{"library":"snyk-mvn-plugin","title":"Snyk Maven CLI Plugin","type":"library","description":"The `snyk-mvn-plugin` is an internal JavaScript/TypeScript component primarily designed to be used by the Snyk CLI tool. Its core function is to analyze Maven project dependencies by inspecting `pom.xml` files and archive files (like JAR/WAR) to build detailed dependency graphs. It supports optional inclusion of test-scoped dependencies, provides verbose output for comprehensive version resolution, and can generate cryptographic artifact fingerprints for supply chain integrity. The current stable version is 4.6.1, released on 2026-03-23, with a frequent release cadence indicating active development and continuous feature enhancements and bug fixes. This plugin is distinct from the `snyk-maven-plugin`, which is a native Maven plugin for integrating Snyk tasks directly into a Maven build process. This package specifically focuses on providing dependency metadata to the Snyk CLI for vulnerability scanning and requires Node.js 20 or higher for execution.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install snyk-mvn-plugin"],"cli":null},"imports":["import { inspect } from 'snyk-mvn-plugin';","import type { MavenOptions } from 'snyk-mvn-plugin';"],"auth":{"required":false,"env_vars":[]},"links":{"homepage":"https://snyk.io","github":"https://github.com/snyk/snyk-mvn-plugin","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/snyk-mvn-plugin","openapi_spec":null,"status_page":null,"smithery":null},"quickstart":{"code":"import { inspect } from 'snyk-mvn-plugin';\nimport * as path from 'path';\nimport * as fs from 'fs';\n\nasync function runSnykMavenInspection() {\n  const projectRoot = process.cwd(); // Assume running from project root\n  const targetPom = path.join(projectRoot, 'pom.xml');\n\n  if (!fs.existsSync(targetPom)) {\n    console.error(`Error: pom.xml not found at ${targetPom}`);\n    console.error('Please ensure you run this from a Maven project root or specify targetFile.');\n    process.exit(1);\n  }\n\n  console.log(`Inspecting Maven project at: ${projectRoot}`);\n  console.log(`Using target file: ${targetPom}`);\n\n  try {\n    const options = {\n      dev: false, // Do not include development dependencies\n      includeProvenance: true, // Generate cryptographic fingerprints for artifacts\n      fingerprintAlgorithm: 'sha256', // Use SHA-256 for fingerprinting\n      // mavenRepository: '/path/to/custom/repo' // Uncomment and adjust if you have a custom local Maven repository\n    };\n\n    const result = await inspect(projectRoot, targetPom, options);\n\n    console.log('Inspection complete.');\n    console.log(`Found ${result.pkgs ? result.pkgs.length : 0} packages.`);\n    if (result.pkgs && result.pkgs.length > 0 && result.pkgs[0].info.purl) {\n      console.log('First package PURL with checksum:', result.pkgs[0].info.purl);\n    }\n    // Uncomment the line below for full JSON output\n    // console.log(JSON.stringify(result, null, 2));\n  } catch (error: any) {\n    console.error('Error during inspection:', error.message);\n    process.exit(1);\n  }\n}\n\nrunSnykMavenInspection();","lang":"typescript","description":"Demonstrates how to use the `inspect` function to analyze a Maven `pom.xml` file, including options for provenance and algorithm selection.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}