npm - @socketsecurity/cli-with-sentry - Versions diffs - 0.14.53 → 0.14.56 - Mend

@socketsecurity/cli-with-sentry 0.14.53 → 0.14.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/constants.d.ts +6 -5
package/dist/constants.js +11 -14
package/dist/constants.js.map +1 -1
package/dist/instrument-with-sentry.js +2 -2
package/dist/instrument-with-sentry.js.map +1 -1
package/dist/module-sync/cli.js +926 -450
package/dist/module-sync/cli.js.map +1 -1
package/dist/module-sync/index.d.ts +7 -8
package/dist/module-sync/index.js +20 -15
package/dist/module-sync/index.js.map +1 -1
package/dist/module-sync/npm-paths.js +2 -13
package/dist/module-sync/npm-paths.js.map +1 -1
package/dist/module-sync/path-resolve.d.ts +2 -3
package/dist/module-sync/reify.d.ts +6 -4
package/dist/module-sync/settings.d.ts +1 -1
package/dist/module-sync/shadow-bin.d.ts +1 -1
package/dist/module-sync/shadow-bin.js +7 -7
package/dist/module-sync/shadow-bin.js.map +1 -1
package/dist/require/cli.js +926 -450
package/dist/require/cli.js.map +1 -1
package/package.json +47 -68

package/dist/module-sync/index.d.ts CHANGED Viewed

@@ -120,21 +120,21 @@ type SocketArtifact = {
     id?: string | undefined;
     author?: string[];
     license?: string | undefined;
-    licenseDetails?: {
+    licenseDetails?: Array<{
         spdxDisj: string;
         provenance: string;
         filepath: string;
         match_strength: number;
-    }[];
-    licenseAttrib?: {
+    }>;
+    licenseAttrib?: Array<{
         attribText: string;
-        attribData: {
+        attribData: Array<{
             purl: string;
             foundInFilepath: string;
             spdxExpr: string;
             foundAuthors: string[];
-        }[];
-    }[];
+        }>;
+    }>;
     score?: {
         supplyChain: number;
         quality: number;
@@ -171,7 +171,6 @@ declare function readFileUtf8(filepath: PathLike | FileHandle, options?: ReadFil
 declare function safeReadFile(...args: Parameters<typeof fs.readFile>): ReturnType<typeof fs.readFile> | undefined;
 declare function safeReadFileSync(...args: Parameters<typeof fsReadFileSync>): ReturnType<typeof fsReadFileSync> | undefined;
 declare const Arborist: ArboristClass;
-declare const kCtorArgs: unique symbol;
 declare const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES: {
     __proto__: null;
     audit: boolean;
@@ -189,4 +188,4 @@ declare class SafeArborist extends Arborist {
     // @ts-ignore Incorrectly typed.
     reify(this: SafeArborist, ...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
 }
-export { SafeOverrideSet, depValid, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl, ColorOrMarkdown, createAlertUXLookup, uxLookup, CveAlertType, ArtifactAlertCveFixable, ArtifactAlertFixable, SocketArtifactAlert, SocketArtifact, batchScan, isArtifactAlertCveFixable, isArtifactAlertUpgradeFixable, isArtifactAlertFixable, PackageDetail, getPackagesToQueryFromDiff, findUp, ReadFileOptions, readFileBinary, readFileUtf8, safeReadFile, safeReadFileSync, Arborist, kCtorArgs, SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES, SafeArborist };
+export { SafeOverrideSet, depValid, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl, ColorOrMarkdown, createAlertUXLookup, uxLookup, CveAlertType, ArtifactAlertCveFixable, ArtifactAlertFixable, SocketArtifactAlert, SocketArtifact, batchScan, isArtifactAlertCveFixable, isArtifactAlertUpgradeFixable, isArtifactAlertFixable, PackageDetail, getPackagesToQueryFromDiff, findUp, ReadFileOptions, readFileBinary, readFileUtf8, safeReadFile, safeReadFileSync, Arborist, SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES, SafeArborist };

package/dist/module-sync/index.js CHANGED Viewed

@@ -387,8 +387,9 @@ async function* createBatchGenerator(chunk) {
     method: 'POST',
     headers: {
       Authorization: `Basic ${btoa(`${getPublicToken()}:`)}`
-    },
-    signal: abortSignal$1
+    }
+    // TODO: Fix to not abort process on network abort.
+    // signal: abortSignal
   }).end(JSON.stringify({
     components: chunk.map(id => ({
       purl: `pkg:npm/${id}`
@@ -1577,6 +1578,7 @@ async function getPackagesAlerts(arb, options) {
     consolidate = false,
     includeExisting = false,
     includeUnfixable = true,
+    includeUpgrades = false,
     output
   } = {
     __proto__: null,
@@ -1633,7 +1635,7 @@ async function getPackagesAlerts(arb, options) {
       }
       const fixableCve = isArtifactAlertCveFixable(alert);
       const fixableUpgrade = isArtifactAlertUpgradeFixable(alert);
-      if ((fixableCve || fixableUpgrade || includeUnfixable) && !(fixableUpgrade && hasOverride(pkgJson, name))) {
+      if (includeUnfixable || fixableCve || includeUpgrades && fixableUpgrade && !hasOverride(pkgJson, name)) {
         sockPkgAlerts.push({
           name,
           version,
@@ -1751,14 +1753,16 @@ function getCveInfoByPackage(alerts, options) {
   }
   return infoByPkg;
 }
+const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
-async function reify(...args) {
+async function reify(arb, args, level = 1) {
   const {
     stderr: output,
     stdin: input
   } = process;
-  const alerts = await getPackagesAlerts(this, {
-    output
+  const alerts = await getPackagesAlerts(arb, {
+    output,
+    includeUnfixable: level < 2
   });
   if (alerts.length && !(await prompts.confirm({
     message: 'Accept risks of installing these packages?',
@@ -1769,7 +1773,7 @@ async function reify(...args) {
   }))) {
     throw new Error('Socket npm exiting due to risks');
   }
-  return await this[kRiskyReify](...args);
+  return await arb[kRiskyReify](...args);
 }
 const {
@@ -1780,7 +1784,6 @@ const {
   }
 } = constants;
 const Arborist = require(npmPaths.getArboristClassPath());
-const kCtorArgs = Symbol('ctorArgs');
 const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {
   __proto__: null,
   audit: false,
@@ -1810,8 +1813,6 @@ class SafeArborist extends Arborist {
       ...(ctorArgs.length ? ctorArgs[0] : undefined),
       progress: false
     }, ...ctorArgs.slice(1));
-    arb.actualTree = this.actualTree;
-    arb.idealTree = this.idealTree;
     const ret = await arb.reify({
       ...(args.length ? args[0] : undefined),
       progress: false
@@ -1826,19 +1827,23 @@ class SafeArborist extends Arborist {
       __proto__: null,
       ...(args.length ? args[0] : undefined)
     };
+    if (options.dryRun) {
+      return await this[kRiskyReify](...args);
+    }
+    const level = await getIPC(SOCKET_CLI_SAFE_WRAPPER);
+    if (!level) {
+      return await this[kRiskyReify](...args);
+    }
     const safeArgs = [{
       ...options,
       progress: false
     }, ...args.slice(1)];
-    if (options.dryRun || !(await getIPC(SOCKET_CLI_SAFE_WRAPPER))) {
-      return await this[kRiskyReify](...safeArgs);
-    }
     Object.assign(options, SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES);
     const old = args[0];
     args[0] = options;
     await super.reify(...safeArgs);
     args[0] = old;
-    return await Reflect.apply(reify, this, safeArgs);
+    return await reify(this, args, level);
   }
 }
@@ -1867,5 +1872,5 @@ exports.safeReadFile = safeReadFile;
 exports.setupSdk = setupSdk;
 exports.updateNode = updateNode;
 exports.updateSetting = updateSetting;
-//# debugId=30e57097-6100-437d-9b6d-904604eeaa8d
+//# debugId=32696061-6e8b-4f74-95c9-9ae9ce6c9c1c
 //# sourceMappingURL=index.js.map