Homepage
Not present in the local metadata.
brew package intelligence
snyk/tap/snyk
Automic Vault tracks snyk/tap/snyk because plain text snyk cli tokens matters when AI agents run command-line tools on macOS.
overview
What Automic Vault knows about snyk/tap/snyk
This package is present in local Automic Vault package data. The page is generated so package-specific security metadata has a stable URL.
Commands and aliases
No executable aliases were found in the local package database.
radioisotope
Plain Text Snyk CLI Tokens
Snyk stores local CLI configuration in Configstore at ~/.config/configstore/snyk.json. That file can contain the Snyk API token and OCI registry credentials. Our isotope stores the configstore JSON in the macOS keychain and exposes it through a temporary XDG_CONFIG_HOME only while `snyk` runs.
Local README excerpt
snyk
Snyk stores local CLI configuration in Configstore at $XDG_CONFIG_HOME/configstore/snyk.json, normally ~/.config/configstore/snyk.json. That file can contain the Snyk API token and OCI registry credentials.
This radioisotope migrates that configstore JSON to the keychain and wraps snyk so the file is recreated under a temporary XDG_CONFIG_HOME while the CLI runs.
Source: data/radioisotopes/snyk/README.md
Coverage source
https://github.com/snyk/homebrew-tap/blob/HEAD/Formula/snyk.rb
Caveats
- Runtime config changes are not persisted back to keychain.
- SNYK_TOKEN and SNYK_CFG_* environment variables can override injected config.
- Direct execution of the original binary will not receive credentials.
install metadata
Resolver facts
| Package key | brew:snyk/tap/snyk |
|---|
source trail
Generated from repository data
This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.
Used sources
- local isotope README
- radioisotope security manifest