@coana-tech/cli 13.19.1 → 13.19.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.js +99 -13
  2. package/package.json +1 -1
package/cli.js CHANGED
@@ -95382,6 +95382,7 @@ async function findPackageManagerDockerImage(packageManagerName, subprojectPath)
95382
95382
  case "NPM":
95383
95383
  case "YARN":
95384
95384
  case "PNPM":
95385
+ case "RUSH":
95385
95386
  return findPackageManagerDockerImageFromSpecifier("npm-package-managers");
95386
95387
  case "MAVEN": {
95387
95388
  return findPackageManagerDockerImageFromSpecifier(
@@ -130100,6 +130101,7 @@ __export(dashboard_integration_exports, {
130100
130101
  getExperimentName: () => getExperimentName,
130101
130102
  getPreviousAnalysisResults: () => getPreviousAnalysisResults,
130102
130103
  sendCLIProgressToDashboard: () => sendCLIProgressToDashboard,
130104
+ sendDependencyTreesToDashboard: () => sendDependencyTreesToDashboard,
130103
130105
  sendErrorReportToDashboard: () => sendErrorReportToDashboard,
130104
130106
  sendRegressionsToDashboard: () => sendRegressionsToDashboard,
130105
130107
  sendToDashboard: () => sendToDashboard,
@@ -130248,6 +130250,22 @@ async function sendWarningToDashboard(message2, data2, additionalData, reportId,
130248
130250
  logger.warn("Unable to send warning to dashboard:", error.message);
130249
130251
  }
130250
130252
  }
130253
+ async function sendDependencyTreesToDashboard(dependencyTrees, reportId, apiKey) {
130254
+ try {
130255
+ await sendPostRequest(
130256
+ coanaAPIUrls.SEND_DEPENDENCY_TREES.replace(":reportId", reportId),
130257
+ apiKey,
130258
+ {},
130259
+ dependencyTrees
130260
+ );
130261
+ } catch (e) {
130262
+ sendWarningToDashboard("Unable to send dependency trees", { reportId }, void 0, reportId, apiKey);
130263
+ logger.warn(
130264
+ "Unable to send dependency trees:",
130265
+ e.message
130266
+ );
130267
+ }
130268
+ }
130251
130269
  async function sendToDashboard(report, writeReportToFile, reportId, apiKey) {
130252
130270
  try {
130253
130271
  if (writeReportToFile) {
@@ -130312,7 +130330,8 @@ var init_dashboard_integration = __esm({
130312
130330
  GET_LATEST_BUCKETS: `${coanaAPI}/latest-buckets`,
130313
130331
  GET_LATEST_RESULTS: `${coanaAPI}/latest-results`,
130314
130332
  GET_EXPERIMENT_NAME: `${coanaAPI}/experiment-name`,
130315
- REPORT_WARNING: `${coanaAPI}/cli/warn`
130333
+ REPORT_WARNING: `${coanaAPI}/cli/warn`,
130334
+ SEND_DEPENDENCY_TREES: `${coanaAPI}/reports/:reportId/dependency-trees`
130316
130335
  };
130317
130336
  reportSubmitEndpoint = process.env.COANA_CLI_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/reports/submit";
130318
130337
  errorSubmitEndpoint = process.env.COANA_CLI_ERROR_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/cli/error";
@@ -189073,13 +189092,56 @@ var init_slack = __esm({
189073
189092
  });
189074
189093
 
189075
189094
  // ../web-compat-utils/src/dependency-tree.ts
189095
+ var dependency_tree_exports = {};
189096
+ __export(dependency_tree_exports, {
189097
+ ADVISORY_ECOSYSTEMS: () => ADVISORY_ECOSYSTEMS,
189098
+ ADVISORY_SEVERITIES: () => ADVISORY_SEVERITIES,
189099
+ PACKAGE_MANAGERS: () => PACKAGE_MANAGERS,
189100
+ getEcosystem: () => getEcosystem,
189101
+ mergeDependencyTrees: () => mergeDependencyTrees,
189102
+ toPlainDependencyTree: () => toPlainDependencyTree
189103
+ });
189076
189104
  function getEcosystem({ ecosystem }) {
189077
189105
  return ecosystem ?? "NPM";
189078
189106
  }
189079
- var ADVISORY_ECOSYSTEMS;
189107
+ function mergeDependencyTrees(dependencyTrees) {
189108
+ if (dependencyTrees.length === 1) return dependencyTrees[0];
189109
+ const newTree = {
189110
+ ...dependencyTrees[0],
189111
+ transitiveDependencies: {},
189112
+ dependencies: []
189113
+ };
189114
+ for (const dependencyTree of dependencyTrees) {
189115
+ if (dependencyTree.dependencies)
189116
+ newTree.dependencies = i([...newTree.dependencies, ...dependencyTree.dependencies ?? []]);
189117
+ for (const [identifier, node] of Object.entries(dependencyTree.transitiveDependencies)) {
189118
+ if (!newTree.transitiveDependencies[identifier])
189119
+ newTree.transitiveDependencies[identifier] = { ...node, dependencies: [...node.dependencies ?? []] };
189120
+ else {
189121
+ const existingNode = newTree.transitiveDependencies[identifier];
189122
+ existingNode.dependencies = i([...existingNode.dependencies ?? [], ...node.dependencies ?? []]);
189123
+ }
189124
+ }
189125
+ }
189126
+ return newTree;
189127
+ }
189128
+ function toPlainDependencyTree(dependencyTree) {
189129
+ function pickNode(node) {
189130
+ return a(node, ["packageName", "version", "dependencies", "resolvedType"]);
189131
+ }
189132
+ return {
189133
+ ...pickNode(dependencyTree),
189134
+ transitiveDependencies: Object.fromEntries(
189135
+ Object.entries(dependencyTree.transitiveDependencies).map(([key, value]) => [key, pickNode(value)])
189136
+ ),
189137
+ ecosystem: dependencyTree.ecosystem
189138
+ };
189139
+ }
189140
+ var ADVISORY_ECOSYSTEMS, ADVISORY_SEVERITIES, PACKAGE_MANAGERS;
189080
189141
  var init_dependency_tree = __esm({
189081
189142
  "../web-compat-utils/src/dependency-tree.ts"() {
189082
189143
  "use strict";
189144
+ init_dist();
189083
189145
  ADVISORY_ECOSYSTEMS = [
189084
189146
  "COMPOSER",
189085
189147
  "ERLANG",
@@ -189094,6 +189156,24 @@ var init_dependency_tree = __esm({
189094
189156
  "RUST",
189095
189157
  "SWIFT"
189096
189158
  ];
189159
+ ADVISORY_SEVERITIES = ["info", "INFO", "low", "LOW", "moderate", "MODERATE", "high", "HIGH", "critical", "CRITICAL"];
189160
+ PACKAGE_MANAGERS = [
189161
+ "NPM",
189162
+ "PNPM",
189163
+ "YARN",
189164
+ "RUSH",
189165
+ "MAVEN",
189166
+ "GRADLE",
189167
+ "SBT",
189168
+ "POETRY",
189169
+ "PIP_REQUIREMENTS",
189170
+ "PIPENV",
189171
+ "GO",
189172
+ "CARGO",
189173
+ "NUGET",
189174
+ "RUBYGEMS",
189175
+ "COMPOSER"
189176
+ ];
189097
189177
  }
189098
189178
  });
189099
189179
 
@@ -190035,7 +190115,7 @@ var require_version = __commonJS({
190035
190115
  "use strict";
190036
190116
  Object.defineProperty(exports2, "__esModule", { value: true });
190037
190117
  exports2.version = void 0;
190038
- exports2.version = "13.19.1";
190118
+ exports2.version = "13.19.3";
190039
190119
  }
190040
190120
  });
190041
190121
 
@@ -190070,6 +190150,7 @@ var require_cli_core = __commonJS({
190070
190150
  var dashboard_integration_1 = (init_dashboard_integration(), __toCommonJS(dashboard_integration_exports));
190071
190151
  var vulnerability_scanning_1 = require_vulnerability_scanning();
190072
190152
  var version_12 = require_version();
190153
+ var dependency_tree_1 = (init_dependency_tree(), __toCommonJS(dependency_tree_exports));
190073
190154
  var CliCore = class {
190074
190155
  options;
190075
190156
  spinner;
@@ -190225,18 +190306,10 @@ var require_cli_core = __commonJS({
190225
190306
  await this.spinner.setText(`Compiling report`);
190226
190307
  const allVulnerabilities = workspacesOutput.flatMap(({ vulnerabilities }) => vulnerabilities);
190227
190308
  this.spinner.stop();
190228
- const dependencyTrees = workspacesOutput.map(({ subprojectPath, workspacePath, dependencyTree }) => ({
190229
- treeType: "v1",
190230
- dependencyTree,
190231
- ecosystem: dependencyTree.ecosystem ?? "NPM",
190232
- workspacePath,
190233
- subprojectPath
190234
- }));
190235
190309
  const report = {
190236
- reportType: "v6",
190310
+ reportType: "v7",
190237
190311
  vulnerabilities: allVulnerabilities,
190238
- ...await this.createMetadataForReport(manager, startTime),
190239
- dependencyTrees: dependencyTrees.flat()
190312
+ ...await this.createMetadataForReport(manager, startTime)
190240
190313
  };
190241
190314
  return report;
190242
190315
  }
@@ -190364,6 +190437,19 @@ var require_cli_core = __commonJS({
190364
190437
  this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", true, subprojectPath);
190365
190438
  const projectInfo = await otherModulesCommunicator.prepareProjectAndGetProjectData(packageManagerName, subprojectPath, workspacePaths, this.options.lightweightReachability, this.options.providerProject ? await this.runOnProvider(this.options.providerProject) : void 0);
190366
190439
  this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", false, subprojectPath);
190440
+ const workspaceToPlainDependencyTree = Object.fromEntries(workspacePaths.map((workspacePath) => [
190441
+ workspacePath,
190442
+ (0, dependency_tree_1.toPlainDependencyTree)(projectInfo[workspacePath].dataForAnalysis.dependencyTree)
190443
+ ]));
190444
+ const dependencyTrees = workspacePaths.map((workspacePath) => ({
190445
+ treeType: "v1",
190446
+ dependencyTree: workspaceToPlainDependencyTree[workspacePath],
190447
+ ecosystem: workspaceToPlainDependencyTree[workspacePath].ecosystem ?? "NPM",
190448
+ workspacePath,
190449
+ subprojectPath: (0, path_1.relative)(rootWorkingDirectory, subprojectPath) || "."
190450
+ }));
190451
+ if (this.shareWithDashboard)
190452
+ (0, dashboard_integration_1.sendDependencyTreesToDashboard)(dependencyTrees, this.reportId, this.options.apiKey);
190367
190453
  const workspaceToVulnerabilities = Object.fromEntries(await (0, async_1.asyncMap)(workspacePaths, async (workspacePath) => this.spinner.wrap(`Scanning for vulnerabilities: (${subProjAndWsPath.packageManagerName}) ${(0, path_1.join)(subProjAndWsPath.subprojectPath, workspacePath)}`, async () => {
190368
190454
  const dependencyTree = projectInfo[workspacePath].dataForAnalysis.dependencyTree;
190369
190455
  this.sendProgress("SCAN_FOR_VULNERABILITIES", true, subprojectPath, workspacePath);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "13.19.1",
3
+ "version": "13.19.3",
4
4
  "description": "Coana CLI",
5
5
  "bin": {
6
6
  "@coana-tech/cli": "./cli.js"