npm - @coana-tech/cli - Versions diffs - 13.19.2 → 13.19.3 - Mend

@coana-tech/cli 13.19.2 → 13.19.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.js +98 -13
package/package.json +1 -1

package/cli.js CHANGED Viewed

@@ -130101,6 +130101,7 @@ __export(dashboard_integration_exports, {
   getExperimentName: () => getExperimentName,
   getPreviousAnalysisResults: () => getPreviousAnalysisResults,
   sendCLIProgressToDashboard: () => sendCLIProgressToDashboard,
+  sendDependencyTreesToDashboard: () => sendDependencyTreesToDashboard,
   sendErrorReportToDashboard: () => sendErrorReportToDashboard,
   sendRegressionsToDashboard: () => sendRegressionsToDashboard,
   sendToDashboard: () => sendToDashboard,
@@ -130249,6 +130250,22 @@ async function sendWarningToDashboard(message2, data2, additionalData, reportId,
     logger.warn("Unable to send warning to dashboard:", error.message);
   }
 }
+async function sendDependencyTreesToDashboard(dependencyTrees, reportId, apiKey) {
+  try {
+    await sendPostRequest(
+      coanaAPIUrls.SEND_DEPENDENCY_TREES.replace(":reportId", reportId),
+      apiKey,
+      {},
+      dependencyTrees
+    );
+  } catch (e) {
+    sendWarningToDashboard("Unable to send dependency trees", { reportId }, void 0, reportId, apiKey);
+    logger.warn(
+      "Unable to send dependency trees:",
+      e.message
+    );
+  }
+}
 async function sendToDashboard(report, writeReportToFile, reportId, apiKey) {
   try {
     if (writeReportToFile) {
@@ -130313,7 +130330,8 @@ var init_dashboard_integration = __esm({
       GET_LATEST_BUCKETS: `${coanaAPI}/latest-buckets`,
       GET_LATEST_RESULTS: `${coanaAPI}/latest-results`,
       GET_EXPERIMENT_NAME: `${coanaAPI}/experiment-name`,
-      REPORT_WARNING: `${coanaAPI}/cli/warn`
+      REPORT_WARNING: `${coanaAPI}/cli/warn`,
+      SEND_DEPENDENCY_TREES: `${coanaAPI}/reports/:reportId/dependency-trees`
     };
     reportSubmitEndpoint = process.env.COANA_CLI_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/reports/submit";
     errorSubmitEndpoint = process.env.COANA_CLI_ERROR_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/cli/error";
@@ -189074,13 +189092,56 @@ var init_slack = __esm({
 });
 // ../web-compat-utils/src/dependency-tree.ts
+var dependency_tree_exports = {};
+__export(dependency_tree_exports, {
+  ADVISORY_ECOSYSTEMS: () => ADVISORY_ECOSYSTEMS,
+  ADVISORY_SEVERITIES: () => ADVISORY_SEVERITIES,
+  PACKAGE_MANAGERS: () => PACKAGE_MANAGERS,
+  getEcosystem: () => getEcosystem,
+  mergeDependencyTrees: () => mergeDependencyTrees,
+  toPlainDependencyTree: () => toPlainDependencyTree
+});
 function getEcosystem({ ecosystem }) {
   return ecosystem ?? "NPM";
 }
-var ADVISORY_ECOSYSTEMS;
+function mergeDependencyTrees(dependencyTrees) {
+  if (dependencyTrees.length === 1) return dependencyTrees[0];
+  const newTree = {
+    ...dependencyTrees[0],
+    transitiveDependencies: {},
+    dependencies: []
+  };
+  for (const dependencyTree of dependencyTrees) {
+    if (dependencyTree.dependencies)
+      newTree.dependencies = i([...newTree.dependencies, ...dependencyTree.dependencies ?? []]);
+    for (const [identifier, node] of Object.entries(dependencyTree.transitiveDependencies)) {
+      if (!newTree.transitiveDependencies[identifier])
+        newTree.transitiveDependencies[identifier] = { ...node, dependencies: [...node.dependencies ?? []] };
+      else {
+        const existingNode = newTree.transitiveDependencies[identifier];
+        existingNode.dependencies = i([...existingNode.dependencies ?? [], ...node.dependencies ?? []]);
+      }
+    }
+  }
+  return newTree;
+}
+function toPlainDependencyTree(dependencyTree) {
+  function pickNode(node) {
+    return a(node, ["packageName", "version", "dependencies", "resolvedType"]);
+  }
+  return {
+    ...pickNode(dependencyTree),
+    transitiveDependencies: Object.fromEntries(
+      Object.entries(dependencyTree.transitiveDependencies).map(([key, value]) => [key, pickNode(value)])
+    ),
+    ecosystem: dependencyTree.ecosystem
+  };
+}
+var ADVISORY_ECOSYSTEMS, ADVISORY_SEVERITIES, PACKAGE_MANAGERS;
 var init_dependency_tree = __esm({
   "../web-compat-utils/src/dependency-tree.ts"() {
     "use strict";
+    init_dist();
     ADVISORY_ECOSYSTEMS = [
       "COMPOSER",
       "ERLANG",
@@ -189095,6 +189156,24 @@ var init_dependency_tree = __esm({
       "RUST",
       "SWIFT"
     ];
+    ADVISORY_SEVERITIES = ["info", "INFO", "low", "LOW", "moderate", "MODERATE", "high", "HIGH", "critical", "CRITICAL"];
+    PACKAGE_MANAGERS = [
+      "NPM",
+      "PNPM",
+      "YARN",
+      "RUSH",
+      "MAVEN",
+      "GRADLE",
+      "SBT",
+      "POETRY",
+      "PIP_REQUIREMENTS",
+      "PIPENV",
+      "GO",
+      "CARGO",
+      "NUGET",
+      "RUBYGEMS",
+      "COMPOSER"
+    ];
   }
 });
@@ -190036,7 +190115,7 @@ var require_version = __commonJS({
     "use strict";
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.version = void 0;
-    exports2.version = "13.19.2";
+    exports2.version = "13.19.3";
   }
 });
@@ -190071,6 +190150,7 @@ var require_cli_core = __commonJS({
     var dashboard_integration_1 = (init_dashboard_integration(), __toCommonJS(dashboard_integration_exports));
     var vulnerability_scanning_1 = require_vulnerability_scanning();
     var version_12 = require_version();
+    var dependency_tree_1 = (init_dependency_tree(), __toCommonJS(dependency_tree_exports));
     var CliCore = class {
       options;
       spinner;
@@ -190226,18 +190306,10 @@ var require_cli_core = __commonJS({
         await this.spinner.setText(`Compiling report`);
         const allVulnerabilities = workspacesOutput.flatMap(({ vulnerabilities }) => vulnerabilities);
         this.spinner.stop();
-        const dependencyTrees = workspacesOutput.map(({ subprojectPath, workspacePath, dependencyTree }) => ({
-          treeType: "v1",
-          dependencyTree,
-          ecosystem: dependencyTree.ecosystem ?? "NPM",
-          workspacePath,
-          subprojectPath
-        }));
         const report = {
-          reportType: "v6",
+          reportType: "v7",
           vulnerabilities: allVulnerabilities,
-          ...await this.createMetadataForReport(manager, startTime),
-          dependencyTrees: dependencyTrees.flat()
+          ...await this.createMetadataForReport(manager, startTime)
         };
         return report;
       }
@@ -190365,6 +190437,19 @@ var require_cli_core = __commonJS({
           this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", true, subprojectPath);
           const projectInfo = await otherModulesCommunicator.prepareProjectAndGetProjectData(packageManagerName, subprojectPath, workspacePaths, this.options.lightweightReachability, this.options.providerProject ? await this.runOnProvider(this.options.providerProject) : void 0);
           this.sendProgress("PREPARE_PROJECT_AND_GET_PROJECT_DATA", false, subprojectPath);
+          const workspaceToPlainDependencyTree = Object.fromEntries(workspacePaths.map((workspacePath) => [
+            workspacePath,
+            (0, dependency_tree_1.toPlainDependencyTree)(projectInfo[workspacePath].dataForAnalysis.dependencyTree)
+          ]));
+          const dependencyTrees = workspacePaths.map((workspacePath) => ({
+            treeType: "v1",
+            dependencyTree: workspaceToPlainDependencyTree[workspacePath],
+            ecosystem: workspaceToPlainDependencyTree[workspacePath].ecosystem ?? "NPM",
+            workspacePath,
+            subprojectPath: (0, path_1.relative)(rootWorkingDirectory, subprojectPath) || "."
+          }));
+          if (this.shareWithDashboard)
+            (0, dashboard_integration_1.sendDependencyTreesToDashboard)(dependencyTrees, this.reportId, this.options.apiKey);
           const workspaceToVulnerabilities = Object.fromEntries(await (0, async_1.asyncMap)(workspacePaths, async (workspacePath) => this.spinner.wrap(`Scanning for vulnerabilities: (${subProjAndWsPath.packageManagerName}) ${(0, path_1.join)(subProjAndWsPath.subprojectPath, workspacePath)}`, async () => {
             const dependencyTree = projectInfo[workspacePath].dataForAnalysis.dependencyTree;
             this.sendProgress("SCAN_FOR_VULNERABILITIES", true, subprojectPath, workspacePath);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "13.19.2",
+  "version": "13.19.3",
   "description": "Coana CLI",
   "bin": {
     "@coana-tech/cli": "./cli.js"