{"id":17475,"library":"snyk-python-plugin","title":"Snyk CLI Python Plugin","description":"The `snyk-python-plugin` is an npm package that serves as a vital extension for the Snyk Command Line Interface (CLI), enabling it to detect and report known vulnerabilities within Python projects. Currently stable at version 3.2.1, this plugin integrates seamlessly with common Python dependency management tools such as `pip` (via `requirements.txt`), `pipenv` (with `Pipfile`), and `poetry` (using `pyproject.toml` and `poetry.lock`). It focuses on providing comprehensive dependency metadata to the Snyk CLI, which then performs vulnerability analysis. The package maintains a frequent release cadence, typically issuing bug fixes and minor feature enhancements multiple times a month, as evidenced by its recent update history. Its key differentiator is the specialized support for various Python ecosystem nuances, offering deep scanning capabilities that complement the Snyk CLI's broader security analysis.","status":"active","version":"3.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/snyk/snyk-python-plugin","tags":["javascript","typescript"],"install":[{"cmd":"npm install snyk-python-plugin","lang":"bash","label":"npm"},{"cmd":"yarn add snyk-python-plugin","lang":"bash","label":"yarn"},{"cmd":"pnpm add snyk-python-plugin","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is primarily a plugin for the Snyk CLI tool and not intended for direct programmatic import by end-user JavaScript/TypeScript applications. These imports are hypothetical, representing internal components if one were to interact with the plugin's core logic programmatically, which is an uncommon use case.","symbol":"SnykPythonPlugin","correct":"import { SnykPythonPlugin } from 'snyk-python-plugin';"},{"note":"Hypothetical function signature for programmatic initiation of a scan, not exposed for typical user consumption. Users interact via the `snyk` CLI command.","symbol":"scanPythonProject","correct":"import { scanPythonProject } from 'snyk-python-plugin';"},{"note":"Hypothetical TypeScript type definition for the parsed Python dependency structure, not directly used by end-users. The plugin's output is consumed by the Snyk CLI.","symbol":"PythonDependencyTree","correct":"import type { PythonDependencyTree } from 'snyk-python-plugin';"}],"quickstart":{"code":"import { exec } from 'child_process';\nimport * as path from 'path';\nimport * as fs from 'fs';\n\n// This quickstart demonstrates how to use the Snyk CLI with the Python plugin\n// to scan a basic Python project for vulnerabilities. First, ensure you have\n// Snyk CLI and Python (with pip) installed globally.\n\n// 1. Create a dummy Python project directory\nconst projectDir = path.join(__dirname, 'temp-python-project');\nif (!fs.existsSync(projectDir)) {\n fs.mkdirSync(projectDir);\n}\n\n// 2. Create a simple requirements.txt with known vulnerable packages\n// For demonstration, 'requests==2.25.1' and 'flask==2.0.0' contain known vulnerabilities.\nconst requirementsContent = 'requests==2.25.1\\nflask==2.0.0';\nfs.writeFileSync(path.join(projectDir, 'requirements.txt'), requirementsContent);\n\n// 3. Run Snyk CLI with the Python plugin on the created file\nconsole.log(`Scanning Python project in: ${projectDir} using requirements.txt`);\nexec(`snyk test --file=${path.join(projectDir, 'requirements.txt')} --json`, { cwd: projectDir }, (error, stdout, stderr) => {\n // Snyk CLI typically exits with a non-zero code if vulnerabilities are found,\n // so 'error' might contain details even if the scan was successful in finding vulns.\n if (error && !stdout.includes('vulnerabilities')) {\n console.error(`Snyk CLI execution error: ${error.message}`);\n console.error(`Stderr: ${stderr}`);\n fs.rmSync(projectDir, { recursive: true, force: true });\n return;\n }\n\n try {\n const jsonOutput = JSON.parse(stdout);\n console.log('Snyk scan results (summary):');\n if (jsonOutput.vulnerabilities && jsonOutput.vulnerabilities.length > 0) {\n console.log(`Found ${jsonOutput.vulnerabilities.length} vulnerabilities.`);\n jsonOutput.vulnerabilities.slice(0, 3).forEach((vuln: any) => {\n console.log(`- ${vuln.title} in ${vuln.package} (severity: ${vuln.severity})`);\n });\n } else {\n console.log('No vulnerabilities found or parse error occurred.');\n }\n } catch (parseError) {\n console.error('Failed to parse Snyk JSON output:', parseError);\n console.error('Raw stdout:', stdout);\n } finally {\n // Clean up temporary files\n fs.rmSync(projectDir, { recursive: true, force: true });\n console.log('Cleaned up temporary project.');\n }\n});\n","lang":"typescript","description":"Demonstrates how to use the Snyk CLI with the Python plugin to scan a Python project's `requirements.txt` for vulnerabilities and parse the JSON output."},"warnings":[{"fix":"Upgrade your Node.js environment to version 20 or later before using `snyk-python-plugin` v3.0.0 and above. Use `nvm install 20` and `nvm use 20` or similar version management tools.","message":"Version 3.0.0 of the `snyk-python-plugin` introduced a breaking change, requiring Node.js version 20 or higher to run. Older Node.js versions are no longer supported.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Ensure you have the Snyk CLI installed globally (`npm install -g snyk`) and authenticated (`snyk auth`). Then, use `snyk test` or `snyk monitor` commands to leverage the plugin.","message":"This package is a plugin for the Snyk CLI and requires the Snyk CLI to be installed and configured separately. It is not a standalone library for direct programmatic import and execution.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Verify that Python, pip, pipenv, or poetry (depending on your project type) are correctly installed and accessible in your system's PATH. Use `python --version`, `pip --version`, etc., to confirm.","message":"The plugin relies on locally installed Python environments and dependency management tools (pip, pipenv, poetry). If these tools are not available in the system's PATH, the plugin may fail to resolve dependencies.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always use the latest stable version of the `snyk-python-plugin` to benefit from bug fixes. If encountering Python 2.7 specific issues, ensure your Python installation is consistent and try isolating the environment.","message":"While Python 2.7 is generally supported, some past versions of the plugin had specific issues with Python 2.7 string formatting, leading to errors. Newer versions have addressed these, but ensure your Python 2.7 setup is standard.","severity":"gotcha","affected_versions":"<3.1.2"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Upgrade your Node.js environment to version 20 or later. For example, using nvm: `nvm install 20 && nvm use 20`.","cause":"Attempting to run `snyk-python-plugin` version 3.0.0 or higher with an older Node.js runtime.","error":"Node.js version is not supported. Please upgrade to Node.js 20 or higher."},{"fix":"Install the Snyk CLI globally via npm: `npm install -g snyk`. Ensure your system's PATH includes the directory where npm installs global executables.","cause":"The `snyk` command is not recognized, indicating the Snyk CLI is missing or not configured correctly.","error":"Snyk CLI is not installed or not found in PATH."},{"fix":"Ensure you are running the `snyk test` command from the root of your Python project, or explicitly specify the target file using the `--file=` option.","cause":"Snyk was unable to find `requirements.txt`, `Pipfile`, `poetry.lock`, or `pyproject.toml` in the current directory or the specified path.","error":"Could not detect a package manager or manifest file."},{"fix":"Install Python and ensure its executable (`python` or `python3`) is added to your system's PATH environment variable. Verify with `python --version`.","cause":"The plugin could not locate a Python interpreter on the system to resolve dependencies.","error":"Python executable not found. Please ensure Python is installed and available in your PATH."}],"ecosystem":"npm","meta_description":null}