@contrast/contrast 1.0.21 → 1.0.22

package/dist/cliConstants.js

@@ -186,6 +186,7 @@ const scanOptionDefinitions = [
 ];
 const authOptionDefinitions = [
     ...sharedConnectionOptionDefinitions,
+    ...sharedCertOptionDefinitions,
     {
         name: 'help',
         alias: 'h',
@@ -378,11 +379,11 @@ const mainUsageGuide = commandLineUsage([
         header: i18n.__('constantsCommands'),
         content: [
             { name: i18n.__('authName'), summary: i18n.__('helpAuthSummary') },
+            { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
+            { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
+            { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
             { name: i18n.__('scanName'), summary: i18n.__('helpScanSummary') },
             { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
-            { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
-            { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
-            { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
             { name: i18n.__('helpName'), summary: i18n.__('helpSummary') },
             { name: i18n.__('learnName'), summary: i18n.__('helpLearnSummary') }
         ]

package/dist/commands/audit/help.js

@@ -4,6 +4,9 @@ const i18n = require('i18n');
 const constants = require('../../cliConstants');
 const { commonHelpLinks } = require('../../common/commonHelp');
 const auditUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('constantsHeader')
+    },
     {
         header: i18n.__('auditHeader'),
         content: [i18n.__('auditHeaderMessage')]

package/dist/commands/auth/auth.js

@@ -81,6 +81,11 @@ const authUsageGuide = commandLineUsage([
     {
         header: i18n.__('constantsAuthUsageHeader'),
         content: [i18n.__('constantsAuthUsageContents')]
+    },
+    {
+        header: i18n.__('constantsAdvancedOptions'),
+        optionList: constants.commandLineDefinitions.authOptionDefinitions,
+        hide: ['organization-id', 'api-key', 'authorization', 'host']
     }
 ]);
 const checkForCustomCredentials = authParams => {

package/dist/commands/learn/processLearn.js

@@ -1,7 +1,7 @@
 "use strict";
 const { openLearnPage } = require('./learn');
 async function processLearn() {
-    console.log('Opening develop central...');
+    console.log('Opening Contrast’s Secure Code Learning Hub...');
     console.log('If the page does not open you can open it directly via https://www.contrastsecurity.com/developer/learn');
     return openLearnPage();
 }

package/dist/common/HTTPClient.js

@@ -191,6 +191,12 @@ HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
     options.url = url;
     return requestUtils.sendRequest({ method: 'get', options });
 };
+HTTPClient.prototype.scaServiceHealth = function scaServiceIngests(config) {
+    const options = _.cloneDeep(this.requestOptions);
+    let url = createScaServiceHealthURL(config);
+    options.url = url;
+    return requestUtils.sendRequest({ method: 'get', options });
+};
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
     const options = _.cloneDeep(this.requestOptions);
     if (config.ignoreDev) {
@@ -342,6 +348,9 @@ function createScaServiceReportStatusURL(config, reportId) {
 function createScaServiceIngestsURL(config) {
     return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`;
 }
+function createScaServiceHealthURL(config) {
+    return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`;
+}
 function createScaServiceIngestURL(config) {
     let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`;
     baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl;

package/dist/constants/constants.js

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.21';
+const APP_VERSION = '1.0.22';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/constants/lambda.js

@@ -48,6 +48,7 @@ const lambda = {
     internal_error: 'Internal error',
     inactive_account: 'Scanning a function of an inactive account is not supported',
     not_supported_runtime: 'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
+    not_supported_lambda: 'This function cannot be scanned',
     not_supported_onboard_account: 'Scanning a function of onboard account is not supported',
     scan_lock: 'Other scan is still running. Please wait until the previous scan finishes',
     unsupported: 'unsupported',

package/dist/constants/locales.js

@@ -1,6 +1,7 @@
 "use strict";
 const { lambda } = require('./lambda');
 const chalk = require('chalk');
+const { APP_VERSION } = require('./constants');
 const en_locales = () => {
     return {
         snapshotFailureHeader: 'FAIL',
@@ -52,7 +53,7 @@ const en_locales = () => {
         failThresholdOptionErrorMessage: 'More than 0 vulnerabilities found',
         failSeverityOptionErrorMessage: ' FAIL - Results detected vulnerabilities over accepted severity level',
         constantsSeverity: 'Use with "contrast scan --fail --severity high" or "contrast audit --fail --severity high". Set the severity level to detect vulnerabilities or dependencies. Severity levels are critical, high, medium, low or note.',
-        constantsHeader: 'Contrast CLI',
+        constantsHeader: `Contrast CLI @ v${APP_VERSION}`,
         configHeader2: 'Config options',
         clearHeader: '-c, --clear',
         clearContent: 'Removes stored credentials',
@@ -107,10 +108,10 @@ const en_locales = () => {
         genericServiceError: 'returned with status code %s',
         permissionsError: 'You do not have the correct permissions here. \n Contact support@contrastsecurity.com to get this fixed.',
         scanErrorFileMessage: 'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
-        helpAuthSummary: 'Authenticate Contrast using your Github or Google account',
-        helpAuditSummary: 'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. [Contrast audit --help (for options).]',
-        helpScanSummary: 'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. [For further help/options, enter scan --help]',
-        helpLambdaSummary: 'Performs a static security scan on an AWS lambda function. lambda --help (for options)',
+        helpAuthSummary: 'Authenticate Contrast using your Github or Google account OR include credentials if you are an existing licensed Contrast user.',
+        helpAuditSummary: 'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. \n[audit --help for options] Java, .NET, Node, Ruby, Python, Go, PHP are supported. ',
+        helpScanSummary: 'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. \n[scan --help for options] Java, .NET, .NET Core, JavaScript are supported. ',
+        helpLambdaSummary: 'Performs a static security scan on an AWS lambda function. [lambda --help for options] AWS Lambda - Java & Python are supported. ',
         helpVersionSummary: 'Displays version of Contrast CLI',
         helpConfigSummary: 'Displays stored credentials',
         helpSummary: 'Displays usage guide',
@@ -122,7 +123,7 @@ const en_locales = () => {
         configName: 'config',
         helpName: 'help',
         learnName: 'learn',
-        helpLearnSummary: 'launches Contrast’s Secure Code Learning Hub.',
+        helpLearnSummary: 'Launches Contrast’s Secure Code Learning Hub.',
         fingerprintName: 'assess repo to see how many languages it can detect. For use in pipeline only.',
         depthOption: 'can set how deep in the file system the cli looks for language files',
         scanOptionsLanguageSummary: 'Valid values are JAVA, JAVASCRIPT and DOTNET',
@@ -140,7 +141,7 @@ const en_locales = () => {
             chalk.bold('\ncontrast audit') +
             ' to find vulnerabilities in your open source dependencies.' +
             '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
-            '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+            '\n\nOur CLI runs native build tools to generate a complete dependency tree.' +
             '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
             chalk.bold('\ncontrast lambda') +
             ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
@@ -152,7 +153,7 @@ const en_locales = () => {
         foundDetailedVulnerabilities: chalk.bold('%s') + ' | ' + chalk.bold('%s') + ' | %s | %s | %s ',
         searchingScanFileDirectory: 'Searching for file to scan from %s...',
         searchingAuditFileDirectory: 'Searching for package manager files from %s...',
-        scanHeader: 'Contrast Scan CLI',
+        scanHeader: `Contrast Scan CLI`,
         authHeader: 'Auth',
         lambdaHeader: 'Contrast Lambda CLI',
         lambdaSummary: 'Performs static security scan on an AWS Lambda Function.\nProduces CVE (Vulnerable Dependencies) and Least Privilege violations/remediation results.',
@@ -183,7 +184,7 @@ const en_locales = () => {
         connectionError: 'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
         internalServerErrorHeader: '500 error - Internal server error',
         resourceLockedErrorHeader: '423 error - Resource is locked',
-        auditHeader: 'Contrast audit help',
+        auditHeader: 'Contrast Audit CLI',
         auditHeaderMessage: "Use 'contrast audit' to analyze a project’s dependencies for vulnerabilities.",
         constantsAuditPrerequisitesContentSupportedLanguages: 'Supported languages and their requirements are:',
         constantsAuditPrerequisitesJavaContentMessage: `
@@ -224,14 +225,14 @@ const en_locales = () => {
         commonHelpLearnMoreEnterpriseText: ' https://docs.contrastsecurity.com/en/run-contrast-cli.html ',
         commonHelpJoinDiscussionHeader: chalk.hex('#9DC184')('Join the discussion:'),
         commonHelpJoinDiscussionText: ' https://www.contrastsecurity.com/developer/community',
-        commonHelpLearnHeader: chalk.hex('#ffe599')('\rWant to UP your game?') +
+        commonHelpLearnHeader: chalk.hex('#ffe599')('\r  Want to UP your game?') +
             " type 'contrast learn'",
-        commonHelpLearnText: `\n🎓 Advance your security knowledge and become an ${chalk.hex('#ffd966')('All-star coder')} ⭐  with ${chalk.bold('Contrast Secure Code Learning Hub.')} 😺`,
+        commonHelpLearnText: `\n💰 Advance your security knowledge and become an ${chalk.hex('#ffd966')('All-star coder')} ⭐  with ${chalk.bold('Contrast Secure Code Learning Hub.')} 😺`,
         authCommand: {
             credentialsAccepted: {
-                title: 'Credentials accepted',
-                body: 'Now run contrast audit, lambda or scan',
-                extra: 'Or contrast help for full list of commands'
+                title: '✔ Credentials successfully saved',
+                body: `\n${chalk.bold('Contrast CLI')}`,
+                extra: 'Scan, secure and ship your code in minutes.'
             },
             credentialsMissing: {
                 title: 'Credentials missing',

package/dist/lambda/help.js

@@ -8,6 +8,9 @@ const command_line_usage_1 = __importDefault(require("command-line-usage"));
 const i18n_1 = __importDefault(require("i18n"));
 const commonHelp_1 = require("../common/commonHelp");
 const lambdaUsageGuide = (0, command_line_usage_1.default)([
+    {
+        header: i18n_1.default.__('constantsHeader')
+    },
     {
         header: i18n_1.default.__('lambdaHeader'),
         content: [i18n_1.default.__('lambdaSummary')]

package/dist/lambda/scanRequest.js

@@ -14,7 +14,9 @@ const commonApi_1 = require("../utils/commonApi");
 const logUtils_1 = require("./logUtils");
 const cliError_1 = require("./cliError");
 const constants_1 = require("./constants");
-const sendScanPostRequest = async (config, params, functionsEvent, showProgress = false) => {
+const requestUtils_1 = require("../utils/requestUtils");
+const MAX_RETRIES = 2;
+const sendScanPostRequest = async (config, params, functionsEvent, showProgress = false, retryNumber = 0) => {
     const client = (0, commonApi_1.getHttpClient)(config);
     if (showProgress) {
         (0, logUtils_1.log)(i18n_1.default.__('sendingScanRequest', { icon: log_symbols_1.default.success }));
@@ -38,6 +40,15 @@ const sendScanPostRequest = async (config, params, functionsEvent, showProgress
             });
             errorCode = false;
             break;
+        case 'not_supported_lambda':
+            description = i18n_1.default.__(errorCode);
+            errorCode = false;
+            break;
+        default:
+            if (retryNumber < MAX_RETRIES) {
+                await (0, requestUtils_1.sleep)(3 * 1000);
+                return sendScanPostRequest(config, params, functionsEvent, showProgress, retryNumber + 1);
+            }
     }
     throw new cliError_1.CliError(constants_1.ERRORS.FAILED_TO_START_SCAN, {
         statusCode,

package/dist/scaAnalysis/common/treeUpload.js

@@ -18,6 +18,9 @@ const commonSendSnapShot = async (analysis, config) => {
             return res.body;
         }
         else {
+            if (res.statusCode === 403) {
+                throw new Error(`🛑 Contrast audit failed \nPlease check you have the right permissions and the application ${config.applicationName ? config.applicationName : ''} has not been archived.`.replace(/ +(?= )/g, ''));
+            }
             throw new Error(res.statusCode + ` error processing dependencies`);
         }
     })

package/dist/scaAnalysis/javascript/analysis.js

@@ -32,46 +32,24 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
         throw new Error(i18n.__('nodeReadYarnLockFileError') + `${err.message}`);
     }
 };
-const parseNpmLockFile = async (js) => {
+const parseNpmLockFile = async (npmLockFile) => {
     try {
-        js.npmLockFile = JSON.parse(js.rawLockFileContents);
-        if (js.npmLockFile && js.npmLockFile.lockfileVersion > 1) {
-            const listOfTopDep = Object.keys(js.npmLockFile.dependencies);
-            Object.entries(js.npmLockFile.dependencies).forEach(([objKey, value]) => {
-                if (value.requires) {
-                    const listOfRequiresDep = Object.keys(value.requires);
-                    listOfRequiresDep.forEach(dep => {
-                        if (!listOfTopDep.includes(dep)) {
-                            addDepToLockFile(js, value['requires'], dep);
-                        }
-                    });
-                }
-                if (value.dependencies) {
-                    Object.entries(value.dependencies).forEach(([objChildKey, childValue]) => {
-                        if (childValue.requires) {
-                            const listOfRequiresDep = Object.keys(childValue.requires);
-                            listOfRequiresDep.forEach(dep => {
-                                if (!listOfTopDep.includes(dep)) {
-                                    addDepToLockFile(js, childValue['requires'], dep);
-                                }
-                            });
-                        }
-                    });
-                }
-            });
-            return js.npmLockFile;
-        }
-        else {
-            return js.npmLockFile;
+        if (!npmLockFile.parsedPackages) {
+            npmLockFile.parsedPackages = {};
         }
+        Object.entries(npmLockFile.packages).forEach(([packageKey, packageValue]) => {
+            if (packageKey.includes('node_modules/')) {
+                packageKey = packageKey.replace(/(node_modules\/)+/g, '');
+            }
+            npmLockFile.parsedPackages[packageKey] = packageValue;
+        });
+        delete npmLockFile.parsedPackages[''];
+        return npmLockFile;
     }
     catch (err) {
         throw new Error(i18n.__('NodeParseNPM') + `${err.message}`);
     }
 };
-const addDepToLockFile = (js, depObj, key) => {
-    return (js.npmLockFile.dependencies[key] = { version: depObj[key] });
-};
 const parseYarnLockFile = async (js) => {
     try {
         js.yarn.yarnLockFile = {};

package/dist/scaAnalysis/javascript/index.js

@@ -32,7 +32,20 @@ const readFiles = async (config, files) => {
 };
 const parseFiles = async (config, files, js) => {
     if (files.includes('package-lock.json')) {
-        js.npmLockFile = await analysis.parseNpmLockFile(js);
+        const npmLockFile = JSON.parse(js.rawLockFileContents);
+        const currentLockFileVersion = npmLockFile.lockfileVersion;
+        const generalRebuildMessage = '\nPlease update to Node 16+ & NPM 8+ or 9+ and then rebuild your package files.' +
+            '\nMore info here: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json';
+        if (currentLockFileVersion === 1) {
+            throw new Error(`NPM lockfileVersion 1 is no longer supported. \n ${generalRebuildMessage}`);
+        }
+        if (!currentLockFileVersion || !npmLockFile.packages) {
+            throw new Error(`package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`);
+        }
+        if (currentLockFileVersion === 3 && !config.experimental) {
+            throw new Error(`NPM lockfileVersion 3 is only supported when using the '-e' flag.`);
+        }
+        js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile);
     }
     if (files.includes('yarn.lock')) {
         js = await analysis.parseYarnLockFile(js);

package/dist/scaAnalysis/javascript/scaServiceParser.js

@@ -47,7 +47,7 @@ const chooseLockFile = rawNode => {
         return { lockFile: rawNode?.yarn?.yarnLockFile?.object, type: 'yarn' };
     }
     else if (rawNode.npmLockFile !== undefined) {
-        return { lockFile: rawNode?.npmLockFile?.dependencies, type: 'npm' };
+        return { lockFile: rawNode?.npmLockFile?.parsedPackages, type: 'npm' };
     }
     else {
         return undefined;
@@ -70,8 +70,8 @@ const createChildDependencies = (lockFileDep, currentDep) => {
 };
 const createNPMChildDependencies = (lockFileDep, currentDep) => {
     let depArray = [];
-    if (lockFileDep[currentDep]?.requires) {
-        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.requires)) {
+    if (lockFileDep[currentDep]?.dependencies) {
+        for (const [key, value] of Object.entries(lockFileDep[currentDep]?.dependencies)) {
             depArray.push(key);
         }
     }

package/dist/scan/help.js

@@ -4,6 +4,9 @@ const i18n = require('i18n');
 const constants = require('../cliConstants');
 const { commonHelpLinks } = require('../common/commonHelp');
 const scanUsageGuide = commandLineUsage([
+    {
+        header: i18n.__('constantsHeader')
+    },
     {
         header: i18n.__('scanHeader')
     },

package/dist/utils/settingsHelper.js

@@ -11,9 +11,9 @@ const getSettings = async (config) => {
 const isSCAServicesAvailable = async (config) => {
     const client = commonApi.getHttpClient(config);
     return client
-        .scaServiceIngests(config)
+        .scaServiceHealth(config)
         .then(res => {
-        return res.statusCode !== 403;
+        return res.body.status === 'UP';
     })
         .catch(err => {
         console.log(err);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.21",
+  "version": "1.0.22",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/cliConstants.js

@@ -212,6 +212,7 @@ const scanOptionDefinitions = [
 
 const authOptionDefinitions = [
   ...sharedConnectionOptionDefinitions,
+  ...sharedCertOptionDefinitions,
   {
     name: 'help',
     alias: 'h',
@@ -427,11 +428,11 @@ const mainUsageGuide = commandLineUsage([
     header: i18n.__('constantsCommands'),
     content: [
       { name: i18n.__('authName'), summary: i18n.__('helpAuthSummary') },
+      { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
+      { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
+      { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
       { name: i18n.__('scanName'), summary: i18n.__('helpScanSummary') },
       { name: i18n.__('lambdaName'), summary: i18n.__('helpLambdaSummary') },
-      { name: i18n.__('auditName'), summary: i18n.__('helpAuditSummary') },
-      { name: i18n.__('versionName'), summary: i18n.__('helpVersionSummary') },
-      { name: i18n.__('configName'), summary: i18n.__('helpConfigSummary') },
       { name: i18n.__('helpName'), summary: i18n.__('helpSummary') },
       { name: i18n.__('learnName'), summary: i18n.__('helpLearnSummary') }
     ]

package/src/commands/audit/help.js

@@ -4,6 +4,9 @@ const constants = require('../../cliConstants')
 const { commonHelpLinks } = require('../../common/commonHelp')
 
 const auditUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('constantsHeader')
+  },
   {
     header: i18n.__('auditHeader'),
     content: [i18n.__('auditHeaderMessage')]

package/src/commands/auth/auth.js

@@ -101,6 +101,11 @@ const authUsageGuide = commandLineUsage([
   {
     header: i18n.__('constantsAuthUsageHeader'),
     content: [i18n.__('constantsAuthUsageContents')]
+  },
+  {
+    header: i18n.__('constantsAdvancedOptions'),
+    optionList: constants.commandLineDefinitions.authOptionDefinitions,
+    hide: ['organization-id', 'api-key', 'authorization', 'host']
   }
 ])
 

package/src/commands/learn/processLearn.js

@@ -1,7 +1,7 @@
 const { openLearnPage } = require('./learn')
 
 async function processLearn() {
-  console.log('Opening develop central...')
+  console.log('Opening Contrast’s Secure Code Learning Hub...')
   console.log(
     'If the page does not open you can open it directly via https://www.contrastsecurity.com/developer/learn'
   )

package/src/common/HTTPClient.js

@@ -254,6 +254,13 @@ HTTPClient.prototype.scaServiceIngests = function scaServiceIngests(config) {
   return requestUtils.sendRequest({ method: 'get', options })
 }
 
+HTTPClient.prototype.scaServiceHealth = function scaServiceIngests(config) {
+  const options = _.cloneDeep(this.requestOptions)
+  let url = createScaServiceHealthURL(config)
+  options.url = url
+  return requestUtils.sendRequest({ method: 'get', options })
+}
+
 HTTPClient.prototype.getReportById = function getReportById(config, reportId) {
   const options = _.cloneDeep(this.requestOptions)
   if (config.ignoreDev) {
@@ -474,6 +481,10 @@ function createScaServiceIngestsURL(config) {
   return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests`
 }
 
+function createScaServiceHealthURL(config) {
+  return `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/health`
+}
+
 function createScaServiceIngestURL(config) {
   let baseUrl = `${config.host}/Contrast/api/sca/organizations/${config.organizationId}/applications/${config.applicationId}/libraries/ingests/tree`
   baseUrl = config.track ? baseUrl.concat('?persist=true') : baseUrl

package/src/constants/constants.js

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.21'
+const APP_VERSION = '1.0.22'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/constants/lambda.js

@@ -66,6 +66,7 @@ const lambda = {
     'Scanning a function of an inactive account is not supported',
   not_supported_runtime:
     'Scanning resource of runtime "{{runtime}}" is not supported.\nSupported runtimes: {{supportedRuntimes}}',
+  not_supported_lambda: 'This function cannot be scanned',
   not_supported_onboard_account:
     'Scanning a function of onboard account is not supported',
   scan_lock:

package/src/constants/locales.js

@@ -1,5 +1,6 @@
 const { lambda } = require('./lambda')
 const chalk = require('chalk')
+const { APP_VERSION } = require('./constants')
 
 const en_locales = () => {
   return {
@@ -83,7 +84,7 @@ const en_locales = () => {
       ' FAIL - Results detected vulnerabilities over accepted severity level',
     constantsSeverity:
       'Use with "contrast scan --fail --severity high" or "contrast audit --fail --severity high". Set the severity level to detect vulnerabilities or dependencies. Severity levels are critical, high, medium, low or note.',
-    constantsHeader: 'Contrast CLI',
+    constantsHeader: `Contrast CLI @ v${APP_VERSION}`,
     configHeader2: 'Config options',
     clearHeader: '-c, --clear',
     clearContent: 'Removes stored credentials',
@@ -160,13 +161,13 @@ const en_locales = () => {
     scanErrorFileMessage:
       'We only accept the following file types: \nJava - .jar, .war \nJavaScript - .js or .zip files',
     helpAuthSummary:
-      'Authenticate Contrast using your Github or Google account',
+      'Authenticate Contrast using your Github or Google account OR include credentials if you are an existing licensed Contrast user.',
     helpAuditSummary:
-      'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. [Contrast audit --help (for options).]',
+      'Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results. \n[audit --help for options] Java, .NET, Node, Ruby, Python, Go, PHP are supported. ',
     helpScanSummary:
-      'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. [For further help/options, enter scan --help]',
+      'Searches for a .jar, .war, .js, or .zip file in the working directory, uploads files for analysis, and returns the results. \n[scan --help for options] Java, .NET, .NET Core, JavaScript are supported. ',
     helpLambdaSummary:
-      'Performs a static security scan on an AWS lambda function. lambda --help (for options)',
+      'Performs a static security scan on an AWS lambda function. [lambda --help for options] AWS Lambda - Java & Python are supported. ',
     helpVersionSummary: 'Displays version of Contrast CLI',
     helpConfigSummary: 'Displays stored credentials',
     helpSummary: 'Displays usage guide',
@@ -178,7 +179,7 @@ const en_locales = () => {
     configName: 'config',
     helpName: 'help',
     learnName: 'learn',
-    helpLearnSummary: 'launches Contrast’s Secure Code Learning Hub.',
+    helpLearnSummary: 'Launches Contrast’s Secure Code Learning Hub.',
     fingerprintName:
       'assess repo to see how many languages it can detect. For use in pipeline only.',
     depthOption:
@@ -202,7 +203,7 @@ const en_locales = () => {
       chalk.bold('\ncontrast audit') +
       ' to find vulnerabilities in your open source dependencies.' +
       '\nSupports Java, .NET, Node, Ruby, Python, Go and PHP.' +
-      '\nOur CLI runs native build tools to generate a complete dependency tree.' +
+      '\n\nOur CLI runs native build tools to generate a complete dependency tree.' +
       '\nIf you are running on untrusted code, consider running in a sandbox.\n' +
       chalk.bold('\ncontrast lambda') +
       ' to secure your AWS serverless functions. \nSupports Java and Python \n' +
@@ -216,7 +217,7 @@ const en_locales = () => {
     searchingScanFileDirectory: 'Searching for file to scan from %s...',
     searchingAuditFileDirectory:
       'Searching for package manager files from %s...',
-    scanHeader: 'Contrast Scan CLI',
+    scanHeader: `Contrast Scan CLI`,
     authHeader: 'Auth',
     lambdaHeader: 'Contrast Lambda CLI',
     lambdaSummary:
@@ -257,7 +258,7 @@ const en_locales = () => {
       'An error has occurred when trying to get the Project Id please check your internet connection or provide the Project Id manually',
     internalServerErrorHeader: '500 error - Internal server error',
     resourceLockedErrorHeader: '423 error - Resource is locked',
-    auditHeader: 'Contrast audit help',
+    auditHeader: 'Contrast Audit CLI',
     auditHeaderMessage:
       "Use 'contrast audit' to analyze a project’s dependencies for vulnerabilities.",
     constantsAuditPrerequisitesContentSupportedLanguages:
@@ -329,18 +330,18 @@ const en_locales = () => {
     commonHelpJoinDiscussionText:
       ' https://www.contrastsecurity.com/developer/community',
     commonHelpLearnHeader:
-      chalk.hex('#ffe599')('\rWant to UP your game?') +
+      chalk.hex('#ffe599')('\r  Want to UP your game?') +
       " type 'contrast learn'",
-    commonHelpLearnText: `\n🎓 Advance your security knowledge and become an ${chalk.hex(
+    commonHelpLearnText: `\n💰 Advance your security knowledge and become an ${chalk.hex(
       '#ffd966'
     )('All-star coder')} ⭐  with ${chalk.bold(
       'Contrast Secure Code Learning Hub.'
     )} 😺`,
     authCommand: {
       credentialsAccepted: {
-        title: 'Credentials accepted',
-        body: 'Now run contrast audit, lambda or scan',
-        extra: 'Or contrast help for full list of commands'
+        title: '✔ Credentials successfully saved',
+        body: `\n${chalk.bold('Contrast CLI')}`,
+        extra: 'Scan, secure and ship your code in minutes.'
       },
       credentialsMissing: {
         title: 'Credentials missing',

package/src/index.ts

@@ -16,7 +16,6 @@ import {
 } from './common/versionChecker'
 import { findCommandOnError } from './common/errorHandling'
 import { sendTelemetryConfigAsConfObj } from './telemetry/telemetry'
-import { openLearnPage } from './commands/learn/learn'
 import { processLearn } from './commands/learn/processLearn'
 const {
   commandLineDefinitions: { mainUsageGuide, mainDefinition }

package/src/lambda/help.ts

@@ -3,6 +3,9 @@ import i18n from 'i18n'
 import { commonHelpLinks } from '../common/commonHelp'
 
 const lambdaUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('constantsHeader')
+  },
   {
     header: i18n.__('lambdaHeader'),
     content: [i18n.__('lambdaSummary')]

package/src/lambda/scanRequest.ts

@@ -14,12 +14,22 @@ import { ApiParams, LambdaOptions } from './lambda'
 import { log, prettyPrintJson } from './logUtils'
 import { CliError } from './cliError'
 import { ERRORS } from './constants'
+import { sleep } from '../utils/requestUtils'
 
-const sendScanPostRequest = async (
+const MAX_RETRIES = 2
+
+const sendScanPostRequest: (
   config: any,
   params: ApiParams,
   functionsEvent: unknown,
-  showProgress = false
+  showProgress?: boolean,
+  retryNumber?: number
+) => any = async (
+  config,
+  params,
+  functionsEvent,
+  showProgress = false,
+  retryNumber = 0
 ) => {
   const client = getHttpClient(config)
 
@@ -50,6 +60,21 @@ const sendScanPostRequest = async (
       })
       errorCode = false
       break
+    case 'not_supported_lambda':
+      description = i18n.__(errorCode)
+      errorCode = false
+      break
+    default:
+      if (retryNumber < MAX_RETRIES) {
+        await sleep(3 * 1000)
+        return sendScanPostRequest(
+          config,
+          params,
+          functionsEvent,
+          showProgress,
+          retryNumber + 1
+        )
+      }
   }
 
   throw new CliError(ERRORS.FAILED_TO_START_SCAN, {

package/src/scaAnalysis/common/treeUpload.js

@@ -18,6 +18,13 @@ const commonSendSnapShot = async (analysis, config) => {
       if (res.statusCode === 201) {
         return res.body
       } else {
+        if (res.statusCode === 403) {
+          throw new Error(
+            `🛑 Contrast audit failed \nPlease check you have the right permissions and the application ${
+              config.applicationName ? config.applicationName : ''
+            } has not been archived.`.replace(/ +(?= )/g, '')
+          )
+        }
         throw new Error(res.statusCode + ` error processing dependencies`)
       }
     })

package/src/scaAnalysis/javascript/analysis.js

@@ -44,48 +44,33 @@ const readYarn = async (config, languageFiles, nameOfFile) => {
   }
 }
 
-const parseNpmLockFile = async js => {
+const parseNpmLockFile = async npmLockFile => {
   try {
-    js.npmLockFile = JSON.parse(js.rawLockFileContents)
-    if (js.npmLockFile && js.npmLockFile.lockfileVersion > 1) {
-      const listOfTopDep = Object.keys(js.npmLockFile.dependencies)
-      Object.entries(js.npmLockFile.dependencies).forEach(([objKey, value]) => {
-        if (value.requires) {
-          const listOfRequiresDep = Object.keys(value.requires)
-          listOfRequiresDep.forEach(dep => {
-            if (!listOfTopDep.includes(dep)) {
-              addDepToLockFile(js, value['requires'], dep)
-            }
-          })
-        }
+    if (!npmLockFile.parsedPackages) {
+      npmLockFile.parsedPackages = {}
+    }
 
-        if (value.dependencies) {
-          Object.entries(value.dependencies).forEach(
-            ([objChildKey, childValue]) => {
-              if (childValue.requires) {
-                const listOfRequiresDep = Object.keys(childValue.requires)
-                listOfRequiresDep.forEach(dep => {
-                  if (!listOfTopDep.includes(dep)) {
-                    addDepToLockFile(js, childValue['requires'], dep)
-                  }
-                })
-              }
-            }
-          )
+    Object.entries(npmLockFile.packages).forEach(
+      ([packageKey, packageValue]) => {
+        if (packageKey.includes('node_modules/')) {
+          //remove object keys node modules prefixing
+          //e.g: node_modules/@aws-amplify/datastore/node_modules/uuid --> @aws-amplify/datastore/uuid
+          packageKey = packageKey.replace(/(node_modules\/)+/g, '')
         }
-      })
-      return js.npmLockFile
-    } else {
-      return js.npmLockFile
-    }
+
+        npmLockFile.parsedPackages[packageKey] = packageValue
+      }
+    )
+
+    //remove base project package - unneeded
+    delete npmLockFile.parsedPackages['']
+
+    return npmLockFile
   } catch (err) {
     throw new Error(i18n.__('NodeParseNPM') + `${err.message}`)
   }
 }
 
-const addDepToLockFile = (js, depObj, key) => {
-  return (js.npmLockFile.dependencies[key] = { version: depObj[key] })
-}
 const parseYarnLockFile = async js => {
   try {
     js.yarn.yarnLockFile = {}

package/src/scaAnalysis/javascript/index.js

@@ -14,9 +14,11 @@ const jsAnalysis = async (config, languageFiles) => {
 const buildNodeTree = async (config, files) => {
   let analysis = await readFiles(config, files)
   const rawNode = await parseFiles(config, files, analysis)
+
   if (config.experimental) {
     return scaServiceParser.parseJS(rawNode)
   }
+
   return formatMessage.createJavaScriptTSMessage(rawNode)
 }
 
@@ -44,8 +46,34 @@ const readFiles = async (config, files) => {
 
 const parseFiles = async (config, files, js) => {
   if (files.includes('package-lock.json')) {
-    js.npmLockFile = await analysis.parseNpmLockFile(js)
+    const npmLockFile = JSON.parse(js.rawLockFileContents)
+
+    const currentLockFileVersion = npmLockFile.lockfileVersion
+    const generalRebuildMessage =
+      '\nPlease update to Node 16+ & NPM 8+ or 9+ and then rebuild your package files.' +
+      '\nMore info here: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json'
+
+    if (currentLockFileVersion === 1) {
+      throw new Error(
+        `NPM lockfileVersion 1 is no longer supported. \n ${generalRebuildMessage}`
+      )
+    }
+
+    if (!currentLockFileVersion || !npmLockFile.packages) {
+      throw new Error(
+        `package-lock.json needs to be in the NPM v2 or v3 format. \n ${generalRebuildMessage}`
+      )
+    }
+
+    if (currentLockFileVersion === 3 && !config.experimental) {
+      throw new Error(
+        `NPM lockfileVersion 3 is only supported when using the '-e' flag.`
+      )
+    }
+
+    js.npmLockFile = await analysis.parseNpmLockFile(npmLockFile)
   }
+
   if (files.includes('yarn.lock')) {
     js = await analysis.parseYarnLockFile(js)
   }

package/src/scaAnalysis/javascript/scaServiceParser.js

@@ -77,7 +77,7 @@ const chooseLockFile = rawNode => {
   if (rawNode?.yarn?.yarnLockFile !== undefined) {
     return { lockFile: rawNode?.yarn?.yarnLockFile?.object, type: 'yarn' }
   } else if (rawNode.npmLockFile !== undefined) {
-    return { lockFile: rawNode?.npmLockFile?.dependencies, type: 'npm' }
+    return { lockFile: rawNode?.npmLockFile?.parsedPackages, type: 'npm' }
   } else {
     return undefined
   }
@@ -105,9 +105,9 @@ const createChildDependencies = (lockFileDep, currentDep) => {
 
 const createNPMChildDependencies = (lockFileDep, currentDep) => {
   let depArray = []
-  if (lockFileDep[currentDep]?.requires) {
+  if (lockFileDep[currentDep]?.dependencies) {
     for (const [key, value] of Object.entries(
-      lockFileDep[currentDep]?.requires
+      lockFileDep[currentDep]?.dependencies
     )) {
       depArray.push(key)
     }

package/src/scan/help.js

@@ -4,6 +4,9 @@ const constants = require('../cliConstants')
 const { commonHelpLinks } = require('../common/commonHelp')
 
 const scanUsageGuide = commandLineUsage([
+  {
+    header: i18n.__('constantsHeader')
+  },
   {
     header: i18n.__('scanHeader')
   },

package/src/utils/settingsHelper.js

@@ -12,9 +12,9 @@ const getSettings = async config => {
 const isSCAServicesAvailable = async config => {
   const client = commonApi.getHttpClient(config)
   return client
-    .scaServiceIngests(config)
+    .scaServiceHealth(config)
     .then(res => {
-      return res.statusCode !== 403
+      return res.body.status === 'UP'
     })
     .catch(err => {
       console.log(err)