npm - @socketsecurity/cli-with-sentry - Versions diffs - 0.15.14 → 0.15.15 - Mend

@socketsecurity/cli-with-sentry 0.15.14 → 0.15.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/.config/tsconfig.dts.tsbuildinfo +1 -1
package/dist/cli.js +117 -55
package/dist/cli.js.map +1 -1
package/dist/constants.js +3 -3
package/dist/constants.js.map +1 -1
package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
package/dist/types/commands/fix/pnpm-fix.d.mts.map +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -3713,11 +3713,11 @@ async function npmFix(pkgEnvDetails, {
   infoEntriesLoop: for (let i = 0, {
       length
     } = sortedInfoEntries; i < length; i += 1) {
+    const isLastInfoEntry = i === length - 1;
     const {
       0: name,
       1: infos
     } = sortedInfoEntries[i];
-    const isLastInfoEntry = i === length - 1;
     logger.logger.log(`Processing vulnerable package: ${name}`);
     logger.logger.indent();
     spinner?.indent();
@@ -3736,17 +3736,14 @@ async function npmFix(pkgEnvDetails, {
     const warningsForAfter = new Set();
     // eslint-disable-next-line no-unused-labels
-    for (const pkgJsonPath of pkgJsonPaths) {
+    for (let j = 0, {
+        length: length_j
+      } = pkgJsonPaths; j < length_j; j += 1) {
+      const isLastPkgJsonPath = j === length_j - 1;
+      const pkgJsonPath = pkgJsonPaths[j];
       const pkgPath = path.dirname(pkgJsonPath);
       const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
       const workspaceName = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
-      logger.logger.log(`Checking workspace: ${workspaceName}`);
-      const workspaceLogCallCount = logger.logger.logCallCount;
-      // eslint-disable-next-line no-await-in-loop
-      actualTree = await install$1(arb, {
-        cwd
-      });
       const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
       if (!oldVersions.length) {
         logger.logger.warn(`Unexpected condition: Lockfile entries not found for ${name}.\n`);
@@ -3762,12 +3759,21 @@ async function npmFix(pkgEnvDetails, {
       const editablePkgJson = await packages.readPackageJson(pkgJsonPath, {
         editable: true
       });
+      let hasAnnouncedWorkspace = false;
+      let workspaceLogCallCount = logger.logger.logCallCount;
+      if (debug.isDebug()) {
+        debug.debugLog(`Checking workspace: ${workspaceName}`);
+        hasAnnouncedWorkspace = true;
+        workspaceLogCallCount = logger.logger.logCallCount;
+      }
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId);
         const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
-          logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          if (hasAnnouncedWorkspace) {
+            logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          }
           continue oldVersionsLoop;
         }
         infosLoop: for (const {
@@ -3807,18 +3813,18 @@ async function npmFix(pkgEnvDetails, {
           if (!(await editablePkgJson.save({
             ignoreWhitespace: true
           }))) {
-            logger.logger.info(`${workspaceName}/package.json not changed, skipping`);
+            debug.debugLog(`${workspaceName}/package.json not changed, skipping`);
             // Reset things just in case.
             if (isCi) {
               // eslint-disable-next-line no-await-in-loop
               await gitResetAndClean(baseBranch, cwd);
-              // eslint-disable-next-line no-await-in-loop
-              actualTree = await install$1(arb, {
-                cwd
-              });
             }
             continue infosLoop;
           }
+          if (!hasAnnouncedWorkspace) {
+            hasAnnouncedWorkspace = true;
+            workspaceLogCallCount = logger.logger.logCallCount;
+          }
           spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspaceName}`);
           let error;
@@ -3844,6 +3850,16 @@ async function npmFix(pkgEnvDetails, {
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
+              const moddedFilepaths =
+              // eslint-disable-next-line no-await-in-loop
+              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
+                const basename = path.basename(p);
+                return basename === 'package.json' || basename === 'package-lock.json';
+              });
+              if (!moddedFilepaths.length) {
+                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                continue infosLoop;
+              }
               const {
                 owner,
                 repo
@@ -3851,27 +3867,35 @@ async function npmFix(pkgEnvDetails, {
               // eslint-disable-next-line no-await-in-loop
               if (await prExistForBranch(owner, repo, branch)) {
                 debug.debugLog(`Branch "${branch}" exists, skipping PR creation.`);
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
               if (await gitRemoteBranchExists(branch, cwd)) {
                 debug.debugLog(`Remote branch "${branch}" exists, skipping PR creation.`);
-                continue infosLoop;
-              }
-              const moddedFilepaths =
-              // eslint-disable-next-line no-await-in-loop
-              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
-                const basename = path.basename(p);
-                return basename === 'package.json' || basename === 'package-lock.json';
-              });
-              if (!moddedFilepaths.length) {
-                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               if (
               // eslint-disable-next-line no-await-in-loop
               !(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspaceName), moddedFilepaths, cwd))) {
                 logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
@@ -3928,7 +3952,7 @@ async function npmFix(pkgEnvDetails, {
           }
         }
       }
-      if (logger.logger.logCallCount > workspaceLogCallCount) {
+      if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
         logger.logger.log('');
       }
     }
@@ -4026,6 +4050,7 @@ async function pnpmFix(pkgEnvDetails, {
     });
     lockfile = await utils.readPnpmLockfile(lockfilePath);
   }
   // Exit early if pnpm-lock.yaml is not found.
   if (!lockfile) {
     spinner?.stop();
@@ -4059,11 +4084,11 @@ async function pnpmFix(pkgEnvDetails, {
   infoEntriesLoop: for (let i = 0, {
       length
     } = sortedInfoEntries; i < length; i += 1) {
+    const isLastInfoEntry = i === length - 1;
     const {
       0: name,
       1: infos
     } = sortedInfoEntries[i];
-    const isLastInfoEntry = i === length - 1;
     logger.logger.log(`Processing vulnerable package: ${name}`);
     logger.logger.indent();
     spinner?.indent();
@@ -4082,18 +4107,26 @@ async function pnpmFix(pkgEnvDetails, {
     const warningsForAfter = new Set();
     // eslint-disable-next-line no-unused-labels
-    for (const pkgJsonPath of pkgJsonPaths) {
+    for (let j = 0, {
+        length: length_j
+      } = pkgJsonPaths; j < length_j; j += 1) {
+      const isLastPkgJsonPath = j === length_j - 1;
+      const pkgJsonPath = pkgJsonPaths[j];
       const pkgPath = path.dirname(pkgJsonPath);
       const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
       const workspaceName = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
-      logger.logger.log(`Checking workspace: ${workspaceName}`);
-      const workspaceLogCallCount = logger.logger.logCallCount;
-      // eslint-disable-next-line no-await-in-loop
-      actualTree = await install(pkgEnvDetails, {
-        cwd,
-        spinner
-      });
+      // actualTree may not be defined on the first iteration of pkgJsonPathsLoop.
+      if (!actualTree) {
+        actualTree = fs$1.existsSync(path.join(rootPath, 'node_modules')) ?
+        // eslint-disable-next-line no-await-in-loop
+        await getActualTree(cwd) :
+        // eslint-disable-next-line no-await-in-loop
+        await install(pkgEnvDetails, {
+          cwd,
+          spinner
+        });
+      }
       const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
       if (!oldVersions.length) {
         logger.logger.warn(`Unexpected condition: Lockfile entries not found for ${name}.\n`);
@@ -4109,15 +4142,24 @@ async function pnpmFix(pkgEnvDetails, {
       const editablePkgJson = await packages.readPackageJson(pkgJsonPath, {
         editable: true
       });
-      // Get current overrides for revert logic
+      // Get current overrides for revert logic.
       const oldPnpmSection = editablePkgJson.content[PNPM$7];
       const oldOverrides = oldPnpmSection?.[OVERRIDES$2];
+      let hasAnnouncedWorkspace = false;
+      let workspaceLogCallCount = logger.logger.logCallCount;
+      if (debug.isDebug()) {
+        debug.debugLog(`Checking workspace: ${workspaceName}`);
+        hasAnnouncedWorkspace = true;
+        workspaceLogCallCount = logger.logger.logCallCount;
+      }
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId);
         const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
-          logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          if (hasAnnouncedWorkspace) {
+            logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          }
           continue oldVersionsLoop;
         }
         infosLoop: for (const {
@@ -4176,19 +4218,18 @@ async function pnpmFix(pkgEnvDetails, {
           if (!(await editablePkgJson.save({
             ignoreWhitespace: true
           }))) {
-            logger.logger.info(`${workspaceName}/package.json not changed, skipping`);
+            debug.debugLog(`${workspaceName}/package.json not changed, skipping`);
             // Reset things just in case.
             if (isCi) {
               // eslint-disable-next-line no-await-in-loop
               await gitResetAndClean(baseBranch, cwd);
-              // eslint-disable-next-line no-await-in-loop
-              actualTree = await install(pkgEnvDetails, {
-                cwd,
-                spinner
-              });
             }
             continue infosLoop;
           }
+          if (!hasAnnouncedWorkspace) {
+            hasAnnouncedWorkspace = true;
+            workspaceLogCallCount = logger.logger.logCallCount;
+          }
           spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspaceName}`);
           let error;
@@ -4216,6 +4257,16 @@ async function pnpmFix(pkgEnvDetails, {
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
+              const moddedFilepaths =
+              // eslint-disable-next-line no-await-in-loop
+              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
+                const basename = path.basename(p);
+                return basename === 'package.json' || basename === 'pnpm-lock.yaml';
+              });
+              if (!moddedFilepaths.length) {
+                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                continue infosLoop;
+              }
               const {
                 owner,
                 repo
@@ -4223,27 +4274,38 @@ async function pnpmFix(pkgEnvDetails, {
               // eslint-disable-next-line no-await-in-loop
               if (await prExistForBranch(owner, repo, branch)) {
                 debug.debugLog(`Branch "${branch}" exists, skipping PR creation.`);
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
               if (await gitRemoteBranchExists(branch, cwd)) {
                 debug.debugLog(`Remote branch "${branch}" exists, skipping PR creation.`);
-                continue infosLoop;
-              }
-              const moddedFilepaths =
-              // eslint-disable-next-line no-await-in-loop
-              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
-                const basename = path.basename(p);
-                return basename === 'package.json' || basename === 'pnpm-lock.yaml';
-              });
-              if (!moddedFilepaths.length) {
-                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               if (
               // eslint-disable-next-line no-await-in-loop
               !(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspaceName), moddedFilepaths, cwd))) {
                 logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
@@ -4302,7 +4364,7 @@ async function pnpmFix(pkgEnvDetails, {
           }
         }
       }
-      if (logger.logger.logCallCount > workspaceLogCallCount) {
+      if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
         logger.logger.log('');
       }
     }
@@ -11535,5 +11597,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=f795e75b-2414-4f4b-8612-273af979480d
+//# debugId=8c291e79-2d0e-444d-af3a-8be88558aeff
 //# sourceMappingURL=cli.js.map