Snyk JSON to HTML Report Generator

3.7.1 · active · verified Tue Apr 21

snyk-to-html is a Node.js utility designed to convert the JSON output from various Snyk CLI commands (e.g., `snyk test --json`, `snyk code test --json`, `snyk iac test --json`, `snyk container test --json`) into a human-readable, static HTML vulnerability report. The current stable version is 3.7.1, released in April 2026. The package sees a relatively active release cadence, often featuring bug fixes, security updates, and new features like adding support for exploit maturity, reachability signals, and risk scores. A key differentiator is its ability to accept custom Handlebars templates, allowing users to tailor the report's appearance and included data fields. It is primarily used as a CLI tool but also exposes a programmatic API for integration into automated workflows.

Common errors

Warnings

Install

Imports

Quickstart

Demonstrates programmatic conversion of Snyk JSON output into an HTML report using the `convertToHtml` function.

import { convertToHtml } from 'snyk-to-html';
import * as fs from 'fs';

const mockSnykJsonOutput = {
  "vulnerabilities": [
    {
      "id": "SNYK-JS-LODASH-590135",
      "title": "Prototype Pollution",
      "severity": "high",
      "description": "The 'merge' function in lodash is vulnerable to prototype pollution via the 'assignValue' function.",
      "packageManager": "npm",
      "packageName": "lodash",
      "version": "4.17.15",
      "fixedIn": ["4.17.21"],
      "exploitMaturity": "mature"
    }
  ],
  "vulnerabilities": [],
  "dependencyCount": 1,
  "org": "my-org",
  "policy": "Snyk Security Policy",
  "isPrivate": true,
  "summary": "No vulnerabilities found.",
  "uniqueCount": 0,
  "filesystemPolicy": false,
  "licensesPolicy": null
};

async function generateReport() {
  try {
    const htmlReport = await convertToHtml(JSON.stringify(mockSnykJsonOutput), {
      title: 'Snyk Security Report',
      // template: fs.readFileSync('./custom-template.hbs', 'utf8') // Optional: use a custom Handlebars template
    });
    fs.writeFileSync('snyk-report.html', htmlReport);
    console.log('HTML report generated: snyk-report.html');
  } catch (error) {
    console.error('Failed to generate report:', error);
  }
}

generateReport();

view raw JSON →