npm - @coana-tech/cli - Versions diffs - 14.12.152 → 14.12.154 - Mend

@coana-tech/cli 14.12.152 → 14.12.154

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/cli.mjs CHANGED Viewed

@@ -234634,6 +234634,7 @@ function isShortestPath(root3, vulnPath) {
 // ../web-compat-utils/src/analysis-error-keys.ts
 var CLI_ANALYSIS_ERROR_MESSAGE = "Sharing log due to analysis error";
+var ANALYSIS_LOW_CONFIDENCE_MESSAGE = "Analysis had low confidence in result";
 // ../web-compat-utils/src/pluralize.ts
 function pluralize(count, word) {
@@ -235720,6 +235721,10 @@ var ERROR_CATEGORY_MESSAGES = {
       "Check https://docs.socket.dev/docs/reachability-analysis#reachability-ecosystem-support for more details"
     ]
   },
+  lowConfidence: {
+    title,
+    details: [TIER2_FALLBACK_MESSAGE, "The analysis produced only a partial result, which is of insufficient quality to accurately determine the reachability of this advisory."]
+  },
   general: {
     title,
     details: [TIER2_FALLBACK_MESSAGE, "Check the logs for more details on the specific error"]
@@ -235781,7 +235786,9 @@ function displayWorkspaceDiagnosticsSummaryInternal(diagnosticsEntries, vulns) {
         failedToInstallPackages.add(packageInstallMatch[1]);
       }
       let category = "general";
-      if (errorMessageLower.includes("install") || errorMessageLower.includes("npm") || errorMessageLower.includes("pip") || errorMessageLower.includes("dependency")) {
+      if (errorMessageLower.includes(ANALYSIS_LOW_CONFIDENCE_MESSAGE.toLowerCase())) {
+        category = "lowConfidence";
+      } else if (errorMessageLower.includes("install") || errorMessageLower.includes("npm") || errorMessageLower.includes("pip") || errorMessageLower.includes("dependency")) {
         category = "install";
       } else if (errorMessageLower.includes("timeout") || errorMessageLower.includes("timed out")) {
         category = "timeout";
@@ -250895,7 +250902,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version3 = "14.12.152";
+var version3 = "14.12.154";
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
@@ -251167,6 +251174,15 @@ var CliCore = class {
       }
       this.sendProgress("RUN_ON_SUBPROJECT", false, this.rootWorkingDirectory);
     }
+    for (const vuln of vulnsWithResults) {
+      if (vuln.codeAwareScanResult.type === "success" && vuln.codeAwareScanResult.lowConfidence === true && vuln.codeAwareScanResult.detectedOccurrences?.stacks?.length === 0) {
+        vuln.codeAwareScanResult = {
+          type: "analysisError",
+          message: ANALYSIS_LOW_CONFIDENCE_MESSAGE
+        };
+        vuln.reachability = "UNKNOWN";
+      }
+    }
     displayResultsSummary(vulnsWithResults, allWorkspaceTimings);
     displayWorkspaceDiagnosticsSummary(allWorkspaceDiagnostics, vulnsWithResults);
     await this.shareLogIfAnalysisError(vulnsWithResults);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.152",
+  "version": "14.12.154",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -110825,7 +110825,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       }
     );
     if (reachabilityAnalysisOptions.printLogFile)
-      logger.info("JS analysis log file:", await readFile8(logFile, "utf-8"));
+      logger.info("JS analysis log file:", logFile);
     const analysisDiagnostics = JSON.parse(await readFile8(diagnosticsFile, "utf-8"));
     const callStacks = JSON.parse(await readFile8(callStackFile, "utf-8"));
     const matches = {};
@@ -110952,12 +110952,14 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
       analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
       const analysisRes = await runJellyAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
       const { analysisDiagnostics: diagnostics, matches } = analysisRes;
+      const lowConfidence = diagnostics.round < 2 && (diagnostics.timeout || diagnostics.aborted);
       return {
         type: "success",
         diagnostics,
         terminatedEarly: diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory,
         reachedDependencies: diagnostics.packages > 0,
         affectedPurls: analysisRes.affectedPurls,
+        lowConfidence,
         computeDetectedOccurrences: ({ url: url2 }) => this.transformSourceLocations(matches[url2] ?? { analysisLevel: "function-level", affectedPackages: [], stacks: [] })
       };
     } catch (e) {
@@ -113078,7 +113080,8 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
       terminatedEarly: result.terminatedEarly,
       heuristicName: heuristic.name,
       affectedPurls: result.affectedPurls,
-      detectedOccurrences
+      detectedOccurrences,
+      lowConfidence: result.lowConfidence
     };
   }
   logger.debug("Done augmenting with detected occurrences");

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/javap-service/javap-service.jar CHANGED Viewed

Binary file

package/repos/coana-tech/jelly-private/dist/bundle/jelly.js CHANGED Viewed

@@ -108,6 +108,10 @@ var require_worklist = __commonJS({
       }
       first;
       last;
+      _size = 0;
+      get size() {
+        return this._size;
+      }
       enqueue(v) {
         const n = new Node(v);
         if (this.last)
@@ -115,6 +119,7 @@ var require_worklist = __commonJS({
         else
           this.first = n;
         this.last = n;
+        this._size++;
       }
       *[Symbol.iterator]() {
         while (this.first) {
@@ -122,6 +127,7 @@ var require_worklist = __commonJS({
           this.first = c.next;
           if (this.first === void 0)
             this.last = void 0;
+          this._size--;
           yield c.value;
         }
       }
@@ -2639,6 +2645,9 @@ var require_solver = __commonJS({
           unprocessedListeners2: f.postponedListenerCalls2.length,
           packages: a.packageInfos.size,
           modules: a.moduleInfos.size,
+          modulesFull: d.modulesFull,
+          pendingFiles: a.pendingFiles.size,
+          pendingModulesFull: a.pendingModulesFull.size,
           functions: a.functionInfos.size,
           uniqueTokens: a.canonicalTokens.size
         });