@coana-tech/cli 14.12.218 → 14.12.220

package/cli.mjs

@@ -205673,6 +205673,11 @@ async function getFilesRelative(dir, excludeDirs) {
         if (!excludeDirs?.includes(item.name)) await helper(itemPath, arrayOfFiles);
       } else if (item.isFile()) {
         arrayOfFiles.push(itemPath);
+      } else if (item.isSymbolicLink()) {
+        try {
+          if ((await stat(join3(dir, itemPath))).isFile()) arrayOfFiles.push(itemPath);
+        } catch {
+        }
       }
     }
     return arrayOfFiles;
@@ -251831,7 +251836,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.218";
+var version3 = "14.12.220";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.218",
+  "version": "14.12.220",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -81412,6 +81412,11 @@ async function getFiles(dir, excludeDirs) {
         if (!excludeDirs?.includes(item.name)) await helper(itemPath, arrayOfFiles);
       } else if (item.isFile()) {
         arrayOfFiles.push(itemPath);
+      } else if (item.isSymbolicLink()) {
+        try {
+          if ((await stat(itemPath)).isFile()) arrayOfFiles.push(itemPath);
+        } catch {
+        }
       }
     }
     return arrayOfFiles;
@@ -113912,9 +113917,22 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
           heuristic: getHeuristicFromName(state, b.heuristicName, ecosystem),
           vulnerabilities: b.vulnUrls.map((vUrl) => vulnerabilities.find((v) => v.url === vUrl))
         })), analysisMetadataCollector, true);
+        const originalUrlToReachability = transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities);
+        if (expHeuristicName === "SPARJS_EXPERIMENT") {
+          for (const v of resWithoutExperimentalHeuristic.augmentedVulnerabilities) {
+            if (v.results.type !== "success")
+              continue;
+            const { stacks } = v.results.detectedOccurrences;
+            if (!stacks.length)
+              continue;
+            const pkgsInVulnChain = new Set(Object.values(v.vulnChainDetails.transitiveDependencies).map((d) => d.packageName));
+            if (stacks.every((s2) => s2.some((f2, i4) => i4 > 0 && !pkgsInVulnChain.has(f2.package))))
+              ignoredVulnerabilities.add(v.url);
+          }
+        }
         await Promise.all([
           sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute),
-          sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability, ignoredVulnerabilities)
+          sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, originalUrlToReachability, experimentalUrlToReachability, ignoredVulnerabilities)
         ]);
       }
       const vulnsToGetFromExperimental = bucketsNotToRecompute.flatMap((b) => b.vulnUrls);
@@ -114222,8 +114240,8 @@ function findDuplicateVulnsInBuckets(bucketsFromLastAnalysis) {
   }
   return duplicateUrls;
 }
-function transformVulnsToUrlToReachability(oldHeuristicAugmentedVulnerabilities) {
-  return Object.fromEntries(oldHeuristicAugmentedVulnerabilities.map((v) => [
+function transformVulnsToUrlToReachability(augmentedVulnerabilities) {
+  return Object.fromEntries(augmentedVulnerabilities.map((v) => [
     v.url,
     {
       reachability: getVulnReachability(v.results),