@coana-tech/cli 14.12.6 → 14.12.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/cli.mjs +7 -5
  2. package/package.json +1 -1
  3. package/reachability-analyzers-cli.mjs +14 -4
  4. package/repos/coana-tech/alucard/alucard.jar +0 -0
  5. package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  6. package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  7. package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  8. package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
package/cli.mjs CHANGED
@@ -197989,12 +197989,14 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
197989
197989
  return void 0;
197990
197990
  }
197991
197991
  }
197992
- async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
197992
+ async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
197993
197993
  try {
197994
197994
  const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
197995
197995
  const data2 = {
197996
197996
  manifestsTarHash,
197997
- repositoryName,
197997
+ // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
197998
+ // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
197999
+ repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
197998
198000
  options,
197999
198001
  cliCommand
198000
198002
  };
@@ -225602,7 +225604,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
225602
225604
  }
225603
225605
 
225604
225606
  // dist/version.js
225605
- var version2 = "14.12.6";
225607
+ var version2 = "14.12.8";
225606
225608
 
225607
225609
  // dist/cli-core.js
225608
225610
  var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -226293,7 +226295,7 @@ async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
226293
226295
  logger.silent = options.silent;
226294
226296
  let cliRunId = cliFixRunId;
226295
226297
  if (!cliRunId && options.manifestsTarHash) {
226296
- cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "upgrade-purls");
226298
+ cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "upgrade-purls");
226297
226299
  }
226298
226300
  const upgradePurlRunId = cliRunId && await getSocketAPI().registerUpgradePurlRun(cliRunId, upgrades);
226299
226301
  Spinner.instance({ text: "Running Coana Upgrade Purl CLI", isSilent: options.silent }).start();
@@ -226423,7 +226425,7 @@ ${vulnerabilityFixes.map((fix) => ` ${fix.dependencyName} from ${fix.currentVers
226423
226425
 
226424
226426
  // dist/cli-compute-fixes-and-upgrade-purls.js
226425
226427
  async function computeFixesAndUpgradePurls(path2, options, logFile) {
226426
- const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "autofix");
226428
+ const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "autofix");
226427
226429
  const { artifacts, ghsaToVulnerableArtifactIds } = await computeInputForComputingFixes(path2, options);
226428
226430
  if (Object.keys(ghsaToVulnerableArtifactIds).length === 0) {
226429
226431
  logger.info("No vulnerabilities to compute fixes for");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "14.12.6",
3
+ "version": "14.12.8",
4
4
  "description": "Coana CLI",
5
5
  "type": "module",
6
6
  "bin": {
package/reachability-analyzers-cli.mjs CHANGED
@@ -73399,12 +73399,14 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
73399
73399
  return void 0;
73400
73400
  }
73401
73401
  }
73402
- async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
73402
+ async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
73403
73403
  try {
73404
73404
  const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
73405
73405
  const data2 = {
73406
73406
  manifestsTarHash,
73407
- repositoryName,
73407
+ // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
73408
+ // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
73409
+ repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
73408
73410
  options,
73409
73411
  cliCommand
73410
73412
  };
@@ -96991,11 +96993,12 @@ function getPreInstalledDepInfos(workspaceData) {
96991
96993
  var { groupBy } = import_lodash17.default;
96992
96994
  var CLI_VERSION_TO_USE_CACHING_FROM = { PIP: "14.9.15" };
96993
96995
  var CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT = "13.16.6";
96996
+ var SOCKET_MODE = process.env.SOCKET_MODE === "true";
96994
96997
  function assertVulnChainDetails(vs) {
96995
96998
  assert8(vs.every((v) => v.vulnChainDetails));
96996
96999
  }
96997
97000
  var apiKey = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
96998
- var dashboardAPI = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
97001
+ var dashboardAPI = new DashboardAPI(SOCKET_MODE, process.env.DISABLE_ANALYTICS_SHARING === "true");
96999
97002
  async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecomputeForTimeoutsAndAborts, codeAwareScanner, analysisMetadataCollector, statusUpdater) {
97000
97003
  logger.debug("Starting analyzeWithHeuristics");
97001
97004
  assertVulnChainDetails(vulns);
@@ -97083,7 +97086,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
97083
97086
  }
97084
97087
  }
97085
97088
  async function getBucketsBasedOnPreviousResults() {
97086
- if (process.env.SOCKET_MODE !== "true" && (!COANA_REPORT_ID || apiKey.type === "missing"))
97089
+ if (!SOCKET_MODE && (!COANA_REPORT_ID || apiKey.type === "missing"))
97087
97090
  return void 0;
97088
97091
  const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
97089
97092
  if (!bucketsFromLastAnalysisAndCliVersion)
@@ -97319,6 +97322,13 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
97319
97322
  for (const v of vulns) {
97320
97323
  const detectedOccurrences = result.computeDetectedOccurrences(v);
97321
97324
  if (Array.isArray(detectedOccurrences) ? detectedOccurrences.length === 0 : detectedOccurrences.stacks.length === 0) {
97325
+ if (SOCKET_MODE && result.terminatedEarly && !result.reachedDependencies && Object.keys(v.vulnChainDetails.transitiveDependencies).length > 1) {
97326
+ v.results = {
97327
+ type: "analysisError",
97328
+ message: "Analysis terminated early and did not reach any dependencies"
97329
+ };
97330
+ continue;
97331
+ }
97322
97332
  const packageOnPathFailedToInstall = Object.values(v.vulnChainDetails.transitiveDependencies).map((p) => p.packageName).find((p) => packagesFailedToInstall.includes(p));
97323
97333
  if (packageOnPathFailedToInstall) {
97324
97334
  v.results = {