@socketsecurity/cli-with-sentry 0.15.58 → 0.15.60

package/external/@coana-tech/cli/cli.mjs

@@ -212320,7 +212320,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.9.22";
+var version2 = "14.9.24";
 
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind2(fn2, thisArg) {
@@ -215646,14 +215646,20 @@ async function scanForVulnerabilitiesSocketMode(dependencyTree) {
     const data2 = {
       components: Object.keys(purlStringsToIdentifier).map((purl) => ({ purl }))
     };
-    const componentsString = (await axios_default2.post(url3, data2, {
+    const componentsResponse = (await axios_default2.post(url3, data2, {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
         Authorization: `Basic ${btoa(`${process.env.SOCKET_CLI_API_TOKEN}:`)}`
       }
     })).data;
-    components = JSON.parse(`[${componentsString.trim().replace(/\n/g, ",")}]`);
+    if (typeof componentsResponse === "object") {
+      components = [componentsResponse];
+    } else if (typeof componentsResponse === "string") {
+      components = JSON.parse(`[${componentsResponse.trim().replace(/\n/g, ",")}]`);
+    } else {
+      throw new Error(`Unexpected response type from Socket API: ${typeof componentsResponse}`);
+    }
   } catch (e) {
     logger.error("Failed to scan for vulnerabilities in socket mode");
     logger.error("error", e);
@@ -215812,11 +215818,11 @@ function getNamespaceAndName(ecosystem, packageName) {
 }
 
 // dist/internal/socket-report.js
-function toSocketFacts(report, dependencyTrees) {
+function toSocketFacts(report, dependencyTrees, subPjToWsPathToDirectDependencies) {
   const components = [];
   const purlToIndex = /* @__PURE__ */ new Map();
   for (const dependencyTree of dependencyTrees) {
-    const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).map(([depIdentifier, dep]) => {
+    const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).filter(([_depIdentifier, dep]) => dep.purlObj).map(([depIdentifier, dep]) => {
       const purl = dep.purlObj.purlString;
       if (purl && !purlToIndex.has(purl)) {
         purlToIndex.set(purl, components.length);
@@ -215831,8 +215837,10 @@ function toSocketFacts(report, dependencyTrees) {
           artifact_id: depTreeNode.purlObj.artifact_id,
           artifactId: depTreeNode.purlObj.artifactId,
           qualifiers: depTreeNode.purlObj.qualifiers,
-          // direct: false, // TODO: add direct flag
-          // dev: false, // TODO: add dev flag
+          direct: false,
+          // Use false as default, and set to true if actually direct
+          dev: true,
+          // Use true as default, and set to false if the artifact is found as prod, prod&dev or missing for any dependency chain.
           dependencies: []
         };
       }
@@ -215840,15 +215848,40 @@ function toSocketFacts(report, dependencyTrees) {
     }));
     for (const [depIdentifier, purl] of Object.entries(depIdentifierToPurl)) {
       const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      if (!depTreeNode.purlObj) {
+        continue;
+      }
       const component = components[purlToIndex.get(purl)];
       depTreeNode.dependencies?.forEach((dep) => {
         const depPurl = depIdentifierToPurl[dep];
         const depIndex = purlToIndex.get(depPurl);
-        if (!component.dependencies?.includes(depIndex.toString())) {
+        if (depIndex && !component.dependencies?.includes(depIndex.toString())) {
           component.dependencies.push(depIndex.toString());
         }
       });
     }
+    for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
+      const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      const component = components[purlToIndex.get(depTreeNode.purlObj.purlString)];
+      component.direct = true;
+    }
+    for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
+      let updateDependencyType2 = function(id) {
+        if (visitedIds.has(id.toString()))
+          return;
+        visitedIds.add(id.toString());
+        const component = components[id];
+        if (dependencyType !== "dev") {
+          component.dev = false;
+        }
+        component.dependencies?.forEach((depId) => updateDependencyType2(parseInt(depId)));
+      };
+      var updateDependencyType = updateDependencyType2;
+      const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      const dependencyType = subPjToWsPathToDirectDependencies[dependencyTree.subprojectPath][dependencyTree.workspacePath][depTreeNode.packageName];
+      const visitedIds = /* @__PURE__ */ new Set();
+      updateDependencyType2(purlToIndex.get(depTreeNode.purlObj.purlString));
+    }
   }
   for (const vulnerability of report.vulnerabilities) {
     const component = components[purlToIndex.get(vulnerability.purl)];
@@ -216015,9 +216048,9 @@ var CliCore = class {
         const gitData = await getGitDataToMetadataIfAvailable(this.rootWorkingDirectory);
         this.reportId = await createReport(this.options.repoUrl, this.options.projectName, version2, gitData?.sha, gitData?.branchName, omit(this.options, "apiKey", "print-report", "repoUrl", "projectName", "writeReportToFile"), this.apiKey, this.options.runEnv);
       }
-      const report = await this.computeReport();
+      const { report, subPjToWsPathToDirectDependencies } = await this.computeReport();
       logger.info("Report computed successfully");
-      await this.outputAndShareReport(report);
+      await this.outputAndShareReport(report, subPjToWsPathToDirectDependencies);
       this.spinner.stop();
       return report;
     } catch (e) {
@@ -216046,13 +216079,13 @@ var CliCore = class {
     if (this.reportId)
       await sendLogToDashboard(await this.getLogContent(), this.reportId, this.apiKey);
   }
-  async outputAndShareReport(report) {
+  async outputAndShareReport(report, subPjToWsPathToDirectDependencies) {
     const outputDir = this.options.outputDir;
     if (this.options.socketMode) {
       if (!this.reportDependencyTrees) {
         throw new Error("Dependency trees should be available when using --socket-mode");
       }
-      const socketReport = toSocketFacts(report, this.reportDependencyTrees);
+      const socketReport = toSocketFacts(report, this.reportDependencyTrees, subPjToWsPathToDirectDependencies);
       const outputFile = resolve24(this.options.socketMode);
       await writeFile10(outputFile, JSON.stringify(socketReport, null, 2));
       logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
@@ -216140,7 +216173,16 @@ var CliCore = class {
       vulnerabilities: allVulnerabilities,
       ...await this.createMetadataForReport(startTime)
     };
-    return report;
+    const reportAndSubPjToWsPathToDirectDependencies = {
+      report,
+      subPjToWsPathToDirectDependencies: workspacesOutput.reduce((acc, { subprojectPath, workspacePath, directDependencies }) => {
+        if (!acc[subprojectPath])
+          acc[subprojectPath] = {};
+        acc[subprojectPath][workspacePath] = directDependencies;
+        return acc;
+      }, {})
+    };
+    return reportAndSubPjToWsPathToDirectDependencies;
   }
   async updateSpinnerTextOnNewSubproject(subprojectAndWsPath, numberSubprojects, index2) {
     this.spinner.start();
@@ -216293,8 +216335,6 @@ var CliCore = class {
           ];
         } catch (e) {
           logger.error(`Scanning for vulnerabilities failed for subproject ${subprojectPath} in workspace ${workspacePath}`);
-          logger.error(JSON.stringify(dependencyTree, null, 2));
-          await new Promise((resolve25) => setTimeout(resolve25, 1e4));
           throw e;
         } finally {
           this.sendProgress("SCAN_FOR_VULNERABILITIES", false, subprojectPath, workspacePath);

package/external/@socketsecurity/registry/external/@socketregistry/yocto-spinner.js

@@ -196,18 +196,19 @@ function requireYoctoSpinner() {
     return _stripVTControlCharacters(string)
   }
   class YoctoSpinner {
-    #frames
-    #interval
-    #currentFrame = -1
-    #timer
-    #text
-    #stream
     #color
-    #lines = 0
+    #currentFrame = -1
     #exitHandlerBound
+    #frames
+    #indention = ''
+    #interval
     #isInteractive
-    #lastSpinnerFrameTime = 0
     #isSpinning = false
+    #lastSpinnerFrameTime = 0
+    #lines = 0
+    #stream
+    #text
+    #timer
     constructor(options = {}) {
       const opts = {
         __proto__: null,
@@ -223,58 +224,87 @@ function requireYoctoSpinner() {
       this.#isInteractive = !!stream.isTTY && isProcessInteractive()
       this.#exitHandlerBound = this.#exitHandler.bind(this)
     }
-    start(text) {
-      if (text) {
-        this.#text = text
-      }
+    #exitHandler(signal) {
       if (this.isSpinning) {
-        return this
+        this.stop()
       }
-      this.#isSpinning = true
-      this.#hideCursor()
-      this.#render()
-      this.#subscribeToProcessEvents()
 
-      // Only start the timer in interactive mode
+      // SIGINT: 128 + 2
+      // SIGTERM: 128 + 15
+      const exitCode =
+        signal === 'SIGINT' ? 130 : signal === 'SIGTERM' ? 143 : 1
+      // eslint-disable-next-line n/no-process-exit
+      process.exit(exitCode)
+    }
+    #hideCursor() {
       if (this.#isInteractive) {
-        this.#timer = setInterval(() => {
-          this.#render()
-        }, this.#interval)
+        this.#write('\u001B[?25l')
       }
-      return this
     }
-    stop(finalText) {
-      if (!this.isSpinning) {
-        return this
+    #lineCount(text) {
+      const width = this.#stream.columns ?? defaultTtyColumns
+      const lines = stripVTControlCharacters(text).split('\n')
+      let lineCount = 0
+      for (const line of lines) {
+        lineCount += Math.max(1, Math.ceil(line.length / width))
       }
-      this.#isSpinning = false
-      if (this.#timer) {
-        clearInterval(this.#timer)
-        this.#timer = undefined
+      return lineCount
+    }
+    #render() {
+      // Ensure we only update the spinner frame at the wanted interval,
+      // even if the frame method is called more often.
+      const now = Date.now()
+      if (
+        this.#currentFrame === -1 ||
+        now - this.#lastSpinnerFrameTime >= this.#interval
+      ) {
+        this.#currentFrame = ++this.#currentFrame % this.#frames.length
+        this.#lastSpinnerFrameTime = now
+      }
+      const colors = getYoctocolors()
+      const applyColor = colors[this.#color] ?? colors.cyan
+      const frame = this.#frames[this.#currentFrame]
+      let string = `${applyColor(frame)} ${this.#text}`
+      if (string) {
+        if (this.#indention.length) {
+          string = `${this.#indention}${string}`
+        }
+        if (!this.#isInteractive) {
+          string += '\n'
+        }
       }
-      this.#showCursor()
       this.clear()
-      this.#unsubscribeFromProcessEvents()
-      if (finalText) {
-        this.#stream.write(`${finalText}\n`)
+      this.#write(string)
+      if (this.#isInteractive) {
+        this.#lines = this.#lineCount(string)
       }
-      return this
+    }
+    #showCursor() {
+      if (this.#isInteractive) {
+        this.#write('\u001B[?25h')
+      }
+    }
+    #subscribeToProcessEvents() {
+      process.once('SIGINT', this.#exitHandlerBound)
+      process.once('SIGTERM', this.#exitHandlerBound)
     }
     #symbolStop(symbolType, text) {
       const symbols = getLogSymbols()
       return this.stop(`${symbols[symbolType]} ${text ?? this.#text}`)
     }
-    success(text) {
-      return this.#symbolStop('success', text)
+    #write(text) {
+      this.#stream.write(text)
     }
-    error(text) {
-      return this.#symbolStop('error', text)
+    #unsubscribeFromProcessEvents() {
+      process.off('SIGINT', this.#exitHandlerBound)
+      process.off('SIGTERM', this.#exitHandlerBound)
     }
-    warning(text) {
-      return this.#symbolStop('warning', text)
+    get color() {
+      return this.#color
     }
-    info(text) {
-      return this.#symbolStop('info', text)
+    set color(value) {
+      this.#color = value
+      this.#render()
     }
     get isSpinning() {
       return this.#isSpinning
@@ -286,13 +316,6 @@ function requireYoctoSpinner() {
       this.#text = value ?? ''
       this.#render()
     }
-    get color() {
-      return this.#color
-    }
-    set color(value) {
-      this.#color = value
-      this.#render()
-    }
     clear() {
       if (!this.#isInteractive) {
         return this
@@ -307,71 +330,66 @@ function requireYoctoSpinner() {
       this.#lines = 0
       return this
     }
-    #render() {
-      // Ensure we only update the spinner frame at the wanted interval,
-      // even if the frame method is called more often.
-      const now = Date.now()
-      if (
-        this.#currentFrame === -1 ||
-        now - this.#lastSpinnerFrameTime >= this.#interval
-      ) {
-        this.#currentFrame = ++this.#currentFrame % this.#frames.length
-        this.#lastSpinnerFrameTime = now
+    dedent(spaces = 2) {
+      this.#indention = this.#indention.slice(0, -spaces)
+      return this
+    }
+    error(text) {
+      return this.#symbolStop('error', text)
+    }
+    indent(spaces = 2) {
+      this.#indention += ' '.repeat(spaces)
+      return this
+    }
+    info(text) {
+      return this.#symbolStop('info', text)
+    }
+    resetIndent() {
+      this.#indention = ''
+      return this
+    }
+    start(text) {
+      if (text) {
+        this.#text = text
       }
-      const colors = getYoctocolors()
-      const applyColor = colors[this.#color] ?? colors.cyan
-      const frame = this.#frames[this.#currentFrame]
-      let string = `${applyColor(frame)} ${this.#text}`
-      if (!this.#isInteractive) {
-        string += '\n'
+      if (this.isSpinning) {
+        return this
       }
-      this.clear()
-      this.#write(string)
+      this.#isSpinning = true
+      this.#hideCursor()
+      this.#render()
+      this.#subscribeToProcessEvents()
+
+      // Only start the timer in interactive mode
       if (this.#isInteractive) {
-        this.#lines = this.#lineCount(string)
+        this.#timer = setInterval(() => {
+          this.#render()
+        }, this.#interval)
       }
+      return this
     }
-    #write(text) {
-      this.#stream.write(text)
-    }
-    #lineCount(text) {
-      const width = this.#stream.columns ?? defaultTtyColumns
-      const lines = stripVTControlCharacters(text).split('\n')
-      let lineCount = 0
-      for (const line of lines) {
-        lineCount += Math.max(1, Math.ceil(line.length / width))
+    stop(finalText) {
+      if (!this.isSpinning) {
+        return this
       }
-      return lineCount
-    }
-    #hideCursor() {
-      if (this.#isInteractive) {
-        this.#write('\u001B[?25l')
+      this.#isSpinning = false
+      if (this.#timer) {
+        clearInterval(this.#timer)
+        this.#timer = undefined
       }
-    }
-    #showCursor() {
-      if (this.#isInteractive) {
-        this.#write('\u001B[?25h')
+      this.#showCursor()
+      this.clear()
+      this.#unsubscribeFromProcessEvents()
+      if (finalText) {
+        this.#write(`${this.#indention}${finalText}\n`)
       }
+      return this
     }
-    #subscribeToProcessEvents() {
-      process.once('SIGINT', this.#exitHandlerBound)
-      process.once('SIGTERM', this.#exitHandlerBound)
-    }
-    #unsubscribeFromProcessEvents() {
-      process.off('SIGINT', this.#exitHandlerBound)
-      process.off('SIGTERM', this.#exitHandlerBound)
+    success(text) {
+      return this.#symbolStop('success', text)
     }
-    #exitHandler(signal) {
-      if (this.isSpinning) {
-        this.stop()
-      }
-
-      // SIGINT: 128 + 2
-      // SIGTERM: 128 + 15
-      const exitCode =
-        signal === 'SIGINT' ? 130 : signal === 'SIGTERM' ? 143 : 1
-      // eslint-disable-next-line n/no-process-exit
-      process.exit(exitCode)
+    warning(text) {
+      return this.#symbolStop('warning', text)
     }
   }
   yoctoSpinner = function yoctoSpinner(options) {

package/external/@socketsecurity/registry/lib/constants/package-default-node-range.js

@@ -1,5 +1,6 @@
 'use strict'
 
 const maintainedNodeVersions = /*@__PURE__*/ require('./maintained-node-versions')
+const semver = /*@__PURE__*/ require('../../external/semver')
 
-module.exports = `>=${maintainedNodeVersions.last}`
+module.exports = `>=${semver.parse(maintainedNodeVersions.last).major}`