Log/run snyk tool

[yuriiShmal]

The purpose of snyk is to find security vulnerabilities, both from installed libraries, and from the source code.

snyk was installed successfully for local testing, as can be seen in this screenshot of the package.json file

Snyk was successfully run via the cli. This can be seen in the snyk_testing_results.txt file.
Testing found 13 issues with dependencies, and 244 issues of varying severity with the source code.

Customization Considerations:

• A priori:
  • Minimal customization - required creating an account and installing the cli with npm install snyk
  • Running the tool initially can be done manually, locally, with no other customization
• Over time:
  • Possible to add continuous integration for dependency security test, so that the dependencies are checked regularly. However, this serves mostly to find out when new vulnerabilities are discovered, as new dependencies are not added very often (presumably)
  • If payment plan is upgraded from free, there is a possibility of adding code test to the CI (doing it under free plan is inadviseable, as described below), as well as customizing it to ignore some irrelevant issues like hardcoded passwords in test files.

Advantages:

• It can find issues in both the codebase, and search through the dependencies to find issues with them, suggesting dependencies where issues can be fixed by upgrading
• snyk allows for unlimited testing of dependencies on public manifests

Disadvantages:

• Testing requires a snyk account and access to github to track usage. This means that correctly integrating snyk with CI requires the use of secrets.
• As there is a monthly limit of 100 uses to the number of snyk code testing for a free account, using that type of testing in CI is a poor idea.
• Although it suggests fixing some dependencies by upgrading dependencies, it gives no suggestions for resolving issues where upgrading is insufficient. Furthermore, upgrading the library versions may introduce compatibility issues

[railway-app]

🚅 Deployed to the nodebb-spring-26-clean-cod-pr-63 environment in Clean Code Team (nodebb)

Service	Status	Web	Updated (UTC)
nodebb-spring-26-clean-code	◻️ Removed (View Logs)	Web	Mar 17, 2026 at 1:52 am

[cirex-web]

I think u should probably install snyk in install/package.json instead of the top-level one? (otherwise it's not picked up by version control)

[yuriiShmal]

I think u should probably install snyk in install/package.json instead of the top-level one? (otherwise it's not picked up by version control)

And this is the way to run at least the dependency testing automatically later (although not really required for this assignment for now I think)

[cirex-web]

why is this gone lmao

[yuriiShmal]

I used npm install snyk to make sure that all of its dependencies would be installed. Not a clue why it was gone afterwards. Fixed now.