The following manifest files are supported by the CLI:
If a lockfile is detected Snyk will process dependencies from the lockfile.
If the lockfile and manifest file become out of sync, Snyk will fail and will output the following warning:
Dependency snyk was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync.
Please run "npm install" and try again.
Testing Node.js projects: how it works
When snyk test runs, it will run a test according to found supported manifests, in this order:
How to test your Node.js projects according to a specific manifest file
Use the following command to test a specific manifest file
snyk test --file=path/to/package.json
Patching a project
Snyk can apply previously selected patches using the GNU patch utility. Patches are saved to the .snyk policy file. Read more about how patches work.