npm - @coana-tech/cli - Versions diffs - 14.9.19 → 14.9.20 - Mend

@coana-tech/cli 14.9.19 → 14.9.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.mjs +31 -58
package/package.json +1 -1

package/cli.mjs CHANGED Viewed

@@ -212320,7 +212320,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version2 = "14.9.19";
+var version2 = "14.9.20";
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind2(fn2, thisArg) {
@@ -215677,22 +215677,26 @@ async function scanForVulnerabilitiesSocketMode(dependencyTree) {
     let simplePurlForComponent = simplePurl(c3.purl_type, c3.namespace, c3.name, c3.version);
     if (!(simplePurlForComponent in purlStringsToIdentifier))
       simplePurlForComponent = simplePurl(c3.purl_type, c3.namespace, c3.name, null);
-    const dependencyIdentifier = purlStringsToIdentifier[simplePurlForComponent];
-    dependencyIdentifiersNotFound.delete(dependencyIdentifier);
-    const dependencyTreeNode = dependencyTree.transitiveDependencies[dependencyIdentifier];
-    if (!dependencyTreeNode)
-      throw new Error(`Dependency tree does not contain dependency ${simplePurlForComponent}`);
-    dependencyTreeNode.purl = c3.purl;
-    for (const vulnerability of c3.vulnerabilities) {
-      vulnerabilities.push({
-        url: vulnerability.ghsaId,
-        range: vulnerability.range,
-        name: dependencyTreeNode.packageName,
-        dependency: dependencyTreeNode.packageName,
-        vulnChainDetails: computeVulnChainDetails(dependencyTree, dependencyIdentifier, parentsMap),
-        vulnerabilityAccessPaths: vulnerability.reachabilityData?.pattern,
-        ecosystem: dependencyTree.ecosystem
-      });
+    const dependencyIdentifiers = purlStringsToIdentifier[simplePurlForComponent];
+    for (const dependencyIdentifier of dependencyIdentifiers) {
+      dependencyIdentifiersNotFound.delete(dependencyIdentifier);
+      const dependencyTreeNode = dependencyTree.transitiveDependencies[dependencyIdentifier];
+      if (!dependencyTreeNode)
+        throw new Error(`Dependency tree does not contain dependency ${simplePurlForComponent}`);
+      dependencyTreeNode.purl = c3.purl;
+      for (const vulnerability of c3.vulnerabilities) {
+        vulnerabilities.push({
+          url: vulnerability.ghsaId,
+          purl: c3.purl,
+          purlType: c3.purl_type,
+          range: vulnerability.range,
+          name: dependencyTreeNode.packageName,
+          dependency: dependencyTreeNode.packageName,
+          vulnChainDetails: computeVulnChainDetails(dependencyTree, dependencyIdentifier, parentsMap),
+          vulnerabilityAccessPaths: vulnerability.reachabilityData?.pattern,
+          ecosystem: dependencyTree.ecosystem
+        });
+      }
     }
   }
   for (const dependencyIdentifier of dependencyIdentifiersNotFound) {
@@ -215707,7 +215711,9 @@ function getPurlStrings(dependencyTree) {
     const { namespace: namespace2, name } = getNamespaceAndName(dependencyTree.ecosystem, node.packageName);
     const version3 = node.version;
     const purl = simplePurl(type, namespace2, name, version3);
-    res[purl] = depId;
+    if (!res[purl])
+      res[purl] = /* @__PURE__ */ new Set();
+    res[purl].add(depId);
   }
   return res;
 }
@@ -215753,19 +215759,19 @@ function transformToVulnChainNode(dependencyTree) {
 function getPurlType(ecosystem) {
   switch (ecosystem) {
     case "NPM":
-      return PURL_Type.NPM;
+      return "npm" /* NPM */;
     case "MAVEN":
-      return PURL_Type.MAVEN;
+      return "maven" /* MAVEN */;
     case "PIP":
-      return PURL_Type.PYPI;
+      return "pypi" /* PYPI */;
     case "NUGET":
-      return PURL_Type.NUGET;
+      return "nuget" /* NUGET */;
     case "GO":
-      return PURL_Type.GOLANG;
+      return "golang" /* GOLANG */;
     case "RUST":
-      return PURL_Type.CARGO;
+      return "cargo" /* CARGO */;
     case "RUBYGEMS":
-      return PURL_Type.GEM;
+      return "gem" /* GEM */;
     default:
       throw new Error(`Unsupported ecosystem: ${ecosystem}`);
   }
@@ -215794,39 +215800,6 @@ function getNamespaceAndName(ecosystem, packageName) {
   }
   return { namespace: namespace2, name };
 }
-var PURL_Type;
-(function(PURL_Type2) {
-  PURL_Type2["ALPM"] = "alpm";
-  PURL_Type2["APK"] = "apk";
-  PURL_Type2["BITBUCKET"] = "bitbucket";
-  PURL_Type2["COCOAPODS"] = "cocoapods";
-  PURL_Type2["CARGO"] = "cargo";
-  PURL_Type2["COMPOSER"] = "composer";
-  PURL_Type2["CONAN"] = "conan";
-  PURL_Type2["CONDA"] = "conda";
-  PURL_Type2["CRAN"] = "cran";
-  PURL_Type2["DEB"] = "deb";
-  PURL_Type2["DOCKER"] = "docker";
-  PURL_Type2["GEM"] = "gem";
-  PURL_Type2["GENERIC"] = "generic";
-  PURL_Type2["GITHUB"] = "github";
-  PURL_Type2["GOLANG"] = "golang";
-  PURL_Type2["HACKAGE"] = "hackage";
-  PURL_Type2["HEX"] = "hex";
-  PURL_Type2["HUGGINGFACE"] = "huggingface";
-  PURL_Type2["MAVEN"] = "maven";
-  PURL_Type2["MLFLOW"] = "mlflow";
-  PURL_Type2["NPM"] = "npm";
-  PURL_Type2["NUGET"] = "nuget";
-  PURL_Type2["QPKG"] = "qpkg";
-  PURL_Type2["OCI"] = "oci";
-  PURL_Type2["PUB"] = "pub";
-  PURL_Type2["PYPI"] = "pypi";
-  PURL_Type2["RPM"] = "rpm";
-  PURL_Type2["SWID"] = "swid";
-  PURL_Type2["SWIFT"] = "swift";
-  PURL_Type2["UNKNOWN"] = "unknown";
-})(PURL_Type || (PURL_Type = {}));
 // dist/cli-core.js
 var { omit, partition, pick } = import_lodash15.default;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.9.19",
+  "version": "14.9.20",
   "description": "Coana CLI",
   "type": "module",
   "bin": {