npm - @capraconsulting/cals-cli - Versions diffs - 2.22.2 → 2.23.2 - Mend

@capraconsulting/cals-cli 2.22.2 → 2.23.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/lib/cals-cli.js CHANGED Viewed

@@ -47,7 +47,7 @@ var read__default = /*#__PURE__*/_interopDefaultLegacy(read);
 var findUp__default = /*#__PURE__*/_interopDefaultLegacy(findUp);
 var execa__default = /*#__PURE__*/_interopDefaultLegacy(execa);
-var version = "2.22.2";
+var version = "2.23.2";
 var engines = {
 	node: ">=12.0.0"
 };
@@ -357,7 +357,7 @@ function getRepoId(orgName, repoName) {
 }
 function checkAgainstSchema(value) {
     var _a;
-    const ajv = new AJV__default['default']({ allErrors: true });
+    const ajv = new AJV__default["default"]({ allErrors: true });
     const valid = ajv.validate(schema, value);
     return valid
         ? { definition: value }
@@ -434,7 +434,7 @@ class DefinitionFile {
         this.path = path;
     }
     async getContents() {
-        return new Promise((resolve, reject) => fs__default['default'].readFile(this.path, "utf-8", (err, data) => {
+        return new Promise((resolve, reject) => fs__default["default"].readFile(this.path, "utf-8", (err, data) => {
             if (err)
                 reject(err);
             else
@@ -446,7 +446,7 @@ class DefinitionFile {
     }
 }
 function parseDefinition(value) {
-    const result = checkAgainstSchema(yaml__default['default'].load(value));
+    const result = checkAgainstSchema(yaml__default["default"].load(value));
     if ("error" in result) {
         throw new Error("Definition content invalid: " + result.error);
     }
@@ -476,7 +476,7 @@ class GitHubTokenCliProvider {
         if (process.env.CALS_GITHUB_TOKEN) {
             return process.env.CALS_GITHUB_TOKEN;
         }
-        const result = await keytar__default['default'].getPassword(this.keyringService, this.keyringAccount);
+        const result = await keytar__default["default"].getPassword(this.keyringService, this.keyringAccount);
         if (result == null) {
             process.stderr.write("No token found. Register using `cals github set-token`\n");
             return undefined;
@@ -484,10 +484,10 @@ class GitHubTokenCliProvider {
         return result;
     }
     async markInvalid() {
-        await keytar__default['default'].deletePassword(this.keyringService, this.keyringAccount);
+        await keytar__default["default"].deletePassword(this.keyringService, this.keyringAccount);
     }
     async setToken(value) {
-        await keytar__default['default'].setPassword(this.keyringService, this.keyringAccount, value);
+        await keytar__default["default"].setPassword(this.keyringService, this.keyringAccount, value);
     }
 }
@@ -560,7 +560,7 @@ class GitHubService {
         this.tokenProvider = props.tokenProvider;
         // Control concurrency to GitHub API at service level so we
         // can maximize concurrency all other places.
-        this.semaphore = pLimit__default['default'](6);
+        this.semaphore = pLimit__default["default"](6);
         this.octokit.hook.wrap("request", async (request, options) => {
             /* eslint-disable @typescript-eslint/no-unsafe-member-access */
             this._requestCount++;
@@ -640,7 +640,7 @@ class GitHubService {
         const headers = {
             Authorization: `Bearer ${token}`,
         };
-        const response = await this.semaphore(() => fetch__default['default'](url, {
+        const response = await this.semaphore(() => fetch__default["default"](url, {
             method: "POST",
             headers,
             body: JSON.stringify({ query }),
@@ -1049,7 +1049,7 @@ class SnykTokenCliProvider {
         if (process.env.CALS_SNYK_TOKEN) {
             return process.env.CALS_SNYK_TOKEN;
         }
-        const result = await keytar__default['default'].getPassword(this.keyringService, this.keyringAccount);
+        const result = await keytar__default["default"].getPassword(this.keyringService, this.keyringAccount);
         if (result == null) {
             process.stderr.write("No token found. Register using `cals snyk set-token`\n");
             return undefined;
@@ -1057,10 +1057,10 @@ class SnykTokenCliProvider {
         return result;
     }
     async markInvalid() {
-        await keytar__default['default'].deletePassword(this.keyringService, this.keyringAccount);
+        await keytar__default["default"].deletePassword(this.keyringService, this.keyringAccount);
     }
     async setToken(value) {
-        await keytar__default['default'].setPassword(this.keyringService, this.keyringAccount, value);
+        await keytar__default["default"].setPassword(this.keyringService, this.keyringAccount, value);
     }
 }
@@ -1082,7 +1082,7 @@ class SnykService {
         if (token === undefined) {
             throw new Error("Missing token for Snyk");
         }
-        const response = await fetch__default['default'](`https://snyk.io/api/v1/org/${encodeURIComponent(snykAccountId)}/projects`, {
+        const response = await fetch__default["default"](`https://snyk.io/api/v1/org/${encodeURIComponent(snykAccountId)}/projects`, {
             method: "GET",
             headers: {
                 Accept: "application/json",
@@ -1110,18 +1110,32 @@ function createSnykService(props) {
 }
 function getGitHubRepo(snykProject) {
-    if (snykProject.origin !== "github") {
-        return undefined;
+    if (snykProject.origin === "github") {
+        const match = /^([^/]+)\/([^:]+)(:(.+))?$/.exec(snykProject.name);
+        if (match === null) {
+            throw Error(`Could not extract components from Snyk project name: ${snykProject.name} (id: ${snykProject.id})`);
+        }
+        return {
+            owner: match[1],
+            name: match[2],
+        };
     }
-    const match = /^([^/]+)\/([^:]+):(.+)$/.exec(snykProject.name);
-    if (match === null) {
-        throw Error(`Could not extract components from Snyk project name: ${snykProject.name} (id: ${snykProject.id})`);
+    else if (snykProject.origin === "cli" &&
+        snykProject.remoteRepoUrl != null) {
+        // The remoteRepoUrl can be overriden when using the CLI, so don't
+        // fail if we cannot extract the value.
+        const match = /github.com\/([^/]+)\/(.+)\.git$/.exec(snykProject.remoteRepoUrl);
+        if (match === null) {
+            return undefined;
+        }
+        return {
+            owner: match[1],
+            name: match[2],
+        };
+    }
+    else {
+        return undefined;
     }
-    return {
-        owner: match[1],
-        name: match[2],
-        file: match[3],
-    };
 }
 function getGitHubRepoId(repo) {
     return repo ? `${repo.owner}/${repo.name}` : undefined;
@@ -1139,13 +1153,13 @@ class CacheProvider {
      * The caller is responsible for handling proper validation,
      */
     retrieveJson(cachekey) {
-        const cachefile = path__default['default'].join(this.config.cacheDir, `${cachekey}.json`);
-        if (!fs__default['default'].existsSync(cachefile)) {
+        const cachefile = path__default["default"].join(this.config.cacheDir, `${cachekey}.json`);
+        if (!fs__default["default"].existsSync(cachefile)) {
             return undefined;
         }
-        const data = fs__default['default'].readFileSync(cachefile, "utf-8");
+        const data = fs__default["default"].readFileSync(cachefile, "utf-8");
         return {
-            cacheTime: fs__default['default'].statSync(cachefile).mtime.getTime(),
+            cacheTime: fs__default["default"].statSync(cachefile).mtime.getTime(),
             data: (data === "undefined" ? undefined : JSON.parse(data)),
         };
     }
@@ -1153,11 +1167,11 @@ class CacheProvider {
      * Save data to cache.
      */
     storeJson(cachekey, data) {
-        const cachefile = path__default['default'].join(this.config.cacheDir, `${cachekey}.json`);
-        if (!fs__default['default'].existsSync(this.config.cacheDir)) {
-            fs__default['default'].mkdirSync(this.config.cacheDir, { recursive: true });
+        const cachefile = path__default["default"].join(this.config.cacheDir, `${cachekey}.json`);
+        if (!fs__default["default"].existsSync(this.config.cacheDir)) {
+            fs__default["default"].mkdirSync(this.config.cacheDir, { recursive: true });
         }
-        fs__default['default'].writeFileSync(cachefile, data === undefined ? "undefined" : JSON.stringify(data));
+        fs__default["default"].writeFileSync(cachefile, data === undefined ? "undefined" : JSON.stringify(data));
     }
     async json(cachekey, block, cachetime = this.defaultCacheTime) {
         const cacheItem = this.mustValidate
@@ -1175,16 +1189,16 @@ class CacheProvider {
      * Delete all cached data.
      */
     cleanup() {
-        rimraf__default['default'].sync(this.config.cacheDir);
+        rimraf__default["default"].sync(this.config.cacheDir);
     }
 }
 class Config {
     constructor() {
-        this.cwd = path__default['default'].resolve(process.cwd());
-        this.configFile = path__default['default'].join(os__default['default'].homedir(), ".cals-config.json");
-        this.cacheDir = cachedir__default['default']("cals-cli");
-        this.agent = new https__default['default'].Agent({
+        this.cwd = path__default["default"].resolve(process.cwd());
+        this.configFile = path__default["default"].join(os__default["default"].homedir(), ".cals-config.json");
+        this.cacheDir = cachedir__default["default"]("cals-cli");
+        this.agent = new https__default["default"].Agent({
             keepAlive: true,
         });
         this.configCached = undefined;
@@ -1199,12 +1213,12 @@ class Config {
         return config;
     }
     readConfig() {
-        if (!fs__default['default'].existsSync(this.configFile)) {
+        if (!fs__default["default"].existsSync(this.configFile)) {
             return {};
         }
         try {
             // eslint-disable-next-line @typescript-eslint/no-unsafe-return
-            return JSON.parse(fs__default['default'].readFileSync(this.configFile, "utf-8"));
+            return JSON.parse(fs__default["default"].readFileSync(this.configFile, "utf-8"));
         }
         catch (e) {
             console.error("Failed", e);
@@ -1226,15 +1240,15 @@ class Config {
             ...this.readConfig(),
             [key]: value, // undefined will remove
         };
-        fs__default['default'].writeFileSync(this.configFile, JSON.stringify(updatedConfig, null, "  "));
+        fs__default["default"].writeFileSync(this.configFile, JSON.stringify(updatedConfig, null, "  "));
         this.configCached = updatedConfig;
     }
 }
 const CLEAR_WHOLE_LINE = 0;
 function clearLine(stdout) {
-    readline__default['default'].clearLine(stdout, CLEAR_WHOLE_LINE);
-    readline__default['default'].cursorTo(stdout, 0);
+    readline__default["default"].clearLine(stdout, CLEAR_WHOLE_LINE);
+    readline__default["default"].cursorTo(stdout, 0);
 }
 class Reporter {
     constructor(opts = {}) {
@@ -1242,7 +1256,7 @@ class Reporter {
         this.stderr = process.stderr;
         this.stdin = process.stdin;
         this.isTTY = this.stdout.isTTY;
-        this.format = chalk__default['default'];
+        this.format = chalk__default["default"];
         this.startTime = Date.now();
         this.nonInteractive = !!opts.nonInteractive;
         this.isVerbose = !!opts.verbose;
@@ -1303,7 +1317,7 @@ function getDefinitionFile(argv) {
         throw Error("Missing --definition-file option");
     }
     const definitionFile = argv.definitionFile;
-    if (!fs__default['default'].existsSync(definitionFile)) {
+    if (!fs__default["default"].existsSync(definitionFile)) {
         throw Error(`The file ${definitionFile} does not exist`);
     }
     return new DefinitionFile(definitionFile);
@@ -1360,9 +1374,9 @@ function reorderListToSimilarAsBefore(oldList, updatedList, selector, insertLast
 }
 async function getReposFromGitHub(github, orgs) {
-    return (await pMap__default['default'](orgs, async (org) => {
+    return (await pMap__default["default"](orgs, async (org) => {
         const repos = await github.getOrgRepoList({ org: org.login });
-        return pMap__default['default'](repos, async (repo) => {
+        return pMap__default["default"](repos, async (repo) => {
             const detailedRepo = await github.getRepository(repo.owner.login, repo.name);
             if (detailedRepo === undefined) {
                 throw Error(`Repo not found: ${repo.owner.login}/${repo.name}`);
@@ -1376,11 +1390,11 @@ async function getReposFromGitHub(github, orgs) {
     })).flat();
 }
 async function getTeams(github, orgs) {
-    const intermediate = await pMap__default['default'](orgs, async (org) => {
+    const intermediate = await pMap__default["default"](orgs, async (org) => {
         const teams = await github.getTeamList(org);
         return {
             org,
-            teams: await pMap__default['default'](teams, async (team) => ({
+            teams: await pMap__default["default"](teams, async (team) => ({
                 team,
                 users: await github.getTeamMemberListIncludingInvited(org, team),
             })),
@@ -1413,7 +1427,7 @@ function getFormattedTeams(oldTeams, teams) {
         : undefined;
 }
 async function getOrgs(github, orgs) {
-    return pMap__default['default'](orgs, (it) => github.getOrg(it));
+    return pMap__default["default"](orgs, (it) => github.getOrg(it));
 }
 function removeDuplicates(items, selector) {
     const ids = [];
@@ -1428,7 +1442,7 @@ function removeDuplicates(items, selector) {
     return result;
 }
 async function getMembers(github, orgs) {
-    return removeDuplicates((await pMap__default['default'](orgs, (org) => github.getOrgMembersListIncludingInvited(org.login)))
+    return removeDuplicates((await pMap__default["default"](orgs, (org) => github.getOrgMembersListIncludingInvited(org.login)))
         .flat()
         .map((it) => it.login), (it) => it);
 }
@@ -1543,7 +1557,7 @@ async function dumpSetup(config, reporter, github, snyk, outfile, definitionFile
     //  package. However it often produced invalid yaml, so we have removed
     //  it. We might want to revisit it to preserve comments.
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment,@typescript-eslint/no-explicit-any
-    const doc = yaml__default['default'].load(await definitionFile.getContents());
+    const doc = yaml__default["default"].load(await definitionFile.getContents());
     // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
     doc.snyk = generatedDefinition.snyk;
     // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
@@ -1551,7 +1565,7 @@ async function dumpSetup(config, reporter, github, snyk, outfile, definitionFile
     // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
     doc.github = generatedDefinition.github;
     // Convert to/from plain JSON so that undefined elements are removed.
-    fs__default['default'].writeFileSync(outfile, yaml__default['default'].dump(JSON.parse(JSON.stringify(doc))));
+    fs__default["default"].writeFileSync(outfile, yaml__default["default"].dump(JSON.parse(JSON.stringify(doc))));
     reporter.info(`Saved to ${outfile}`);
     reporter.info(`Number of GitHub requests: ${github.requestCount}`);
 }
@@ -1596,7 +1610,7 @@ const command$i = {
         .demandCommand()
         .usage(`cals definition`),
     handler: () => {
-        yargs__default['default'].showHelp();
+        yargs__default["default"].showHelp();
     },
 };
@@ -1621,7 +1635,7 @@ class DetectifyTokenCliProvider {
         if (process.env.CALS_DETECTIFY_TOKEN) {
             return process.env.CALS_DETECTIFY_TOKEN;
         }
-        const result = await keytar__default['default'].getPassword(this.keyringService, this.keyringAccount);
+        const result = await keytar__default["default"].getPassword(this.keyringService, this.keyringAccount);
         if (result == null) {
             process.stderr.write("No token found. Register using `cals detectify set-token`\n");
             return undefined;
@@ -1629,10 +1643,10 @@ class DetectifyTokenCliProvider {
         return result;
     }
     async markInvalid() {
-        await keytar__default['default'].deletePassword(this.keyringService, this.keyringAccount);
+        await keytar__default["default"].deletePassword(this.keyringService, this.keyringAccount);
     }
     async setToken(value) {
-        await keytar__default['default'].setPassword(this.keyringService, this.keyringAccount, value);
+        await keytar__default["default"].setPassword(this.keyringService, this.keyringAccount, value);
     }
 }
@@ -1652,7 +1666,7 @@ class DetectifyService {
         if (token === undefined) {
             throw new Error("Missing token for Detectify");
         }
-        const response = await fetch__default['default'](url, {
+        const response = await fetch__default["default"](url, {
             method: "GET",
             headers: {
                 Accept: "application/json",
@@ -1730,7 +1744,7 @@ async function setToken$2({ reporter, token, tokenProvider, }) {
         reporter.info("Need API token to talk to Detectify");
         reporter.info("See API keys under https://detectify.com/dashboard/team");
         token = await new Promise((resolve, reject) => {
-            read__default['default']({
+            read__default["default"]({
                 prompt: "Enter new Detectify API token: ",
                 silent: true,
             }, (err, answer) => {
@@ -1771,7 +1785,7 @@ Notes:
   and provide a link to generate one:
   $ cals detectify set-token`),
     handler: () => {
-        yargs__default['default'].showHelp();
+        yargs__default["default"].showHelp();
     },
 };
@@ -1787,9 +1801,9 @@ const command$d = {
 async function analyzeDirectory(reporter, config, github, org) {
     const repos = await github.getOrgRepoList({ org });
     const reposDict = repos.reduce((acc, cur) => ({ ...acc, [cur.name]: cur }), {});
-    const dirs = fs__default['default']
+    const dirs = fs__default["default"]
         .readdirSync(config.cwd)
-        .filter((it) => fs__default['default'].statSync(path__default['default'].join(config.cwd, it)).isDirectory())
+        .filter((it) => fs__default["default"].statSync(path__default["default"].join(config.cwd, it)).isDirectory())
         // Skip hidden folders
         .filter((it) => !it.startsWith("."))
         .sort((a, b) => a.localeCompare(b));
@@ -1865,7 +1879,7 @@ function getChangedRepoAttribs(definitionRepo, actualRepo) {
 async function getUnknownRepos(github, definition, limitToOrg) {
     const knownRepos = getRepos(definition).map((it) => it.id);
     const orgs = getGitHubOrgs(definition).filter((orgName) => limitToOrg === undefined || limitToOrg === orgName);
-    return lodash.sortBy((await pMap__default['default'](orgs, (orgName) => github.getOrgRepoList({ org: orgName })))
+    return lodash.sortBy((await pMap__default["default"](orgs, (orgName) => github.getOrgRepoList({ org: orgName })))
         .flat()
         .filter((it) => !knownRepos.includes(`${it.owner.login}/${it.name}`)), (it) => `${it.owner.login}/${it.name}`);
 }
@@ -1960,7 +1974,7 @@ async function createChangeSetItemsForProjects(github, definition, limitToOrg) {
     const orgs = definition.projects
         .flatMap((it) => it.github)
         .filter((org) => limitToOrg === undefined || limitToOrg === org.organization);
-    changes.push(...(await pMap__default['default'](orgs, async (org) => pMap__default['default'](org.repos || [], (projectRepo) => getProjectRepoChanges({
+    changes.push(...(await pMap__default["default"](orgs, async (org) => pMap__default["default"](org.repos || [], (projectRepo) => getProjectRepoChanges({
         github,
         org,
         projectRepo,
@@ -2058,7 +2072,7 @@ async function createChangeSetItemsForTeams(github, definition, org) {
         }
     });
     const overlappingTeams = actualTeams.filter((it) => wantedTeamNames.includes(it.name));
-    await pMap__default['default'](overlappingTeams, async (actualTeam) => {
+    await pMap__default["default"](overlappingTeams, async (actualTeam) => {
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         const wantedTeam = teams.find((it) => it.name === actualTeam.name);
         const actualMembers = await github.getTeamMemberListIncludingInvited(org, actualTeam);
@@ -2256,7 +2270,7 @@ function createOrgGetter(github) {
     const semaphores = {};
     function getSemaphore(orgName) {
         if (!(orgName in semaphores)) {
-            semaphores[orgName] = pLimit__default['default'](1);
+            semaphores[orgName] = pLimit__default["default"](1);
         }
         return semaphores[orgName];
     }
@@ -2313,7 +2327,7 @@ async function process$1(reporter, github, definition, getOrg, execute, limitToO
     }
     if (execute && changes.length > 0) {
         const cont = await new Promise((resolve, reject) => {
-            read__default['default']({
+            read__default["default"]({
                 prompt: "Confirm you want to execute the changes [y/N]: ",
                 timeout: 60000,
             }, (err, answer) => {
@@ -2363,7 +2377,7 @@ const command$b = {
 async function generateCloneCommands({ reporter, config, github, org, ...opt }) {
     if (!opt.listGroups && !opt.all && opt.group === undefined) {
-        yargs__default['default'].showHelp();
+        yargs__default["default"].showHelp();
         return;
     }
     const repos = await github.getOrgRepoList({ org });
@@ -2383,7 +2397,7 @@ async function generateCloneCommands({ reporter, config, github, org, ...opt })
             .filter((it) => opt.name === undefined || it.name.includes(opt.name))
             .filter((it) => opt.topic === undefined || includesTopic(it, opt.topic))
             .filter((it) => !opt.excludeExisting ||
-            !fs__default['default'].existsSync(path__default['default'].resolve(config.cwd, it.name)))
+            !fs__default["default"].existsSync(path__default["default"].resolve(config.cwd, it.name)))
             .forEach((repo) => {
             // The output of this is used to pipe into e.g. bash.
             // We cannot use reporter.log as it adds additional characters.
@@ -2690,7 +2704,7 @@ async function setToken$1({ reporter, token, tokenProvider, }) {
         reporter.info("Need API token to talk to GitHub");
         reporter.info("https://github.com/settings/tokens/new?scopes=repo:status,read:repo_hook");
         token = await new Promise((resolve, reject) => {
-            read__default['default']({
+            read__default["default"]({
                 prompt: "Enter new GitHub API token: ",
                 silent: true,
             }, (err, answer) => {
@@ -2758,33 +2772,35 @@ class GitRepo {
         this.logCommand = logCommand;
     }
     async cloneGitHubRepo(org, name, cloneType) {
-        const parent = path__default['default'].dirname(this.path);
-        if (!fs__default['default'].existsSync(parent)) {
-            await fs__default['default'].promises.mkdir(parent, { recursive: true });
+        const parent = path__default["default"].dirname(this.path);
+        if (!fs__default["default"].existsSync(parent)) {
+            await fs__default["default"].promises.mkdir(parent, { recursive: true });
         }
         const cloneUrl = cloneType === CloneType.SSH
             ? `git@github.com:${org}/${name}.git`
             : `https://github.com/${org}/${name}.git`;
         try {
-            const result = await execa__default['default']("git", ["clone", cloneUrl, this.path], {
+            const result = await execa__default["default"]("git", ["clone", cloneUrl, this.path], {
                 cwd: parent,
             });
             await this.logCommand(result);
         }
         catch (e) {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
             await this.logCommand(e);
             throw e;
         }
     }
     async git(args) {
         try {
-            const result = await execa__default['default']("git", args, {
+            const result = await execa__default["default"]("git", args, {
                 cwd: this.path,
             });
             await this.logCommand(result);
             return result;
         }
         catch (e) {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
             await this.logCommand(e);
             throw e;
         }
@@ -2845,11 +2861,11 @@ const CALS_LOG = ".cals.log";
  * backward slashes in paths.
  */
 function getRelpath(it) {
-    return path__default['default'].join(it.group, it.name);
+    return path__default["default"].join(it.group, it.name);
 }
 async function appendFile(path, data) {
     return new Promise((resolve, reject) => {
-        fs__default['default'].appendFile(path, data, { encoding: "utf-8" }, (err) => {
+        fs__default["default"].appendFile(path, data, { encoding: "utf-8" }, (err) => {
             if (err !== null) {
                 reject(err);
             }
@@ -2866,7 +2882,7 @@ function getAliases(repo) {
 }
 async function updateReposInParallel(reporter, items) {
     // Perform git operations in parallel, but limit how much.
-    const semaphore = pLimit__default['default'](30);
+    const semaphore = pLimit__default["default"](30);
     const promises = items.map((repo) => semaphore(async () => {
         try {
             return {
@@ -2928,8 +2944,8 @@ async function updateRepos(reporter, foundRepos) {
     }
 }
 function guessDefinitionRepoName(rootdir, cals) {
-    const p = path__default['default'].resolve(rootdir, cals.resourcesDefinition.path);
-    const relativePath = path__default['default'].relative(rootdir, p);
+    const p = path__default["default"].resolve(rootdir, cals.resourcesDefinition.path);
+    const relativePath = path__default["default"].relative(rootdir, p);
     if (relativePath.slice(0, 1) == ".") {
         return null;
     }
@@ -2942,8 +2958,8 @@ function guessDefinitionRepoName(rootdir, cals) {
     return parts[1];
 }
 async function getDefinition(rootdir, cals) {
-    const p = path__default['default'].resolve(rootdir, cals.resourcesDefinition.path);
-    if (!fs__default['default'].existsSync(p)) {
+    const p = path__default["default"].resolve(rootdir, cals.resourcesDefinition.path);
+    if (!fs__default["default"].existsSync(p)) {
         throw Error(`The file ${p} does not exist`);
     }
     return new DefinitionFile(p).getDefinition();
@@ -2952,9 +2968,9 @@ async function getDefinition(rootdir, cals) {
  * Get directory names within a directory.
  */
 function getDirNames(parent) {
-    return (fs__default['default']
+    return (fs__default["default"]
         .readdirSync(parent)
-        .filter((it) => fs__default['default'].statSync(path__default['default'].join(parent, it)).isDirectory())
+        .filter((it) => fs__default["default"].statSync(path__default["default"].join(parent, it)).isDirectory())
         // Skip hidden folders
         .filter((it) => !it.startsWith("."))
         .sort((a, b) => a.localeCompare(b)));
@@ -2966,7 +2982,7 @@ async function getReposInOrg(cals, rootdir) {
         .filter((it) => cals.resourcesDefinition.tags === undefined ||
         (it.project.tags || []).some((tag) => { var _a; return (_a = cals.resourcesDefinition.tags) === null || _a === void 0 ? void 0 : _a.includes(tag); }) ||
         // Always include if already checked out to avoid stale state.
-        fs__default['default'].existsSync(path__default['default'].join(rootdir, it.project.name, it.repo.name)));
+        fs__default["default"].existsSync(path__default["default"].join(rootdir, it.project.name, it.repo.name)));
 }
 function getExpectedRepo(item) {
     return {
@@ -2979,8 +2995,8 @@ function getExpectedRepo(item) {
     };
 }
 function getGitRepo(rootdir, relpath) {
-    return new GitRepo(path__default['default'].resolve(rootdir, relpath), async (result) => {
-        await appendFile(path__default['default'].resolve(rootdir, CALS_LOG), JSON.stringify({
+    return new GitRepo(path__default["default"].resolve(rootdir, relpath), async (result) => {
+        await appendFile(path__default["default"].resolve(rootdir, CALS_LOG), JSON.stringify({
             time: new Date().toISOString(),
             context: relpath,
             type: "exec-result",
@@ -3034,7 +3050,7 @@ async function getExpectedRepos(reporter, github, cals, rootdir) {
 }
 async function getInput(prompt) {
     return new Promise((resolve, reject) => {
-        read__default['default']({
+        read__default["default"]({
             prompt,
             timeout: 60000,
         }, (err, answer) => {
@@ -3071,15 +3087,15 @@ async function sync$1({ reporter, github, cals, rootdir, askClone, askMove, }) {
     const foundRepos = [];
     // Categorize all dirs.
     for (const topdir of getDirNames(rootdir)) {
-        const isGitDir = fs__default['default'].existsSync(path__default['default'].join(rootdir, topdir, ".git"));
+        const isGitDir = fs__default["default"].existsSync(path__default["default"].join(rootdir, topdir, ".git"));
         if (isGitDir) {
             // Do not traverse deeper inside another Git repo, as that might
             // mean we do not have the proper grouped structure.
             unknownDirs.push(topdir);
             continue;
         }
-        for (const subdir of getDirNames(path__default['default'].join(rootdir, topdir))) {
-            const p = path__default['default'].join(topdir, subdir);
+        for (const subdir of getDirNames(path__default["default"].join(rootdir, topdir))) {
+            const p = path__default["default"].join(topdir, subdir);
             const expectedRepo = expectedRepos.find((it) => getRelpath(it) === p ||
                 it.aliases.some((alias) => getRelpath(alias) === p));
             if (expectedRepo === undefined) {
@@ -3107,9 +3123,9 @@ async function sync$1({ reporter, github, cals, rootdir, askClone, askMove, }) {
         for (const it of archivedRepos) {
             reporter.info(`  ${it.actualRelpath}`);
         }
-        const thisDirName = path__default['default'].basename(process.cwd());
+        const thisDirName = path__default["default"].basename(process.cwd());
         const archiveDir = `../${thisDirName}-archive`;
-        const hasArchiveDir = fs__default['default'].existsSync(archiveDir);
+        const hasArchiveDir = fs__default["default"].existsSync(archiveDir);
         if (hasArchiveDir) {
             reporter.info("To move these:");
             for (const it of archivedRepos) {
@@ -3132,17 +3148,17 @@ async function sync$1({ reporter, github, cals, rootdir, askClone, askMove, }) {
             const shouldMove = await askMoveConfirm();
             if (shouldMove) {
                 for (const it of movedRepos) {
-                    const src = path__default['default'].join(rootdir, it.actualRelpath);
-                    const dest = path__default['default'].join(rootdir, getRelpath(it));
-                    const destParent = path__default['default'].join(rootdir, it.group);
-                    if (fs__default['default'].existsSync(dest)) {
+                    const src = path__default["default"].join(rootdir, it.actualRelpath);
+                    const dest = path__default["default"].join(rootdir, getRelpath(it));
+                    const destParent = path__default["default"].join(rootdir, it.group);
+                    if (fs__default["default"].existsSync(dest)) {
                         throw new Error(`Target directory already exists: ${dest} - cannot move ${it.actualRelpath}`);
                     }
                     reporter.info(`Moving ${it.actualRelpath} -> ${getRelpath(it)}`);
-                    if (!fs__default['default'].existsSync(destParent)) {
-                        await fs__default['default'].promises.mkdir(destParent, { recursive: true });
+                    if (!fs__default["default"].existsSync(destParent)) {
+                        await fs__default["default"].promises.mkdir(destParent, { recursive: true });
                     }
-                    await fs__default['default'].promises.rename(src, dest);
+                    await fs__default["default"].promises.rename(src, dest);
                 }
                 // We would have to update expectedRepos if we want to continue.
                 // Let's try keeping this simple.
@@ -3186,7 +3202,7 @@ async function sync$1({ reporter, github, cals, rootdir, askClone, askMove, }) {
     }
 }
 async function loadCalsManifest(config, reporter) {
-    const p = await findUp__default['default'](CALS_YAML, { cwd: config.cwd });
+    const p = await findUp__default["default"](CALS_YAML, { cwd: config.cwd });
     if (p === undefined) {
         reporter.error(`File ${CALS_YAML} not found. See help`);
         process.exitCode = 1;
@@ -3195,12 +3211,12 @@ async function loadCalsManifest(config, reporter) {
     // TODO: Verify file has expected contents.
     //  (Can we easily generate schema for type and verify?)
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment,@typescript-eslint/no-explicit-any
-    const cals = yaml__default['default'].load(fs__default['default'].readFileSync(p, "utf-8"));
+    const cals = yaml__default["default"].load(fs__default["default"].readFileSync(p, "utf-8"));
     if (cals.version !== 2) {
         throw new Error(`Unexpected version in ${p}`);
     }
     return {
-        dir: path__default['default'].dirname(p),
+        dir: path__default["default"].dirname(p),
         cals,
     };
 }
@@ -3305,20 +3321,23 @@ Notes:
   option to avoid stale cache. The cache can also be cleared with
   the "cals delete-cache" command.`),
     handler: () => {
-        yargs__default['default'].showHelp();
+        yargs__default["default"].showHelp();
     },
 };
 function totalSeverityCount(project) {
-    return (project.issueCountsBySeverity.high +
+    var _a;
+    return (((_a = project.issueCountsBySeverity.critical) !== null && _a !== void 0 ? _a : 0) +
+        project.issueCountsBySeverity.high +
         project.issueCountsBySeverity.medium +
         project.issueCountsBySeverity.low);
 }
 function buildStatsLine(stats) {
+    var _a;
     function item(num, str) {
         return num === 0 ? lodash.repeat(" ", str.length + 4) : sprintfJs.sprintf("%3d %s", num, str);
     }
-    return sprintfJs.sprintf("%s  %s  %s", item(stats.high, "high"), item(stats.medium, "medium"), item(stats.low, "low"));
+    return sprintfJs.sprintf("%s  %s  %s  %s", item((_a = stats.critical) !== null && _a !== void 0 ? _a : 0, "critical"), item(stats.high, "high"), item(stats.medium, "medium"), item(stats.low, "low"));
 }
 async function report({ reporter, snyk, definitionFile, }) {
     const definition = await definitionFile.getDefinition();
@@ -3342,6 +3361,7 @@ async function report({ reporter, snyk, definitionFile, }) {
     }
     else {
         reporter.info(sprintfJs.sprintf("%-70s %s", "Total count", buildStatsLine({
+            critical: lodash.sumBy(reposWithIssues, (it) => { var _a; return (_a = it.issueCountsBySeverity.critical) !== null && _a !== void 0 ? _a : 0; }),
             high: lodash.sumBy(reposWithIssues, (it) => it.issueCountsBySeverity.high),
             medium: lodash.sumBy(reposWithIssues, (it) => it.issueCountsBySeverity.medium),
             low: lodash.sumBy(reposWithIssues, (it) => it.issueCountsBySeverity.low),
@@ -3350,6 +3370,7 @@ async function report({ reporter, snyk, definitionFile, }) {
         byProjects.forEach((repos) => {
             const project = repos[0].project;
             const totalCount = {
+                critical: lodash.sumBy(repos, (it) => { var _a; return (_a = it.repo.issueCountsBySeverity.critical) !== null && _a !== void 0 ? _a : 0; }),
                 high: lodash.sumBy(repos, (it) => it.repo.issueCountsBySeverity.high),
                 medium: lodash.sumBy(repos, (it) => it.repo.issueCountsBySeverity.medium),
                 low: lodash.sumBy(repos, (it) => it.repo.issueCountsBySeverity.low),
@@ -3378,7 +3399,7 @@ async function setToken({ reporter, token, tokenProvider, }) {
         reporter.info("Need API token to talk to Snyk");
         reporter.info("See https://app.snyk.io/account");
         token = await new Promise((resolve, reject) => {
-            read__default['default']({
+            read__default["default"]({
                 prompt: "Enter new Snyk API token: ",
                 silent: true,
             }, (err, answer) => {
@@ -3449,12 +3470,12 @@ Notes:
   and provide a link to generate one:
   $ cals snyk set-token`),
     handler: () => {
-        yargs__default['default'].showHelp();
+        yargs__default["default"].showHelp();
     },
 };
 async function main() {
-    if (!semver__default['default'].satisfies(process.version, engines.node)) {
+    if (!semver__default["default"].satisfies(process.version, engines.node)) {
         console.error(`Required node version ${engines.node} not satisfied with current version ${process.version}.`);
         process.exit(1);
     }
@@ -3466,12 +3487,12 @@ async function main() {
    / /___/ ___ |/ /______/ /
    \\____/_/  |_/_____/____/
      cli ${version}
-     built ${"2021-09-16T15:27:43+0000"}
+     built ${"2022-02-07T10:11:46+0000"}
 https://github.com/capralifecycle/cals-cli/
 Usage: cals <command>`;
-    await yargs__default['default']
+    await yargs__default["default"]
         .usage(header)
         .scriptName("cals")
         .locale("en")