‘dependencies.js’ checks all of the installed application modules to see if there are any known vulnerabilities associated with a module. This data is reported back via snyk’s command-line console and their cloud-based dashboard. See for more details and to set up an account

npm audit provides similar native functionality, however the results between snyk and npm audit may not match


_spartan defaults to snyk for application dependency monitoring, but if you want to change this, you can specify this in the auditOptions section of ‘security.json’

If you opt to use snyk for this purpose, you will need an account on As the most opportune time to check for vulnerabilities in dependencies is prior to application deployment, as part of your CI/CD pipeline. in support of this, _spartan uses gulp to create tasks that start core snyk functions: wizard, audit, monitor. You will need to crewate a .gulpfile and add a task for application dependency checking (see usage below)

We highly recommend using snyk command line and cloud dashboards in monitor mode so you can be proactively alerted to newly discovered vulnerabilities in your application’s dependencies. You will be provided with an API key, which can be added to your .env file as a secret


method name description params returns
N/A if default configuration is used, the tasks load as a function and run in the gulpfile N/A void or Error


var gulp = require('gulp')
var dependencyCheck = require('security/dependencies')

gulp.task('dependency-check', function (end) {


  • (‘app-dep/not-authorized’) => thrown if snyk could not authorize the user using the provided API key