Snyk Node.js runtime agent
Use this package as a library in your application to monitor your dependencies and to learn how the vulnerable functions of the dependencies are invoked in your deployments.
Quick start
require('@snyk/nodejs-runtime-agent')({ projectId: <Your-Project-ID> });Supported Node.js versions
The Node.js Runtime Agent is tested on Node 8 and Node 10.
Other versions are unsupported.How to
require('@snyk/nodejs-runtime-agent')(config);The
config object supports the following options:| Key | Type | Default value | Purpose | |--------------------|-----------|------------------------------------------|-------------------------------------------------------------------------| |
projectId | String | | The Snyk project ID that matches your application. |
| enable | Boolean | true | Set to false to disable the agent. |Advanced
config options:| Key | Type | Default value | Purpose | |----------------------|-----------|-------------------------------------------------------------|--------------------------------------------------------------------------------------------| |
beaconIntervalMs | Number | 60000 | Report frequency in milliseconds. |
| snapshotIntervalMs | Number | 3600000 | Snapshot retrieval frequency in milliseconds. |
| flushOnExit | Boolean | true | Set to false to prevent the agent from flushing its data before exiting. true is useful especially for short-lived environments. |Demo
There is a
self-contained demo named node-woof,
which you can clone and run. It will guide you through the setup of the project on
your machine.Development
npm start brings up an http server that invokes a vulnerable function
on startup and for every request.