@contrast/contrast 1.0.0 → 1.0.3

package/src/constants/lambda.js

@@ -9,11 +9,52 @@ const lambda = {
     'Required parameter --function-name is missing.\nRun command with --help to see usage',
   failedToGetResults: 'Failed to get results',
   missingResults: 'Missing vulnerabilities',
-  missingParameter: 'Required function parameter is missing', // should use it again
   awsError: 'AWS error',
-  missingFlagArguments: 'The following flags are missing an arguments:\n%s',
+  missingFlagArguments:
+    'The following flags are missing an arguments:\n{{flags}}',
   notSupportedFlags:
-    'The following flags are not supported:\n%s\nRun command with --help to see usage',
+    'The following flags are not supported:\n{{flags}}\nRun command with --help to see usage',
+  layerNotFound:
+    'The layer {{layerArn}} could not be found. The scan will continue without it',
+
+  // ====== general ===== //
+  noVulnerabilitiesFound: '👏 No vulnerabilities found',
+  scanCompleted: '----- Scan completed {{time}}s -----',
+  sendingScanRequest:
+    '{{icon}} Sending Lambda Function scan request to Contrast',
+  scanRequestedSuccessfully: '{{icon}} Scan requested successfully',
+  fetchingConfiguration:
+    '{{icon}} Fetching configuration and policies for Lambda Function {{functionName}}',
+  fetchedConfiguration: '{{icon}} Fetched configuration from AWS',
+
+  // ====== scan polling ===== //
+  scanStarted: 'Scan Started',
+  scanFailed: 'Scan Failed',
+  scanTimedOut: 'Scan timed out',
+
+  // ====== lambda utils ===== //
+  loadingFunctionList: 'Loading lambda function list',
+  functionsFound: '{{count}} functions found',
+  noFunctionsFound: 'No functions found',
+  failedToLoadFunctions: 'Faled to load lambda functions',
+  availableForScan: '{{icon}} {{count}} available for scan',
+  runtimeCount: '----- {{runtime}} ({{count}}) -----',
+
+  // ====== print vulnerabilities ===== //
+  whatHappenedTitle: 'What happened:',
+  whatHappenedItem: '{{policy}} have:\n{{comments}}\n',
+  recommendation: 'Recommendation:',
+  vulnerableDependency: 'Vulnerable dependency',
+  dependenciesCount: {
+    one: '1 Dependency',
+    other: '%s Dependencies'
+  },
+  foundVulnerabilities: {
+    one: 'Found 1 vulnerability',
+    other: 'Found %s vulnerabilities'
+  },
+  vulnerableDependencyDescriptions:
+    '{packageName} (v{version}) has {NUM} known {NUM, plural,one{CVE}other{CVEs}}\n {cves}',
 
   // ====== errorCodes ===== //
   something_went_wrong: 'Something went wrong',
@@ -22,7 +63,7 @@ const lambda = {
   inactive_account:
     'Scanning a function of an inactive account is not supported',
   not_supported_runtime:
-    'Scanning resource of runtime "%s" is not supported.\nSupported runtimes: %s',
+    'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
   not_supported_onboard_account:
     'Scanning a function of onboard account is not supported',
   scan_lock:

package/src/constants/locales.js

@@ -1,4 +1,5 @@
 const { lambda } = require('./lambda')
+const chalk = require('chalk')
 
 const en_locales = () => {
   return {
@@ -159,12 +160,10 @@ const en_locales = () => {
       'Specify the sub project within your gradle application.',
     constantsScan: 'Upload java binaries to the static scan service',
     constantsWaitForScan: 'Waits for the result of the scan',
-    constantsProjectName: 'The name of the scan project in Contrast',
-    constantsFileName: 'The name of the file to Scan',
+    constantsProjectName:
+      'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     constantsProjectId:
       'The ID associated with a scan project. Replace <ProjectID> with the ID for the scan project. To find the ID, select a scan project in Contrast and locate the last number in the URL.',
-    constantsScanTimeout:
-      'Set a specific time span before the function times out. Default timeout is 300 seconds if scan_timeout is not set. The format of the value of the parameter is "20" seconds or "80" seconds.',
     constantsReport: 'Display vulnerability information for this application',
     constantsFail:
       'Set the process to fail if this option is set in combination with the --report and --cve_severity.',
@@ -173,27 +172,34 @@ const en_locales = () => {
     constantsSeverity:
       'Combined with the --report command, allows the user to report libraries with vulnerabilities above a chosen severity level. For example, cve_severity medium only reports libraries with vulnerabilities at medium or higher severity. Values for level are high, medium or low.',
     constantsCount: "The number of CVE's that must be exceeded to fail a build",
-    constantsHeader: 'Contrast CLI',
+    constantsHeader: 'CodeSec by Contrast Security',
     constantsPrerequisitesContentScanLanguages: 'Java & JavaScript supported',
     constantsContrastContent:
-      'Use the Contrast CLI, the fastest and most accurate code scan, to help find and eliminate security bugs in your code.',
+      'Use the Contrast CLI to run a scan(Java, JavaScript and .NET ) or lambda command (Java and Python) to find your vulnerabilities and start securing your code.',
     constantsUsageGuideContentRecommendation:
       'Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.',
     constantsPrerequisitesHeader: 'Pre-requisites',
+    constantsAuthUsageHeader: 'Usage',
+    constantsAuthUsageContents: 'contrast auth',
+    constantsAuthHeaderContents:
+      'Authorize with external identity provider to perform scans on code',
+    configHeader: 'Config',
+    constantsConfigUsageContents: 'view / clear the configuration',
     constantsPrerequisitesContent:
       'To scan a Java project you will need a .jar or .war file for analysis\n' +
-      'To scan a Javascript project you will need a .js or.zip file for analysis\n',
+      'To scan a Javascript project you will need a .js or.zip file for analysis\n' +
+      'To scan a .NET c# webforms project you will need a .exe or a .zip file for analysis\n',
     constantsUsage: 'Usage',
     constantsUsageCommandExample: 'contrast [command] [options]',
     constantsUsageCommandInfo:
-      'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .js or .zip file in the working directory.\n',
+      'The file argument is optional. If no file is given, Contrast will search for a .jar, .war, .exe or .zip file in the working directory.\n',
     constantsUsageCommandInfo24Hours:
       'Submitted files are encrypted during upload and deleted in 24 hours.',
     constantsAnd: 'AND',
     constantsJava:
       'AND Maven build platform, including the dependency plugin. For a Gradle project, use build.gradle. A gradle-wrapper.properties file is also required. Kotlin is also supported requiring a build.gradle.kts file.',
     constantsJavaNote:
-      '*Please Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
+      'Note: Running "mvn dependency:tree" or "./gradlew dependencies" in the project directory locally must be successful.',
     constantsJavaNoteGradle:
       'We currently support v4.8 and upwards on Gradle projects',
     constantsDotNet:
@@ -268,6 +274,7 @@ const en_locales = () => {
       'Add the application code this application should use in the Contrast UI',
     constantsIgnoreCertErrors:
       ' For EOP users with a local Teamserver install, this will bypass the SSL certificate and recognise a self signed certificate.',
+    constantsSave: ' Saves the Scan Results JSON to file.',
     constantsIgnoreDev:
       'Combined with the --report command excludes developer dependencies from the vulnerabilities report. By default all dependencies are included in a report.',
     constantsCommands: 'Commands',
@@ -288,12 +295,14 @@ const en_locales = () => {
     specifyFileScanError:
       'Java Scan requires a .war or .jar file. Javascript Scan requires a .js or .zip file.\nTo start a Scan enter "contrast scan -f <path-to-file>"',
     populateProjectIdMessage: 'project ID is %s',
+    genericServiceError: 'returned with status code %s',
+    permissionsError:
+      'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
     scanErrorFileMessage:
       'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
     helpAuthSummary:
       'Authenticate Contrast using your Github or Google account',
-    helpScanSummary:
-      'Searches for a .jar, .war, .js or .zip file in the working directory, uploads for analysis and returns the results',
+    helpScanSummary: 'Perform static analysis on binaries / code artifacts',
     helpLambdaSummary: 'Perform scan on AWS Lambda functions',
     helpVersionSummary: 'Displays version of Contrast CLI',
     helpConfigSummary: 'Displays stored credentials',
@@ -304,37 +313,36 @@ const en_locales = () => {
     versionName: 'version',
     configName: 'config',
     helpName: 'help',
-    scanOptionsFileName: '-f, --file',
-    scanOptionsLanguage: '-l, --language',
-    scanOptionsName: '-n, --name',
-    scanOptionsTimeout: '-t, --time-out',
-    scanOptionsVerbose: '-v, --verbose',
-    scanOptionsFileNameSummary:
-      'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .js. or .zip file in the working directory.',
+    scanOptionsLanguageSummary: 'Valid values are JAVA, JAVASCRIPT and DOTNET',
     scanOptionsLanguageSummaryOptional:
       'Language of file to send for analysis. ',
     scanOptionsLanguageSummaryRequired:
       'If you scan a .zip file or you use the --file option.',
-    scanOptionsNameSummary:
-      'Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.',
     scanOptionsTimeoutSummary:
       'Time in seconds to wait for scan to complete. Default value is 300 seconds.',
-    scanOptionsVerboseSummary: 'Returns extended information to the terminal.',
+    scanOptionsFileNameSummary:
+      'Path of the file you want to scan. If no file is specified, Contrast searches for a .jar, .war, .exe or .zip file in the working directory.',
+    scanOptionsVerboseSummary: ' Returns extended information to the terminal.',
     authSuccessMessage: 'Authentication successful',
-    runScanMessage: 'Now run Contrast Scan',
+    runAuthSuccessMessage:
+      "Now you can use Contrast CLI \nRun 'contrast scan' on your file \n" +
+      "or 'contrast help' to learn more about the capabilities.",
     authWaitingMessage: 'Waiting for auth...',
     authTimedOutMessage: 'Auth Timed out, try again',
     zipErrorScan:
       'We only support zip files for JAVASCRIPT language, please set the flag --language JAVASCRIPT',
     unknownFileErrorScan: 'Unsupported file selected for Scan.',
-    foundScanFile: 'found: %s',
-    foundVulnerabilities: 'Found %s vulnerabilities',
+    foundScanFile: 'Found: %s',
     foundDetailedVulnerabilities:
-      '%s Critical %s High %s Medium %s Low %s Note',
+      chalk.bold('%s Critical') +
+      ' | ' +
+      chalk.bold('%s High') +
+      ' | %s Medium | %s Low | %s Note',
     requiredParams: 'All required parameters are not present.',
     timeoutScan: 'Timeout set to 5 minutes.',
     searchingScanFileDirectory: 'Searching for file to scan from %s...',
     scanHeader: 'Contrast Scan CLI',
+    authHeader: 'Auth',
     lambdaHeader: 'Contrast lambda help',
     lambdaSummary:
       'Performs static security scan on an AWS Lambda Function.\nProduces CVE (Vulnerable Dependencies) and Least Privilege violations/remediation results.',
@@ -342,6 +350,7 @@ const en_locales = () => {
     lambdaPrerequisitesContent: 'contrast cli',
     scanFileNameOption: ' -f, --file',
     lambdaFunctionNameOption: ' -f, --function-name',
+    lambdaListFunctionsOption: ' -l, --list-functions',
     lambdaEndpointOption: '-e, --endpoint-url',
     lambdaRegionOption: '-r, --region',
     lambdaProfileOption: '-p, --profile',
@@ -349,6 +358,7 @@ const en_locales = () => {
     lambdaVerboseOption: '-v, --verbose',
     lambdaHelpOption: '-h, --help',
     lambdaFunctionNameSummery: 'Name of AWS lambda function to scan.',
+    lambdaListFunctionsSummery: 'List all available lambda functions to scan.',
     lambdaEndpointSummery: 'AWS Endpoint override, works like in AWS CLI.',
     lambdaRegionSummery:
       'Region override, default to AWS_DEAFAULT_REGION env var, works like in AWS CLI.',
@@ -371,7 +381,47 @@ const en_locales = () => {
       'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
     internalServerErrorHeader: '500 error - Internal server error',
     resourceLockedErrorHeader: '423 error - Resource is locked',
-
+    auditHeader: 'Contrast Audit',
+    auditHeaderMessage: `
+    Performs software composition analysis (SCA) on your application/code time to show you the dependencies between open source libraries, including where vulnerabilities were introduced.\n
+    Our recommendation is that this is invoked as part of a CI pipeline so that running the cli is automated as part of your build process.`,
+    constantsAuditPrerequisitesContentSupportedLanguages:
+      'Supported languages and their requirements are:',
+    constantsAuditPrerequisitesContentJava: 'Java: ',
+    constantsAuditPrerequisitesContentMessage: `
+       pom.xml AND Maven build platform, including the dependency plugin. 
+       For a Gradle project (v4.8+) use build.gradle. A gradle-wrapper.properties file is also required.
+       Kotlin is also supported requiring a build.gradle.kts file.`,
+    constantsAuditPrerequisitesContentDotNet: '.NET framework and .NET core: ',
+    constantsAuditPrerequisitesContentDotNetMessage: `
+       MSBuild 15.0 or greater and have a packages.lock.json file are supported.\n
+       Note: If the packages.lock.json file is unavailable it can be generated by setting RestorePackagesWithLockFile to true within each *.csproj file and running dotnet build.\n`,
+    constantsAuditPrerequisitesContentLanguageNode: 'Node: ',
+    constantsAuditPrerequisitesContentLanguageRuby: 'Ruby: ',
+    constantsAuditPrerequisitesContentLanguagePython: 'Python: ',
+    constantsAuditPrerequisitesContentLanguageNodeMessage:
+      '*.package.json AND a lock file either *.package-lock.json or *.yarn.lock',
+    constantsAuditPrerequisitesContentLanguageRubyMessage:
+      'gemfile AND gemfile.lock',
+    constantsAuditPrerequisitesContentLanguagePythonMessage:
+      'pipfile AND pipfile.lock',
+    constantsAuditOptions: 'Audit Options',
+    auditOptionsIgnoreDevDependencies: '-igd, --ignore-dev',
+    auditOptionsIgnoreDevDependenciesDescription: 'ignores DevDependencies',
+    auditOptionsSave: '-s, --save',
+    auditOptionsSaveDescription:
+      'saves the output in specified format Txt text, sbom',
+    scanNoVulnerabilitiesFound: '👏 No vulnerabilities found',
+    scanNoFiletypeSpecifiedForSave:
+      'Please specify file type to save results to, accepted value is SARIF',
+    auditSBOMSaveSuccess:
+      '\n Software Bill of Materials (SBOM) saved successfully',
+    auditNoFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold(
+      'No file type specified for --save option to save audit results to. Use audit --help to see valid --save options.'
+    )}`,
+    auditBadFiletypeSpecifiedForSave: `\n ${chalk.yellow.bold(
+      'Bad file type specified for --save option. Use audit --help to see valid --save options.'
+    )}`,
     ...lambda
   }
 }

package/src/constants.js

@@ -20,6 +20,15 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsProjectName')
   },
+  {
+    name: 'language',
+    alias: 'l',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('scanOptionsLanguageSummary')
+  },
   {
     name: 'file',
     alias: 'f',
@@ -27,7 +36,7 @@ const scanOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsFileName')
+      i18n.__('scanOptionsFileNameSummary')
   },
   {
     name: 'project-id',
@@ -46,16 +55,7 @@ const scanOptionDefinitions = [
       '{bold ' +
       i18n.__('constantsOptional') +
       '}: ' +
-      i18n.__('constantsScanTimeout')
-  },
-  {
-    name: 'language',
-    alias: 'l',
-    description:
-      '{bold ' +
-      i18n.__('constantsRequiredCatalogue') +
-      '}: ' +
-      i18n.__('constantsLanguage')
+      i18n.__('scanOptionsTimeoutSummary')
   },
   {
     name: 'organization-id',
@@ -66,15 +66,6 @@ const scanOptionDefinitions = [
       '}: ' +
       i18n.__('constantsOrganizationId')
   },
-  {
-    name: 'yaml-path',
-    alias: 'y',
-    description:
-      '{bold ' +
-      i18n.__('constantsOptional') +
-      '}: ' +
-      i18n.__('constantsYamlPath')
-  },
   {
     name: 'api-key',
     description:
@@ -93,8 +84,6 @@ const scanOptionDefinitions = [
   },
   {
     name: 'host',
-    alias: 'h',
-    defaultValue: 'app.contrastsecurity.com',
     description:
       '{bold ' +
       i18n.__('constantsRequired') +
@@ -127,12 +116,200 @@ const scanOptionDefinitions = [
       '}:' +
       i18n.__('constantsIgnoreCertErrors')
   },
+  {
+    name: 'verbose',
+    alias: 'v',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('scanOptionsVerboseSummary')
+  },
+  {
+    name: 'save',
+    alias: 's',
+    description:
+      '{bold ' + i18n.__('constantsOptional') + '}:' + i18n.__('constantsSave')
+  },
   {
     name: 'help',
+    alias: 'h',
+    type: Boolean
+  },
+  {
+    name: 'debug',
+    alias: 'd',
     type: Boolean
   }
 ]
 
+const authOptionDefinitions = [
+  {
+    name: 'help',
+    alias: 'h',
+    type: Boolean
+  }
+]
+
+const configOptionDefinitions = [
+  {
+    name: 'help',
+    alias: 'h',
+    type: Boolean,
+    description: 'Help text'
+  },
+  {
+    name: 'clear',
+    alias: 'c',
+    type: Boolean,
+    description: 'Clear the currently stored config'
+  }
+]
+
+const auditOptionDefinitions = [
+  {
+    name: 'application-id',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequired') +
+      '}: ' +
+      i18n.__('constantsApplicationId')
+  },
+  {
+    name: 'application-name',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsApplicationName')
+  },
+  {
+    name: 'project-path',
+    defaultValue: process.env.PWD,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProjectPath')
+  },
+  {
+    name: 'app-groups',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptionalForCatalogue') +
+      '}: ' +
+      i18n.__('constantsAppGroups')
+  },
+  {
+    name: 'sub-project',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsGradleMultiProject')
+  },
+  {
+    name: 'metadata',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsMetadata')
+  },
+  {
+    name: 'tags',
+    description:
+      '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsTags')
+  },
+  {
+    name: 'code',
+    description:
+      '{bold ' + i18n.__('constantsOptional') + '}: ' + i18n.__('constantsCode')
+  },
+  {
+    name: 'ignore-dev',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsIgnoreDev')
+  },
+  {
+    name: 'maven-settings-path'
+  },
+  {
+    name: 'language',
+    alias: 'l',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequiredCatalogue') +
+      '}: ' +
+      i18n.__('constantsLanguage')
+  },
+  {
+    name: 'organization-id',
+    alias: 'o',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequired') +
+      '}: ' +
+      i18n.__('constantsOrganizationId')
+  },
+  {
+    name: 'api-key',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequired') +
+      '}: ' +
+      i18n.__('constantsApiKey')
+  },
+  {
+    name: 'authorization',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequired') +
+      '}: ' +
+      i18n.__('constantsAuthorization')
+  },
+  {
+    name: 'host',
+    alias: 'h',
+    description:
+      '{bold ' +
+      i18n.__('constantsRequired') +
+      '}: ' +
+      i18n.__('constantsHostId')
+  },
+  {
+    name: 'proxy',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('constantsProxyServer')
+  },
+  {
+    name: 'ignore-cert-errors',
+    type: Boolean,
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}:' +
+      i18n.__('constantsIgnoreCertErrors')
+  },
+  {
+    name: 'save',
+    alias: 's',
+    description:
+      '{bold ' +
+      i18n.__('constantsOptional') +
+      '}: ' +
+      i18n.__('auditOptionsSaveDescription')
+  }
+]
+
 const mainUsageGuide = commandLineUsage([
   {
     header: i18n.__('constantsHeader'),
@@ -146,6 +323,7 @@ const mainUsageGuide = commandLineUsage([
     header: i18n.__('constantsCommands'),
     content: [
       { name: i18n.__('authName'), summary: i18n.__('helpAuthSummary') },
+      { name: i18n.__('scanName'), summary: i18n.__('helpScanSummary') },
       { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
       { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
       { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
@@ -163,6 +341,9 @@ module.exports = {
   commandLineDefinitions: {
     mainUsageGuide,
     mainDefinition,
-    scanOptionDefinitions
+    scanOptionDefinitions,
+    auditOptionDefinitions,
+    authOptionDefinitions,
+    configOptionDefinitions
   }
 }

package/src/index.ts

@@ -1,4 +1,5 @@
 import commandLineArgs from 'command-line-args'
+import { processAudit } from './commands/audit/processAudit'
 import { processAuth } from './commands/auth/auth'
 import { processConfig } from './commands/config/config'
 import { processScan } from './commands/scan/processScan'
@@ -6,6 +7,11 @@ import constants from './constants'
 import { APP_NAME, APP_VERSION } from './constants/constants'
 import { processLambda } from './lambda/lambda'
 import { localConfig } from './utils/getConfig'
+import {
+  findLatestCLIVersion,
+  isCorrectNodeVersion
+} from './common/versionChecker'
+import { findCommandOnError } from './common/errorHandling'
 
 const {
   commandLineDefinitions: { mainUsageGuide, mainDefinition }
@@ -28,41 +34,75 @@ const getMainOption = () => {
 }
 
 const start = async () => {
-  const { mainOptions, argv: argvMain } = getMainOption()
-  const command =
-    mainOptions.command != undefined ? mainOptions.command.toLowerCase() : ''
-  if (command === 'version') {
-    console.log(APP_VERSION)
-    return
-  }
+  if (await isCorrectNodeVersion(process.version)) {
+    const { mainOptions, argv: argvMain } = getMainOption()
+    const command =
+      mainOptions.command != undefined ? mainOptions.command.toLowerCase() : ''
+    if (
+      command === 'version' ||
+      argvMain.includes('--v') ||
+      argvMain.includes('--version')
+    ) {
+      console.log(APP_VERSION)
+      await findLatestCLIVersion()
+      return
+    }
 
-  if (command === 'config') {
-    return processConfig(argvMain, config)
-  }
+    // @ts-ignore
+    config.set('numOfRuns', config.get('numOfRuns') + 1)
 
-  if (command === 'auth') {
-    return await processAuth(config)
-  }
+    // @ts-ignore
+    if (config.get('numOfRuns') >= 5) {
+      // @ts-ignore
+      await findLatestCLIVersion()
+      config.set('numOfRuns', 0)
+    }
 
-  if (command === 'lambda') {
-    return await processLambda(argvMain)
-  }
+    if (command === 'config') {
+      return processConfig(argvMain, config)
+    }
 
-  /* second - parse the merge command options */
-  if (command === 'scan') {
-    return await processScan()
-  }
+    if (command === 'auth') {
+      return await processAuth(argvMain, config)
+    }
+
+    if (command === 'lambda') {
+      return await processLambda(argvMain)
+    }
+
+    if (command === 'scan') {
+      return await processScan(argvMain)
+    }
+
+    if (command === 'audit') {
+      return await processAudit(argvMain)
+    }
+
+    if (
+      command === 'help' ||
+      argvMain.includes('--help') ||
+      Object.keys(mainOptions).length === 0
+    ) {
+      console.log(mainUsageGuide)
+    } else if (mainOptions._unknown !== undefined) {
+      const foundCommand = findCommandOnError(mainOptions._unknown)
 
-  if (
-    command === 'help' ||
-    argvMain.includes('--help') ||
-    Object.keys(mainOptions).length === 0
-  ) {
-    console.log(mainUsageGuide)
+      foundCommand
+        ? console.log(
+            `Unknown Command: Did you mean "${foundCommand}"? \nUse "${foundCommand} --help" for the full list of options`
+          )
+        : console.log(
+            `Unknown Command: ${command} \nUse --help for the full list`
+          )
+    } else {
+      console.log(`Unknown Command: ${command} \nUse --help for the full list`)
+    }
+    process.exit(9)
   } else {
     console.log(
-      'Unknown Command: ' + command + ' \nUse --help for the full list'
+      'Contrast supports Node versions >=16.13.2 <17. Please use one of those versions.'
     )
+    process.exit(9)
   }
 }