Learn to code by coding - try our free CS courses

Snyk Security Review


The Qvault password manager is a deprecated project, this article remains alive for historical informational purposes only. Our new product can be found at Qvault.

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.

We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.


Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.

Snyk Badge

We added a badge to our github repo that shows in near real-time whether or not the Qvault code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.

Have questions or feedback?

Follow and hit me up on Twitter @q_vault if you have any questions or comments. If I’ve made a mistake in the article, please let me know so I can get it corrected!