Skip to main content

Prerequisites

  • Node.js >= 22 — Dino uses modern Node APIs. Check with node --version.

Install

1

Install the CLI

npm install -g @dino-hq/cli
2

Verify the install

dino --version
3

Create a config file

dino init
The interactive setup asks for your endpoint, protocol, auth settings, output format, and whether to enable AI reasoning. It writes a .dino.yml in your current directory.Or create one manually:
.dino.yml
endpoint: https://api.example.com/graphql
protocol: graphql
Two lines. That’s the minimum to run dino scan.

Config file search order

Dino uses cosmiconfig to find your config:
FileFormat
.dino.yml / .dino.yamlYAML (recommended)
.dinorcJSON or YAML
.dinorc.json / .dinorc.yaml / .dinorc.ymlJSON / YAML
package.json ("dino" key)JSON
No .js / .ts config files. Executable config files are blocked for security. Use YAML or JSON only.

Environment variables

VariableDescription
DINO_AI_KEYAPI key for AI reasoning (alternative to aiKey in config)
DINO_API_TOKENAuth token for authenticated scans
Never put secrets in .dino.yml — use environment variables.

Validate your config

dino validate
Checks your config against Dino’s schema and reports field-level errors.
See the full config reference for all available fields.

Next steps

Quick Start

Run your first API scan in under 5 minutes.