Skip to content
Latchkey

snyk test: Find Vulnerable Dependencies

snyk test analyzes your dependency manifest against Snyk's vulnerability database and exits 1 when issues at or above the threshold are found.

snyk test is the SCA (software composition analysis) entry point: it reads your lockfile/manifest and reports known CVEs in your dependencies.

What it does

snyk test resolves the dependency tree, queries the Snyk database, and lists vulnerabilities with severity and a fix path. Exit 0 means no issues at/above the threshold, 1 means vulnerabilities were found, and 2 means a usage/auth error. It does not change your code.

Common usage

Terminal
snyk auth $SNYK_TOKEN
snyk test --severity-threshold=high
# monorepo: scan every manifest it finds
snyk test --all-projects --severity-threshold=medium

Options

FlagWhat it does
--severity-threshold <lvl>low, medium, high, or critical gate
--all-projectsDetect and scan all manifests in the repo
--json / --sarif-file-outputMachine-readable output
--fail-on <type>all, upgradable, or patchable issues to fail on
--org <id>Run under a specific Snyk organization
--file <manifest>Test a specific manifest file

In CI

snyk test already exits 1 on findings, so it fails the job without extra wiring; set --severity-threshold=high to avoid blocking on low-severity noise. Authenticate with SNYK_TOKEN as a secret. Use --fail-on=upgradable if you only want to block when a fix is actually available.

Common errors in CI

"Authentication error (SNYK-0005)" or "Missing API token" means SNYK_TOKEN is unset (fork PRs cannot read it). "Could not detect supported target files" means no recognized manifest in the path; pass --file or --all-projects. "Failed to get dependencies" often means the project was not installed first (run npm ci before snyk test for some ecosystems).

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →