When you are testing larger packages using the Snyk CLI, the monitor
command in particular may time out or fail with an error such as:
- 422
- 413
- Connection timeout
Typically this happens because a package has many dependencies and sub-dependencies that have expanded the project beyond a manageable size.
Snyk enabled the following option to help expedite and ensure the success of running the snyk monitor
command for larger projects:
--prune-repeated-subdependencies
Example:
$ snyk test --prune-repeated-subdependencies
or
$ snyk monitor --prune-repeated-subdependencies
Use this option to prune dependency trees, removing duplicate sub-dependencies. The command continues to find all vulnerabilities, but may not find all of the vulnerable paths.
The limitation occurs because when building the dependency tree, Snyk prunes sub-dependencies that have already been detected with all of their subsequent sub-dependencies. This helps streamline the running of the command, eliminating duplicate cycles. However, a potential consequence is that all vulnerable paths may not be calculated correctly.