@coana-tech/cli 14.12.135 → 14.12.137

package/cli.mjs

@@ -200720,12 +200720,12 @@ var require_file_upload = __commonJS({
     function getAllFileUploadsToComplete(fileUploads) {
       const toComplete = {};
       fileUploads.forEach((upload) => {
-        const { channel_id, thread_ts, initial_comment, file_id, title } = upload;
+        const { channel_id, thread_ts, initial_comment, file_id, title: title2 } = upload;
         if (file_id) {
           const compareString = `:::${channel_id}:::${thread_ts}:::${initial_comment}`;
           if (!Object.prototype.hasOwnProperty.call(toComplete, compareString)) {
             toComplete[compareString] = {
-              files: [{ id: file_id, title }],
+              files: [{ id: file_id, title: title2 }],
               channel_id,
               initial_comment,
               thread_ts
@@ -200733,7 +200733,7 @@ var require_file_upload = __commonJS({
           } else {
             toComplete[compareString].files.push({
               id: file_id,
-              title
+              title: title2
             });
           }
         } else {
@@ -236363,6 +236363,455 @@ function toSocketReachabilitySchema(vulnerability) {
   throw new Error("Unknown codeAwareScanResult type");
 }
 
+// dist/results-summary-display.js
+var TABLE_WIDTH = 132;
+var SEPARATOR_CHAR = "\u2550";
+var TIER2_FALLBACK_MESSAGE = "Reachability falls back to Tier 2 (precomputed) results for affected vulnerabilities";
+var SEPARATOR = SEPARATOR_CHAR.repeat(TABLE_WIDTH);
+function displayResultsSummary(vulns, workspaceTimings) {
+  try {
+    displayResultsSummaryInternal(vulns, workspaceTimings);
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    logger.warn(`Unable to compute results summary. Failed with error: ${errorMessage}`);
+  }
+}
+function displayResultsSummaryInternal(vulns, workspaceTimings) {
+  const ecosystemToWorkspaceToVulnResults = /* @__PURE__ */ new Map();
+  const getResultPriority = (reachability, resultType) => {
+    if (resultType === "analysisError")
+      return 3;
+    if (reachability === "REACHABLE")
+      return 2;
+    if (reachability === "UNREACHABLE")
+      return 1;
+    return 0;
+  };
+  for (const vuln of vulns) {
+    const ecosystem = vuln.ecosystem;
+    const workspace = vuln.subprojectPath === "." && vuln.workspacePath !== "." ? vuln.workspacePath : vuln.subprojectPath;
+    const resultType = vuln.codeAwareScanResult.type;
+    const reachability = vuln.reachability;
+    const vulnUrl = vuln.vulnerabilityUrl;
+    if (!ecosystemToWorkspaceToVulnResults.has(ecosystem)) {
+      ecosystemToWorkspaceToVulnResults.set(ecosystem, /* @__PURE__ */ new Map());
+    }
+    const workspaceMap = ecosystemToWorkspaceToVulnResults.get(ecosystem);
+    if (!workspaceMap.has(workspace)) {
+      workspaceMap.set(workspace, /* @__PURE__ */ new Map());
+    }
+    const vulnResultsMap = workspaceMap.get(workspace);
+    const existingResult = vulnResultsMap.get(vulnUrl);
+    const newPriority = getResultPriority(reachability, resultType);
+    if (!existingResult || newPriority > getResultPriority(existingResult.reachability, existingResult.resultType)) {
+      vulnResultsMap.set(vulnUrl, { reachability, resultType });
+    }
+  }
+  const ecosystemToWorkspaceStats = /* @__PURE__ */ new Map();
+  for (const [ecosystem, workspaceMap] of ecosystemToWorkspaceToVulnResults) {
+    const workspaceStatsMap = /* @__PURE__ */ new Map();
+    ecosystemToWorkspaceStats.set(ecosystem, workspaceStatsMap);
+    for (const [workspace, vulnResultsMap] of workspaceMap) {
+      const stats = {
+        vulnerabilities: 0,
+        reachable: 0,
+        unreachable: 0,
+        missingPattern: 0,
+        noAnalysisCheck: 0,
+        unknownFiltered: 0,
+        analysisError: 0,
+        resultTypes: /* @__PURE__ */ new Map()
+      };
+      workspaceStatsMap.set(workspace, stats);
+      for (const [, { reachability, resultType }] of vulnResultsMap) {
+        stats.vulnerabilities++;
+        if (reachability === "REACHABLE") {
+          stats.reachable++;
+        } else if (reachability === "UNREACHABLE") {
+          stats.unreachable++;
+        } else {
+          if (resultType === "missingVulnerabilityPattern") {
+            stats.missingPattern++;
+          } else if (resultType === "noAnalysisCheck") {
+            stats.noAnalysisCheck++;
+          } else if (resultType === "unknown") {
+            stats.unknownFiltered++;
+          } else if (resultType === "analysisError") {
+            stats.analysisError++;
+          }
+        }
+        stats.resultTypes.set(resultType, (stats.resultTypes.get(resultType) ?? 0) + 1);
+      }
+    }
+  }
+  if (ecosystemToWorkspaceStats.size === 0) {
+    return;
+  }
+  const output = [];
+  output.push("");
+  output.push(SEPARATOR);
+  output.push(bold("                                            REACHABILITY ANALYSIS RESULTS                                             "));
+  output.push(SEPARATOR);
+  const sortedEcosystems = Array.from(ecosystemToWorkspaceStats.keys()).sort();
+  for (const ecosystem of sortedEcosystems) {
+    const workspaceStatsMap = ecosystemToWorkspaceStats.get(ecosystem);
+    const socketPurlType = getPurlType(ecosystem);
+    output.push("");
+    output.push(bold(`${socketPurlType}:`));
+    output.push("");
+    const colWidths = {
+      workspace: 40,
+      vulns: 6,
+      reachable: 5,
+      unreachable: 7,
+      missingPat: 6,
+      noCheck: 8,
+      filtered: 8,
+      error: 6,
+      noiseRed: 7,
+      time: 10
+    };
+    const header = `  ${"Project".padEnd(colWidths.workspace)} \u2502 ${"Vulns".padStart(colWidths.vulns)} \u2502 ${"Reach".padStart(colWidths.reachable)} \u2502 ${"Unreach".padStart(colWidths.unreachable)} \u2502 ${"NoSup".padStart(colWidths.missingPat)} \u2502 ${"NoReach".padStart(colWidths.noCheck)} \u2502 ${"Skipped".padStart(colWidths.filtered)} \u2502 ` + kleur_default.red("Error".padStart(colWidths.error)) + ` \u2502 ${"Noise%".padStart(colWidths.noiseRed)} \u2502 ${"Time".padStart(colWidths.time)}`;
+    const rowSeparator = `  ${"\u2500".repeat(colWidths.workspace)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.vulns)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.reachable)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.unreachable)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.missingPat)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.noCheck)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.filtered)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.error)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.noiseRed)}\u2500\u253C\u2500${"\u2500".repeat(colWidths.time)}`;
+    output.push(bold(header));
+    output.push(rowSeparator);
+    const sortedWorkspaces = Array.from(workspaceStatsMap.keys()).sort();
+    for (const workspace of sortedWorkspaces) {
+      const stats = workspaceStatsMap.get(workspace);
+      const noiseReduction = stats.vulnerabilities > 0 ? Math.round(stats.unreachable / stats.vulnerabilities * 100) : 0;
+      let workspaceDisplay;
+      const displayWorkspace = workspace === "." ? ". (root project)" : workspace;
+      if (displayWorkspace.length > colWidths.workspace) {
+        const ellipsis = "...";
+        const availableChars = colWidths.workspace - ellipsis.length;
+        const startChars = Math.ceil(availableChars / 2);
+        const endChars = Math.floor(availableChars / 2);
+        workspaceDisplay = displayWorkspace.slice(0, startChars) + ellipsis + displayWorkspace.slice(-endChars);
+      } else {
+        workspaceDisplay = displayWorkspace.padEnd(colWidths.workspace);
+      }
+      let noiseRedStr = `${noiseReduction}%`.padStart(colWidths.noiseRed);
+      if (noiseReduction >= 50) {
+        noiseRedStr = kleur_default.green(noiseRedStr);
+      } else if (noiseReduction > 0) {
+        noiseRedStr = kleur_default.yellow(noiseRedStr);
+      }
+      const reachableStr = stats.reachable > 0 ? kleur_default.red(String(stats.reachable).padStart(colWidths.reachable)) : String(stats.reachable).padStart(colWidths.reachable);
+      const unreachableStr = stats.unreachable > 0 ? kleur_default.green(String(stats.unreachable).padStart(colWidths.unreachable)) : String(stats.unreachable).padStart(colWidths.unreachable);
+      const missingPatStr = stats.missingPattern > 0 ? kleur_default.yellow(String(stats.missingPattern).padStart(colWidths.missingPat)) : String(stats.missingPattern).padStart(colWidths.missingPat);
+      const noCheckStr = stats.noAnalysisCheck > 0 ? kleur_default.yellow(String(stats.noAnalysisCheck).padStart(colWidths.noCheck)) : String(stats.noAnalysisCheck).padStart(colWidths.noCheck);
+      const filteredStr = stats.unknownFiltered > 0 ? kleur_default.yellow(String(stats.unknownFiltered).padStart(colWidths.filtered)) : String(stats.unknownFiltered).padStart(colWidths.filtered);
+      const errorStr = stats.analysisError > 0 ? kleur_default.bgRed().white().bold(` ${stats.analysisError} `) + " ".repeat(Math.max(0, colWidths.error - String(stats.analysisError).length - 2)) : String(stats.analysisError).padStart(colWidths.error);
+      const timingKey = `${ecosystem}:${workspace}`;
+      const timingMs = workspaceTimings?.get(timingKey);
+      let timeStr;
+      if (timingMs !== void 0) {
+        if (timingMs >= 6e4) {
+          const mins = Math.floor(timingMs / 6e4);
+          const secs = Math.round(timingMs % 6e4 / 1e3);
+          timeStr = `${mins}m${secs}s`.padStart(colWidths.time);
+        } else if (timingMs >= 1e3) {
+          timeStr = `${(timingMs / 1e3).toFixed(1)}s`.padStart(colWidths.time);
+        } else {
+          timeStr = `${timingMs}ms`.padStart(colWidths.time);
+        }
+      } else {
+        timeStr = "-".padStart(colWidths.time);
+      }
+      const row = `  ${workspaceDisplay} \u2502 ${String(stats.vulnerabilities).padStart(colWidths.vulns)} \u2502 ${reachableStr} \u2502 ${unreachableStr} \u2502 ${missingPatStr} \u2502 ${noCheckStr} \u2502 ${filteredStr} \u2502 ${errorStr} \u2502 ${noiseRedStr} \u2502 ${timeStr}`;
+      output.push(row);
+    }
+  }
+  output.push("");
+  output.push(kleur_default.gray("  Legend: Vulns=Vulnerabilities, Reach=Reachable, Unreach=Unreachable, NoSup=No reachability support yet,"));
+  output.push(kleur_default.gray("          NoReach=Reachability analysis not possible, Skipped=Filtered through options, Error=Analysis error, Noise%=Noise reduction"));
+  output.push("");
+  output.push(SEPARATOR);
+  logger.info(output.join("\n"));
+}
+var title = "An error occurred during the reachability analysis";
+var ERROR_CATEGORY_MESSAGES = {
+  install: {
+    title,
+    details: [
+      TIER2_FALLBACK_MESSAGE,
+      "This problem can be fixed by pre-installing dependencies before running the analysis"
+    ]
+  },
+  timeout: {
+    title,
+    details: [
+      TIER2_FALLBACK_MESSAGE,
+      "Consider increasing analysis timeout",
+      "Large projects may require more resources"
+    ]
+  },
+  memory: {
+    title,
+    details: [TIER2_FALLBACK_MESSAGE, "Consider increasing memory limit", "Large projects may require more resources"]
+  },
+  parse: {
+    title,
+    details: [
+      TIER2_FALLBACK_MESSAGE,
+      "Make sure none of the project source files contain syntax errors",
+      "Make sure the analyzed languages are supported by Socket",
+      "Check https://docs.socket.dev/docs/reachability-analysis#reachability-ecosystem-support for more details"
+    ]
+  },
+  general: {
+    title,
+    details: [TIER2_FALLBACK_MESSAGE, "Check the logs for more details on the specific error"]
+  }
+};
+var MAX_PACKAGES_TO_DISPLAY = 5;
+function displayWorkspaceDiagnosticsSummary(diagnosticsEntries, vulns) {
+  try {
+    displayWorkspaceDiagnosticsSummaryInternal(diagnosticsEntries, vulns);
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    logger.warn(`Unable to compute diagnostics summary. Failed with error: ${errorMessage}`);
+  }
+}
+function displayWorkspaceDiagnosticsSummaryInternal(diagnosticsEntries, vulns) {
+  const warnings = [];
+  const infos = [];
+  const typeToEntry = /* @__PURE__ */ new Map();
+  for (const entry of diagnosticsEntries) {
+    for (const warning of entry.diagnostics.warnings) {
+      const existing = typeToEntry.get(warning.type);
+      const workspaceLabel = `${entry.subprojectPath} (${entry.purl_type})`;
+      if (existing) {
+        existing.workspaces.push(workspaceLabel);
+      } else {
+        const isNoSourceFilesError = warning.message.toLowerCase().includes("no source files") || warning.type.toLowerCase().includes("nosource");
+        const severity = isNoSourceFilesError ? "error" : warning.severity === "warning" ? "warning" : "info";
+        const newEntry = {
+          message: warning.message,
+          workspaces: [workspaceLabel],
+          severity,
+          errorCategory: isNoSourceFilesError ? "NO SOURCE FILES" : void 0,
+          details: isNoSourceFilesError ? [
+            "Make sure to run the Tier 1 analysis in a folder that also contain the project source files for it to work properly"
+          ] : void 0
+        };
+        typeToEntry.set(warning.type, newEntry);
+        if (severity === "error" || severity === "warning") {
+          warnings.push(newEntry);
+        } else {
+          infos.push(newEntry);
+        }
+      }
+    }
+  }
+  const workspacesWithAnalysisErrors = /* @__PURE__ */ new Map();
+  const analysisErrorMessages = /* @__PURE__ */ new Map();
+  const failedToInstallPackages = /* @__PURE__ */ new Set();
+  const categoryVulnCounts = /* @__PURE__ */ new Map();
+  const workspaceVulnCounts = /* @__PURE__ */ new Map();
+  for (const vuln of vulns) {
+    if (vuln.codeAwareScanResult.type === "analysisError") {
+      const socketPurlType = getPurlType(vuln.ecosystem);
+      const workspaceLabel = `${vuln.subprojectPath} (${socketPurlType})`;
+      const errorMessage = vuln.codeAwareScanResult.message ?? "";
+      const errorMessageLower = errorMessage.toLowerCase();
+      const packageInstallMatch = errorMessage.match(/\[UNABLE_TO_INSTALL_PACKAGE_ERROR\]: ([^\n]{1,500})/);
+      if (packageInstallMatch) {
+        failedToInstallPackages.add(packageInstallMatch[1]);
+      }
+      let category = "general";
+      if (errorMessageLower.includes("install") || errorMessageLower.includes("npm") || errorMessageLower.includes("pip") || errorMessageLower.includes("dependency")) {
+        category = "install";
+      } else if (errorMessageLower.includes("timeout") || errorMessageLower.includes("timed out")) {
+        category = "timeout";
+      } else if (errorMessageLower.includes("memory") || errorMessageLower.includes("oom")) {
+        category = "memory";
+      } else if (errorMessageLower.includes("parse") || errorMessageLower.includes("syntax")) {
+        category = "parse";
+      }
+      if (!workspacesWithAnalysisErrors.has(category)) {
+        workspacesWithAnalysisErrors.set(category, /* @__PURE__ */ new Set());
+      }
+      workspacesWithAnalysisErrors.get(category).add(workspaceLabel);
+      categoryVulnCounts.set(category, (categoryVulnCounts.get(category) ?? 0) + 1);
+      if (!workspaceVulnCounts.has(category)) {
+        workspaceVulnCounts.set(category, /* @__PURE__ */ new Map());
+      }
+      const wsCountsForCategory = workspaceVulnCounts.get(category);
+      wsCountsForCategory.set(workspaceLabel, (wsCountsForCategory.get(workspaceLabel) ?? 0) + 1);
+      if (!analysisErrorMessages.has(workspaceLabel)) {
+        analysisErrorMessages.set(workspaceLabel, []);
+      }
+      const messages = analysisErrorMessages.get(workspaceLabel);
+      if (vuln.codeAwareScanResult.message && !messages.includes(vuln.codeAwareScanResult.message)) {
+        messages.push(vuln.codeAwareScanResult.message);
+      }
+    }
+  }
+  for (const [category, workspaces] of workspacesWithAnalysisErrors) {
+    const categoryInfo = ERROR_CATEGORY_MESSAGES[category] ?? ERROR_CATEGORY_MESSAGES.general;
+    let details = [...categoryInfo.details];
+    if (category === "install" && failedToInstallPackages.size > 0) {
+      const packageList = Array.from(failedToInstallPackages).sort();
+      if (packageList.length <= MAX_PACKAGES_TO_DISPLAY) {
+        details = [`Unable to install packages: ${packageList.join(", ")}`, ...details];
+      } else {
+        details = [
+          `Unable to install packages: ${packageList.slice(0, MAX_PACKAGES_TO_DISPLAY).join(", ")} and ${packageList.length - MAX_PACKAGES_TO_DISPLAY} more`,
+          ...details
+        ];
+      }
+    }
+    const totalCount = categoryVulnCounts.get(category) ?? 0;
+    const analysisErrorEntry = {
+      message: categoryInfo.title,
+      workspaces: Array.from(workspaces).sort(),
+      workspaceVulnCounts: workspaceVulnCounts.get(category),
+      totalVulnCount: totalCount,
+      severity: "error",
+      errorCategory: category.toUpperCase(),
+      details
+    };
+    typeToEntry.set(`analysisError_${category}`, analysisErrorEntry);
+    warnings.push(analysisErrorEntry);
+  }
+  if (warnings.length === 0 && infos.length === 0) {
+    return;
+  }
+  const totalWorkspacesPerEcosystem = /* @__PURE__ */ new Map();
+  for (const entry of diagnosticsEntries) {
+    totalWorkspacesPerEcosystem.set(entry.purl_type, (totalWorkspacesPerEcosystem.get(entry.purl_type) ?? 0) + 1);
+  }
+  const formatDetailLine = (detail) => {
+    if (detail.startsWith("This problem can be fixed")) {
+      return kleur_default.green(`    \u2192 ${detail}`);
+    }
+    if (detail.includes("Tier 2") || detail.includes("precomputed")) {
+      return kleur_default.dim(`    \u2022 ${detail}`);
+    }
+    if (detail.startsWith("Unable to install packages:")) {
+      const prefix = "Unable to install packages: ";
+      const packagesStr = detail.slice(prefix.length);
+      return `    \u2022 ${prefix}${bold(packagesStr)}`;
+    }
+    return `    \u2022 ${detail}`;
+  };
+  const buildWorkspaceLines = (workspaces, workspaceVulnCounts2) => {
+    const lines = [];
+    if (workspaces.length === 0) {
+      return lines;
+    }
+    const ecosystemToWorkspaces = /* @__PURE__ */ new Map();
+    for (const workspaceLabel of workspaces) {
+      const match2 = workspaceLabel.match(/^(.+) \(([^)]+)\)$/);
+      if (match2) {
+        const [, workspace, ecosystem] = match2;
+        if (!ecosystemToWorkspaces.has(ecosystem)) {
+          ecosystemToWorkspaces.set(ecosystem, []);
+        }
+        ecosystemToWorkspaces.get(ecosystem).push(workspace);
+      } else {
+        if (!ecosystemToWorkspaces.has("unknown")) {
+          ecosystemToWorkspaces.set("unknown", []);
+        }
+        ecosystemToWorkspaces.get("unknown").push(workspaceLabel);
+      }
+    }
+    const sortedEcosystems = Array.from(ecosystemToWorkspaces.keys()).sort();
+    for (const ecosystem of sortedEcosystems) {
+      const wsForEcosystem = ecosystemToWorkspaces.get(ecosystem);
+      const totalForEcosystem = totalWorkspacesPerEcosystem.get(ecosystem) ?? 0;
+      lines.push(`    ${ecosystem}:`);
+      if (wsForEcosystem.length === totalForEcosystem && totalForEcosystem > 1) {
+        lines.push(`      each of the ${totalForEcosystem} projects`);
+      } else {
+        for (const ws of wsForEcosystem.sort()) {
+          const workspaceLabel = `${ws} (${ecosystem})`;
+          const count = workspaceVulnCounts2?.get(workspaceLabel);
+          const displayName = ws === "." ? ". (root project)" : ws;
+          if (count !== void 0) {
+            const vulnText = count === 1 ? "vulnerability" : "vulnerabilities";
+            lines.push(`      ${displayName} (${count} ${vulnText})`);
+          } else {
+            lines.push(`      ${displayName}`);
+          }
+        }
+      }
+    }
+    return lines;
+  };
+  const output = [];
+  output.push("");
+  const hasErrors = warnings.some((w) => w.severity === "error");
+  if (warnings.length > 0) {
+    if (hasErrors) {
+      const bannerWidth = TABLE_WIDTH;
+      const bannerLine = "\u2588".repeat(bannerWidth);
+      const emptyLine = "\u2588" + " ".repeat(bannerWidth - 2) + "\u2588";
+      const titleText = "\u26A0  REACHABILITY ANALYSIS WARNINGS AND ERRORS  \u26A0";
+      const titlePadding = Math.floor((bannerWidth - titleText.length - 2) / 2);
+      const titleLine = "\u2588" + " ".repeat(titlePadding) + titleText + " ".repeat(bannerWidth - titlePadding - titleText.length - 2) + "\u2588";
+      output.push(kleur_default.bgRed().white(bannerLine));
+      output.push(kleur_default.bgRed().white(emptyLine));
+      output.push(kleur_default.bgRed().white().bold(titleLine));
+      output.push(kleur_default.bgRed().white(emptyLine));
+      output.push(kleur_default.bgRed().white(bannerLine));
+    } else {
+      output.push(SEPARATOR);
+      output.push(bold("                                             REACHABILITY ANALYSIS WARNINGS AND ERRORS                                             "));
+      output.push(SEPARATOR);
+    }
+    for (const { message: message2, workspaces, workspaceVulnCounts: wsCounts, totalVulnCount, details, severity, errorCategory } of warnings) {
+      output.push("");
+      const displayMessage = message2.endsWith(".") ? message2.slice(0, -1) : message2;
+      const projectsText = `${workspaces.length} project${workspaces.length === 1 ? "" : "s"}`;
+      const vulnsText = totalVulnCount ? ` / ${totalVulnCount} vulnerabilit${totalVulnCount === 1 ? "y" : "ies"}` : "";
+      if (severity === "error") {
+        const categoryLabel = errorCategory ? `${errorCategory} ERROR` : "ERROR";
+        output.push(kleur_default.bgRed().white().bold(` \u2716 ${categoryLabel} `) + `  ${displayMessage}. Affecting ${bold(`${projectsText}${vulnsText}`)}:`);
+      } else {
+        output.push(kleur_default.yellow("\u26A0") + ` ${displayMessage} of ${bold(`${projectsText}${vulnsText}`)}:`);
+      }
+      output.push(...buildWorkspaceLines(workspaces, wsCounts));
+      if (details && details.length > 0) {
+        output.push(bold("  Details:"));
+        for (const detail of details) {
+          output.push(formatDetailLine(detail));
+        }
+      }
+    }
+    output.push("");
+    if (hasErrors) {
+      const bannerLine = "\u2588".repeat(TABLE_WIDTH);
+      output.push(kleur_default.bgRed().white(bannerLine));
+    } else {
+      output.push(SEPARATOR);
+    }
+    output.push("");
+  }
+  if (infos.length > 0) {
+    output.push(SEPARATOR);
+    output.push(bold("                                               REACHABILITY ANALYSIS INFO                                               "));
+    output.push(SEPARATOR);
+    for (const { message: message2, workspaces, details } of infos) {
+      output.push("");
+      const displayMessage = message2.endsWith(".") ? message2.slice(0, -1) : message2;
+      output.push(kleur_default.cyan("\u2139") + ` ${displayMessage}:`);
+      output.push(...buildWorkspaceLines(workspaces));
+      if (details && details.length > 0) {
+        output.push("");
+        for (const detail of details) {
+          output.push(`  ${detail}`);
+        }
+      }
+    }
+    output.push("");
+    output.push(SEPARATOR);
+    output.push("");
+  }
+  logger.info(output.join("\n"));
+}
+
 // dist/internal/socket-report-socket-dependency-tree.js
 function toSocketFactsSocketDependencyTree(artifacts, vulnerabilities, tier1ReachabilityScanId, workspaceDiagnostics) {
   const artifactIdToArtifact = Object.fromEntries(artifacts.map((artifact) => [artifact.id, artifact]));
@@ -251285,7 +251734,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.135";
+var version3 = "14.12.137";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
@@ -251515,6 +251964,7 @@ var CliCore = class {
     });
     const vulnsWithResults = [];
     const allWorkspaceDiagnostics = [];
+    const allWorkspaceTimings = /* @__PURE__ */ new Map();
     const allEcosystems = Object.entries(ecosystemToWorkspaceToAnalysisData);
     const totalEcosystems = allEcosystems.length;
     let currentOverallWorkspace = 0;
@@ -251524,7 +251974,7 @@ var CliCore = class {
       if (!isEcosystemToAnalyze) {
         logger.info(`Skipping reachability analysis for ecosystem ${getPurlType(ecosystem)} since it is not included in the list of ecosystems to analyze.`);
       }
-      const { vulnerabilities, diagnostics } = await this.runReachabilityAnalysisForWorkspaces(
+      const { vulnerabilities, diagnostics, timings } = await this.runReachabilityAnalysisForWorkspaces(
         workspaceToAnalysisData,
         ecosystemToWorkspaceToVulnerabilities[ecosystem] ?? {},
         {},
@@ -251547,72 +251997,20 @@ var CliCore = class {
           purl_type: getPurlType(ecosystem),
           diagnostics: workspaceDiagnostics
         });
+        if (timings[workspacePath] !== void 0) {
+          allWorkspaceTimings.set(`${ecosystem}:${workspacePath}`, timings[workspacePath]);
+        }
       }
       this.sendProgress("RUN_ON_SUBPROJECT", false, this.rootWorkingDirectory);
     }
-    this.displayWorkspaceDiagnosticsSummary(allWorkspaceDiagnostics);
+    displayResultsSummary(vulnsWithResults, allWorkspaceTimings);
+    displayWorkspaceDiagnosticsSummary(allWorkspaceDiagnostics, vulnsWithResults);
     await this.shareLogIfAnalysisError(vulnsWithResults);
     const socketReport = toSocketFactsSocketDependencyTree(artifacts, vulnsWithResults, this.reportId, allWorkspaceDiagnostics);
     const outputFile = resolve43(this.options.socketMode);
     await writeFile13(outputFile, JSON.stringify(socketReport, null, 2));
     logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
   }
-  displayWorkspaceDiagnosticsSummary(diagnosticsEntries) {
-    const warnings = [];
-    const infos = [];
-    const typeToEntry = /* @__PURE__ */ new Map();
-    for (const entry of diagnosticsEntries) {
-      for (const warning of entry.diagnostics.warnings) {
-        const existing = typeToEntry.get(warning.type);
-        const workspaceLabel = `${entry.subprojectPath} (${entry.purl_type})`;
-        if (existing) {
-          existing.workspaces.push(workspaceLabel);
-        } else {
-          const newEntry = { message: warning.message, workspaces: [workspaceLabel], severity: warning.severity };
-          typeToEntry.set(warning.type, newEntry);
-          if (warning.severity === "warning") {
-            warnings.push(newEntry);
-          } else {
-            infos.push(newEntry);
-          }
-        }
-      }
-    }
-    if (warnings.length === 0 && infos.length === 0) {
-      return;
-    }
-    logger.info("");
-    if (warnings.length > 0) {
-      logger.info(bold(kleur_default.red("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      logger.info(bold(kleur_default.red("                    REACHABILITY ANALYSIS WARNINGS                  ")));
-      logger.info(bold(kleur_default.red("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      for (const { message: message2, workspaces } of warnings) {
-        logger.info("");
-        logger.info(kleur_default.red(`\u26A0 ${message2}:`));
-        for (const workspace of workspaces) {
-          logger.info(kleur_default.red(`    ${workspace}`));
-        }
-      }
-      logger.info("");
-      logger.info(bold(kleur_default.red("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      logger.info("");
-    }
-    if (infos.length > 0) {
-      logger.info(bold(kleur_default.cyan("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      logger.info(bold(kleur_default.cyan("                    REACHABILITY ANALYSIS INFO                      ")));
-      logger.info(bold(kleur_default.cyan("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      for (const { message: message2, workspaces } of infos) {
-        logger.info("");
-        logger.info(kleur_default.cyan(`\u2139 ${message2}:`));
-        for (const workspace of workspaces) {
-          logger.info(kleur_default.cyan(`    ${workspace}`));
-        }
-      }
-      logger.info("");
-      logger.info(bold(kleur_default.cyan("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550")));
-      logger.info("");
-    }
-  }
   async shareLogIfAnalysisError(vulns) {
     if (this.dashboardAPI.disableAnalyticsSharing) {
       return;
@@ -251874,8 +252272,10 @@ Subproject: ${subproject}`);
         npmProjectDirPool = new ProjectDirPool(subprojectPath, copies);
       }
     }
+    const workspaceTimings = {};
     try {
       const workspaceToAugmentedVulnerabilities = Object.fromEntries(await asyncMap(workspaces, async (workspacePath, index2) => {
+        const startTime = Date.now();
         analysisStarting?.(workspacePath, index2 + 1, totalWorkspaces);
         const vulnerabilities2 = workspaceToVulnerabilities[workspacePath] ?? [];
         const workspacePrefix = shouldIncludeWorkspaceInLogs ? `[${workspacePath}] ` : "";
@@ -251974,6 +252374,8 @@ Subproject: ${subproject}`);
               }
             }
           ];
+        } finally {
+          workspaceTimings[workspacePath] = Date.now() - startTime;
         }
       }, concurrency));
       const successfulWorkspaceToResults = Object.fromEntries(Object.entries(workspaceToAugmentedVulnerabilities).filter(([_, vulns]) => vulns !== void 0));
@@ -251983,7 +252385,7 @@ Subproject: ${subproject}`);
       }
       const vulnerabilities = mapValues(successfulWorkspaceToAugmentedVulnerabilities, (augmentedVulnerabilities, workspacePath) => this.transformToReportVulnerabilities(augmentedVulnerabilities, workspaceToDirectDependencies[workspacePath] ?? {}, subprojectPath, workspacePath, this.rootWorkingDirectory));
       const diagnostics = mapValues(successfulWorkspaceToResults, (result) => result.diagnostics);
-      return { vulnerabilities, diagnostics };
+      return { vulnerabilities, diagnostics, timings: workspaceTimings };
     } finally {
       await npmProjectDirPool?.cleanup();
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.135",
+  "version": "14.12.137",
   "description": "Coana CLI",
   "type": "module",
   "bin": {