The command line interface (CLI) allows users to submit their project package dependencies to Phylum's API for analysis. Currently pre-built binaries for Linux and macOS are available. For other platforms (e.g., Windows), binaries can easily be built.
-
Download the latest release package and signature file for your target:
Target Package x86_64-unknown-linux-gnu phylum-x86_64-unknown-linux-gnu.zip
phylum-x86_64-unknown-linux-gnu.zip.minisigaarch64-unknown-linux-gnu phylum-aarch64-unknown-linux-gnu.zip
phylum-aarch64-unknown-linux-gnu.zip.minisigx86_64-apple-darwin phylum-x86_64-apple-darwin.zip
phylum-x86_64-apple-darwin.zip.minisigaarch64-apple-darwin phylum-aarch64-apple-darwin.zip
phylum-aarch64-apple-darwin.zip.minisig -
Confirm the signature of the archive with minisign and the public key for Phylum
$ minisign -Vm phylum-*.zip -P RWT6G44ykbS8GABiLXrJrYsap7FCY77m/Jyi0fgsr/Fsy3oLwU4l0IDf Signature and comment signature verified Trusted comment: Phylum - The Software Supply Chain Company -
Unzip the archive
unzip phylum-*.zip -
Run the installer script for installation
./install.sh
-
Register for an account (if you don't already have one)
phylum auth register -
Authenticate with Phylum
phylum auth login -
Create a new Phylum project in your project directory
phylum project create <project-name> -
phylum analyze <package-lock-file.ext> -
(Optional) View the analysis results in the Phylum UI
Phylum CLI extensions allow you to extend the existing CLI functionality with new features. You can start exploring by taking a look at the official Phylum extensions:
https://github.com/phylum-dev/cli/tree/main/extensions
How-to articles for the extension framework can be found here.
As of version 3.8.0, the provided Linux binaries of the Phylum CLI depend on
glibc. We no longer provide binaries that are statically compiled with the
musl libc.
This means the provided binaries won't be executable in environments such as Alpine Linux. If your use case requires a lightweight Docker base image, consider using Debian slim instead.
Copyright (C) 2022 Phylum, Inc.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License or any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see https://www.gnu.org/licenses/gpl.html or write to
phylum@phylum.io or engineering@phylum.io
Join us on the Phylum Community Slack!
Please contact Phylum with any questions or issues using the CLI tool.
Email: support@phylum.io