@coana-tech/cli 14.9.22 → 14.9.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +55 -15
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -212320,7 +212320,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
212320
212320
|
}
|
|
212321
212321
|
|
|
212322
212322
|
// dist/version.js
|
|
212323
|
-
var version2 = "14.9.
|
|
212323
|
+
var version2 = "14.9.24";
|
|
212324
212324
|
|
|
212325
212325
|
// ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
|
|
212326
212326
|
function bind2(fn2, thisArg) {
|
|
@@ -215646,14 +215646,20 @@ async function scanForVulnerabilitiesSocketMode(dependencyTree) {
|
|
|
215646
215646
|
const data2 = {
|
|
215647
215647
|
components: Object.keys(purlStringsToIdentifier).map((purl) => ({ purl }))
|
|
215648
215648
|
};
|
|
215649
|
-
const
|
|
215649
|
+
const componentsResponse = (await axios_default2.post(url3, data2, {
|
|
215650
215650
|
headers: {
|
|
215651
215651
|
"Content-Type": "application/json",
|
|
215652
215652
|
Accept: "application/json",
|
|
215653
215653
|
Authorization: `Basic ${btoa(`${process.env.SOCKET_CLI_API_TOKEN}:`)}`
|
|
215654
215654
|
}
|
|
215655
215655
|
})).data;
|
|
215656
|
-
|
|
215656
|
+
if (typeof componentsResponse === "object") {
|
|
215657
|
+
components = [componentsResponse];
|
|
215658
|
+
} else if (typeof componentsResponse === "string") {
|
|
215659
|
+
components = JSON.parse(`[${componentsResponse.trim().replace(/\n/g, ",")}]`);
|
|
215660
|
+
} else {
|
|
215661
|
+
throw new Error(`Unexpected response type from Socket API: ${typeof componentsResponse}`);
|
|
215662
|
+
}
|
|
215657
215663
|
} catch (e) {
|
|
215658
215664
|
logger.error("Failed to scan for vulnerabilities in socket mode");
|
|
215659
215665
|
logger.error("error", e);
|
|
@@ -215812,11 +215818,11 @@ function getNamespaceAndName(ecosystem, packageName) {
|
|
|
215812
215818
|
}
|
|
215813
215819
|
|
|
215814
215820
|
// dist/internal/socket-report.js
|
|
215815
|
-
function toSocketFacts(report, dependencyTrees) {
|
|
215821
|
+
function toSocketFacts(report, dependencyTrees, subPjToWsPathToDirectDependencies) {
|
|
215816
215822
|
const components = [];
|
|
215817
215823
|
const purlToIndex = /* @__PURE__ */ new Map();
|
|
215818
215824
|
for (const dependencyTree of dependencyTrees) {
|
|
215819
|
-
const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).map(([depIdentifier, dep]) => {
|
|
215825
|
+
const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).filter(([_depIdentifier, dep]) => dep.purlObj).map(([depIdentifier, dep]) => {
|
|
215820
215826
|
const purl = dep.purlObj.purlString;
|
|
215821
215827
|
if (purl && !purlToIndex.has(purl)) {
|
|
215822
215828
|
purlToIndex.set(purl, components.length);
|
|
@@ -215831,8 +215837,10 @@ function toSocketFacts(report, dependencyTrees) {
|
|
|
215831
215837
|
artifact_id: depTreeNode.purlObj.artifact_id,
|
|
215832
215838
|
artifactId: depTreeNode.purlObj.artifactId,
|
|
215833
215839
|
qualifiers: depTreeNode.purlObj.qualifiers,
|
|
215834
|
-
|
|
215835
|
-
//
|
|
215840
|
+
direct: false,
|
|
215841
|
+
// Use false as default, and set to true if actually direct
|
|
215842
|
+
dev: true,
|
|
215843
|
+
// Use true as default, and set to false if the artifact is found as prod, prod&dev or missing for any dependency chain.
|
|
215836
215844
|
dependencies: []
|
|
215837
215845
|
};
|
|
215838
215846
|
}
|
|
@@ -215840,15 +215848,40 @@ function toSocketFacts(report, dependencyTrees) {
|
|
|
215840
215848
|
}));
|
|
215841
215849
|
for (const [depIdentifier, purl] of Object.entries(depIdentifierToPurl)) {
|
|
215842
215850
|
const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
|
|
215851
|
+
if (!depTreeNode.purlObj) {
|
|
215852
|
+
continue;
|
|
215853
|
+
}
|
|
215843
215854
|
const component = components[purlToIndex.get(purl)];
|
|
215844
215855
|
depTreeNode.dependencies?.forEach((dep) => {
|
|
215845
215856
|
const depPurl = depIdentifierToPurl[dep];
|
|
215846
215857
|
const depIndex = purlToIndex.get(depPurl);
|
|
215847
|
-
if (!component.dependencies?.includes(depIndex.toString())) {
|
|
215858
|
+
if (depIndex && !component.dependencies?.includes(depIndex.toString())) {
|
|
215848
215859
|
component.dependencies.push(depIndex.toString());
|
|
215849
215860
|
}
|
|
215850
215861
|
});
|
|
215851
215862
|
}
|
|
215863
|
+
for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
|
|
215864
|
+
const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
|
|
215865
|
+
const component = components[purlToIndex.get(depTreeNode.purlObj.purlString)];
|
|
215866
|
+
component.direct = true;
|
|
215867
|
+
}
|
|
215868
|
+
for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
|
|
215869
|
+
let updateDependencyType2 = function(id) {
|
|
215870
|
+
if (visitedIds.has(id.toString()))
|
|
215871
|
+
return;
|
|
215872
|
+
visitedIds.add(id.toString());
|
|
215873
|
+
const component = components[id];
|
|
215874
|
+
if (dependencyType !== "dev") {
|
|
215875
|
+
component.dev = false;
|
|
215876
|
+
}
|
|
215877
|
+
component.dependencies?.forEach((depId) => updateDependencyType2(parseInt(depId)));
|
|
215878
|
+
};
|
|
215879
|
+
var updateDependencyType = updateDependencyType2;
|
|
215880
|
+
const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
|
|
215881
|
+
const dependencyType = subPjToWsPathToDirectDependencies[dependencyTree.subprojectPath][dependencyTree.workspacePath][depTreeNode.packageName];
|
|
215882
|
+
const visitedIds = /* @__PURE__ */ new Set();
|
|
215883
|
+
updateDependencyType2(purlToIndex.get(depTreeNode.purlObj.purlString));
|
|
215884
|
+
}
|
|
215852
215885
|
}
|
|
215853
215886
|
for (const vulnerability of report.vulnerabilities) {
|
|
215854
215887
|
const component = components[purlToIndex.get(vulnerability.purl)];
|
|
@@ -216015,9 +216048,9 @@ var CliCore = class {
|
|
|
216015
216048
|
const gitData = await getGitDataToMetadataIfAvailable(this.rootWorkingDirectory);
|
|
216016
216049
|
this.reportId = await createReport(this.options.repoUrl, this.options.projectName, version2, gitData?.sha, gitData?.branchName, omit(this.options, "apiKey", "print-report", "repoUrl", "projectName", "writeReportToFile"), this.apiKey, this.options.runEnv);
|
|
216017
216050
|
}
|
|
216018
|
-
const report = await this.computeReport();
|
|
216051
|
+
const { report, subPjToWsPathToDirectDependencies } = await this.computeReport();
|
|
216019
216052
|
logger.info("Report computed successfully");
|
|
216020
|
-
await this.outputAndShareReport(report);
|
|
216053
|
+
await this.outputAndShareReport(report, subPjToWsPathToDirectDependencies);
|
|
216021
216054
|
this.spinner.stop();
|
|
216022
216055
|
return report;
|
|
216023
216056
|
} catch (e) {
|
|
@@ -216046,13 +216079,13 @@ var CliCore = class {
|
|
|
216046
216079
|
if (this.reportId)
|
|
216047
216080
|
await sendLogToDashboard(await this.getLogContent(), this.reportId, this.apiKey);
|
|
216048
216081
|
}
|
|
216049
|
-
async outputAndShareReport(report) {
|
|
216082
|
+
async outputAndShareReport(report, subPjToWsPathToDirectDependencies) {
|
|
216050
216083
|
const outputDir = this.options.outputDir;
|
|
216051
216084
|
if (this.options.socketMode) {
|
|
216052
216085
|
if (!this.reportDependencyTrees) {
|
|
216053
216086
|
throw new Error("Dependency trees should be available when using --socket-mode");
|
|
216054
216087
|
}
|
|
216055
|
-
const socketReport = toSocketFacts(report, this.reportDependencyTrees);
|
|
216088
|
+
const socketReport = toSocketFacts(report, this.reportDependencyTrees, subPjToWsPathToDirectDependencies);
|
|
216056
216089
|
const outputFile = resolve24(this.options.socketMode);
|
|
216057
216090
|
await writeFile10(outputFile, JSON.stringify(socketReport, null, 2));
|
|
216058
216091
|
logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
|
|
@@ -216140,7 +216173,16 @@ var CliCore = class {
|
|
|
216140
216173
|
vulnerabilities: allVulnerabilities,
|
|
216141
216174
|
...await this.createMetadataForReport(startTime)
|
|
216142
216175
|
};
|
|
216143
|
-
|
|
216176
|
+
const reportAndSubPjToWsPathToDirectDependencies = {
|
|
216177
|
+
report,
|
|
216178
|
+
subPjToWsPathToDirectDependencies: workspacesOutput.reduce((acc, { subprojectPath, workspacePath, directDependencies }) => {
|
|
216179
|
+
if (!acc[subprojectPath])
|
|
216180
|
+
acc[subprojectPath] = {};
|
|
216181
|
+
acc[subprojectPath][workspacePath] = directDependencies;
|
|
216182
|
+
return acc;
|
|
216183
|
+
}, {})
|
|
216184
|
+
};
|
|
216185
|
+
return reportAndSubPjToWsPathToDirectDependencies;
|
|
216144
216186
|
}
|
|
216145
216187
|
async updateSpinnerTextOnNewSubproject(subprojectAndWsPath, numberSubprojects, index2) {
|
|
216146
216188
|
this.spinner.start();
|
|
@@ -216293,8 +216335,6 @@ var CliCore = class {
|
|
|
216293
216335
|
];
|
|
216294
216336
|
} catch (e) {
|
|
216295
216337
|
logger.error(`Scanning for vulnerabilities failed for subproject ${subprojectPath} in workspace ${workspacePath}`);
|
|
216296
|
-
logger.error(JSON.stringify(dependencyTree, null, 2));
|
|
216297
|
-
await new Promise((resolve25) => setTimeout(resolve25, 1e4));
|
|
216298
216338
|
throw e;
|
|
216299
216339
|
} finally {
|
|
216300
216340
|
this.sendProgress("SCAN_FOR_VULNERABILITIES", false, subprojectPath, workspacePath);
|