JS/TS SDK
Zero-dependency, tree-shakeable, fully typed SDK for Node.js 18+
Installation
npm install @fortly/sdkConfiguration
import { FortlyClient } from '@fortly/sdk';const fortly = new FortlyClient({ apiKey: process.env.FORTLY_API_KEY,});Resources
The SDK exposes 7 resource modules. Each one maps to a set of REST API endpoints.
Scans
Create, poll, and list security scans.
// Create a scan and wait for resultsconst scan = await fortly.scans.create({ url: "https://myapp.com", type: "full", // "full" | "quick" | "api" depth: 5,});// Poll until complete (default interval: 2s, timeout: 5min)const result = await fortly.scans.wait(scan.scanId, { interval: 3000, // poll every 3s timeout: 300000, // max 5 min});console.log("Score: " + result.score + "/100");console.log("Vulnerabilities: " + result.vulnerabilities.length);Secrets
Detect hardcoded secrets and credentials in source code.
const findings = await fortly.secrets.scan({ code: fs.readFileSync("config.js", "utf-8"), filename: "config.js", // helps with pattern matching});for (const secret of findings) { console.log("[" + secret.type + "] Line " + secret.line + ": " + secret.description); // [AWS_ACCESS_KEY] Line 12: AWS access key detected}Remediation
AI-powered vulnerability fixes.
// Preview a fix before applyingconst preview = await fortly.remediation.preview({ scanId: "scan_abc123", vulnerabilityId: "vuln_xyz",});console.log(preview.diff); // unified diffconsole.log(preview.explanation); // AI explanationCompliance
Regulatory compliance frameworks and gap analysis.
// List available compliance frameworksconst frameworks = await fortly.compliance.frameworks();for (const fw of frameworks) { console.log(fw.id + ": " + fw.name + " (" + fw.region + ")"); // ley-1581-co: Ley 1581 (Colombia) // lgpd-br: LGPD (Brazil) // gdpr-eu: GDPR (EU)}SCA (Software Composition Analysis)
Check dependencies for known vulnerabilities.
const result = await fortly.sca.scan({ dependencies: [ { name: "lodash", version: "4.17.15" }, { name: "express", version: "4.17.1" }, { name: "jsonwebtoken", version: "8.5.1" }, ],});for (const vuln of result.vulnerabilities) { console.log("[" + vuln.severity + "] " + vuln.package + "@" + vuln.version); console.log(" CVE: " + vuln.cve + " — " + vuln.title); console.log(" Fix: upgrade to " + vuln.fixedVersion);}SBOM (Software Bill of Materials)
Generate CycloneDX or SPDX-formatted SBOMs.
const sbom = await fortly.sbom.generate({ format: "cyclonedx", // "cyclonedx" | "spdx" dependencies: [ { name: "react", version: "19.0.0" }, { name: "next", version: "15.0.0" }, ],});// sbom.document contains the full CycloneDX JSONfs.writeFileSync("sbom.json", JSON.stringify(sbom.document, null, 2));console.log("Components: " + sbom.document.components.length);Error Handling
import { FortlyClient, FortlyError, AuthenticationError, RateLimitError } from '@fortly/sdk';try { const scan = await fortly.scans.create({ url: "https://myapp.com" });} catch (error) { if (error instanceof AuthenticationError) { // Invalid or expired API key console.error("Check your FORTLY_API_KEY"); } else if (error instanceof RateLimitError) { // Too many requests — retry after error.retryAfter seconds console.error("Rate limited. Retry after " + error.retryAfter + "s"); } else if (error instanceof FortlyError) { // Generic API error console.error("[" + error.status + "] " + error.message); }}