@coana-tech/cli 14.12.36 → 14.12.37

package/cli.mjs

@@ -212328,18 +212328,26 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
           break;
         }
       }
-      let manifestAndWorkspace = manifestFiles.map((manifestFile) => [
-        manifestFile,
-        inferWorkspaceFromManifestPath(ecosystem, manifestFile, properPythonProjects)
-      ]).filter(([, workspace]) => workspace !== void 0);
-      if (manifestAndWorkspace.length === 0) {
-        manifestAndWorkspace = manifestFiles.map((manifestFile) => [manifestFile, inferProjectFromManifestPath(ecosystem, manifestFile)]).filter(([, workspace]) => workspace !== void 0);
-      }
-      if (manifestAndWorkspace.length === 0 && artifact.vulnerabilities && artifact.vulnerabilities.length > 0) {
+      const workspaceToManifestFiles = {};
+      manifestFiles.forEach((manifestFile) => {
+        const workspace = inferWorkspaceFromManifestPath(ecosystem, manifestFile, properPythonProjects);
+        if (!workspace)
+          return;
+        (workspaceToManifestFiles[workspace] ??= []).push(manifestFile);
+      });
+      if (Object.keys(workspaceToManifestFiles).length === 0) {
+        manifestFiles.forEach((manifestFile) => {
+          const workspace = inferProjectFromManifestPath(ecosystem, manifestFile);
+          if (!workspace)
+            return;
+          (workspaceToManifestFiles[workspace] ??= []).push(manifestFile);
+        });
+      }
+      if (Object.keys(workspaceToManifestFiles).length === 0 && artifact.vulnerabilities && artifact.vulnerabilities.length > 0) {
         const purl = new import_packageurl_js.PackageURL(artifact.type, artifact.namespace, artifact.name, artifact.version, artifact.qualifiers).toString();
         purlsFailedToFindWorkspace.add(purl);
       }
-      for (const [manifestFile, workspace] of manifestAndWorkspace) {
+      for (const [workspace, manifestFiles2] of Object.entries(workspaceToManifestFiles)) {
         if (!ecosystemToWorkspaceToAnalysisData[ecosystem]) {
           ecosystemToWorkspaceToAnalysisData[ecosystem] = {};
         }
@@ -212348,21 +212356,18 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
             type: "socket",
             data: {
               type: ecosystem,
-              manifestFiles: [],
+              manifestFiles: manifestFiles2,
               artifacts: []
             }
           };
         }
         const workspaceData = ecosystemToWorkspaceToAnalysisData[ecosystem][workspace];
         if (workspaceData.type === "socket") {
-          if (!workspaceData.data.manifestFiles.includes(manifestFile)) {
-            workspaceData.data.manifestFiles.push(manifestFile);
-          }
           workspaceData.data.artifacts.push(artifact);
         }
       }
       if (artifact.vulnerabilities && artifact.vulnerabilities.length > 0) {
-        for (const workspace of i5(manifestAndWorkspace.map(([, workspace2]) => workspace2))) {
+        for (const workspace of Object.keys(workspaceToManifestFiles)) {
           for (const vuln of artifact.vulnerabilities) {
             const vulnerability = {
               url: vuln.ghsaId,
@@ -227512,7 +227517,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.36";
+var version2 = "14.12.37";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.36",
+  "version": "14.12.37",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -74735,8 +74735,6 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        if (vulnPath.length < 2)
-          throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
           package: appPackageIds.has(packageId) ? "<app>" : prettyPrintNugetDependency(parsePackageUrlToNugetDependency(packageId)),
           class: fullyQualifiedName,
@@ -88595,8 +88593,6 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        if (vulnPath.length < 2)
-          throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
           package: appPackageIds.has(packageId) ? "<app>" : prettyPrintMavenDependency(parsePackageUrlToMavenDependency(packageId)),
           class: fullyQualifiedName,
@@ -88630,25 +88626,24 @@ function inferWorkspaceFromManifestPath(manifestFile) {
 }
 async function convertDependencyChain2(dependencyChain, tmpDir) {
   async function downloadMavenArtifacts(groupId, artifactId, version3) {
-    const artifactPaths = [];
     const packageDir = getPathToPackage(tmpDir, groupId, artifactId, version3);
     await mkdir2(packageDir, { recursive: true });
     const repositories = await findRepositoriesForMavenPackageAndVersion(groupId, artifactId, version3);
-    if (!repositories?.length)
-      throw Error("No repository found for package");
-    for (const repository of repositories) {
+    for (const repository of repositories ?? []) {
       const packageUrl = getUrlForPackage2(repository, groupId, artifactId, version3);
       const artifacts = await findArtifactsForPackageInRemoteRepository(repository, groupId, artifactId, version3);
       if (!artifacts)
         continue;
-      await asyncForEach(artifacts, async (artifact) => {
+      const artifactPaths = await asyncMap(artifacts, async (artifact) => {
         const artifactUrl = `${packageUrl.endsWith("/") ? packageUrl.slice(0, -1) : packageUrl}/${artifact}`;
         const artifactFile = join14(packageDir, artifact);
-        await downloadFile(artifactUrl, artifactFile);
-        artifactPaths.push(artifactFile);
+        const success = await downloadFile(artifactUrl, artifactFile);
+        return success ? artifactFile : void 0;
       }, 4);
+      if (artifactPaths.every((f2) => f2 !== void 0))
+        return artifactPaths;
     }
-    return artifactPaths;
+    return void 0;
   }
   const mavenDependencyChain = await asyncMap(dependencyChain, async (dep) => {
     const [groupId, artifactId] = dep.packageName.split(":");
@@ -88664,8 +88659,10 @@ async function convertSocketArtifacts2(artifacts, tmpDir) {
     const artifactFile = getPathToArtifact(tmpDir, groupId, artifactId, type, classifier, version3);
     await mkdir2(dirname4(artifactFile), { recursive: true });
     const repositories = await findRepositoriesForMavenPackageAndVersion(groupId, artifactId, version3);
-    if (!repositories?.length)
-      throw Error("No repository found for package");
+    if (!repositories?.length) {
+      logger.warn(`Failed to find repository for maven package ${[groupId, artifactId, type, classifier, version3].filter(Boolean).join(":")}`);
+      return void 0;
+    }
     for (const repository of repositories) {
       const artifactUrl = getUrlForArtifact(repository, groupId, artifactId, type, classifier, version3);
       if (!artifactUrl)
@@ -88674,6 +88671,7 @@ async function convertSocketArtifacts2(artifacts, tmpDir) {
       if (succeeded)
         return [artifactFile];
     }
+    logger.warn(`Failed to download maven package ${[groupId, artifactId, type, classifier, version3].filter(Boolean).join(":")}, repositories tried: ${repositories}`);
     return void 0;
   }
   const deps = {};
@@ -96279,8 +96277,6 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        if (vulnPath.length < 2)
-          throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
           package: appPackageIds.has(packageId) ? "<app>" : prettyPrintRustDependency(parsePackageUrlToRustDependency(packageId)),
           class: fullyQualifiedName,
@@ -96328,14 +96324,19 @@ async function convertSocketArtifacts3(artifacts, tmpDir) {
     const packageFile = join19(tmpDir, `${packageName.toLocaleLowerCase()}-${version3.toLocaleLowerCase()}.crate`);
     const success = await downloadFile(packageUrl, packageFile);
     if (!success) {
-      logger.error(`Could not download crate ${packageName}@${version3} from crates.io`);
-      throw Error("Failed to download crate");
+      logger.warn(`Could not download crate ${packageName}@${version3} from crates.io`);
+      return void 0;
+    }
+    try {
+      await execAndLogOnFailure(["tar", "-xzf", packageFile], tmpDir);
+      const packageDir = join19(tmpDir, `${packageName.toLocaleLowerCase()}-${version3.toLocaleLowerCase()}`);
+      const cargoTomlPath = join19(packageDir, "Cargo.toml");
+      const depCrateInfo = await getCrateInfo(cargoTomlPath);
+      return [depCrateInfo.lib];
+    } catch (e) {
+      logger.warn(`Error extracting crate ${packageName}@${version3}: ${e.message ?? "Unknown error"}`);
+      return void 0;
     }
-    await execAndLogOnFailure(["tar", "-xzf", packageFile], tmpDir);
-    const packageDir = join19(tmpDir, `${packageName.toLocaleLowerCase()}-${version3.toLocaleLowerCase()}`);
-    const cargoTomlPath = join19(packageDir, "Cargo.toml");
-    const depCrateInfo = await getCrateInfo(cargoTomlPath);
-    return [depCrateInfo.lib];
   }
   const deps = {};
   await asyncForEach(artifacts, async (artifact) => {