{"id":18802,"library":"snyk-cpp-plugin","title":"Snyk C/C++ CLI Plugin","description":"A library used by the Snyk CLI to scan C/C++ projects for known vulnerabilities and open-source license issues. It supports scanning of dependencies in C/C++ projects, including those managed by common build systems. Current stable version is 2.24.3 (February 2026). Regular releases occur monthly with bug fixes and dependency updates. Key differentiators: integrates directly with Snyk CLI, handles large directories, supports purl, and separates vulnerability and license issues.","status":"active","version":"2.24.3","language":"javascript","source_language":"en","source_url":"https://github.com/snyk/snyk-cpp-plugin","tags":["javascript","typescript"],"install":[{"cmd":"npm install snyk-cpp-plugin","lang":"bash","label":"npm"},{"cmd":"yarn add snyk-cpp-plugin","lang":"bash","label":"yarn"},{"cmd":"pnpm add snyk-cpp-plugin","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"used for file pattern matching","package":"minimatch","optional":false}],"imports":[{"note":"Package is ESM-only since v2. Use named import.","wrong":"const { CppPlugin } = require('snyk-cpp-plugin')","symbol":"CppPlugin","correct":"import { CppPlugin } from 'snyk-cpp-plugin'"},{"note":"scan is a named export, not default.","wrong":"import scan from 'snyk-cpp-plugin'","symbol":"scan","correct":"import { scan } from 'snyk-cpp-plugin'"},{"note":"Available from v2.22.0 onwards.","wrong":"","symbol":"display","correct":"import { display } from 'snyk-cpp-plugin'"}],"quickstart":{"code":"import { CppPlugin, scan } from 'snyk-cpp-plugin';\n\nconst plugin = new CppPlugin();\nconst results = await scan({\n  path: '/path/to/project',\n  options: { dev: false }\n});\nconsole.log(JSON.stringify(results, null, 2));","lang":"typescript","description":"Scans a C/C++ project directory for vulnerabilities and licenses using the Snyk C/C++ plugin."},"warnings":[{"fix":"Ensure Node.js version is 10 or higher.","message":"The package requires Node.js >=10. Older versions may cause runtime errors.","severity":"gotcha","affected_versions":">=2.0.0"},{"fix":"Upgrade to version 2.24.1 or later.","message":"Large directories may cause 'max call stack exceeded' error in versions before 2.24.1.","severity":"gotcha","affected_versions":"<2.24.1"},{"fix":"Update code to handle separate lists: results.vulnerabilities and results.licenses.","message":"In v2.22.0, issues were separated into vulnerabilities and licenses. The output format changed.","severity":"breaking","affected_versions":">=2.22.0"},{"fix":"Install minimatch as a direct dependency or upgrade to v2.24.3.","message":"Direct dependency on minimatch added in v2.24.3. If using older versions, minimatch may need to be installed separately.","severity":"gotcha","affected_versions":"<2.24.3"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Run `npm install snyk-cpp-plugin` and verify import path.","cause":"Package not installed or incorrect import path.","error":"Error: Cannot find module 'snyk-cpp-plugin'"},{"fix":"Use `import { scan } from 'snyk-cpp-plugin'`.","cause":"Importing scan as default instead of named export.","error":"TypeError: scan is not a function"},{"fix":"Upgrade to version 2.24.1 or later.","cause":"Scanning a very large directory with versions <2.24.1.","error":"RangeError: Maximum call stack size exceeded"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}