diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 9cc4fb3..fcad812 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,9 @@ # ChangeLog +## [4.0.2] - 16-12-2021 + +- fix: don't rely on hardcoded paths to `snyk` binary + ## [4.0.1] - 14-12-2021 - docs: fix readme instructions to use `@asos` scope diff --git a/package.json b/package.json index 217569b..dfa9df4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@asos/snyker", - "version": "4.0.1", + "version": "4.0.2", "description": "An opinionated, heavy-handed wrapper around Snyk.", "author": { "name": "Craig Morten", @@ -24,6 +24,9 @@ "doc": "docs", "lib": "lib" }, + "engines": { + "npm": ">=5.2.0" + }, "main": "lib/index.js", "bin": { "snyker": "bin/snyker" diff --git a/src/index.js b/src/index.js index d52fc78..f1c6f2b 100644 --- a/src/index.js +++ b/src/index.js @@ -270,10 +270,6 @@ const snyker = async () => { const lockFileName = argv.lockfile || "yarn.lock"; const isYarn = lockFileName.includes("yarn"); - const snykCliPath = path.join( - path.dirname(module.id), - "../node_modules/.bin/snyk" - ); console.log( `[SNYKER: STEP 1]: Ensuring lockfile '${lockFileName}' is up to date.\n` @@ -307,7 +303,8 @@ const snyker = async () => { console.log("[SNYKER: STEP 3]: Getting vulnerable paths from Snyk."); const depsToForceUpdate = await catchAndRetry(async () => { - const { stdout: snykTestOut } = await exec(snykCliPath, [ + const { stdout: snykTestOut } = await exec("npx", [ + "snyk", "test", "--dev", "--json", @@ -347,7 +344,8 @@ const snyker = async () => { ); const finalVulnerabilities = await catchAndRetry(async () => { - const { stdout: finalSnykTestOut } = await exec(snykCliPath, [ + const { stdout: finalSnykTestOut } = await exec("npx", [ + "snyk", "test", "--dev", "--json", @@ -405,7 +403,7 @@ const snyker = async () => { console.log(); for (const id of uniqueVulnerabilityIds) { - await exec(snykCliPath, ["ignore", `--id=${id}`]); + await exec("npx", ["snyk", "ignore", `--id=${id}`]); } if (upgradablePackages.length) {