \u001b[22m\u001b[32mfound\u001b[39m\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\n\u001b[32m✓ Tested 283 dependencies for known issues, no vulnerable paths found.\u001b[39m\n\nNext steps:\n- Run `snyk monitor` to be notified about new related vulnerabilities.\n- Run `snyk test` as part of your CI/test.\n\n-------------------------------------------------------\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37mTesting ....\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\n\u001b[1m\u001b[37m\u001b[39m\u001b[22m\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Event Loop Blocking)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806-1\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[33m✗ Medium severity vulnerability found in \u001b[4mnode-uuid\u001b[24m\u001b[39m\u001b[22m\n  Description: Insecure Randomness\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:node-uuid:20160328\u001b[24m\n  Introduced through: node-uuid@1.4.0\n  From: node-uuid@1.4.0\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Denial of Service (Memory Exhaustion)\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20140806\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)\u001b[22m\n\n\u001b[1m\u001b[31m✗ High severity vulnerability found in \u001b[4mqs\u001b[24m\u001b[39m\u001b[22m\n  Description: Prototype Override Protection Bypass\n  Info: \u001b[4mhttps://snyk.io/vuln/npm:qs:20170213\u001b[24m\n  Introduced through: qs@0.0.6\n  From: qs@0.0.6\u001b[1m\u001b[22m\n\u001b[1m  Remediation: \u001b[22m\n\u001b[1m    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)\u001b[22m\n\n\n\n\n\u001b[1mOrganisation:      \u001b[22mlili2311\n\u001b[1mPackage manager:   \u001b[22mnpm\n\u001b[1mTarget file:       \u001b[22mpackage.json\n\u001b[1mOpen source:       \u001b[22mno\n\u001b[1mProject path:      \u001b[22m.\n\u001b[1mLicenses:          \u001b[22m\u001b[32menabled\u001b[39m\n\nTested 2 dependencies for known issues, \u001b[31m\u001b[1mfound 4 issues, 4 vulnerable paths.\u001b[22m\u001b[39m\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32m\u001b[39m\u001b[22m\n\u001b[1m\u001b[32mRun `snyk wizard` to address these issues.\u001b[39m\u001b[22m\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n\u001b[1m\u001b[31mTested 2 projects, 1 contained vulnerable paths.\u001b[39m\u001b[22m\n\u001b[1m\u001b[31m\u001b[39m\u001b[22m\n    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:160:19\n    at Generator.next (<anonymous>)\n    at fulfilled (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:4:58)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:189:7)',
     'error-code': undefined,
     command: 'test' },
  version: '1.168.0',
  os: 'macOS High Sierra',
  nodeVersion: 'v8.12.0',
  id: '228e3f95628da61402a39d20749816858419ef24',
  ci: false,
  durationMs: 5762 } +2ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +1s
  snyk request body size: 8252 +0ms
  snyk gzipped request body size: 1345 +0ms
  snyk not using proxy +0ms

After

snyk test { _: [ '../snyk/snyk', '.', [Circular] ], debug: true } +0ms
  snyk analytics adding to metadata:  local true +0ms
  snyk analytics adding to metadata:  local true +3ms
  snyk analytics adding to metadata:  generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '../snyk/snyk',k/snyk
  '/Users/lili/www/snyk/snyk/node_modules/snyk-docker-plugin',
  '/Users/lili/www/snyk/snyk/node_modules/snyk-go-plugin' ] +0ms
  snyk analytics adding to metadata:  policies 3 +876ms
  snyk analytics adding to metadata:  packageManager npm +1ms
  snyk analytics adding to metadata:  packageName snyk +0ms
  snyk analytics adding to metadata:  packageVersion null +0ms
  snyk analytics adding to metadata:  package snyk@null +0ms
  snyk converting dep-tree to dep-graph { name: 'snyk', targetFile: 'package.json' } +50ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 284 } +58ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 53268 +0ms
  snyk gzipped request body size: 8564 +0ms
  snyk analytics adding to metadata:  payloadSize 53268 +113ms
  snyk analytics adding to metadata:  gzippedPayloadSize 8564 +0ms
  snyk not using proxy +2ms
  snyk analytics adding to metadata:  vulns-pre-policy 0 +477ms
  snyk analytics adding to metadata:  vulns 0 +1ms
  snyk analytics adding to metadata:  local true +1ms
  snyk analytics adding to metadata:  local true +0ms
  snyk analytics adding to metadata:  generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '.' ] +491ms
  snyk analytics adding to metadata:  policies 1 +6ms
  snyk analytics adding to metadata:  packageManager npm +0ms
  snyk analytics adding to metadata:  packageName shallow-goof +0ms
  snyk analytics adding to metadata:  packageVersion 0.0.1 +0ms
  snyk analytics adding to metadata:  package shallow-goof@0.0.1 +0ms
  snyk converting dep-tree to dep-graph { name: 'shallow-goof', targetFile: 'package.json' } +1ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 3 } +0ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +485ms
  snyk request body size: 607 +0ms
  snyk gzipped request body size: 272 +0ms
  snyk analytics adding to metadata:  payloadSize 607 +2ms
  snyk analytics adding to metadata:  gzippedPayloadSize 272 +0ms
  snyk not using proxy +0ms
  snyk analytics adding to metadata:  vulns-pre-policy 4 +4s
  snyk analytics adding to metadata:  vulns 4 +1ms

Testing ../snyk/snyk...

Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      ../snyk/snyk
Local Snyk policy: found
Licenses:          enabled

✓ Tested 283 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing ....

✗ Medium severity vulnerability found in qs
  Description: Denial of Service (Event Loop Blocking)
  Info: https://snyk.io/vuln/npm:qs:20140806-1
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ Medium severity vulnerability found in node-uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/npm:node-uuid:20160328
  Introduced through: node-uuid@1.4.0
  From: node-uuid@1.4.0
  Remediation:
    Upgrade direct dependency node-uuid@1.4.0 to node-uuid@1.4.6 (triggers upgrades to node-uuid@1.4.6)

✗ High severity vulnerability found in qs
  Description: Denial of Service (Memory Exhaustion)
  Info: https://snyk.io/vuln/npm:qs:20140806
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@1.0.0 (triggers upgrades to qs@1.0.0)

✗ High severity vulnerability found in qs
  Description: Prototype Override Protection Bypass
  Info: https://snyk.io/vuln/npm:qs:20170213
  Introduced through: qs@0.0.6
  From: qs@0.0.6
  Remediation:
    Upgrade direct dependency qs@0.0.6 to qs@6.0.4 (triggers upgrades to qs@6.0.4)




Organisation:      lili2311
Package manager:   npm
Target file:       package.json
Open source:       no
Project path:      .
Licenses:          enabled

Tested 2 dependencies for known issues, found 4 issues, 4 vulnerable paths.

Run `snyk wizard` to address these issues.


Tested 2 projects, 1 contained vulnerable paths.

  snyk analytics adding to metadata:  error-message Vulnerabilities found +4ms
  snyk analytics adding to metadata:  error undefined +1ms
  snyk analytics adding to metadata:  error-code VULNS +0ms
  snyk analytics adding to metadata:  command test +0ms

  snyk Exit code: 1 +0ms
  snyk analytics { args:
   [ '../snyk/snyk',
     '.',
     { debug: true, org: undefined, showVulnPaths: true } ],
  command: 'test',
  metadata:
   { local: [ true, true, true, true ],
     'generating-node-dependency-tree': [ [Object], [Object] ],
     policies: [ 3, 1 ],
     packageManager: [ 'npm', 'npm' ],
     packageName: [ 'snyk', 'shallow-goof' ],
     packageVersion: '0.0.1',
     package: [ 'snyk@null', 'shallow-goof@0.0.1' ],
     payloadSize: [ 53268, 607 ],
     gzippedPayloadSize: [ 8564, 272 ],
     'vulns-pre-policy': 4,
     vulns: 4,
     'error-message': 'Vulnerabilities found',
     error: undefined,
     'error-code': 'VULNS',
     command: 'test' },
  version: 'feat/error-exit-code-1: 636628f2afa77c26e1d11cc95146b166295d9cea',
  os: 'macOS High Sierra',
  nodeVersion: 'v8.12.0',
  id: '1087958bcf14785de206d16624a777636521d4e4',
  ci: false,
  durationMs: 6069 } +209ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +5s
  snyk request body size: 790 +0ms
  snyk gzipped request body size: 465 +0ms
  snyk not using proxy +0ms

lili2311 · 2019-05-28T16:44:29Z

normal, single target, with with vulns --json

Before

{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 283,
  "org": "lili2311",
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.13.5\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  'npm:mem:20180117':\n    - nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n    - tap > nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n  SNYK-JS-EXECA-174564:\n    - os-name > windows-release > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\n    - update-notifier > boxen > term-size > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\npatch: {}\nsuggest: {}\n",
  "isPrivate": true,
  "licensesPolicy": {
    "severities": {
      "MS-RL": "medium",
      "EPL-1.0": "medium",
      "GPL-2.0": "high",
      "GPL-3.0": "high",
      "MPL-1.1": "medium",
      "MPL-2.0": "medium",
      "AGPL-1.0": "high",
      "AGPL-3.0": "high",
      "CDDL-1.0": "medium",
      "LGPL-2.0": "medium",
      "LGPL-2.1": "medium",
      "LGPL-3.0": "medium",
      "CPOL-1.02": "high",
      "LGPL-2.1+": "medium",
      "LGPL-3.0+": "medium",
      "SimPL-2.0": "high",
      "Artistic-1.0": "medium",
      "Artistic-2.0": "medium"
    }
  },
  "packageManager": "npm",
  "ignoreSettings": {
    "adminOnly": false,
    "reasonRequired": false,
    "disregardFilesystemIgnores": false
  },
  "summary": "No known vulnerabilities",
  "filesystemPolicy": true,
  "uniqueCount": 0,
  "path": "../snyk/snyk"
}

After

{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 283,
  "org": "lili2311",
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.13.5\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  'npm:mem:20180117':\n    - nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n    - tap > nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n  SNYK-JS-EXECA-174564:\n    - os-name > windows-release > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\n    - update-notifier > boxen > term-size > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\npatch: {}\nsuggest: {}\n",
  "isPrivate": true,
  "licensesPolicy": {
    "severities": {
      "MS-RL": "medium",
      "EPL-1.0": "medium",
      "GPL-2.0": "high",
      "GPL-3.0": "high",
      "MPL-1.1": "medium",
      "MPL-2.0": "medium",
      "AGPL-1.0": "high",
      "AGPL-3.0": "high",
      "CDDL-1.0": "medium",
      "LGPL-2.0": "medium",
      "LGPL-2.1": "medium",
      "LGPL-3.0": "medium",
      "CPOL-1.02": "high",
      "LGPL-2.1+": "medium",
      "LGPL-3.0+": "medium",
      "SimPL-2.0": "high",
      "Artistic-1.0": "medium",
      "Artistic-2.0": "medium"
    }
  },
  "packageManager": "npm",
  "ignoreSettings": {
    "adminOnly": false,
    "reasonRequired": false,
    "disregardFilesystemIgnores": false
  },
  "summary": "No known vulnerabilities",
  "filesystemPolicy": true,
  "uniqueCount": 0,
  "path": "../snyk/snyk"
}

lili2311 · 2019-05-28T16:45:50Z

normal, single target, with with vulns `--json` & `-d`

before

 snyk test { _: [ '../snyk/snyk', [Circular] ], json: true, debug: true } +0ms
  snyk analytics add local true +0ms
  snyk analytics add local true +3ms
  snyk analytics add generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '../snyk/snyk',k/snyk
  '/Users/lili/www/snyk/snyk/node_modules/snyk-docker-plugin',
  '/Users/lili/www/snyk/snyk/node_modules/snyk-go-plugin' ] +0ms
  snyk analytics add policies 3 +843ms
  snyk analytics add packageManager npm +0ms
  snyk analytics add packageName snyk +0ms
  snyk analytics add packageVersion null +0ms
  snyk analytics add package snyk@null +0ms
  snyk converting dep-tree to dep-graph { name: 'snyk', targetFile: 'package.json' } +13ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 284 } +51ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 53268 +0ms
  snyk gzipped request body size: 8564 +0ms
  snyk analytics add payloadSize 53268 +71ms
  snyk analytics add gzippedPayloadSize 8564 +0ms
  snyk not using proxy +2ms
  snyk analytics add vulns-pre-policy 0 +2s
  snyk analytics add vulns 0 +1ms
{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 283,
  "org": "lili2311",
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.13.5\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  'npm:mem:20180117':\n    - nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n    - tap > nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n  SNYK-JS-EXECA-174564:\n    - os-name > windows-release > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\n    - update-notifier > boxen > term-size > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\npatch: {}\nsuggest: {}\n",
  "isPrivate": true,
  "licensesPolicy": {
    "severities": {
      "MS-RL": "medium",
      "EPL-1.0": "medium",
      "GPL-2.0": "high",
      "GPL-3.0": "high",
      "MPL-1.1": "medium",
      "MPL-2.0": "medium",
      "AGPL-1.0": "high",
      "AGPL-3.0": "high",
      "CDDL-1.0": "medium",
      "LGPL-2.0": "medium",
      "LGPL-2.1": "medium",
      "LGPL-3.0": "medium",
      "CPOL-1.02": "high",
      "LGPL-2.1+": "medium",
      "LGPL-3.0+": "medium",
      "SimPL-2.0": "high",
      "Artistic-1.0": "medium",
      "Artistic-2.0": "medium"
    }
  },
  "packageManager": "npm",
  "ignoreSettings": {
    "adminOnly": false,
    "reasonRequired": false,
    "disregardFilesystemIgnores": false
  },
  "summary": "No known vulnerabilities",
  "filesystemPolicy": true,
  "uniqueCount": 0,
  "path": "../snyk/snyk"
}
  snyk analytics { args:
   [ '../snyk/snyk',
     { json: true, debug: true, org: undefined, showVulnPaths: true } ],
  command: 'test',
  metadata:
   { local: [ true, true ],
     'generating-node-dependency-tree': { lockFile: false, targetFile: 'package.json' },
     policies: 3,
     packageManager: 'npm',
     packageName: 'snyk',
     packageVersion: null,
     package: 'snyk@null',
     payloadSize: 53268,
     gzippedPayloadSize: 8564,
     'vulns-pre-policy': 0,
     vulns: 0 },
  version: '1.168.0',
  os: 'macOS High Sierra',
  nodeVersion: 'v8.12.0',
  id: '7511141eece157167ac6a8c9a07bc6fef0b9d9d0',
  ci: false,
  durationMs: 2728 } +2ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +2s
  snyk request body size: 537 +0ms
  snyk gzipped request body size: 351 +0ms
  snyk not using proxy +0ms

After

  snyk test { _: [ '../snyk/snyk', [Circular] ], json: true, debug: true } +0ms
  snyk analytics adding to metadata:  local true +0ms
  snyk analytics adding to metadata:  local true +3ms
  snyk analytics adding to metadata:  generating-node-dependency-tree { lockFile: false, targetFile: 'package.json' } +0ms
  snyk policies found [ '../snyk/snyk',k/snyk
  '/Users/lili/www/snyk/snyk/node_modules/snyk-docker-plugin',
  '/Users/lili/www/snyk/snyk/node_modules/snyk-go-plugin' ] +0ms
  snyk analytics adding to metadata:  policies 3 +771ms
  snyk analytics adding to metadata:  packageManager npm +0ms
  snyk analytics adding to metadata:  packageName snyk +0ms
  snyk analytics adding to metadata:  packageVersion null +0ms
  snyk analytics adding to metadata:  package snyk@null +0ms
  snyk converting dep-tree to dep-graph { name: 'snyk', targetFile: 'package.json' } +32ms
  snyk done converting dep-tree to dep-graph { uniquePkgsCount: 284 } +52ms
  snyk sending request to: https://snyk.io/api/v1/test-dep-graph +0ms
  snyk request body size: 53268 +0ms
  snyk gzipped request body size: 8564 +0ms
  snyk analytics adding to metadata:  payloadSize 53268 +92ms
  snyk analytics adding to metadata:  gzippedPayloadSize 8564 +0ms
  snyk not using proxy +3ms
  snyk analytics adding to metadata:  vulns-pre-policy 0 +564ms
  snyk analytics adding to metadata:  vulns 0 +1ms
{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 283,
  "org": "lili2311",
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.13.5\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  'npm:mem:20180117':\n    - nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n    - tap > nyc > yargs > os-locale > mem:\n        reason: DoS vulnerability is not valid for CLI tool\n        expires: '2019-12-19T10:35:25.346Z'\n        source: cli\n  SNYK-JS-EXECA-174564:\n    - os-name > windows-release > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\n    - update-notifier > boxen > term-size > execa:\n        reason: None given\n        expires: '2019-05-31T17:15:04.209Z'\n        source: cli\npatch: {}\nsuggest: {}\n",
  "isPrivate": true,
  "licensesPolicy": {
    "severities": {
      "MS-RL": "medium",
      "EPL-1.0": "medium",
      "GPL-2.0": "high",
      "GPL-3.0": "high",
      "MPL-1.1": "medium",
      "MPL-2.0": "medium",
      "AGPL-1.0": "high",
      "AGPL-3.0": "high",
      "CDDL-1.0": "medium",
      "LGPL-2.0": "medium",
      "LGPL-2.1": "medium",
      "LGPL-3.0": "medium",
      "CPOL-1.02": "high",
      "LGPL-2.1+": "medium",
      "LGPL-3.0+": "medium",
      "SimPL-2.0": "high",
      "Artistic-1.0": "medium",
      "Artistic-2.0": "medium"
    }
  },
  "packageManager": "npm",
  "ignoreSettings": {
    "adminOnly": false,
    "reasonRequired": false,
    "disregardFilesystemIgnores": false
  },
  "summary": "No known vulnerabilities",
  "filesystemPolicy": true,
  "uniqueCount": 0,
  "path": "../snyk/snyk"
}
  snyk analytics { args:
   [ '../snyk/snyk',
     { json: true, debug: true, org: undefined, showVulnPaths: true } ],
  command: 'test',
  metadata:
   { local: [ true, true ],
     'generating-node-dependency-tree': { lockFile: false, targetFile: 'package.json' },
     policies: 3,
     packageManager: 'npm',
     packageName: 'snyk',
     packageVersion: null,
     package: 'snyk@null',
     payloadSize: 53268,
     gzippedPayloadSize: 8564,
     'vulns-pre-policy': 0,
     vulns: 0 },
  version: 'feat/error-exit-code-1: 636628f2afa77c26e1d11cc95146b166295d9cea',
  os: 'macOS High Sierra',
  nodeVersion: 'v8.12.0',
  id: '2f78a99fea821ed00c55a2b68481e690727c84aa',
  ci: false,
  durationMs: 1637 } +187ms
  snyk sending request to: https://snyk.io/api/v1/analytics/cli +750ms
  snyk request body size: 594 +0ms
  snyk gzipped request body size: 392 +0ms
  snyk not using proxy +0ms

snyk test app -d --json 2> /dev/null

Before

Error: {
  "ok": false,
  "error": "Missing node_modules folder: we can't test without dependencies.\nPlease run 'npm install' first.",
  "path": "app"
}
    at /Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/src/cli/commands/test.ts:130:11
    at Generator.throw (<anonymous>)
    at rejected (/Users/lili/.nvm/versions/node/v8.12.0/lib/node_modules/snyk/dist/cli/commands/test.js:5:65)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7)
    at Function.Module.runMain (module.js:696:11)
    at startup (bootstrap_node.js:204:16)
    at bootstrap_node.js:625:3

After

{
  "ok": false,
  "error": "Missing node_modules folder: we can't test without dependencies.\nPlease run 'npm install' first.",
  "path": "app"
}

All comments addressed & tested

snyksec · 2019-05-29T08:08:07Z

🎉 This PR is included in version 1.169.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

lili2311 closed this May 22, 2019

lili2311 reopened this May 22, 2019

lili2311 self-assigned this May 22, 2019

lili2311 requested review from miiila, kyegupov and darscan May 22, 2019 17:14

lili2311 force-pushed the feat/error-exit-code-1 branch from 9a4532f to d6c315b Compare May 23, 2019 08:17

lili2311 changed the title ~~feat: Vulns to use exit code 2~~ feat: Vulns to use exit code 1, all other errors 2 May 23, 2019

lili2311 force-pushed the feat/error-exit-code-1 branch 2 times, most recently from 7671f1e to 1aa82dc Compare May 23, 2019 11:44

adrukh reviewed May 23, 2019

View reviewed changes