Snyk NuGet Plugin
raw JSON → 4.2.1 verified Sat Apr 25 auth: no javascript
Snyk CLI plugin for NuGet dependency analysis. Current stable version 4.2.1, released April 2026. Requires Node >=16. Ships TypeScript types. Scans project.json, packages.config, and project.assets.json to identify vulnerabilities. Key differentiator: first-class Snyk integration with dotnet restore, supports case-insensitive resolution and runtime flags. Breaking changes in v3/v4 removed legacy scanner flags. Used internally by snyk CLI; not typically installed directly.
Common errors
error Error: Cannot find module 'snyk-nuget-plugin' ↓
cause Package not installed or not in node_modules
fix
Install as dependency: npm install snyk-nuget-plugin
error TypeError: inspect is not a function ↓
cause Incorrect import: default import used instead of named import
fix
Use import { inspect } from 'snyk-nuget-plugin' instead of import inspect from 'snyk-nuget-plugin'
error dotnet restore failed with exit code 1 ↓
cause dotnet restore command failed, usually due to missing .NET SDK or network issues
fix
Install .NET SDK >=6.0 and ensure internet access for NuGet restore
Warnings
breaking Removed useImprovedDotnetWithoutPublish and useFixForImprovedDotnetFalsePositives flags in v3.0.0 ↓
fix Remove these flags from configuration; they are no longer accepted.
breaking Removed useImprovedDotnetWithoutPublish and useFixForImprovedDotnetFalsePositives flags (reinstated in v4.0.0 revert) – v3.1.0 also removed them ↓
fix Upgrade to v4.1.0+ to avoid removal; ensure flags are not used.
deprecated The entire package is an internal Snyk plugin; direct usage outside Snyk CLI is deprecated and unsupported. ↓
fix Prefer using the Snyk CLI tool to invoke plugin indirectly.
gotcha Requires dotnet CLI installed and accessible; dotnet restore must succeed before scanning. ↓
fix Install .NET SDK and run dotnet restore in the target directory.
gotcha TypeScript types may be incomplete; some API surfaces lack strict typing for edge cases. ↓
fix Use type assertions or update to latest version.
Install
npm install snyk-nuget-plugin yarn add snyk-nuget-plugin pnpm add snyk-nuget-plugin Imports
- inspect wrong
const inspect = require('snyk-nuget-plugin').inspectcorrectimport { inspect } from 'snyk-nuget-plugin' - buildDepTreeFromProjectJson wrong
import buildDepTreeFromProjectJson from 'snyk-nuget-plugin'correctimport { buildDepTreeFromProjectJson } from 'snyk-nuget-plugin' - buildDepTreeFromPackagesConfig wrong
const { buildDepTreeFromPackagesConfig } = require('snyk-nuget-plugin')correctimport { buildDepTreeFromPackagesConfig } from 'snyk-nuget-plugin' - buildDepTreeFromProjectAssets
import { buildDepTreeFromProjectAssets } from 'snyk-nuget-plugin'
Quickstart
import { inspect } from 'snyk-nuget-plugin';
import { execSync } from 'child_process';
import * as fs from 'fs';
const targetFile = 'path/to/project.assets.json';
// Ensure .NET SDK is installed and restore has been run
const projectFolder = 'path/to/project';
try {
execSync('dotnet restore', { cwd: projectFolder, stdio: 'pipe' });
} catch (e) {
console.error('dotnet restore failed:', e.stderr?.toString() || e.message);
process.exit(1);
}
inspect('.', targetFile)
.then((result) => {
console.log('Scanned successfully:', result.package?.name);
console.log('Dependencies:', JSON.stringify(result.dependencyTree, null, 2));
})
.catch((err) => console.error('Inspect failed:', err));