npm - @socketsecurity/cli-with-sentry - Versions diffs - 0.14.152 → 0.14.154 - Mend

@socketsecurity/cli-with-sentry 0.14.152 → 0.14.154

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/dist/cli.js CHANGED Viewed

@@ -2045,8 +2045,8 @@ async function fetchSupportedScanFileNames() {
     'fetching supported scan file types'
   )
   spinner.stop()
-  logger.logger.success(
-    'Received response while fetched supported scan file types.'
+  logger.logger.error(
+    'Received response while fetching supported scan file types.'
   )
   if (!result.success) {
     return handleFailedApiResponse('getReportSupportedFiles', result)
@@ -2089,7 +2089,7 @@ async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
   function updateProgress() {
     if (finishedFetching) {
       spinner.stop()
-      logger.logger.info(
+      logger.logger.error(
         `Scan result: ${scanStatus}. Security policy: ${policyStatus}.`
       )
     } else {
@@ -2110,7 +2110,7 @@ async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
       return {
         ok: false,
         message: 'Socket API returned an error',
-        cause: `${response.statusText}${err ? ` (cause: ${err}` : ''}`
+        cause: `${response.statusText}${err ? ` (cause: ${err})` : ''}`
       }
     }
     updateScan(`ok, downloading response..`)
@@ -2196,6 +2196,8 @@ async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
   }
 }
+// Note: The returned cresult will only be ok:false when the generation
+//       failed. It won't reflect the healthy state.
 function generateReport(
   scan,
   securityPolicy,
@@ -2334,21 +2336,36 @@ function generateReport(
     })
   }
   spinner?.successAndStop(`Generated reported in ${Date.now() - now} ms`)
-  const report = short
-    ? {
+  if (short) {
+    return {
+      ok: true,
+      data: {
         healthy
       }
-    : {
-        healthy,
-        orgSlug,
-        scanId,
-        options: {
-          fold,
-          reportLevel
-        },
-        alerts: violations
-      }
-  return report
+    }
+  }
+  const report = {
+    healthy,
+    orgSlug,
+    scanId,
+    options: {
+      fold,
+      reportLevel
+    },
+    alerts: violations
+  }
+  if (!healthy) {
+    return {
+      ok: true,
+      message:
+        'The report contains at least one alert that violates the policies set by your organization',
+      data: report
+    }
+  }
+  return {
+    ok: true,
+    data: report
+  }
 }
 function createLeaf(art, alert, policyAction) {
   const leaf = {
@@ -2512,16 +2529,32 @@ async function outputScanReport(
       spinner: constants.spinner
     }
   )
-  if (!scanReport.healthy) {
-    process.exitCode = 1 // TODO: we could use a different code to distinct program error from health check failure...
+  if (!scanReport.ok) {
+    // Note: this means generation failed, it does not reflect the healthy state
+    process.exitCode = scanReport.code ?? 1
+    // If report generation somehow failed then .data should not be set.
+    if (outputKind === 'json') {
+      logger.logger.log(serializeResultJson(scanReport))
+      return
+    }
+    logger.logger.fail(failMsgWithBadge(scanReport.message, scanReport.cause))
+    return
   }
+  // I don't think we emit the default error message with banner for an unhealhty report, do we?
+  // if (!scanReport.data.healhty) {
+  //   logger.fail(failMsgWithBadge(scanReport.message, scanReport.cause))
+  //   return
+  // }
   if (
     outputKind === 'json' ||
     (outputKind === 'text' && filePath && filePath.endsWith('.json'))
   ) {
     const json = short
-      ? JSON.stringify(scanReport, null, 2)
-      : toJsonReport(scanReport, includeLicensePolicy)
+      ? serializeResultJson(scanReport)
+      : toJsonReport(scanReport.data, includeLicensePolicy)
     if (filePath && filePath !== '-') {
       logger.logger.log('Writing json report to', filePath)
       return await fs.writeFile(filePath, json)
@@ -2531,8 +2564,12 @@ async function outputScanReport(
   }
   if (outputKind === 'markdown' || (filePath && filePath.endsWith('.md'))) {
     const md = short
-      ? `healthy = ${scanReport.healthy}`
-      : toMarkdownReport(scanReport, includeLicensePolicy)
+      ? `healthy = ${scanReport.data.healthy}`
+      : toMarkdownReport(
+          scanReport.data,
+          // not short so must be regular report
+          includeLicensePolicy
+        )
     if (filePath && filePath !== '-') {
       logger.logger.log('Writing markdown report to', filePath)
       return await fs.writeFile(filePath, md)
@@ -2542,25 +2579,24 @@ async function outputScanReport(
     return
   }
   if (short) {
-    logger.logger.log(scanReport.healthy ? 'OK' : 'ERR')
+    logger.logger.log(scanReport.data.healthy ? 'OK' : 'ERR')
   } else {
-    logger.logger.dir(scanReport, {
+    logger.logger.dir(scanReport.data, {
       depth: null
     })
   }
 }
 function toJsonReport(report, includeLicensePolicy) {
   const obj = mapToObject(report.alerts)
-  const json = JSON.stringify(
-    {
-      includeLicensePolicy,
-      ...report,
-      alerts: obj
-    },
-    null,
-    2
-  )
-  return json
+  const newReport = {
+    includeLicensePolicy,
+    ...report,
+    alerts: obj
+  }
+  return serializeResultJson({
+    ok: true,
+    data: newReport
+  })
 }
 function toMarkdownReport(report, includeLicensePolicy) {
   const flatData = Array.from(walkNestedMap(report.alerts)).map(
@@ -4501,6 +4537,7 @@ async function npmFix(
   // Lazily access constants.ENV.CI.
   const isCi = constants.ENV.CI
+  const baseBranch = isCi ? getBaseGitBranch() : ''
   const workspacePkgJsonPaths = await shadowNpmInject.globWorkspace(
     pkgEnvDetails.agent,
     rootPath
@@ -4602,13 +4639,19 @@ async function npmFix(
           }
           const revertData = {
             ...(editablePkgJson.content.dependencies && {
-              dependencies: editablePkgJson.content.dependencies
+              dependencies: {
+                ...editablePkgJson.content.dependencies
+              }
             }),
             ...(editablePkgJson.content.optionalDependencies && {
-              optionalDependencies: editablePkgJson.content.optionalDependencies
+              optionalDependencies: {
+                ...editablePkgJson.content.optionalDependencies
+              }
             }),
             ...(editablePkgJson.content.peerDependencies && {
-              peerDependencies: editablePkgJson.content.peerDependencies
+              peerDependencies: {
+                ...editablePkgJson.content.peerDependencies
+              }
             })
           }
           shadowNpmInject.updateNode(node, newVersion, newVersionPackument)
@@ -4620,10 +4663,21 @@ async function npmFix(
             rangeStyle
           )
           // eslint-disable-next-line no-await-in-loop
-          if (!(await editablePkgJson.save())) {
+          if (
+            !(await editablePkgJson.save({
+              ignoreWhitespace: true
+            }))
+          ) {
             debug.debugLog(
               `Nothing changed for ${workspaceName}, skipping install`
             )
+            // Reset things just in case.
+            if (isCi) {
+              // eslint-disable-next-line no-await-in-loop
+              await gitHardReset(baseBranch, cwd)
+              // eslint-disable-next-line no-await-in-loop
+              await gitCleanFdx(cwd)
+            }
             continue
           }
           spinner?.info(`Installing ${newId} in ${workspaceName}`)
@@ -4649,7 +4703,6 @@ async function npmFix(
             errored = true
             error = e
           }
-          const baseBranch = isCi ? getBaseGitBranch() : ''
           if (!errored && isCi) {
             const branch = getSocketBranchName(
               oldPurl,
@@ -4712,7 +4765,9 @@ async function npmFix(
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([
                 shadowNpmInject.removeNodeModules(cwd),
-                editablePkgJson.save()
+                editablePkgJson.save({
+                  ignoreWhitespace: true
+                })
               ])
               // eslint-disable-next-line no-await-in-loop
               await install$1(arb.idealTree, {
@@ -4938,7 +4993,6 @@ async function pnpmFix(
   const infoByPkg = shadowNpmInject.getCveInfoByAlertsMap(alertsMap, {
     limit
   })
-  console.log(infoByPkg)
   if (!infoByPkg) {
     spinner?.stop()
     logger.logger.info('No fixable vulnerabilities found.')
@@ -4947,6 +5001,7 @@ async function pnpmFix(
   // Lazily access constants.ENV.CI.
   const isCi = constants.ENV.CI
+  const baseBranch = isCi ? getBaseGitBranch() : ''
   const workspacePkgJsonPaths = await shadowNpmInject.globWorkspace(
     pkgEnvDetails.agent,
     rootPath
@@ -5077,13 +5132,19 @@ async function pnpmFix(
                 }
               : {}),
             ...(editablePkgJson.content.dependencies && {
-              dependencies: editablePkgJson.content.dependencies
+              dependencies: {
+                ...editablePkgJson.content.dependencies
+              }
             }),
             ...(editablePkgJson.content.optionalDependencies && {
-              optionalDependencies: editablePkgJson.content.optionalDependencies
+              optionalDependencies: {
+                ...editablePkgJson.content.optionalDependencies
+              }
             }),
             ...(editablePkgJson.content.peerDependencies && {
-              peerDependencies: editablePkgJson.content.peerDependencies
+              peerDependencies: {
+                ...editablePkgJson.content.peerDependencies
+              }
             })
           }
           if (updateData) {
@@ -5097,10 +5158,21 @@ async function pnpmFix(
             rangeStyle
           )
           // eslint-disable-next-line no-await-in-loop
-          if (!(await editablePkgJson.save())) {
+          if (
+            !(await editablePkgJson.save({
+              ignoreWhitespace: true
+            }))
+          ) {
             debug.debugLog(
               `Nothing changed for ${workspaceName}, skipping install`
             )
+            // Reset things just in case.
+            if (isCi) {
+              // eslint-disable-next-line no-await-in-loop
+              await gitHardReset(baseBranch, cwd)
+              // eslint-disable-next-line no-await-in-loop
+              await gitCleanFdx(cwd)
+            }
             continue
           }
           spinner?.info(`Installing ${newId} in ${workspaceName}`)
@@ -5127,7 +5199,6 @@ async function pnpmFix(
             error = e
             errored = true
           }
-          const baseBranch = isCi ? getBaseGitBranch() : ''
           if (!errored && isCi) {
             const branch = getSocketBranchName(
               oldPurl,
@@ -5191,7 +5262,9 @@ async function pnpmFix(
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([
                 shadowNpmInject.removeNodeModules(cwd),
-                editablePkgJson.save()
+                editablePkgJson.save({
+                  ignoreWhitespace: true
+                })
               ])
               // eslint-disable-next-line no-await-in-loop
               actualTree = await install(pkgEnvDetails, {
@@ -8569,11 +8642,11 @@ async function outputLicensePolicy(result, outputKind) {
   logger.logger.log('')
   logger.logger.log('This is the license policy for your organization:')
   logger.logger.log('')
-  const rules = result.data.license_policy
+  const rules = result.data['license_policy']
   const entries = rules ? Object.entries(rules) : []
   const mapped = entries.map(([key, value]) => [
     key,
-    value.allowed ? ' yes' : ' no'
+    value?.['allowed'] ? ' yes' : ' no'
   ])
   mapped.sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0))
   logger.logger.log(mdTableOfPairs(mapped, ['License Name', 'Allowed']))
@@ -9001,7 +9074,7 @@ const cmdOrganization = {
 }
 async function fetchPurlDeepScore(purl) {
-  logger.logger.info(`Requesting deep score data for this purl: ${purl}`)
+  logger.logger.error(`Requesting deep score data for this purl: ${purl}`)
   const apiToken = shadowNpmInject.getDefaultToken()
   if (!apiToken) {
     return {
@@ -9037,7 +9110,7 @@ async function fetchPurlDeepScore(purl) {
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${result.statusText}${err ? ` (cause: ${err}` : ''}`
+      cause: `${result.statusText}${err ? ` (cause: ${err})` : ''}`
     }
   }
   const data = await handleApiCall(await result.text(), 'Reading text')
@@ -9408,7 +9481,7 @@ async function run$j(argv, importMeta, { parentName }) {
 }
 async function fetchPurlsShallowScore(purls) {
-  logger.logger.info(
+  logger.logger.error(
     `Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`
   )
   const sockSdk = await shadowNpmInject.setupSdk(
@@ -9435,9 +9508,11 @@ async function fetchPurlsShallowScore(purls) {
   if (!result.success) {
     return handleFailedApiResponse('batchPackageFetch', result)
   }
+  // TODO: seems like there's a bug in the typing since we absolutely have to return the .data here
   return {
     ok: true,
-    data: result
+    data: result.data
   }
 }
@@ -9960,7 +10035,7 @@ async function fetchCreateRepo({
   }
 }
-async function outputCreateRepo(result, outputKind) {
+async function outputCreateRepo(result, requestedName, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1
   }
@@ -9972,7 +10047,9 @@ async function outputCreateRepo(result, outputKind) {
     logger.logger.fail(failMsgWithBadge(result.message, result.cause))
     return
   }
-  logger.logger.success('Repository created successfully')
+  logger.logger.success(
+    `OK. Repository created successfully, slug: \`${result.data.slug}\`${result.data.slug !== requestedName ? ' (Warning: slug is not the same as name that was requested!)' : ''}`
+  )
 }
 async function handleCreateRepo(
@@ -9987,7 +10064,7 @@ async function handleCreateRepo(
     repoName,
     visibility
   })
-  await outputCreateRepo(data, outputKind)
+  await outputCreateRepo(data, repoName, outputKind)
 }
 const { DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$d } = constants
@@ -9997,6 +10074,7 @@ const config$d = {
   hidden: false,
   flags: {
     ...commonFlags,
+    ...outputFlags,
     defaultBranch: {
       type: 'string',
       shortFlag: 'b',
@@ -10160,7 +10238,7 @@ async function fetchDeleteRepo(orgSlug, repoName) {
   }
 }
-async function outputDeleteRepo(result, outputKind) {
+async function outputDeleteRepo(result, repoName, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1
   }
@@ -10172,12 +10250,12 @@ async function outputDeleteRepo(result, outputKind) {
     logger.logger.fail(failMsgWithBadge(result.message, result.cause))
     return
   }
-  logger.logger.success('Repository deleted successfully')
+  logger.logger.success(`OK. Repository \`${repoName}\` deleted successfully`)
 }
 async function handleDeleteRepo(orgSlug, repoName, outputKind) {
   const data = await fetchDeleteRepo(orgSlug, repoName)
-  await outputDeleteRepo(data, outputKind)
+  await outputDeleteRepo(data, repoName, outputKind)
 }
 const { DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$c } = constants
@@ -10187,6 +10265,7 @@ const config$c = {
   hidden: false,
   flags: {
     ...commonFlags,
+    ...outputFlags,
     interactive: {
       type: 'boolean',
       default: true,
@@ -10227,8 +10306,7 @@ async function run$c(argv, importMeta, { parentName }) {
     parentName
   })
   const { dryRun, interactive, json, markdown, org: orgFlag } = cli.flags
-  const outputKind = getOutputKind(json, markdown) // TODO: impl json/md further
+  const outputKind = getOutputKind(json, markdown)
   const [orgSlug, defaultOrgSlug] = await determineOrgSlug(
     String(orgFlag || ''),
     cli.input[0] || '',
@@ -10368,6 +10446,7 @@ const config$b = {
   hidden: false,
   flags: {
     ...commonFlags,
+    ...outputFlags,
     sort: {
       type: 'string',
       shortFlag: 's',
@@ -10401,8 +10480,7 @@ const config$b = {
       shortFlag: 'p',
       default: 1,
       description: 'Page number'
-    },
-    ...outputFlags
+    }
   },
   help: (command, config) => `
     Usage
@@ -10520,7 +10598,7 @@ async function fetchUpdateRepo({
   }
 }
-async function outputUpdateRepo(result, outputKind) {
+async function outputUpdateRepo(result, repoName, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1
   }
@@ -10532,7 +10610,7 @@ async function outputUpdateRepo(result, outputKind) {
     logger.logger.fail(failMsgWithBadge(result.message, result.cause))
     return
   }
-  logger.logger.success('Repository updated successfully')
+  logger.logger.success(`Repository \`${repoName}\` updated successfully`)
 }
 async function handleUpdateRepo(
@@ -10547,7 +10625,7 @@ async function handleUpdateRepo(
     repoName,
     visibility
   })
-  await outputUpdateRepo(data, outputKind)
+  await outputUpdateRepo(data, repoName, outputKind)
 }
 const { DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$a } = constants
@@ -10557,6 +10635,7 @@ const config$a = {
   hidden: false,
   flags: {
     ...commonFlags,
+    ...outputFlags,
     defaultBranch: {
       type: 'string',
       shortFlag: 'b',
@@ -11394,7 +11473,7 @@ async function fetchDiffScan({ id1, id2, orgSlug }) {
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${response.statusText}${err ? ` (cause: ${err}` : ''}`
+      cause: `${response.statusText}${err ? ` (cause: ${err})` : ''}`
     }
   }
   const result = await handleApiCall(
@@ -12334,7 +12413,7 @@ async function run$3(argv, importMeta, { parentName }) {
     },
     {
       test: !!scanId,
-      message: 'Scan ID to fetch',
+      message: 'Scan ID to report on',
       pass: 'ok',
       fail: 'missing'
     },
@@ -12397,7 +12476,7 @@ async function fetchScan(orgSlug, scanId) {
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${response.statusText}${err ? ` (cause: ${err}` : ''}`
+      cause: `${response.statusText}${err ? ` (cause: ${err})` : ''}`
     }
   }
@@ -12626,7 +12705,7 @@ async function run$2(argv, importMeta, { parentName }) {
     },
     {
       test: !!scanId,
-      message: 'Scan ID to delete',
+      message: 'Scan ID to view',
       pass: 'ok',
       fail: 'missing'
     },
@@ -13387,5 +13466,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=135a219a-0252-443a-99a0-771e1fbdf9c6
+//# debugId=406eb2c1-5d4f-41ac-a034-b9fcf6230684
 //# sourceMappingURL=cli.js.map