Snyk Node Runtime Agent
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib feat: support declarations inside array values Feb 18, 2019
test feat: support declarations inside array values Feb 18, 2019
.eslintrc chore: some refactoring in preparation of snapshot retrieval Dec 4, 2018
.travis.yml chore: GH templates and contribution agreement Oct 2, 2018
LICENSE fix: updating our LICENSE Nov 12, 2018
appveyor.yml chore: add node 10 to travis and appveyor Oct 25, 2018
package-lock.json fix: add uuid as needed dep Nov 9, 2018
package.json docs: specify our supported Node versions in package.json Jan 22, 2019

Snyk Node.js runtime agent

Known Vulnerabilities

Use this package as a library in your application to monitor your dependencies and to learn how the vulnerable functions of the dependencies are invoked in your deployments.

Quick start

require('@snyk/nodejs-runtime-agent')({ projectId: <Your-Project-ID> });

How to


The config object supports the following options:

Key Type Default value Purpose
projectId String The Snyk project ID that matches your application.
enable Boolean true Set to false to disable the agent.

Advanced config options:

Key Type Default value Purpose
beaconIntervalMs Number 60000 Report frequency in milliseconds.
snapshotIntervalMs Number 3600000 Snapshot retrieval frequency in milliseconds.
flushOnExit Boolean true Set to false to prevent the agent from flushing its data before exiting. true is useful especially for short-lived environments.


There is a self-contained demo named node-woof, which you can clone and run. It will guide you through the setup of the project on your machine.


npm start brings up an http server that invokes a vulnerable function on startup and for every request.