Usually while testing larger packages with snyk, the monitor argument, in particular, can sometimes time out or fail with an error such as:
- Connection timeout.
This is generally due to a package having many dependencies and sub-dependencies that can bloat the size of a project beyond a manageable size.
To help make these larger projects more manageable, we have enabled the following argument to the snyk CLI that can help expedite and ensure the success of running snyk monitor:
This is currently an experimental option:
Prune dependency trees, removing duplicate sub-dependencies.
Will still find all vulnerabilities, but potentially not all
of the vulnerable paths.
$ snyk test --prune-repeated-subdependencies
$ snyk monitor --prune-repeated-subdependencies
What it does:
As mentioned in the snyk help section, when building the dependency tree snyk will prune sub-dependencies that have already been detected with all of their subsequent sub-dependencies. This will help streamline the running of the command, eliminating duplicate cycles.
A potential consequence of this will be potentially not all vulnerable paths being calculated correctly.