Snyk C/C++ CLI Plugin

2.24.3 verified Sat Apr 25 auth: no javascript

A library used by the Snyk CLI to scan C/C++ projects for known vulnerabilities and open-source license issues. It supports scanning of dependencies in C/C++ projects, including those managed by common build systems. Current stable version is 2.24.3 (February 2026). Regular releases occur monthly with bug fixes and dependency updates. Key differentiators: integrates directly with Snyk CLI, handles large directories, supports purl, and separates vulnerability and license issues.

Common errors

error Error: Cannot find module 'snyk-cpp-plugin' ↓

cause Package not installed or incorrect import path.

fix

Run npm install snyk-cpp-plugin and verify import path.

error TypeError: scan is not a function ↓

cause Importing scan as default instead of named export.

fix

Use import { scan } from 'snyk-cpp-plugin'.

error RangeError: Maximum call stack size exceeded ↓

cause Scanning a very large directory with versions <2.24.1.

fix

Upgrade to version 2.24.1 or later.

Warnings

gotcha The package requires Node.js >=10. Older versions may cause runtime errors. ↓

fix Ensure Node.js version is 10 or higher.

gotcha Large directories may cause 'max call stack exceeded' error in versions before 2.24.1. ↓

fix Upgrade to version 2.24.1 or later.

breaking In v2.22.0, issues were separated into vulnerabilities and licenses. The output format changed. ↓

fix Update code to handle separate lists: results.vulnerabilities and results.licenses.

gotcha Direct dependency on minimatch added in v2.24.3. If using older versions, minimatch may need to be installed separately. ↓

fix Install minimatch as a direct dependency or upgrade to v2.24.3.

Install

npm install snyk-cpp-plugin

yarn add snyk-cpp-plugin

pnpm add snyk-cpp-plugin

Imports

CppPlugin

wrong

const { CppPlugin } = require('snyk-cpp-plugin')

correct

import { CppPlugin } from 'snyk-cpp-plugin'

Package is ESM-only since v2. Use named import.

scan

wrong

import scan from 'snyk-cpp-plugin'

correct

import { scan } from 'snyk-cpp-plugin'

scan is a named export, not default.

display

import { display } from 'snyk-cpp-plugin'

Available from v2.22.0 onwards.

Quickstart

Scans a C/C++ project directory for vulnerabilities and licenses using the Snyk C/C++ plugin.

import { CppPlugin, scan } from 'snyk-cpp-plugin';

const plugin = new CppPlugin();
const results = await scan({
  path: '/path/to/project',
  options: { dev: false }
});
console.log(JSON.stringify(results, null, 2));