@coana-tech/cli 15.0.3 → 15.0.4

package/cli.mjs

@@ -234861,7 +234861,7 @@ async function computeFixesAndUpgradePurls(path9, options, logFile) {
   }
   if (upgrades.size === 0) {
     if (autofixRunId) {
-      await getSocketAPI().finalizeAutofixRun(autofixRunId, "fixed-none");
+      await getSocketAPI().finalizeAutofixRun(autofixRunId, "fixed-none", void 0, await logger.getLogContent(logFile));
     }
     throw new Error(`Unable to compute fixes for any of the requested vulnerabilities: ${prettyApplyFixesTo(options.applyFixesTo)}`);
   }
@@ -234879,7 +234879,7 @@ async function computeFixesAndUpgradePurls(path9, options, logFile) {
     }, autofixRunId) ?? "fixed-all";
     if (autofixRunId) {
       const allGhsasFailed = fixesFound.length === 0;
-      await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasWithFailedArtifacts.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : allGhsasFailed || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some");
+      await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasWithFailedArtifacts.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : allGhsasFailed || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some", void 0, await logger.getLogContent(logFile));
     }
     return {
       type: "applied-fixes",
@@ -251822,7 +251822,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "15.0.3";
+var version3 = "15.0.4";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "15.0.3",
+  "version": "15.0.4",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -110925,7 +110925,7 @@ function tarjanAndCondensation(packageMetadatas) {
 
 // dist/whole-program-code-aware-vulnerability-scanner/js/dependency-preparation.js
 async function prepareNpmDependencies(subprojectDir, workspaceDir, artifactIdToArtifact, directDependencies, packageNamesToInstall, preinstallDir) {
-  if (existsSync11(resolve12(subprojectDir, "node_modules")))
+  if (existsSync11(resolve12(subprojectDir, "node_modules")) || existsSync11(resolve12(workspaceDir, "node_modules")))
     return { failedPackages: [], installedPackages: [] };
   const artifactToOriginal = /* @__PURE__ */ new Map();
   const transitiveDependenciesToInstall = Object.fromEntries(Object.entries(artifactIdToArtifact).filter(([_, dep]) => packageNamesToInstall.includes(getPackageName(dep))).map(([depId, dep]) => {
@@ -111905,6 +111905,7 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
           ${/* XXX: Requires Node 22+ */
       approx && "--approx"}
           --callstacks-json ${callStackFile}
+          --escape-patch-resolved-reads
           --unresolved-non-vulnerable
           ${parseShellArgs(process.env.COANA_SPARJS_ADDITIONAL_FLAGS ?? "")}
           ${filesToAnalyze}
@@ -111950,12 +111951,14 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
       for (const match2 of Object.values(matches))
         match2.affectedPackages = uniq5(match2.stacks.flatMap((stack) => map3(stack, "package")));
       const affectedPackages = JSON.parse(await readFile11(affectedPackagesFile, "utf-8")).packages;
+      const aborted = analysisDiagnostics.solver.aborted;
       return {
         matches,
         analysisDiagnostics: {
           ...analysisDiagnostics,
-          aborted: analysisDiagnostics.solver.aborted,
-          timeout: analysisDiagnostics.totalTime / 1e6 >= timeoutInSeconds,
+          aborted: !!aborted,
+          timeout: aborted === "timeout",
+          lowmemory: aborted === "out_of_memory",
           timings: {
             analysisTime: (analysisDiagnostics.totalTime - analysisDiagnostics.patternMatchingTime) / 1e3,
             patternMatchingTime: analysisDiagnostics.patternMatchingTime / 1e3,
@@ -112071,7 +112074,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
       ...new Set(state.vulnerabilities.flatMap((v) => Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).filter((d) => d.vulnerable === true).map((d) => d.packageName)))
     ];
     const packagesToInstall = !includePackages ? state.workspaceData.type === "coana" ? Object.values(state.workspaceData.data.dependencyTree.transitiveDependencies).map((dep) => getPackageName(dep)) : state.workspaceData.data.artifacts.map((dep) => getPackageName(dep)) : [.../* @__PURE__ */ new Set([...includePackages, ...vulnerablePackageNames])];
-    const { failedPackages } = await prepareNpmDependencies(state.rootWorkingDir, this.projectDir, state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.transitiveDependencies : Object.fromEntries(state.workspaceData.data.artifacts.map((d) => [d.id, d])), state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.dependencies ?? [] : state.workspaceData.data.artifacts.filter((a2) => a2.direct).map((a2) => a2.id), packagesToInstall, state.preinstallDir);
+    const { failedPackages } = await prepareNpmDependencies(state.subprojectDir, this.projectDir, state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.transitiveDependencies : Object.fromEntries(state.workspaceData.data.artifacts.map((d) => [d.id, d])), state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.dependencies ?? [] : state.workspaceData.data.artifacts.filter((a2) => a2.direct).map((a2) => a2.id), packagesToInstall, state.preinstallDir);
     this.packagesExcludedUnrelatedToHeuristic = failedPackages.map((p) => getPackageName(p));
   }
   async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, experiment, telemetryHandler, analyzerTelemetryHandler) {
@@ -112080,7 +112083,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
       analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
       const analysisRes = await this.resolveEngine(experiment).runAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
       const { analysisDiagnostics: diagnostics, matches } = analysisRes;
-      const terminatedEarly = diagnostics.lowmemory ?? diagnostics.rangeError ?? (diagnostics.aborted || diagnostics.timeout);
+      const terminatedEarly = diagnostics.rangeError ?? (diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory);
       return {
         type: "success",
         diagnostics,
@@ -114899,8 +114902,9 @@ var NpmAnalyzer = class {
   }
   async runReachabilityAnalysis(vulns, analysisMetadataCollector, statusUpdater) {
     const heuristicsInOrder = this.state.otherAnalysisOptions.lightweightReachability ? [heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3] : [heuristics.ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE];
-    const nodeModulesAlreadyExisted = existsSync20(resolve25(this.state.subprojectDir, "node_modules"));
-    this.preinstalledDependencies = nodeModulesAlreadyExisted ? "YES" : "NO";
+    const nodeModulesAlreadyExistedInSubprojectDir = existsSync20(resolve25(this.state.subprojectDir, "node_modules"));
+    const nodeModulesAlreadyExistedInProjectDir = existsSync20(resolve25(this.projectDir, "node_modules"));
+    this.preinstalledDependencies = nodeModulesAlreadyExistedInSubprojectDir || nodeModulesAlreadyExistedInProjectDir ? "YES" : "NO";
     const wrappedCollector = (metadata) => {
       const jellyDiagnostics = metadata.analysisDiagnostics;
       if (jellyDiagnostics?.modules !== void 0) {
@@ -115025,11 +115029,11 @@ ${e.stack}` : String(e),
       return res;
     } finally {
       await Promise.all([this.engine.cleanup(), vulnerabilityScanner.cleanup()]);
-      if (!nodeModulesAlreadyExisted) {
-        if (existsSync20(resolve25(this.state.subprojectDir, "node_modules")))
-          await rm11(resolve25(this.state.subprojectDir, "node_modules"), { recursive: true });
-        if (existsSync20(resolve25(this.projectDir, "node_modules")))
-          await rm11(resolve25(this.projectDir, "node_modules"), { recursive: true });
+      if (!nodeModulesAlreadyExistedInSubprojectDir) {
+        await rm11(resolve25(this.state.subprojectDir, "node_modules"), { recursive: true, force: true });
+      }
+      if (!nodeModulesAlreadyExistedInProjectDir) {
+        await rm11(resolve25(this.projectDir, "node_modules"), { recursive: true, force: true });
       }
     }
   }