@coana-tech/cli 14.12.221 → 14.12.222

package/cli.mjs

@@ -204489,7 +204489,11 @@ async function fetchArtifactsFromManifestsTarHash(manifestsTarHash, includePreco
     try {
       const params = new URLSearchParams({
         tarHash: manifestsTarHash,
-        includePrecomputedReachabilityResults: String(includePrecomputedReachabilityResults ?? false)
+        includePrecomputedReachabilityResults: String(includePrecomputedReachabilityResults ?? false),
+        // Opt in to depscan PR #19451: returns artifacts with `missingMetadata: true` for packages
+        // whose precrawl metadata is unavailable (private registry, workspace, git deps). This CLI
+        // version strips them after reachability analysis (see filterMissingMetadataArtifacts).
+        includeMissingMetadata: "true"
       });
       const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?${params.toString()}`);
       responseData = (await axios2.post(url2, {}, { headers: getAuthHeaders() })).data;
@@ -236864,6 +236868,60 @@ function displayWorkspaceDiagnosticsSummaryInternal(diagnosticsEntries, vulns) {
 }
 
 // dist/internal/socket-report-socket-dependency-tree.js
+function filterMissingMetadataArtifacts(artifacts) {
+  const missingIds = new Set(artifacts.filter((a4) => a4.missingMetadata).map((a4) => a4.id));
+  if (missingIds.size === 0)
+    return artifacts;
+  const byId = new Map(artifacts.map((a4) => [a4.id, a4]));
+  const resolveCache = /* @__PURE__ */ new Map();
+  function resolveDependencies(id, visiting) {
+    const cached = resolveCache.get(id);
+    if (cached)
+      return cached;
+    if (visiting.has(id))
+      return [];
+    visiting.add(id);
+    const node = byId.get(id);
+    const out = /* @__PURE__ */ new Set();
+    if (node) {
+      for (const ref of node.dependencies ?? []) {
+        if (missingIds.has(ref)) {
+          for (const r3 of resolveDependencies(ref, visiting))
+            out.add(r3);
+        } else if (byId.has(ref)) {
+          out.add(ref);
+        }
+      }
+    }
+    visiting.delete(id);
+    const res = [...out];
+    resolveCache.set(id, res);
+    return res;
+  }
+  logger.debug(`Filtered out ${missingIds.size} missing-metadata component(s) after reachability analysis`);
+  return artifacts.filter((a4) => !missingIds.has(a4.id)).map((a4) => {
+    let dependencies = a4.dependencies;
+    if (dependencies?.some((r3) => missingIds.has(r3))) {
+      const out = /* @__PURE__ */ new Set();
+      for (const r3 of dependencies) {
+        if (missingIds.has(r3)) {
+          for (const sub of resolveDependencies(r3, /* @__PURE__ */ new Set())) {
+            if (sub !== a4.id)
+              out.add(sub);
+          }
+        } else {
+          out.add(r3);
+        }
+      }
+      dependencies = [...out];
+    }
+    let toplevelAncestors = a4.toplevelAncestors;
+    if (toplevelAncestors?.some((r3) => missingIds.has(r3))) {
+      toplevelAncestors = toplevelAncestors.filter((r3) => !missingIds.has(r3));
+    }
+    return { ...a4, dependencies, toplevelAncestors };
+  });
+}
 function filterOrphanedArtifacts(artifacts) {
   const reachable = /* @__PURE__ */ new Set();
   const queue = [];
@@ -236929,6 +236987,7 @@ function toSocketFactsSocketDependencyTree(artifacts, vulnerabilities, tier1Reac
       });
     }
   }
+  artifacts = filterMissingMetadataArtifacts(artifacts);
   const componentsWithoutPatterns = artifacts.map((artifact) => {
     if (!artifact.vulnerabilities) {
       return { ...artifact };
@@ -251836,7 +251895,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.221";
+var version3 = "14.12.222";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.221",
+  "version": "14.12.222",
   "description": "Coana CLI",
   "type": "module",
   "bin": {