google · G-Rath · Feb 20, 2026
diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap
@@ -1,5 +1,5 @@
 
-[Test_run/#00 - 1]
+[Test_run/#00 - 1 - stdout]
 NAME:
    osv-scanner scan - scans projects and container images for dependencies, and checks them against the OSV database.
 
@@ -18,11 +18,11 @@ OPTIONS:
 
 ---
 
-[Test_run/#00 - 2]
+[Test_run/#00 - 2 - stderr]
 
 ---
 
-[Test_run/#01 - 1]
+[Test_run/#01 - 1 - stdout]
 NAME:
    osv-scanner scan - scans projects and container images for dependencies, and checks them against the OSV database.
 
@@ -41,54 +41,54 @@ OPTIONS:
 
 ---
 
-[Test_run/#01 - 2]
+[Test_run/#01 - 2 - stderr]
 
 ---
 
-[Test_run/version - 1]
+[Test_run/version - 1 - stdout]
 osv-scanner version: 2.3.3
 osv-scalibr version: 0.4.3
 commit: n/a
 built at: n/a
 
 ---
 
-[Test_run/version - 2]
+[Test_run/version - 2 - stderr]
 
 ---
 
-[Test_run_SubCommands/scan_with_a_flag - 1]
+[Test_run_SubCommands/scan_with_a_flag - 1 - stdout]
 Scanning dir ./testdata/locks-one-with-nested
 Scanned <rootdir>/testdata/locks-one-with-nested/nested/composer.lock file and found 1 package
 Scanned <rootdir>/testdata/locks-one-with-nested/yarn.lock file and found 1 package
 No issues found
 
 ---
 
-[Test_run_SubCommands/scan_with_a_flag - 2]
+[Test_run_SubCommands/scan_with_a_flag - 2 - stderr]
 Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the filesystem. `scan` is assumed to be a subcommand here. If you intended for `scan` to be an argument to `scan`, you must specify `scan scan` in your command line.
 
 ---
 
-[Test_run_SubCommands/with_no_subcommand - 1]
+[Test_run_SubCommands/with_no_subcommand - 1 - stdout]
 Scanning dir ./testdata/locks-many/composer.lock
 Scanned <rootdir>/testdata/locks-many/composer.lock file and found 1 package
 No issues found
 
 ---
 
-[Test_run_SubCommands/with_no_subcommand - 2]
+[Test_run_SubCommands/with_no_subcommand - 2 - stderr]
 
 ---
 
-[Test_run_SubCommands/with_scan_subcommand - 1]
+[Test_run_SubCommands/with_scan_subcommand - 1 - stdout]
 Scanning dir ./testdata/locks-many/composer.lock
 Scanned <rootdir>/testdata/locks-many/composer.lock file and found 1 package
 No issues found
 
 ---
 
-[Test_run_SubCommands/with_scan_subcommand - 2]
+[Test_run_SubCommands/with_scan_subcommand - 2 - stderr]
 Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the filesystem. `scan` is assumed to be a subcommand here. If you intended for `scan` to be an argument to `scan`, you must specify `scan scan` in your command line.
 
 ---
diff --git a/cmd/osv-scanner/fix/__snapshots__/command_test.snap b/cmd/osv-scanner/fix/__snapshots__/command_test.snap
@@ -1,9 +1,9 @@
 
-[TestCommand/errors_when_in_place_used_without_lockfile - 1]
+[TestCommand/errors_when_in_place_used_without_lockfile - 1 - stdout]
 
 ---
 
-[TestCommand/errors_when_in_place_used_without_lockfile - 2]
+[TestCommand/errors_when_in_place_used_without_lockfile - 2 - stderr]
 in-place strategy requires lockfile
 
 ---
@@ -26,11 +26,11 @@ in-place strategy requires lockfile
 
 ---
 
-[TestCommand/errors_when_override_used_without_manifest - 1]
+[TestCommand/errors_when_override_used_without_manifest - 1 - stdout]
 
 ---
 
-[TestCommand/errors_when_override_used_without_manifest - 2]
+[TestCommand/errors_when_override_used_without_manifest - 2 - stderr]
 override strategy requires manifest file
 
 ---
@@ -1761,11 +1761,11 @@ override strategy requires manifest file
 
 ---
 
-[TestCommand/errors_when_relax_used_without_manifest - 1]
+[TestCommand/errors_when_relax_used_without_manifest - 1 - stdout]
 
 ---
 
-[TestCommand/errors_when_relax_used_without_manifest - 2]
+[TestCommand/errors_when_relax_used_without_manifest - 2 - stderr]
 relax strategy requires manifest file
 
 ---
@@ -3496,11 +3496,11 @@ relax strategy requires manifest file
 
 ---
 
-[TestCommand/errors_when_relock_used_without_manifest - 1]
+[TestCommand/errors_when_relock_used_without_manifest - 1 - stdout]
 
 ---
 
-[TestCommand/errors_when_relock_used_without_manifest - 2]
+[TestCommand/errors_when_relock_used_without_manifest - 2 - stderr]
 relax strategy requires manifest file
 
 ---
@@ -5231,34 +5231,34 @@ relax strategy requires manifest file
 
 ---
 
-[TestCommand/errors_with_invalid_data_source - 1]
+[TestCommand/errors_with_invalid_data_source - 1 - stdout]
 
 ---
 
-[TestCommand/errors_with_invalid_data_source - 2]
+[TestCommand/errors_with_invalid_data_source - 2 - stderr]
 unsupported data-source "github" - must be one of: deps.dev, native
 
 ---
 
-[TestCommand/errors_with_unsupported_format - 1]
+[TestCommand/errors_with_unsupported_format - 1 - stdout]
 
 ---
 
-[TestCommand/errors_with_unsupported_format - 2]
+[TestCommand/errors_with_unsupported_format - 2 - stderr]
 unsupported output format "yaml" - must be one of: text, json
 
 ---
 
-[TestCommand/errors_with_unsupported_strategy - 1]
+[TestCommand/errors_with_unsupported_strategy - 1 - stdout]
 
 ---
 
-[TestCommand/errors_with_unsupported_strategy - 2]
+[TestCommand/errors_with_unsupported_strategy - 2 - stderr]
 unsupported strategy "force" - must be one of: in-place, relax, override
 
 ---
 
-[TestCommand/fix_non-interactive_in-place_package-lock.json - 1]
+[TestCommand/fix_non-interactive_in-place_package-lock.json - 1 - stdout]
 Scanning <tempdir>/package-lock.json...
 Found 11 vulnerabilities matching the filter
 Can fix 3/11 matching vulnerabilities by changing 3 dependencies
@@ -5272,7 +5272,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non-interactive_in-place_package-lock.json - 2]
+[TestCommand/fix_non-interactive_in-place_package-lock.json - 2 - stderr]
 
 ---
 
@@ -7002,7 +7002,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non-interactive_json_in-place_package-lock.json - 1]
+[TestCommand/fix_non-interactive_json_in-place_package-lock.json - 1 - stdout]
 {
   "path": "<tempdir>/package-lock.json",
   "ecosystem": "npm",
@@ -7185,7 +7185,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non-interactive_json_in-place_package-lock.json - 2]
+[TestCommand/fix_non-interactive_json_in-place_package-lock.json - 2 - stderr]
 Scanning <tempdir>/package-lock.json...
 Rewriting <tempdir>/package-lock.json...
 
@@ -8917,7 +8917,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non-interactive_json_override_pom.xml - 1]
+[TestCommand/fix_non-interactive_json_override_pom.xml - 1 - stdout]
 {
   "path": "<tempdir>/pom.xml",
   "ecosystem": "Maven",
@@ -9194,7 +9194,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non-interactive_json_override_pom.xml - 2]
+[TestCommand/fix_non-interactive_json_override_pom.xml - 2 - stderr]
 Resolving <tempdir>/pom.xml...
 Rewriting <tempdir>/pom.xml...
 
@@ -9248,7 +9248,7 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/fix_non-interactive_json_relax_package.json - 1]
+[TestCommand/fix_non-interactive_json_relax_package.json - 1 - stdout]
 {
   "path": "<tempdir>/package.json",
   "ecosystem": "npm",
@@ -9377,7 +9377,7 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/fix_non-interactive_json_relax_package.json - 2]
+[TestCommand/fix_non-interactive_json_relax_package.json - 2 - stderr]
 Resolving <tempdir>/package.json...
 Rewriting <tempdir>/package.json...
 
@@ -9401,7 +9401,7 @@ Rewriting <tempdir>/package.json...
 
 ---
 
-[TestCommand/fix_non-interactive_override_pom.xml - 1]
+[TestCommand/fix_non-interactive_override_pom.xml - 1 - stdout]
 Resolving <tempdir>/pom.xml...
 Found 12 vulnerabilities matching the filter
 Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
@@ -9416,7 +9416,7 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/fix_non-interactive_override_pom.xml - 2]
+[TestCommand/fix_non-interactive_override_pom.xml - 2 - stderr]
 
 ---
 
@@ -9468,7 +9468,7 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/fix_non-interactive_relax_package.json - 1]
+[TestCommand/fix_non-interactive_relax_package.json - 1 - stdout]
 Resolving <tempdir>/package.json...
 Found 8 vulnerabilities matching the filter
 Can fix 3/8 matching vulnerabilities by changing 1 dependencies
@@ -9480,7 +9480,7 @@ Rewriting <tempdir>/package.json...
 
 ---
 
-[TestCommand/fix_non-interactive_relax_package.json - 2]
+[TestCommand/fix_non-interactive_relax_package.json - 2 - stderr]
 
 ---
 
@@ -9502,7 +9502,7 @@ Rewriting <tempdir>/package.json...
 
 ---
 
-[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 1]
+[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 1 - stdout]
 Scanning <tempdir>/package-lock.json...
 Found 11 vulnerabilities matching the filter
 Can fix 3/11 matching vulnerabilities by changing 3 dependencies
@@ -9516,7 +9516,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 2]
+[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 2 - stderr]
 
 ---
 
@@ -11246,7 +11246,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 1]
+[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 1 - stdout]
 Resolving <tempdir>/pom.xml...
 Found 12 vulnerabilities matching the filter
 Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
@@ -11261,7 +11261,7 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 2]
+[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 2 - stderr]
 
 ---
 
@@ -11313,16 +11313,16 @@ Rewriting <tempdir>/pom.xml...
 
 ---
 
-[TestCommand/no_args_provided - 1]
+[TestCommand/no_args_provided - 1 - stdout]
 
 ---
 
-[TestCommand/no_args_provided - 2]
+[TestCommand/no_args_provided - 2 - stderr]
 manifest or lockfile is required
 
 ---
 
-[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 1]
+[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 1 - stdout]
 Loaded npm local db from <tempdir>/osv-scanner/npm/all.zip
 Scanning <tempdir>/package-lock.json...
 Found 11 vulnerabilities matching the filter
@@ -11337,7 +11337,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 2]
+[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 2 - stderr]
 
 ---
 
@@ -13067,7 +13067,7 @@ Rewriting <tempdir>/package-lock.json...
 
 ---
 
-[TestCommand_OfflineDatabase/fix_non_interactive_relax_package_json_with_offline_vulns - 1]
+[TestCommand_OfflineDatabase/fix_non_interactive_relax_package_json_with_offline_vulns - 1 - stdout]
 Loaded npm local db from <tempdir>/osv-scanner/npm/all.zip
 Resolving <tempdir>/package.json...
 Found 8 vulnerabilities matching the filter
@@ -13080,7 +13080,7 @@ Rewriting <tempdir>/package.json...
 
 ---
 
-[TestCommand_OfflineDatabase/fix_non_interactive_relax_package_json_with_offline_vulns - 2]
+[TestCommand_OfflineDatabase/fix_non_interactive_relax_package_json_with_offline_vulns - 2 - stderr]
 
 ---
 

diff --git a/cmd/osv-scanner/internal/testcmd/run.go b/cmd/osv-scanner/internal/testcmd/run.go
@@ -86,8 +86,8 @@ func RunAndMatchSnapshots(t *testing.T, tc Case) {
 
 	stdout, stderr := RunAndNormalize(t, tc)
 
-	testutility.NewSnapshot().MatchText(t, stdout)
-	testutility.NewSnapshot().WithWindowsReplacements(map[string]string{
+	testutility.NewSnapshot().WithLabel("stdout").MatchText(t, stdout)
+	testutility.NewSnapshot().WithLabel("stderr").WithWindowsReplacements(map[string]string{
 		"CreateFile": "stat",
 	}).MatchText(t, stderr)
 }