When testing a project, you may receive the following error:
Failed to get vulns
at /usr/lib/node_modules/snyk/src/cli/commands/test.ts:162:19
at Generator.throw (<anonymous>)
at rejected (/usr/lib/node_modules/snyk/dist/cli/commands/test.js:5:65)
at process._tickCallback (internal/process/next_tick.js:68:7)
or
snyk error: FailedToGetVulnerabilitiesError: Failed to get vulns
at handleTestHttpErrorResponse (/usr/lib/node_modules/snyk/src/lib/snyk-test/run-test.ts:184:13)
at request (/usr/lib/node_modules/snyk/src/lib/snyk-test/run-test.ts:164:21)
at request.then (/usr/lib/node_modules/snyk/src/lib/request/index.js:12:9)
at process._tickCallback (internal/process/next_tick.js:68:7)
or
➜ yarn snyk-protect
yarn run v1.19.2
$ snyk protect
Failed to get vulns
error Command failed with exit code 2.
Possible causes
There are a few ways that you may encounter this error, mostly:
- Verify that you're using the correct Account
- The project that you're scanning may be too large
Verify that you're using the correct Account
If you're using the CLI, then it's possible that you're authenticated using another account. We would recommend ensuring that you're authenticated using the proper account. You can do this by browsing to https://app.snyk.io/account taking note of your api token and they executing:
snyk auth <apitoken>
We were able to resolve this issue in a few cases by ensuring that the User who is running the command has been added to an Org in the https://snyk.io console. Have an administrator of the organization that you're a member of ensuring that this user is added to at least one organization.
Large Projects
There are certain packages in projects that are known to be more problematic than others due to the sheer number of transitive and subdependencies that are included in them
react-scripts is one of the most common packages that tends to be present when encountering an error.
It's generally advisable to move react-scripts into the devDependencies section of your project.
Lastly, there is a work-around for larger projects to prune the dependency tree. 'Pruning' as it's called reduces the size of dependency data by pruning duplicate package paths, which should help with the performance so your project can be successfully imported and tested.
This is an interim solution while we work to generally improve the handling of large projects.
In some scenarios, it may impact remediation for projects, in particular upgrades, patches or ignores. This might mean that it takes more than one change to fix all paths to a vulnerable package.
In the CLI:
snyk test --prune-repeated-subdependencies
Contact Support
There are also other scenarios where this can occur, so if you have tried the above then please open a support ticket here: https://support.snyk.io/hc/en-us/requests/new