@coana-tech/cli 14.12.126 → 14.12.128

package/cli.mjs

@@ -73599,9 +73599,9 @@ var require_lockfile = __commonJS({
       /* 85 */
       /***/
       function(module3, exports3) {
-        module3.exports = function(exec5) {
+        module3.exports = function(exec4) {
           try {
-            return !!exec5();
+            return !!exec4();
           } catch (e) {
             return true;
           }
@@ -73733,9 +73733,9 @@ var require_lockfile = __commonJS({
       /* 104 */
       /***/
       function(module3, exports3) {
-        module3.exports = function(exec5) {
+        module3.exports = function(exec4) {
           try {
-            return { e: false, v: exec5() };
+            return { e: false, v: exec4() };
           } catch (e) {
             return { e: true, v: e };
           }
@@ -75208,7 +75208,7 @@ ${indent3}`);
           });
         } catch (e) {
         }
-        module3.exports = function(exec5, skipClosing) {
+        module3.exports = function(exec4, skipClosing) {
           if (!skipClosing && !SAFE_CLOSING) return false;
           var safe = false;
           try {
@@ -75220,7 +75220,7 @@ ${indent3}`);
             arr[ITERATOR] = function() {
               return iter;
             };
-            exec5(arr);
+            exec4(arr);
           } catch (e) {
           }
           return safe;
@@ -75543,8 +75543,8 @@ ${indent3}`);
         var USE_NATIVE = !!function() {
           try {
             var promise = $Promise.resolve(1);
-            var FakePromise = (promise.constructor = {})[__webpack_require__(13)("species")] = function(exec5) {
-              exec5(empty2, empty2);
+            var FakePromise = (promise.constructor = {})[__webpack_require__(13)("species")] = function(exec4) {
+              exec4(empty2, empty2);
             };
             return (isNode2 || typeof PromiseRejectionEvent == "function") && promise.then(empty2) instanceof FakePromise && v8.indexOf("6.6") !== 0 && userAgent.indexOf("Chrome/66") === -1;
           } catch (e) {
@@ -206687,13 +206687,6 @@ async function execNeverFail(cmd, dir, options) {
     childProcess.stdin?.end();
   });
 }
-async function exec(cmd, dir, options) {
-  const { error, stdout, stderr } = await execNeverFail(cmd, dir, options);
-  if (!error) return { stdout, stderr };
-  error.stdout = stdout;
-  error.stderr = stderr;
-  throw error;
-}
 async function runCommandResolveStdOut(cmd, dir, options) {
   const { stdout, error } = await execNeverFail(cmd, dir, options);
   if (error) throw error;
@@ -213312,17 +213305,6 @@ async function execNeverFail2(cmd, dir, options) {
   logger.debug(`Command ${formatCmd(cmd, dir)} finished ${result.error ? "with error" : "successfully"}`);
   return result;
 }
-async function exec2(cmd, dir, options) {
-  logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
-  try {
-    const result = await exec(cmd, dir, options);
-    logger.debug(`Command ${formatCmd(cmd, dir)} finished successfully`);
-    return result;
-  } catch (error) {
-    logger.debug(`Command ${formatCmd(cmd, dir)} finished with error`);
-    throw error;
-  }
-}
 async function runCommandResolveStdOut2(cmd, dir, options) {
   logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
   try {
@@ -213469,13 +213451,13 @@ var Diff = class {
       editLength++;
     };
     if (callback) {
-      (function exec5() {
+      (function exec4() {
         setTimeout(function() {
           if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
             return callback(void 0);
           }
           if (!execEditLength()) {
-            exec5();
+            exec4();
           }
         }, 0);
       })();
@@ -225731,8 +225713,8 @@ var getNpmBin = once(async () => {
 async function actuallyRunInstall(specificPackagesArgs = [], dir) {
   const installationCommand = cmdt2`${await getNpmBin()} install -f --ignore-scripts --no-fund --no-audit --no-progress ${specificPackagesArgs}`;
   logger.debug(`Running installation command: "${installationCommand}" in ${dir}`);
-  const result = execAndLogOnFailure4(installationCommand, dir);
-  logger.info(`Installation completed.`);
+  const result = await execAndLogOnFailure4(installationCommand, dir);
+  logger.info(`Installation ${result ? "completed" : "failed"}.`);
   return result;
 }
 async function getWorkspacePathsFromPackageJSON(projectFolder, useDotWhenNoWorkspaces = false) {
@@ -225926,7 +225908,7 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
     const installationCommand = cmdt`pnpm install --ignore-scripts${await this.getPnpmMajorVersion() >= 9 && specificPackagesCmd.length === 0 ? "--no-frozen-lockfile" : ""} --config.confirmModulesPurge=false ${specificPackagesCmd}`;
     const installDir = resolve22(this.rootDir, this.subprojectPath, workspacePath);
     logger.info(`Running installation command: "${installationCommand}" in ${installDir}`);
-    await exec2(installationCommand, installDir);
+    await execAndLogOnFailure2(installationCommand, installDir);
     logger.info(`Installation completed.`);
   }
   async getLockFileYaml() {
@@ -226026,7 +226008,10 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
   async finalizeFixes() {
     const cmd = cmdt`pnpm install --ignore-scripts --fix-lockfile --config.confirmModulesPurge=false `;
     logger.info(`Adjusting lock file changes by running '${cmd}'`);
-    await exec2(cmd, resolve22(this.rootDir, this.subprojectPath));
+    const result = await execAndLogOnFailure2(cmd, resolve22(this.rootDir, this.subprojectPath));
+    if (!result) {
+      throw new Error(`Failed to install packages`);
+    }
   }
 };
 function getVersionNumber(version4) {
@@ -236242,7 +236227,7 @@ function getMongoClient() {
 }
 
 // ../security-auditor/security-auditor-api/src/vulnerability-patterns-helper/get-interesting-urls-for-vulnerability.ts
-import { exec as exec4 } from "child_process";
+import { exec as exec3 } from "child_process";
 import { promisify } from "util";
 
 // ../../node_modules/.pnpm/cheerio@1.0.0-rc.12/node_modules/cheerio/lib/esm/options.js
@@ -249838,7 +249823,7 @@ async function getInterestingURLsForVulnerability(vulnerability, packageMetadata
 }
 async function computeComparisonURLs(scmUrl, vulnAndFixVersionsArr) {
   try {
-    const gitTags = (await promisify(exec4)(`git ls-remote ${scmUrl} | grep -F "refs/tags"`)).stdout.split("\n");
+    const gitTags = (await promisify(exec3)(`git ls-remote ${scmUrl} | grep -F "refs/tags"`)).stdout.split("\n");
     logger3.debug("gitTags", gitTags);
     logger3.debug("vulnAndFixVersionsArr", vulnAndFixVersionsArr);
     const versionToSha = {};
@@ -249873,7 +249858,7 @@ async function computeInterestingCommitURLs(text3, scmUrl) {
     const repo = scmUrl.split("/").slice(-2).join("/");
     const cmd = `gh search commits ${text3} --repo ${repo}`;
     logger3.debug(`Finding issue or PR url for text ${text3}`, cmd);
-    const { stdout } = await promisify(exec4)(cmd, { shell: "/bin/zsh" });
+    const { stdout } = await promisify(exec3)(cmd, { shell: "/bin/zsh" });
     return stdout.split("\n").filter((line) => line).map((line) => {
       const [repo2, sha] = line.split("	");
       return `https://www.github.com/${repo2}/commit/${sha}`;
@@ -249887,7 +249872,7 @@ async function computeInterestingIssueAndPRUrlsWithText(text3, scmUrl) {
   const repo = scmUrl.split("/").slice(-2).join("/");
   const cmd = `gh search issues ${text3} in:title,body,comment --repo ${repo} --include-prs`;
   console.log(`Finding issue or PR url for text ${text3}`, cmd);
-  const { stdout } = await promisify(exec4)(cmd, { shell: "/bin/zsh" });
+  const { stdout } = await promisify(exec3)(cmd, { shell: "/bin/zsh" });
   return stdout.split("\n").filter((line) => line).map((line) => {
     const [issueOrPr, repo2, id] = line.split("	");
     const issueOrPrUrlPart = issueOrPr === "issue" ? "issues" : "pull";
@@ -251116,7 +251101,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.126";
+var version3 = "14.12.128";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.126",
+  "version": "14.12.128",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -80232,7 +80232,7 @@ async function sendRegressionsToDashboard(regressions, subprojectPath, workspace
     );
   } catch (e) {
     sendWarningToDashboard(
-      "Unable to get latest buckets",
+      "Unable to send regressions from experimental runs",
       { subprojectPath, workspacePath, reportId },
       void 0,
       reportId,
@@ -95833,7 +95833,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve10(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile6(outputFile, "utf-8")).result;
@@ -95872,7 +95872,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve10(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile6(outputFile, "utf-8")).result;
@@ -109809,7 +109809,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve11(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -109848,7 +109848,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve11(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -110479,9 +110479,8 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       void 0,
       // If experiment is enabled, fail if Jelly exceeds 1.5x the timeout.
       // Otherwise, fail if Jelly exceeds 3x the timeout.
-      // This helps avoid pathological cases where hitting the memory cap makes GC dominate execution,
-      // causing timeout checks to not trigger promptly.
-      { timeout: timeoutInSeconds * 1e3 * (experiment ? 1.5 : 3) }
+      // Use SIGKILL to ensure termination even if the process is unresponsive (e.g., due to GC pressure).
+      { timeout: timeoutInSeconds * 1e3 * (experiment ? 1.5 : 3), killSignal: "SIGKILL" }
     );
     if (reachabilityAnalysisOptions.printLogFile)
       logger.info("JS analysis log file:", await readFile8(logFile, "utf-8"));
@@ -110522,7 +110521,10 @@ async function runJellyPhantomDependencyAnalysis(projectRoot, options) {
     const jellyCmd = cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} --max-old-space-size=${options.memoryLimitInMB}
       ${jellyExecutable} --basedir ${projectRoot} --modules-only --ignore-dependencies
         --reachable-json ${reachablePackagesFile} ${projectRoot}`;
-    await runCommandResolveStdOut2(jellyCmd, void 0, { timeout: options.timeoutSeconds.allVulnRuns * 1e3 });
+    await runCommandResolveStdOut2(jellyCmd, void 0, {
+      timeout: options.timeoutSeconds.allVulnRuns * 1e3,
+      killSignal: "SIGKILL"
+    });
     return JSON.parse(await readFile8(reachablePackagesFile, "utf-8")).packages;
   } finally {
     await rm2(tmpFolder, { recursive: true });
@@ -110539,7 +110541,10 @@ async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot,
         ${getExcludes(mainProjectRoot, projectRoot, options)}
         --reachable-json ${reachableModulesFile}
         ${options.entryPoints ?? projectRoot}`;
-    await runCommandResolveStdOut2(jellyCmd, void 0, { timeout: options.timeoutSeconds.allVulnRuns * 1e3 });
+    await runCommandResolveStdOut2(jellyCmd, void 0, {
+      timeout: options.timeoutSeconds.allVulnRuns * 1e3,
+      killSignal: "SIGKILL"
+    });
     return JSON.parse(await readFile8(reachableModulesFile, "utf-8"));
   } finally {
     await rm2(tmpFolder, { recursive: true });
@@ -110798,6 +110803,7 @@ var GoCodeAwareVulnerabilityScanner = class {
           -topk=4 ${heuristic.includeTests && "-tests"}
           ${this.projectDir} ${vulnAccPaths}`, void 0, {
         timeout: timeoutInSeconds * 1e3,
+        killSignal: "SIGKILL",
         env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0
       });
       if (error) {
@@ -111197,7 +111203,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const outputFile = resolve16(tmpDir, "output.json");
       await writeFile8(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile10(outputFile, "utf-8")).result;
@@ -111233,7 +111239,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const outputFile = resolve16(tmpDir, "output.json");
       await writeFile8(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(effectiveTimeout * 1.5, effectiveTimeout + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile10(outputFile, "utf-8")).result;
@@ -111760,8 +111766,10 @@ ${vulnAccPaths.join("\n")}`);
           ...process.env,
           PYPY_GC_MAX: `${reachabilityAnalysisOptions.memoryLimitInMB ?? 0}MB`
         },
-        // Forcefully kill the process if the internal timeout mechanism fails
-        timeout: (timeoutInSeconds * 1.5 + 15) * 1e3
+        // Forcefully kill the process if the internal timeout mechanism fails.
+        // Use SIGKILL to ensure termination even if the process is unresponsive.
+        timeout: (timeoutInSeconds * 1.5 + 15) * 1e3,
+        killSignal: "SIGKILL"
       });
       logger.debug("Done running mambalade");
       const errors = stderr.split("\n").filter((line) => line.startsWith("ERROR:") && !/^ERROR: Excluded distribution/.test(line));
@@ -112420,23 +112428,22 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
       const experimentalUrlToReachability = transformVulnsToUrlToReachability(experimentalRes.augmentedVulnerabilities);
       const vulnUrlsWithPotentialRegressions = experimentalRes.augmentedVulnerabilities.filter((v) => previousAnalysisResults.reachabilityResults[v.url] && // If the vulnerability is new we do not have a previous reachability result
       getVulnReachability(v.results) !== previousAnalysisResults.reachabilityResults[v.url]).map((v) => v.url);
-      const bucketsToRecompute = experimentalRes.analysisMetadata.filter((am) => am.vulnUrls.some((v) => vulnUrlsWithPotentialRegressions.includes(v)));
-      const bucketsNotToRecompute = experimentalRes.analysisMetadata.filter((am) => !am.vulnUrls.some((v) => vulnUrlsWithPotentialRegressions.includes(v)));
-      bucketsToRecompute.forEach((b) => {
-        analysisMetadataCollector?.(Object.assign({}, b, { finalResult: false }));
-      });
-      bucketsNotToRecompute.forEach((b) => {
+      const [bucketsToRecompute, bucketsNotToRecompute] = import_lodash17.default.partition(experimentalRes.analysisMetadata, (am) => am.vulnUrls.some((v) => vulnUrlsWithPotentialRegressions.includes(v)));
+      for (const b of bucketsToRecompute)
+        analysisMetadataCollector?.({ ...b, finalResult: false });
+      for (const b of bucketsNotToRecompute)
         analysisMetadataCollector?.(b);
-      });
-      sendTimeRegressionsToDashboard(expHeuristicName, previousAnalysisResults.analysisMetadata, bucketsNotToRecompute);
+      await sendTimeRegressionsToDashboard(expHeuristicName, previousAnalysisResults.analysisMetadata, bucketsNotToRecompute);
       let resWithoutExperimentalHeuristic;
       if (bucketsToRecompute.length > 0) {
         resWithoutExperimentalHeuristic = await analyzeAndAugmentVulns(bucketsToRecompute.map((b) => ({
           heuristic: getHeuristicFromName(state, b.heuristicName, ecosystem),
           vulnerabilities: b.vulnUrls.map((vUrl) => vulnerabilities.find((v) => v.url === vUrl))
         })), analysisMetadataCollector, true);
-        sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute);
-        sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability);
+        await Promise.all([
+          sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute),
+          sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability)
+        ]);
       }
       const vulnsToGetFromExperimental = bucketsNotToRecompute.flatMap((b) => b.vulnUrls);
       return {
@@ -112610,52 +112617,51 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
       return false;
     return oldDiagnostics.timings?.totalTime * 1.3 < newDiagnostics.timings?.totalTime && oldDiagnostics.timings?.totalTime + 5e3 < newDiagnostics.timings?.totalTime;
   }
-  function sendTimeRegressionsToDashboard(experimentName, oldAnalysisMetadata, newAnalysisMetadata) {
+  async function sendTimeRegressionsToDashboard(experimentName, oldAnalysisMetadata, newAnalysisMetadata) {
     const regressions = [];
-    newAnalysisMetadata.forEach((newMd) => {
+    for (const newMd of newAnalysisMetadata) {
       const oldMd = oldAnalysisMetadata.find((oldMd2) => newMd.vulnUrls.some((vulnUrl) => oldMd2.vulnUrls.includes(vulnUrl)));
       if (!oldMd) {
-        sendWarningToDashboard("Could not find corresponding analysis metadata to compare time regressions with", {
+        await sendWarningToDashboard("Could not find corresponding analysis metadata to compare time regressions with", {
           subprojectPath: relative8(state.rootWorkingDir, state.subprojectDir) || ".",
           workspacePath: state.workspacePath
         }, void 0, COANA_REPORT_ID, apiKey);
-        return;
+        continue;
       }
-      if (!hasTimeRegression(oldMd.analysisDiagnostics, newMd.analysisDiagnostics))
-        return;
-      regressions.push({
-        type: "ANALYSIS_TIME",
-        heuristicName: oldMd.heuristicName,
-        experimentName,
-        vulnUrls: oldMd.vulnUrls,
-        analyzerName: codeAwareScanner.name,
-        originalResult: {
-          timedOut: oldMd.analysisDiagnostics.timeout,
-          aborted: oldMd.analysisDiagnostics.aborted,
-          totalTime: oldMd.analysisDiagnostics.timings.totalTime
-        },
-        experimentResult: {
-          timedOut: newMd.analysisDiagnostics.timeout,
-          aborted: newMd.analysisDiagnostics.aborted,
-          totalTime: newMd.analysisDiagnostics.timings.totalTime
-        }
-      });
-    });
+      if (hasTimeRegression(oldMd.analysisDiagnostics, newMd.analysisDiagnostics))
+        regressions.push({
+          type: "ANALYSIS_TIME",
+          heuristicName: oldMd.heuristicName,
+          experimentName,
+          vulnUrls: oldMd.vulnUrls,
+          analyzerName: codeAwareScanner.name,
+          originalResult: {
+            timedOut: oldMd.analysisDiagnostics.timeout,
+            aborted: oldMd.analysisDiagnostics.aborted,
+            totalTime: oldMd.analysisDiagnostics.timings.totalTime
+          },
+          experimentResult: {
+            timedOut: newMd.analysisDiagnostics.timeout,
+            aborted: newMd.analysisDiagnostics.aborted,
+            totalTime: newMd.analysisDiagnostics.timings.totalTime
+          }
+        });
+    }
     if (regressions.length === 0)
       return;
-    sendRegressionsToDashboard(regressions, relative8(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, COANA_REPORT_ID, apiKey);
+    await sendRegressionsToDashboard(regressions, relative8(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, COANA_REPORT_ID, apiKey);
   }
-  function sendReachabilityRegressionsToDashboard(heuristicName, experimentName, origRes, experimentRes) {
-    const regressions = Object.keys(origRes).filter((vulnUrl) => experimentRes[vulnUrl] && origRes[vulnUrl] !== experimentRes[vulnUrl]).map((vulnUrl) => ({
+  async function sendReachabilityRegressionsToDashboard(heuristicName, experimentName, origRes, experimentRes) {
+    const regressions = Object.entries(origRes).filter(([vulnUrl, oRes]) => experimentRes[vulnUrl] && oRes.reachability !== experimentRes[vulnUrl].reachability).map(([vulnUrl, originalResult]) => ({
       type: "REACHABILITY",
       heuristicName,
       experimentName,
       analyzerName: codeAwareScanner.name,
       vulnUrl,
-      originalResult: origRes[vulnUrl],
+      originalResult,
       experimentResult: experimentRes[vulnUrl]
     }));
-    sendRegressionsToDashboard(regressions, relative8(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, COANA_REPORT_ID, apiKey);
+    await sendRegressionsToDashboard(regressions, relative8(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, COANA_REPORT_ID, apiKey);
   }
 }
 function getHeuristicFromName(state, heuristicName, ecosystem) {
@@ -112738,7 +112744,10 @@ function findDuplicateVulnsInBuckets(bucketsFromLastAnalysis) {
   return duplicateUrls;
 }
 function transformVulnsToUrlToReachability(oldHeuristicAugmentedVulnerabilities) {
-  return Object.fromEntries(oldHeuristicAugmentedVulnerabilities.map((v) => [v.url, getVulnReachability(v.results)]));
+  return Object.fromEntries(oldHeuristicAugmentedVulnerabilities.map((v) => [
+    v.url,
+    { reachability: getVulnReachability(v.results), terminatedEarly: v.results.type === "success" && v.results.terminatedEarly }
+  ]));
 }
 
 // dist/analyzers/go-analyzer.js
@@ -116504,7 +116513,10 @@ var RubyCodeAwareVulnerabilityScanner = class {
         logger.info("Ruby analysis command:", cmd.join(" "));
       try {
         this.numberAnalysesRun++;
-        await exec2(cmd, this.projectDir, { timeout: (timeoutInSeconds * 1.5 + 10) * 1e3 });
+        await exec2(cmd, this.projectDir, {
+          timeout: (timeoutInSeconds * 1.5 + 10) * 1e3,
+          killSignal: "SIGKILL"
+        });
         const result = JSON.parse(await readFile12(vulnsOutputFile, "utf-8"));
         const relativeLoadPathsToPackageNames = new Map([...loadPathsToPackageNames.entries()].map(([k, v]) => [join17("vendor", relative9(this.vendorDir, k)), v]));
         const { timedOut, ...diagnostics } = JSON.parse(await readFile12(diagnosticsOutputFile, "utf-8"));