@coana-tech/cli 14.12.22 → 14.12.24

package/cli.mjs

@@ -227214,7 +227214,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.22";
+var version2 = "14.12.24";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -227245,7 +227245,10 @@ var CliCore = class {
       }
     }
     this.rootWorkingDirectory = resolve29(rootWorkingDirectory);
-    this.spinner = Spinner.instance({ text: "Running Coana CLI", isSilent: this.options.silent });
+    this.spinner = Spinner.instance({
+      text: "Running Coana CLI",
+      isSilent: this.options.silentSpinner ?? this.options.silent
+    });
     this.shareWithDashboard = !this.options.socketMode && !!(this.options.apiKey && !this.options.disableReportSubmission && (this.options.repoUrl ?? this.options.projectName));
     this.dashboardAPI = new DashboardAPI(Boolean(this.options.socketMode), Boolean(this.options.disableAnalyticsSharing));
   }
@@ -227912,7 +227915,10 @@ async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
     cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "upgrade-purls");
   }
   const upgradePurlRunId = cliRunId && await getSocketAPI().registerUpgradePurlRun(cliRunId, upgrades);
-  Spinner.instance({ text: "Running Coana Upgrade Purl CLI", isSilent: options.silent }).start();
+  Spinner.instance({
+    text: "Running Coana Upgrade Purl CLI",
+    isSilent: options.silentSpinner ?? options.silent
+  }).start();
   try {
     logger.info(`Upgrading purls for ${path2}: 
 ${upgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).join("\n")}`);
@@ -228204,19 +228210,19 @@ function computeSBOMTaskArtifacts(dependencyTrees) {
 // dist/index.js
 var program2 = new Command();
 var run2 = new Command();
-run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <relativeDirs...>", "globs for directories to include from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <relativeDirs...>", "globs for directories to exclude from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze (space-separated). Currently NPM, PIP, MAVEN, NUGET and GO are supported. Default is all supported ecosystems.").addOption(new Option("--purl-types <purlTypes...>", "List of PURL types to analyze (space-separated). Currently npm, pypi, maven, nuget, golang and cargo are supported. Default is all supported purl types.").hideHelp()).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--disable-analytics-sharing", "Disable analytics sharing.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).option("--ignore-failing-workspaces", "Continue processing when a workspace fails instead of exiting. Failed workspaces will be logged at termination.", false).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).option("--skip-cache-usage", "Do not attempt to use cached analysis configuration from previous runs", false).version(version2).configureHelp({ sortOptions: true }).action(async (path2, options) => {
+run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <relativeDirs...>", "globs for directories to include from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <relativeDirs...>", "globs for directories to exclude from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze (space-separated). Currently NPM, PIP, MAVEN, NUGET and GO are supported. Default is all supported ecosystems.").addOption(new Option("--purl-types <purlTypes...>", "List of PURL types to analyze (space-separated). Currently npm, pypi, maven, nuget, golang and cargo are supported. Default is all supported purl types.").hideHelp()).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--disable-analytics-sharing", "Disable analytics sharing.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).option("--ignore-failing-workspaces", "Continue processing when a workspace fails instead of exiting. Failed workspaces will be logged at termination.", false).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).option("--skip-cache-usage", "Do not attempt to use cached analysis configuration from previous runs", false).version(version2).configureHelp({ sortOptions: true }).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   options.ecosystems = options.ecosystems?.map((e) => e.toUpperCase());
   options.purlTypes = options.purlTypes?.map((e) => e.toLowerCase());
   await new CliCore(path2, options).main();
 });
 var applyFixes = new Command();
-applyFixes.name("apply-fixes").argument("<path>", "File system path to the folder containing the project").argument("<fixIds...>", "Apply the fixes associated with the fixIds of the form fix_UUID").option("-r, --recompute-outdated", "Look for a new fix solution when the old solution is outdated", false).option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).version(version2).action(async (path2, fixIds, options) => {
+applyFixes.name("apply-fixes").argument("<path>", "File system path to the folder containing the project").argument("<fixIds...>", "Apply the fixes associated with the fixIds of the form fix_UUID").option("-r, --recompute-outdated", "Look for a new fix solution when the old solution is outdated", false).option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).version(version2).action(async (path2, fixIds, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   await applyFix(path2, fixIds, options);
 }).configureHelp({ sortOptions: true });
 var upgradePurls = new Command();
-upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the folder containing the project").argument("<specs...>", "Package upgrade specifications in the format 'purl -> newVersion' (e.g., 'pkg:maven/io.micrometer/micrometer-core@1.10.9 -> 1.15.0')").option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--socket-mode", "Use Socket for computing dependency trees").default(process.env.SOCKET_MODE === "true").hideHelp()).version(version2).action(async (path2, specs2, options) => {
+upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the folder containing the project").argument("<specs...>", "Package upgrade specifications in the format 'purl -> newVersion' (e.g., 'pkg:maven/io.micrometer/micrometer-core@1.10.9 -> 1.15.0')").option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--socket-mode", "Use Socket for computing dependency trees").default(process.env.SOCKET_MODE === "true").hideHelp()).version(version2).action(async (path2, specs2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   await withTmpDirectory("upgrade-purls", async (tmpDir) => {
     const logFile = join28(tmpDir, "upgrade-purls.log");
@@ -228234,7 +228240,7 @@ upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the f
   });
 }).configureHelp({ sortOptions: true });
 var computeFixesAndUpgradePurlsCmd = new Command();
-computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').option("--disable-major-updates", "Do not suggest major updates. If only major update are available, the fix will not be applied.", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
+computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').option("--disable-major-updates", "Do not suggest major updates. If only major update are available, the fix will not be applied.", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   if (options.rangeStyle && options.rangeStyle === "preserve") {
     options.rangeStyle = void 0;
@@ -228267,6 +228273,7 @@ program2.parseAsync();
 var defaultCliOptions = {
   debug: false,
   silent: false,
+  silentSpinner: false,
   printReport: false,
   memoryLimit: "8192",
   timeout: "300000",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.22",
+  "version": "14.12.24",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -97532,7 +97532,7 @@ async function getReachabilityAnalyzersStateFromInput(rootWorkingDir, subproject
 }
 
 // dist/reachability-analyzers-cli.js
-var runReachabilityAnalysisCmd = new Command().name("runReachabilityAnalysis").argument("<rootWorkingDir>", "Directory where Coana is run").argument("<subprojectDir>", "Project root of directory being analyzed").argument("<workspacePath>", "Path to directory to analyze relative to subprojectDir").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner").requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (rootWorkingDir, subprojectDir, workspacePath, options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
+var runReachabilityAnalysisCmd = new Command().name("runReachabilityAnalysis").argument("<rootWorkingDir>", "Directory where Coana is run").argument("<subprojectDir>", "Project root of directory being analyzed").argument("<workspacePath>", "Path to directory to analyze relative to subprojectDir").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (rootWorkingDir, subprojectDir, workspacePath, options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
   const state = await getReachabilityAnalyzersStateFromInput(rootWorkingDir, subprojectDir, workspacePath, options.inputFile);
   const result = await runReachabilityAnalysis(state);
   if (options.outputFile) {
@@ -97542,7 +97542,7 @@ var runReachabilityAnalysisCmd = new Command().name("runReachabilityAnalysis").a
     logger.info("Result:", JSON.stringify(result, null, 2));
   }
 }));
-var runOnDependencyChainCmd = new Command().name("runOnDependencyChain").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner").requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
+var runOnDependencyChainCmd = new Command().name("runOnDependencyChain").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
   const { ecosystem, dependencyChain, vulnerability } = JSON.parse(await readFile12(options.inputFile, "utf-8"));
   const result = await analyzePackages(ecosystem, deserializeDependencyChain(ecosystem, dependencyChain), vulnerability);
   if (options.outputFile) {
@@ -97552,7 +97552,7 @@ var runOnDependencyChainCmd = new Command().name("runOnDependencyChain").option(
     logger.info("Result:", JSON.stringify(result, null, 2));
   }
 }));
-var runOnPackageRegistryPackageCmd = new Command().name("runOnPackageRegistryPackage").argument("<mainPackage>", "Main package to analyze").requiredOption("--dependencies <dependencies...>", "Dependencies to analyze (installed as a dependency chain in the provided order)").requiredOption("--api-key <apiKey>", "Coana ApiKey").requiredOption("--ecosystem <ecosystem>", "Ecosystem for mainPackage and dependencies").requiredOption("-v, --vulnerability <vulnerability>", "GHSA id for vulnerability").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run", "60").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-o, --output-file <outputFile>", "Output file for the results").option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (mainPackage, options) => {
+var runOnPackageRegistryPackageCmd = new Command().name("runOnPackageRegistryPackage").argument("<mainPackage>", "Main package to analyze").requiredOption("--dependencies <dependencies...>", "Dependencies to analyze (installed as a dependency chain in the provided order)").requiredOption("--api-key <apiKey>", "Coana ApiKey").requiredOption("--ecosystem <ecosystem>", "Ecosystem for mainPackage and dependencies").requiredOption("-v, --vulnerability <vulnerability>", "GHSA id for vulnerability").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run", "60").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-o, --output-file <outputFile>", "Output file for the results").option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (mainPackage, options) => {
   withLoggerAndSpinner("Coana Reachability Analyzers runOnPackages", options, async () => {
     let vulnerability;
     try {

package/repos/coana-tech/class-graph-analysis/dist/bundle/class-graph-analysis-cli.mjs

@@ -7749,8 +7749,10 @@ var AlucardResolutionManager = class {
       const inputFile = resolve(tmpDir, "input.json");
       await writeFile(inputFile, JSON.stringify(inputFileData));
       const execResult = await execNeverFail(cmdt`java -jar ${this.alucardPath} resolveNodes --batch-mode --input-file=${inputFile} --output-dir=${tmpDir} --timeout=${this.timeoutInSeconds}`);
-      if (execResult.error)
-        throw Error("alucard could not resolve nodes");
+      if (execResult.error) {
+        throw Error(`alucard could not resolve nodes: ${execResult.error.message}${execResult.stderr ? `
+stderr: ${execResult.stderr}` : ""}`);
+      }
       const nodes = JSON.parse(await readFile5(resolve(tmpDir, "nodes.json"), "utf-8"));
       const fatJarExcludes = new Set(nodes.filter((node) => deps[node.packageId] && node.nodeType === "type").map((node) => node.fullyQualifiedName));
       graph.addNodes(nodes.filter((node) => !apps[node.nodeId] && node.nodeType === "type" && fatJarExcludes.has(node.fullyQualifiedName)));
@@ -7768,8 +7770,10 @@ var AlucardResolutionManager = class {
       const inputFile = resolve(tmpDir, "input.json");
       await writeFile(inputFile, JSON.stringify(inputFileData));
       const execResult = await execNeverFail(cmdt`java -jar ${this.alucardPath} resolveEdges --batch-mode ${mode === "DIRECT_DEPENDENCIES" && "--entry-edges-only"} --input-file=${inputFile} --output-dir=${tmpDir} --timeout=${this.timeoutInSeconds}`);
-      if (execResult.error)
-        throw new Error("alucard could not resolve edges");
+      if (execResult.error) {
+        throw Error(`alucard could not resolve edges: ${execResult.error.message}${execResult.stderr ? `
+stderr: ${execResult.stderr}` : ""}`);
+      }
       for (const idx of JSON.parse(await readFile5(resolve(tmpDir, "visited.json"), "utf-8"))) {
         visited.add(idx);
       }
@@ -17518,8 +17522,10 @@ var CocoaResolutionManager = class {
       await writeFile4(inputFile, JSON.stringify(inputFileData));
       const cmd = cmdt`dotnet ${this.cocoaPath} resolveNodes --batch-mode --input-file=${inputFile} --output-dir=${tmpDir} --timeout=${this.timeoutInSeconds}`;
       const execResult = await execNeverFail(cmd, ".");
-      if (execResult.error)
-        throw new Error("cocoa could not resolve class graph nodes");
+      if (execResult.error) {
+        throw Error(`cocoa could not resolve nodes: ${execResult.error.message}${execResult.stderr ? `
+stderr: ${execResult.stderr}` : ""}`);
+      }
       const nodes = JSON.parse(await readFile9(resolve3(tmpDir, "nodes.json"), "utf-8"));
       graph.addNodes(nodes);
     });
@@ -17537,8 +17543,10 @@ var CocoaResolutionManager = class {
       await writeFile4(inputFile, JSON.stringify(inputFileData));
       const cmd = cmdt`dotnet ${this.cocoaPath} resolveEdges --batch-mode ${mode === "DIRECT_DEPENDENCIES" && "--entry-edges-only"} --input-file=${inputFile} --output-dir=${tmpDir} --timeout=${this.timeoutInSeconds}`;
       const execResult = await execNeverFail(cmd, ".");
-      if (execResult.error)
-        throw new Error("cocoa could not resolve class graph edges");
+      if (execResult.error) {
+        throw Error(`cocoa could not resolve edges: ${execResult.error.message}${execResult.stderr ? `
+stderr: ${execResult.stderr}` : ""}`);
+      }
       for (const idx of JSON.parse(await readFile9(resolve3(tmpDir, "visited.json"), "utf-8"))) {
         visited.add(idx);
       }