npm - @coana-tech/cli - Versions diffs - 14.12.208 → 14.12.210 - Mend

@coana-tech/cli 14.12.208 → 14.12.210

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/cli.mjs CHANGED Viewed

@@ -251742,7 +251742,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version3 = "14.12.208";
+var version3 = "14.12.210";
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.208",
+  "version": "14.12.210",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -110928,6 +110928,9 @@ function convertToArtifactForInstallation(dep) {
 }
 // dist/whole-program-code-aware-vulnerability-scanner/js/heuristics.js
+var largeIndirectionBoundOptions = {
+  maxIndirections: 1024
+};
 var lazyIndirectionBoundOptions = {
   maxIndirections: 5
 };
@@ -111863,7 +111866,9 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
           --reachable-json ${affectedPackagesFile}
           ${getExcludes(mainProjectRoot, projectRoot, reachabilityAnalysisOptions)}
           --diagnostics-json ${diagnosticsFile}
-          --max-indirections ${maxIndirections}
+          --max-indirections=${/* XXX: maxIndirections is tuned for --lazy mode, which SparJS doesn't support,
+       * so we use a value that's better for non-lazy analysis. */
+      maxIndirections ? largeIndirectionBoundOptions.maxIndirections : void 0}
           ${!!includePackages && (includePackages.length ? ["--include-packages", ...includePackages] : ["--ignore-dependencies"])}
           ${/* XXX: Requires Node 22+ */
       approx && "--approx"}
@@ -113914,8 +113919,8 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
     const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative9(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
     if (!bucketsFromLastAnalysisAndCliVersion)
       return void 0;
-    const { cliVersion: cliVersion2, buckets: bucketsFromLastAnalysis } = bucketsFromLastAnalysisAndCliVersion;
-    if (bucketsFromLastAnalysis.some((b) => b.heuristicName === heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3.name))
+    const { cliVersion: cliVersion2, buckets: rawBucketsFromLastAnalysis } = bucketsFromLastAnalysisAndCliVersion;
+    if (rawBucketsFromLastAnalysis.some((b) => b.heuristicName === heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3.name))
       return;
     try {
       if ((0, import_semver4.lt)(cliVersion2, CLI_VERSION_TO_USE_CACHING_FROM[ecosystem] ?? CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT))
@@ -113923,6 +113928,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
     } catch (e) {
       return void 0;
     }
+    const bucketsFromLastAnalysis = rawBucketsFromLastAnalysis.filter((b) => b.heuristicName !== "IMPORT_REACHABILITY");
     const duplicateUrls = findDuplicateVulnsInBuckets(bucketsFromLastAnalysis);
     if (duplicateUrls.length > 0) {
       sendWarningToDashboard(`Assertion error: Detected bucket(s) with non-unique vulnerability URLs. Non-unique URLs: ${duplicateUrls.join(" ")}.`, {

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/javap-service/javap-service.jar CHANGED Viewed

Binary file

package/repos/coana-tech/jelly-private/dist/bundle/jelly.js CHANGED Viewed

@@ -2166,6 +2166,10 @@ var require_telemetry_emitter = __commonJS({
     exports.telemetryEmitter = void 0;
     var fs_1 = __require("fs");
     var filePath = process.env.ANALYZER_TELEMETRY_FILE_PATH;
+    function enabled() {
+      return !!filePath;
+    }
+    __name(enabled, "enabled");
     function emit(eventType, data = {}) {
       if (!filePath)
         return;
@@ -2193,10 +2197,16 @@ var require_telemetry_emitter = __commonJS({
       emit("diagnostics", metadata);
     }
     __name(diagnostics, "diagnostics");
+    function graph(name, nodes) {
+      emit("graph", { name, nodes });
+    }
+    __name(graph, "graph");
     exports.telemetryEmitter = {
+      enabled,
       phaseStarted,
       phaseCompleted,
-      diagnostics
+      diagnostics,
+      graph
     };
   }
 });
@@ -2384,6 +2394,7 @@ var require_escaping = __commonJS({
     var accesspaths_1 = require_accesspaths();
     var ecmascript_1 = require_ecmascript();
     var options_1 = require_options();
+    var SKIP_RESOLVED_READS = false;
     function findEscapingObjects(ms, solver) {
       const a = solver.globalState;
       const f = solver.fragmentState;
@@ -2448,6 +2459,11 @@ var require_escaping = __commonJS({
           if (!(0, ecmascript_1.isInternalProperty)(p)) {
             const w = f.varProducer.objPropVar(t, p);
             addToWorklist(w);
+            if (SKIP_RESOLVED_READS) {
+              const readResult = f.varProducer.readResultVar(t, p);
+              if (f.processedReadResultVars.has(readResult) && f.getTokensSize(f.getRepresentative(readResult))[0] > 0)
+                continue;
+            }
             solver.addToken(theUnknownAccessPathToken, f.getRepresentative(w));
           }
       }
@@ -4208,15 +4224,14 @@ var require_analysisstatereporter = __commonJS({
           modules.push({ moduleName: dm.getOfficialName() });
         return modules;
       }
-      modulesToJSON() {
+      modulesToJSON(anonymize = false) {
         const modules = new Array();
         const ids = /* @__PURE__ */ new Map();
-        const mods = [];
+        let appIdx = 0;
         for (const m of this.f.a.moduleInfos.values()) {
           ids.set(m, ids.size);
-          mods.push(m);
           const s = {
-            name: m.toString(),
+            name: anonymize && !m.packageInfo.dir.includes("node_modules/") ? `app${appIdx++}` : m.toString(),
             dependencies: []
           };
           if (m.packageInfo.isEntry)
@@ -14028,6 +14043,7 @@ var require_main = __commonJS({
     var apiexported_1 = require_apiexported();
     var merge_1 = require_merge();
     var processmanager_1 = require_processmanager();
+    var telemetry_emitter_1 = require_telemetry_emitter();
     var assert_1 = __importDefault(__require("assert"));
     var semver_1 = __importDefault(require_semver2());
     var ENGINES_NODE = require_package()?.engines?.node;
@@ -14293,8 +14309,11 @@ Memory limit is ${(0, memory_1.getMemoryLimit)()}MB.${options_1.PKG ? "" : " Cha
             out.saveCallGraph(options_1.options.callgraphJson, files);
           if (options_1.options.diagnosticsJson)
             out.saveDiagnostics(solver.diagnostics, options_1.options.diagnosticsJson);
-          if (options_1.options.modulesOnly)
+          if (options_1.options.modulesOnly) {
             out.reportReachablePackagesAndModules();
+            if (telemetry_emitter_1.telemetryEmitter.enabled())
+              telemetry_emitter_1.telemetryEmitter.graph("modules", out.modulesToJSON(true));
+          }
           if (options_1.options.soundness)
             (0, compare_1.compareCallGraphs)(options_1.options.soundness, "<computed>", out.callGraphToJSON(files), false, options_1.options.reachability);
           if (tapirPatterns && patterns)