Snyk API Import

2.23.1 verified Sat Apr 25 auth: no javascript maintenance

Snyk API Import is a CLI tool for importing projects into Snyk via the Snyk API at a controlled pace, with built-in rate limiting handling, queuing, and retries. Current stable version is 2.23.1, with releases on a monthly/quarterly cadence. It supports GitHub, GitLab, Bitbucket Server, Bitbucket Cloud, and Azure Repos. Key differentiators include automatic rate limit handling for SCMs, queuing to reduce failures, and ability to resume after interruption. This repository is in maintenance mode (no new features, only bug & security fixes). Node.js >=20 required.

Common errors

error Cannot find module 'snyk-api-import' ↓

cause Missing npm install or wrong environment (CJS vs ESM)

fix

Run 'npm install snyk-api-import@latest' and ensure 'type': 'module' in package.json

error snyk-api-import: command not found ↓

cause Package not installed globally or not in PATH

fix

Install globally: 'npm install -g snyk-api-import' or use npx: 'npx snyk-api-import'

error Error: SNYK_TOKEN is not set ↓

cause Missing environment variable for authentication

fix

Set SNYK_TOKEN environment variable: 'export SNYK_TOKEN=your-token'

error SyntaxError: Cannot use import statement outside a module ↓

cause Running ESM code without module context

fix

Add 'type': 'module' to package.json or rename file to .mjs

Warnings

gotcha Import will skip repos already imported unless --force is used ↓

fix Use --force flag to re-import existing targets

deprecated The --rateLimit option has been deprecated since v2.0 ↓

fix Rate limiting is now automatic; remove the flag

breaking Node.js 18 support dropped in v2.0, requires >=20 ↓

fix Upgrade to Node.js 20 or later

breaking ESM-only since v2.0; CommonJS require() no longer works ↓

fix Convert to ES module imports or use dynamic import()

deprecated The --token flag is deprecated; use SNYK_TOKEN environment variable ↓

fix Set SNYK_TOKEN environment variable and omit --token

breaking SNYK_API environment variable removed; use SNAPI_BASE_URL instead ↓

fix Set SNAPI_BASE_URL instead of SNYK_API

gotcha Large imports may hit GitHub API rate limits; script handles 429 responses but may slow down ↓

fix Ensure your GitHub personal access token has sufficient rate limits; consider using a GitHub App token

Install

npm install snyk-api-import

yarn add snyk-api-import

pnpm add snyk-api-import

Imports

default
wrong
```
const snykApiImport = require('snyk-api-import')
```
correct
```
import snykApiImport from 'snyk-api-import'
```
ESM-only since v2.0; requires Node.js >=20 and "type": "module" in package.json.

runImport

wrong

const { runImport } = require('snyk-api-import')

correct

import { runImport } from 'snyk-api-import'

Named export for programmatic use; ESM-only.

generateImportData
```
import { generateImportData } from 'snyk-api-import'
```
Available as named export for generating import data programmatically.

SnykApiImportError

wrong

import SnykApiImportError from 'snyk-api-import'

correct

import { SnykApiImportError } from 'snyk-api-import'

This is a named export, not default. TypeScript types included.

Quickstart

Demonstrates programmatic usage of runImport with async/await and environment variables for credentials.

import { runImport } from 'snyk-api-import';

const options = {
  org: process.env.SNYK_ORG_ID ?? '',
  source: process.env.IMPORT_SOURCE ?? 'github',
  integrationId: process.env.SNYK_INTEGRATION_ID ?? '',
  concurrency: 5,
  skipExisting: true
};

async function main() {
  try {
    const result = await runImport(options);
    console.log('Import completed:', result);
  } catch (error) {
    console.error('Import failed:', error);
  }
}

main();