@socketsecurity/cli-with-sentry 0.15.59 → 0.15.61

package/dist/vendor.js

@@ -32895,7 +32895,7 @@ var isInteractiveExports = /*@__PURE__*/ requireIsInteractive();
 var dist$e = {};
 
 var name$2 = "@socketsecurity/sdk";
-var version$5 = "1.4.43";
+var version$5 = "1.4.44";
 var license = "MIT";
 var description = "SDK for the Socket API client";
 var author = {
@@ -32978,21 +32978,21 @@ var scripts = {
 	"update:deps": "npx --yes npm-check-updates"
 };
 var dependencies = {
-	"@socketsecurity/registry": "1.0.205"
+	"@socketsecurity/registry": "1.0.207"
 };
 var devDependencies = {
 	"@biomejs/biome": "1.9.4",
-	"@dotenvx/dotenvx": "1.44.1",
+	"@dotenvx/dotenvx": "1.44.2",
 	"@eslint/compat": "1.2.9",
 	"@eslint/js": "9.28.0",
-	"@types/node": "22.15.30",
-	"@typescript-eslint/parser": "8.33.1",
-	"@vitest/coverage-v8": "3.2.2",
+	"@types/node": "24.0.0",
+	"@typescript-eslint/parser": "8.34.0",
+	"@vitest/coverage-v8": "3.2.3",
 	"del-cli": "6.0.0",
 	eslint: "9.28.0",
 	"eslint-import-resolver-typescript": "4.4.3",
 	"eslint-plugin-import-x": "4.15.1",
-	"eslint-plugin-jsdoc": "50.7.1",
+	"eslint-plugin-jsdoc": "50.8.0",
 	"eslint-plugin-n": "17.19.0",
 	"eslint-plugin-sort-destructure-keys": "2.0.0",
 	"eslint-plugin-unicorn": "56.0.1",
@@ -33003,11 +33003,11 @@ var devDependencies = {
 	nock: "14.0.5",
 	"npm-run-all2": "8.0.4",
 	"openapi-typescript": "6.7.6",
-	oxlint: "0.18.0",
+	oxlint: "1.0.0",
 	"type-coverage": "2.29.7",
 	typescript: "~5.8.3",
-	"typescript-eslint": "8.33.1",
-	vitest: "3.2.2"
+	"typescript-eslint": "8.34.0",
+	vitest: "3.2.3"
 };
 var overrides = {
 	vite: "6.3.5"
@@ -33124,83 +33124,116 @@ function requireDist$e () {
 	    ];
 	}
 	async function createUploadRequest(baseUrl, urlPath, requestBodyNoBoundaries, options) {
-	    // Generate a unique boundary for multipart encoding.
-	    const boundary = `NodeMultipartBoundary${Date.now()}`;
-	    const boundarySep = `--${boundary}\r\n`;
-	    const finalBoundary = `--${boundary}--\r\n`;
-	    const requestBody = [
-	        ...requestBodyNoBoundaries.flatMap(part => [
-	            boundarySep,
-	            ...(Array.isArray(part) ? part : [part])
-	        ]),
-	        finalBoundary
-	    ];
-	    const url = new URL(urlPath, baseUrl);
-	    const req = getHttpModule(baseUrl).request(url, {
-	        method: 'POST',
-	        ...options,
-	        headers: {
-	            ...options?.headers,
-	            'Content-Type': `multipart/form-data; boundary=${boundary}`
-	        }
-	    });
-	    let aborted = false;
-	    req.on('error', _err => {
-	        aborted = true;
-	    });
-	    req.on('close', () => {
-	        aborted = true;
-	    });
-	    try {
-	        // Send the request body (headers + files).
-	        for (const part of requestBody) {
-	            if (aborted) {
-	                break;
+	    // Note: this will create a regular http request and stream in the file content
+	    //       implicitly. The outgoing buffer is (implicitly) flushed periodically
+	    //       by node. When this happens first it will send the headers to the server
+	    //       which may decide to reject the request, immediately send a response and
+	    //       then cut the connection (EPIPE or ECONNRESET errors may follow while
+	    //       writing the files).
+	    //       We have to make sure to guard for sudden reject responses because if we
+	    //       don't then the file streaming will fail with random errors and it gets
+	    //       hard to debug what's going on why.
+	    //       Example : `socket scan create --org badorg` should fail gracefully.
+	    // eslint-disable-next-line no-async-promise-executor
+	    return await new Promise(async (pass, fail) => {
+	        // Generate a unique boundary for multipart encoding.
+	        const boundary = `NodeMultipartBoundary${Date.now()}`;
+	        const boundarySep = `--${boundary}\r\n`;
+	        const finalBoundary = `--${boundary}--\r\n`;
+	        const requestBody = [
+	            ...requestBodyNoBoundaries.flatMap(part => [
+	                boundarySep,
+	                ...(Array.isArray(part) ? part : [part])
+	            ]),
+	            finalBoundary
+	        ];
+	        const url = new URL(urlPath, baseUrl);
+	        const req = getHttpModule(baseUrl).request(url, {
+	            method: 'POST',
+	            ...options,
+	            headers: {
+	                ...options?.headers,
+	                'Content-Type': `multipart/form-data; boundary=${boundary}`
 	            }
-	            if (typeof part === 'string') {
-	                req.write(part);
+	        });
+	        // Send the headers now. If the server would reject this request, it should
+	        // do so asap. This prevents us from sending more data to it then necessary.
+	        // If it will reject we could just await the `req.on(response` now but if it
+	        // accepts the request then the response will not come until after the final
+	        // file. So we can't await the response at this time. Just proceed, carefully.
+	        req.flushHeaders();
+	        // Wait for the response. It may arrive at any point during the request or
+	        // afterwards. Node will flush the output buffer at some point, initiating
+	        // the request, and the server can decide to reject the request immediately
+	        // or at any point later (ike a timeout). We should handle those cases.
+	        getResponse(req).then(res => {
+	            // Note: this returns the response to the caller to createUploadRequest
+	            pass(res);
+	        }, async (err) => {
+	            // Note: this will throw an error for the caller to createUploadRequest
+	            if (err.response && !isResponseOk(err.response)) {
+	                fail(new ResponseError(err.response, `${err.method} request failed`));
 	            }
-	            else if (typeof part?.pipe === 'function') {
-	                part.pipe(req, { end: false });
-	                // Wait for file streaming to complete.
-	                // eslint-disable-next-line no-await-in-loop
-	                await new Promise((resolve, reject) => {
-	                    const cleanup = () => {
-	                        part.off('end', onEnd);
-	                        part.off('error', onError);
-	                    };
-	                    const onEnd = () => {
-	                        cleanup();
-	                        resolve();
-	                    };
-	                    const onError = (e) => {
-	                        cleanup();
-	                        reject(e);
-	                    };
-	                    part.on('end', onEnd);
-	                    part.on('error', onError);
-	                });
-	                if (!aborted) {
-	                    // Ensure a new line after file content.
-	                    req.write('\r\n');
+	            fail(err);
+	        });
+	        let aborted = false;
+	        req.on('error', _err => {
+	            aborted = true;
+	        });
+	        req.on('close', () => {
+	            aborted = true;
+	        });
+	        try {
+	            // Send the request body (headers + files).
+	            for (const part of requestBody) {
+	                if (aborted) {
+	                    break;
+	                }
+	                if (typeof part === 'string') {
+	                    req.write(part);
+	                }
+	                else if (typeof part?.pipe === 'function') {
+	                    part.pipe(req, { end: false });
+	                    // Wait for file streaming to complete.
+	                    // eslint-disable-next-line no-await-in-loop
+	                    await new Promise((resolve, reject) => {
+	                        const cleanup = () => {
+	                            part.off('end', onEnd);
+	                            part.off('error', onError);
+	                        };
+	                        const onEnd = () => {
+	                            cleanup();
+	                            resolve();
+	                        };
+	                        const onError = (e) => {
+	                            cleanup();
+	                            reject(e);
+	                        };
+	                        part.on('end', onEnd);
+	                        part.on('error', onError);
+	                    });
+	                    if (!aborted) {
+	                        // Ensure a new line after file content.
+	                        req.write('\r\n');
+	                    }
+	                }
+	                else {
+	                    throw new TypeError('Socket API - Invalid multipart part, expected string or stream');
 	                }
-	            }
-	            else {
-	                throw new TypeError('Socket API - Invalid multipart part, expected string or stream');
 	            }
 	        }
-	    }
-	    catch (e) {
-	        req.destroy(e);
-	        throw e;
-	    }
-	    finally {
-	        if (!aborted) {
-	            // Close request after writing all data.
-	            req.end();
+	        catch (e) {
+	            req.destroy(e);
+	            fail(e);
 	        }
-	    }
-	    return await getResponse(req);
+	        finally {
+	            if (!aborted) {
+	                // Close request after writing all data.
+	                req.end();
+	            }
+	        }
+	        pass(getResponse(req));
+	    });
 	}
 	async function getErrorResponseBody(response) {
 	    const chunks = [];
@@ -33233,39 +33266,33 @@ function requireDist$e () {
 	    return protocol === 'https:' ? node_https_1.default : node_http_1.default;
 	}
 	async function getResponse(req) {
-	    try {
-	        const res = await new Promise((resolve, reject) => {
-	            const cleanup = () => {
-	                req.off('response', onResponse);
-	                req.off('error', onError);
-	                abort_signal_1.default?.removeEventListener('abort', onAbort);
-	            };
-	            const onAbort = () => {
-	                cleanup();
-	                req.destroy();
-	                reject(new Error('Request aborted by signal'));
-	            };
-	            const onError = (e) => {
-	                cleanup();
-	                reject(e);
-	            };
-	            const onResponse = (res) => {
-	                cleanup();
-	                resolve(res);
-	            };
-	            req.on('response', onResponse);
-	            req.on('error', onError);
-	            abort_signal_1.default?.addEventListener('abort', onAbort);
-	        });
-	        if (!isResponseOk(res)) {
-	            throw new ResponseError(res, `${req.method} request failed`);
-	        }
-	        return res;
-	    }
-	    catch (e) {
-	        req.destroy();
-	        throw e;
+	    const res = await new Promise((resolve, reject) => {
+	        const cleanup = () => {
+	            req.off('response', onResponse);
+	            req.off('error', onError);
+	            abort_signal_1.default?.removeEventListener('abort', onAbort);
+	        };
+	        const onAbort = () => {
+	            cleanup();
+	            req.destroy();
+	            reject(new Error('Request aborted by signal'));
+	        };
+	        const onError = (e) => {
+	            cleanup();
+	            reject(e);
+	        };
+	        const onResponse = (res) => {
+	            cleanup();
+	            resolve(res);
+	        };
+	        req.on('response', onResponse);
+	        req.on('error', onError);
+	        abort_signal_1.default?.addEventListener('abort', onAbort);
+	    });
+	    if (!isResponseOk(res)) {
+	        throw new ResponseError(res, `${req.method} request failed`);
 	    }
+	    return res;
 	}
 	async function getResponseJson(response) {
 	    let data = '';
@@ -164963,5 +164990,5 @@ exports.terminalLinkExports = terminalLinkExports;
 exports.updater = updater$1;
 exports.yargsParser = yargsParser;
 exports.yoctocolorsCjsExports = yoctocolorsCjsExports;
-//# debugId=54cac667-1a93-40c1-a094-bf9382b9516d
+//# debugId=be0a51af-50b1-4eef-9fe4-20717e6a7a65
 //# sourceMappingURL=vendor.js.map

package/external/@coana-tech/cli/cli.mjs

@@ -212320,7 +212320,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.9.22";
+var version2 = "14.9.24";
 
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind2(fn2, thisArg) {
@@ -215646,14 +215646,20 @@ async function scanForVulnerabilitiesSocketMode(dependencyTree) {
     const data2 = {
       components: Object.keys(purlStringsToIdentifier).map((purl) => ({ purl }))
     };
-    const componentsString = (await axios_default2.post(url3, data2, {
+    const componentsResponse = (await axios_default2.post(url3, data2, {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
         Authorization: `Basic ${btoa(`${process.env.SOCKET_CLI_API_TOKEN}:`)}`
       }
     })).data;
-    components = JSON.parse(`[${componentsString.trim().replace(/\n/g, ",")}]`);
+    if (typeof componentsResponse === "object") {
+      components = [componentsResponse];
+    } else if (typeof componentsResponse === "string") {
+      components = JSON.parse(`[${componentsResponse.trim().replace(/\n/g, ",")}]`);
+    } else {
+      throw new Error(`Unexpected response type from Socket API: ${typeof componentsResponse}`);
+    }
   } catch (e) {
     logger.error("Failed to scan for vulnerabilities in socket mode");
     logger.error("error", e);
@@ -215812,11 +215818,11 @@ function getNamespaceAndName(ecosystem, packageName) {
 }
 
 // dist/internal/socket-report.js
-function toSocketFacts(report, dependencyTrees) {
+function toSocketFacts(report, dependencyTrees, subPjToWsPathToDirectDependencies) {
   const components = [];
   const purlToIndex = /* @__PURE__ */ new Map();
   for (const dependencyTree of dependencyTrees) {
-    const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).map(([depIdentifier, dep]) => {
+    const depIdentifierToPurl = Object.fromEntries(Object.entries(dependencyTree.dependencyTree.transitiveDependencies).filter(([_depIdentifier, dep]) => dep.purlObj).map(([depIdentifier, dep]) => {
       const purl = dep.purlObj.purlString;
       if (purl && !purlToIndex.has(purl)) {
         purlToIndex.set(purl, components.length);
@@ -215831,8 +215837,10 @@ function toSocketFacts(report, dependencyTrees) {
           artifact_id: depTreeNode.purlObj.artifact_id,
           artifactId: depTreeNode.purlObj.artifactId,
           qualifiers: depTreeNode.purlObj.qualifiers,
-          // direct: false, // TODO: add direct flag
-          // dev: false, // TODO: add dev flag
+          direct: false,
+          // Use false as default, and set to true if actually direct
+          dev: true,
+          // Use true as default, and set to false if the artifact is found as prod, prod&dev or missing for any dependency chain.
           dependencies: []
         };
       }
@@ -215840,15 +215848,40 @@ function toSocketFacts(report, dependencyTrees) {
     }));
     for (const [depIdentifier, purl] of Object.entries(depIdentifierToPurl)) {
       const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      if (!depTreeNode.purlObj) {
+        continue;
+      }
       const component = components[purlToIndex.get(purl)];
       depTreeNode.dependencies?.forEach((dep) => {
         const depPurl = depIdentifierToPurl[dep];
         const depIndex = purlToIndex.get(depPurl);
-        if (!component.dependencies?.includes(depIndex.toString())) {
+        if (depIndex && !component.dependencies?.includes(depIndex.toString())) {
           component.dependencies.push(depIndex.toString());
         }
       });
     }
+    for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
+      const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      const component = components[purlToIndex.get(depTreeNode.purlObj.purlString)];
+      component.direct = true;
+    }
+    for (const depIdentifier of dependencyTree.dependencyTree.dependencies ?? []) {
+      let updateDependencyType2 = function(id) {
+        if (visitedIds.has(id.toString()))
+          return;
+        visitedIds.add(id.toString());
+        const component = components[id];
+        if (dependencyType !== "dev") {
+          component.dev = false;
+        }
+        component.dependencies?.forEach((depId) => updateDependencyType2(parseInt(depId)));
+      };
+      var updateDependencyType = updateDependencyType2;
+      const depTreeNode = dependencyTree.dependencyTree.transitiveDependencies[depIdentifier];
+      const dependencyType = subPjToWsPathToDirectDependencies[dependencyTree.subprojectPath][dependencyTree.workspacePath][depTreeNode.packageName];
+      const visitedIds = /* @__PURE__ */ new Set();
+      updateDependencyType2(purlToIndex.get(depTreeNode.purlObj.purlString));
+    }
   }
   for (const vulnerability of report.vulnerabilities) {
     const component = components[purlToIndex.get(vulnerability.purl)];
@@ -216015,9 +216048,9 @@ var CliCore = class {
         const gitData = await getGitDataToMetadataIfAvailable(this.rootWorkingDirectory);
         this.reportId = await createReport(this.options.repoUrl, this.options.projectName, version2, gitData?.sha, gitData?.branchName, omit(this.options, "apiKey", "print-report", "repoUrl", "projectName", "writeReportToFile"), this.apiKey, this.options.runEnv);
       }
-      const report = await this.computeReport();
+      const { report, subPjToWsPathToDirectDependencies } = await this.computeReport();
       logger.info("Report computed successfully");
-      await this.outputAndShareReport(report);
+      await this.outputAndShareReport(report, subPjToWsPathToDirectDependencies);
       this.spinner.stop();
       return report;
     } catch (e) {
@@ -216046,13 +216079,13 @@ var CliCore = class {
     if (this.reportId)
       await sendLogToDashboard(await this.getLogContent(), this.reportId, this.apiKey);
   }
-  async outputAndShareReport(report) {
+  async outputAndShareReport(report, subPjToWsPathToDirectDependencies) {
     const outputDir = this.options.outputDir;
     if (this.options.socketMode) {
       if (!this.reportDependencyTrees) {
         throw new Error("Dependency trees should be available when using --socket-mode");
       }
-      const socketReport = toSocketFacts(report, this.reportDependencyTrees);
+      const socketReport = toSocketFacts(report, this.reportDependencyTrees, subPjToWsPathToDirectDependencies);
       const outputFile = resolve24(this.options.socketMode);
       await writeFile10(outputFile, JSON.stringify(socketReport, null, 2));
       logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
@@ -216140,7 +216173,16 @@ var CliCore = class {
       vulnerabilities: allVulnerabilities,
       ...await this.createMetadataForReport(startTime)
     };
-    return report;
+    const reportAndSubPjToWsPathToDirectDependencies = {
+      report,
+      subPjToWsPathToDirectDependencies: workspacesOutput.reduce((acc, { subprojectPath, workspacePath, directDependencies }) => {
+        if (!acc[subprojectPath])
+          acc[subprojectPath] = {};
+        acc[subprojectPath][workspacePath] = directDependencies;
+        return acc;
+      }, {})
+    };
+    return reportAndSubPjToWsPathToDirectDependencies;
   }
   async updateSpinnerTextOnNewSubproject(subprojectAndWsPath, numberSubprojects, index2) {
     this.spinner.start();
@@ -216293,8 +216335,6 @@ var CliCore = class {
           ];
         } catch (e) {
           logger.error(`Scanning for vulnerabilities failed for subproject ${subprojectPath} in workspace ${workspacePath}`);
-          logger.error(JSON.stringify(dependencyTree, null, 2));
-          await new Promise((resolve25) => setTimeout(resolve25, 1e4));
           throw e;
         } finally {
           this.sendProgress("SCAN_FOR_VULNERABILITIES", false, subprojectPath, workspacePath);