When you are testing a project, the following errors may occur:
Failed to get vulns
at /usr/lib/node_modules/snyk/src/cli/commands/test.ts:162:19
at Generator.throw (<anonymous>)
at rejected (/usr/lib/node_modules/snyk/dist/cli/commands/test.js:5:65)
at process._tickCallback (internal/process/next_tick.js:68:7)
or
snyk error: FailedToGetVulnerabilitiesError: Failed to get vulns
at handleTestHttpErrorResponse (/usr/lib/node_modules/snyk/src/lib/snyk-test/run-test.ts:184:13)
at request (/usr/lib/node_modules/snyk/src/lib/snyk-test/run-test.ts:164:21)
at request.then (/usr/lib/node_modules/snyk/src/lib/request/index.js:12:9)
at process._tickCallback (internal/process/next_tick.js:68:7)
or
➜ yarn snyk-protect
yarn run v1.19.2
$ snyk protect
Failed to get vulns
error Command failed with exit code 2.
Troubleshooting
Verify that you are using the correct account
If you are using the CLI, it is possible that you're authenticated under another account. Verify that you are authenticated for the correct account. Browse to https://app.snyk.io/account and note your api token. Then run the following command:
snyk auth <apitoken>
It may be that the user who is running the command is not a member of an Org in the https://snyk.io console. Ask an administrator of the organization that you are a member of to ensure that this user is added to at least one organization.
Determine if the project is too large for scanning
There are certain packages in projects that are more problematic than others due to the number of transitive and sub dependencies that are included in them.
react-scripts is one of the most common packages to be present when users encounter an error.
It is recommended to move react-scripts into the devDependencies section of a project.
There is a work around for larger projects, prune the dependency tree. "Pruning" reduces the size of dependency data by pruning duplicate package paths, which should help with performance so your project can be successfully imported and tested.
In some scenarios, it may impact fixes for projects, in particular upgrades, patches, or ignores. This might mean that more than one change is needed to fix all paths to a vulnerable package.
Use the following CLI command:
snyk test --prune-repeated-subdependencies
Contact Support
There are also other scenarios where this can occur, so if you have tried the suggestions in this article, submit a request to support.