@socketsecurity/cli-with-sentry 1.0.1 → 1.0.3

package/dist/cli.js

@@ -14,17 +14,17 @@ var fs$1 = require('node:fs');
 var path = require('node:path');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
+var words = require('../external/@socketsecurity/registry/lib/words');
 var registry = require('../external/@socketsecurity/registry');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
+var strings = require('../external/@socketsecurity/registry/lib/strings');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var shadowNpmInject = require('./shadow-npm-inject.js');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
-var strings = require('../external/@socketsecurity/registry/lib/strings');
 var objects = require('../external/@socketsecurity/registry/lib/objects');
-var words = require('../external/@socketsecurity/registry/lib/words');
 var shadowNpmBin = require('./shadow-npm-bin.js');
 var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
 var require$$1 = require('node:util');
@@ -3638,7 +3638,7 @@ const {
   RESOLUTIONS: RESOLUTIONS$1,
   VLT: VLT$5,
   YARN_BERRY: YARN_BERRY$4,
-  YARN_CLASSIC: YARN_CLASSIC$5
+  YARN_CLASSIC: YARN_CLASSIC$4
 } = constants;
 function getOverridesDataBun(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJson.content) {
   const overrides = pkgJson?.[RESOLUTIONS$1] ?? {};
@@ -3690,11 +3690,27 @@ function getOverridesDataYarn(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkg
 function getOverridesDataYarnClassic(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJson.content) {
   const overrides = pkgJson?.[RESOLUTIONS$1] ?? {};
   return {
-    type: YARN_CLASSIC$5,
+    type: YARN_CLASSIC$4,
     overrides
   };
 }
-const overridesDataByAgent = new Map([[BUN$4, getOverridesDataBun], [NPM$8, getOverridesDataNpm], [PNPM$8, getOverridesDataPnpm], [VLT$5, getOverridesDataVlt], [YARN_BERRY$4, getOverridesDataYarn], [YARN_CLASSIC$5, getOverridesDataYarnClassic]]);
+function getOverridesData(pkgEnvDetails, pkgJson) {
+  switch (pkgEnvDetails.agent) {
+    case BUN$4:
+      return getOverridesDataBun(pkgEnvDetails, pkgJson);
+    case PNPM$8:
+      return getOverridesDataPnpm(pkgEnvDetails, pkgJson);
+    case VLT$5:
+      return getOverridesDataVlt(pkgEnvDetails, pkgJson);
+    case YARN_BERRY$4:
+      return getOverridesDataYarn(pkgEnvDetails, pkgJson);
+    case YARN_CLASSIC$4:
+      return getOverridesDataYarnClassic(pkgEnvDetails, pkgJson);
+    case NPM$8:
+    default:
+      return getOverridesDataNpm(pkgEnvDetails, pkgJson);
+  }
+}
 
 const noopHandler = () => {};
 async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
@@ -3744,7 +3760,6 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
   // Process the workspace root last since it will add an override to package.json.
   pkgEnvDetails.editablePkgJson.filename];
   const sortedInfoEntries = Array.from(infoByPartialPurl.entries()).sort((a, b) => sorts.naturalCompare(a[0], b[0]));
-  const getOverridesData = overridesDataByAgent.get(pkgEnvDetails.agent);
   const cleanupInfoEntriesLoop = () => {
     logger.logger.dedent();
     spinner?.dedent();
@@ -3878,10 +3893,16 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             }
             continue infosLoop;
           }
-          const oldOverrides = getOverridesData(pkgEnvDetails, editablePkgJson.content);
-          const overrideKey = `${name}@${vulnerableVersionRange}`;
-          const newVersionRange = utils.applyRange(oldOverrides?.[overrideKey] ?? oldVersion, newVersion, rangeStyle);
-          const newId = `${name}@${newVersionRange}`;
+          const {
+            overrides: oldOverrides
+          } = getOverridesData(pkgEnvDetails, editablePkgJson.content);
+          let refRange = oldOverrides?.[`${name}@${vulnerableVersionRange}`];
+          if (!strings.isNonEmptyString(refRange)) {
+            refRange = oldOverrides?.[name];
+          }
+          if (!strings.isNonEmptyString(refRange)) {
+            refRange = oldVersion;
+          }
 
           // eslint-disable-next-line no-await-in-loop
           await beforeInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, options);
@@ -3902,6 +3923,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             hasAnnouncedWorkspace = true;
             workspaceLogCallCount = logger.logger.logCallCount;
           }
+          const newId = `${name}@${utils.applyRange(refRange, newVersion, rangeStyle)}`;
           spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspace}.`);
           let error;
@@ -4214,9 +4236,24 @@ async function npmFix(pkgEnvDetails, options) {
         limit: Math.max(limit, openPrs.length)
       }));
     } else {
+      const npmPath = path.resolve(fs$1.realpathSync(pkgEnvDetails.agentExecPath), '../..');
+      const config = new vendor.libExports$2({
+        argv: [],
+        cwd: process.cwd(),
+        definitions: vendor.definitionsExports.definitions,
+        // Lazily access constants.execPath.
+        execPath: constants.execPath,
+        env: process.env,
+        flatten: vendor.definitionsExports.flatten,
+        npmPath,
+        platform: process.platform,
+        shorthands: vendor.definitionsExports.shorthands
+      });
+      await config.load();
       const arb = new shadowNpmInject.Arborist({
         path: pkgEnvDetails.pkgPath,
-        ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+        ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,
+        config
       });
       actualTree = await arb.reify();
       // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
@@ -4449,9 +4486,10 @@ const {
   NPM: NPM$7,
   PNPM: PNPM$6
 } = constants;
-async function handleFix({
+async function handleFix(argv, {
   autoMerge,
   cwd,
+  ghsas,
   limit,
   outputKind,
   purls,
@@ -4459,31 +4497,74 @@ async function handleFix({
   test,
   testScript
 }) {
-  const pkgEnvResult = await utils.detectAndValidatePackageEnvironment(cwd, {
+  let {
+    length: ghsasCount
+  } = ghsas;
+  if (ghsasCount) {
+    // Lazily access constants.spinner.
+    const {
+      spinner
+    } = constants;
+    spinner.start('Fetching GHSA IDs...');
+    if (ghsasCount === 1 && ghsas[0] === 'auto') {
+      const autoCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd], {
+        cwd,
+        spinner
+      });
+      if (autoCResult.ok) {
+        ghsas = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found: )[^\n]+/.exec(autoCResult.data)?.[0]);
+        ghsasCount = ghsas.length;
+      } else {
+        ghsas = [];
+        ghsasCount = 0;
+      }
+    }
+    if (ghsasCount) {
+      spinner.info(`Found ${ghsasCount} GHSA ${words.pluralize('ID', ghsasCount)}.`);
+      await outputFixResult(await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--apply-fixes-to', ...ghsas, ...argv], {
+        cwd,
+        spinner
+      }), outputKind);
+      spinner.stop();
+      return;
+    }
+    spinner.infoAndStop('No GHSA IDs found.');
+    await outputFixResult({
+      ok: true,
+      data: ''
+    }, outputKind);
+    return;
+  }
+  const pkgEnvCResult = await utils.detectAndValidatePackageEnvironment(cwd, {
     cmdName: CMD_NAME$1,
     logger: logger.logger
   });
-  if (!pkgEnvResult.ok) {
-    return pkgEnvResult;
+  if (!pkgEnvCResult.ok) {
+    await outputFixResult(pkgEnvCResult, outputKind);
+    return;
   }
-  const pkgEnvDetails = pkgEnvResult.data;
+  const {
+    data: pkgEnvDetails
+  } = pkgEnvCResult;
   if (!pkgEnvDetails) {
-    return {
+    await outputFixResult({
       ok: false,
-      message: 'No package found',
-      cause: `No valid package environment was found in given cwd (${cwd})`
-    };
+      message: 'No package found.',
+      cause: `No valid package environment found for project path: ${cwd}`
+    }, outputKind);
+    return;
   }
   logger.logger.info(`Fixing packages for ${pkgEnvDetails.agent} v${pkgEnvDetails.agentVersion}.\n`);
   const {
     agent
   } = pkgEnvDetails;
   if (agent !== NPM$7 && agent !== PNPM$6) {
-    return {
+    await outputFixResult({
       ok: false,
-      message: 'Not supported',
+      message: 'Not supported.',
       cause: `${agent} is not supported by this command at the moment.`
-    };
+    }, outputKind);
+    return;
   }
 
   // Lazily access spinner.
@@ -4491,7 +4572,7 @@ async function handleFix({
     spinner
   } = constants;
   const fixer = agent === NPM$7 ? npmFix : pnpmFix;
-  const result = await fixer(pkgEnvDetails, {
+  await outputFixResult(await fixer(pkgEnvDetails, {
     autoMerge,
     cwd,
     limit,
@@ -4500,8 +4581,7 @@ async function handleFix({
     spinner,
     test,
     testScript
-  });
-  await outputFixResult(result, outputKind);
+  }), outputKind);
 }
 
 const {
@@ -4523,6 +4603,12 @@ const config$H = {
       default: false,
       description: `Shorthand for --autoMerge --test`
     },
+    ghsa: {
+      type: 'string',
+      default: [],
+      description: `Provide a list of ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} to compute fixes for, as either a comma separated value or as multiple flags`,
+      isMultiple: true
+    },
     limit: {
       type: 'number',
       default: Infinity,
@@ -4531,7 +4617,7 @@ const config$H = {
     purl: {
       type: 'string',
       default: [],
-      description: `Provide a list of ${vendor.terminalLinkExports('package URLs', 'https://github.com/package-url/purl-spec?tab=readme-ov-file#purl')} (PURLs) to fix, as either a comma separated value or as multiple flags,\n                        instead of querying the Socket API`,
+      description: `Provide a list of ${vendor.terminalLinkExports('PURLs', 'https://github.com/package-url/purl-spec?tab=readme-ov-file#purl')} to compute fixes for, as either a comma separated value or as multiple flags,\n                        instead of querying the Socket API`,
       isMultiple: true,
       shortFlag: 'p'
     },
@@ -4621,12 +4707,14 @@ async function run$H(argv, importMeta, {
     autoMerge = true;
     test = true;
   }
+  const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
-  const purls = Array.isArray(cli.flags['purl']) ? cli.flags['purl'].flatMap(p => p.split(/, */)) : [];
+  const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
   const testScript = String(cli.flags['testScript'] || 'test');
-  await handleFix({
+  await handleFix(argv, {
     autoMerge,
     cwd,
+    ghsas,
     limit,
     outputKind,
     purls,
@@ -6918,7 +7006,7 @@ const {
   PNPM: PNPM$4,
   VLT: VLT$4,
   YARN_BERRY: YARN_BERRY$3,
-  YARN_CLASSIC: YARN_CLASSIC$4
+  YARN_CLASSIC: YARN_CLASSIC$3
 } = constants;
 function matchLsCmdViewHumanStdout(stdout, name) {
   return stdout.includes(` ${name}@`);
@@ -6926,7 +7014,7 @@ function matchLsCmdViewHumanStdout(stdout, name) {
 function matchQueryCmdStdout(stdout, name) {
   return stdout.includes(`"${name}"`);
 }
-const depsIncludesByAgent = new Map([[BUN$3, matchLsCmdViewHumanStdout], [NPM$5, matchQueryCmdStdout], [PNPM$4, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$3, matchLsCmdViewHumanStdout], [YARN_CLASSIC$4, matchLsCmdViewHumanStdout]]);
+const depsIncludesByAgent = new Map([[BUN$3, matchLsCmdViewHumanStdout], [NPM$5, matchQueryCmdStdout], [PNPM$4, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$3, matchLsCmdViewHumanStdout], [YARN_CLASSIC$3, matchLsCmdViewHumanStdout]]);
 
 function getDependencyEntries(pkgEnvDetails) {
   const {
@@ -6959,7 +7047,7 @@ const {
   PNPM: PNPM$3,
   VLT: VLT$3,
   YARN_BERRY: YARN_BERRY$2,
-  YARN_CLASSIC: YARN_CLASSIC$3
+  YARN_CLASSIC: YARN_CLASSIC$2
 } = constants;
 function includesNpm(lockSrc, name) {
   // Detects the package name in the following cases:
@@ -7001,7 +7089,7 @@ function includesYarn(lockSrc, name) {
   //   , name@
   `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
 }
-const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$4, includesNpm], [PNPM$3, includesPnpm], [VLT$3, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$3, includesYarn]]);
+const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$4, includesNpm], [PNPM$3, includesPnpm], [VLT$3, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$2, includesYarn]]);
 
 const {
   BUN: BUN$1,
@@ -7009,7 +7097,7 @@ const {
   PNPM: PNPM$2,
   VLT: VLT$2,
   YARN_BERRY: YARN_BERRY$1,
-  YARN_CLASSIC: YARN_CLASSIC$2
+  YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
 function cleanupQueryStdout(stdout) {
   if (stdout === '') {
@@ -7138,7 +7226,7 @@ async function lsYarnClassic(pkgEnvDetails, cwd) {
   } catch {}
   return '';
 }
-const lsByAgent = new Map([[BUN$1, lsBun], [NPM$3, lsNpm], [PNPM$2, lsPnpm], [VLT$2, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$2, lsYarnClassic]]);
+const lsByAgent = new Map([[BUN$1, lsBun], [NPM$3, lsNpm], [PNPM$2, lsPnpm], [VLT$2, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$1, lsYarnClassic]]);
 
 const CMD_NAME = 'socket optimize';
 
@@ -7150,7 +7238,7 @@ const {
   RESOLUTIONS,
   VLT: VLT$1,
   YARN_BERRY,
-  YARN_CLASSIC: YARN_CLASSIC$1
+  YARN_CLASSIC
 } = constants;
 const depFields = ['dependencies', 'devDependencies', 'peerDependencies', 'peerDependenciesMeta', 'optionalDependencies', 'bundleDependencies'];
 function getEntryIndexes(entries, keys) {
@@ -7252,12 +7340,11 @@ function updateResolutionsField(pkgEnvDetails, overrides) {
 function updatePnpmField(pkgEnvDetails, overrides) {
   updatePkgJsonField(pkgEnvDetails.editablePkgJson, PNPM$1, overrides);
 }
-const updateManifestByAgent = new Map([[BUN, updateResolutionsField], [NPM$2, updateOverridesField], [PNPM$1, updatePnpmField], [VLT$1, updateOverridesField], [YARN_BERRY, updateResolutionsField], [YARN_CLASSIC$1, updateResolutionsField]]);
+const updateManifestByAgent = new Map([[BUN, updateResolutionsField], [NPM$2, updateOverridesField], [PNPM$1, updatePnpmField], [VLT$1, updateOverridesField], [YARN_BERRY, updateResolutionsField], [YARN_CLASSIC, updateResolutionsField]]);
 
 const {
   NPM: NPM$1,
-  PNPM,
-  YARN_CLASSIC
+  PNPM
 } = constants;
 const manifestNpmOverrides = registry.getManifestData(NPM$1);
 async function addOverrides(pkgEnvDetails, pkgPath, options) {
@@ -7297,9 +7384,9 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
   }
   const overridesDataObjects = [];
   if (isWorkspace || pkgEnvDetails.editablePkgJson.content['private']) {
-    overridesDataObjects.push(overridesDataByAgent.get(agent)(pkgEnvDetails));
+    overridesDataObjects.push(getOverridesData(pkgEnvDetails));
   } else {
-    overridesDataObjects.push(overridesDataByAgent.get(NPM$1)(pkgEnvDetails), overridesDataByAgent.get(YARN_CLASSIC)(pkgEnvDetails));
+    overridesDataObjects.push(getOverridesDataNpm(pkgEnvDetails), getOverridesDataYarnClassic(pkgEnvDetails));
   }
   spinner?.setText(`Adding overrides to ${workspace}...`);
   const depAliasMap = new Map();
@@ -8770,7 +8857,7 @@ function formatReportCard(artifact, color) {
   };
   const alertString = getAlertString(artifact.alerts, !color);
   if (!artifact.ecosystem) {
-    console.log('WTF?', artifact);
+    debug.debugLog('miss: Artifact ecosystem', artifact);
   }
   const purl = `pkg:${artifact.ecosystem}/${artifact.name}${artifact.version ? '@' + artifact.version : ''}`;
   return ['Package: ' + (color ? vendor.yoctocolorsCjsExports.bold(purl) : purl), '', ...Object.entries(scoreResult).map(score => `- ${score[0]}:`.padEnd(20, ' ') + `  ${formatScore(score[1], !color, true)}`), alertString].join('\n');
@@ -12198,7 +12285,7 @@ async function run$7(argv, importMeta, {
   await handleOrgScanMetadata(orgSlug, scanId, outputKind);
 }
 
-async function outputScanReach(result, cwd, outputKind) {
+async function outputScanReach(result, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
   }
@@ -12210,42 +12297,25 @@ async function outputScanReach(result, cwd, outputKind) {
     logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
     return;
   }
-  logger.logger.success('finished on', cwd);
+  logger.logger.log('');
+  logger.logger.success('Finished!');
 }
 
 const {
   DOT_SOCKET_DOT_FACTS_JSON
 } = constants;
-async function scanReachability(argv, cwd) {
-  try {
-    const result = await spawn.spawn(constants.execPath, [
-    // Lazily access constants.nodeNoWarningsFlags.
-    ...constants.nodeNoWarningsFlags,
-    // Lazily access constants.coanaBinPath.
-    constants.coanaBinPath, 'run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...argv], {
-      cwd,
-      env: {
-        ...process.env,
-        SOCKET_CLI_API_TOKEN: utils.getDefaultToken()
-      }
-    });
-    return {
-      ok: true,
-      data: result.stdout.trim()
-    };
-  } catch (e) {
-    const message = e?.stdout ?? e?.message;
-    return {
-      ok: false,
-      data: e,
-      message
-    };
-  }
-}
-
 async function handleScanReach(argv, cwd, outputKind) {
-  const result = await scanReachability(argv, cwd);
-  await outputScanReach(result, cwd, outputKind);
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start('Running reachability scan...');
+  const result = await utils.spawnCoana(['run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...argv], {
+    cwd,
+    spinner
+  });
+  spinner.stop();
+  await outputScanReach(result, outputKind);
 }
 
 const {
@@ -14070,5 +14140,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=2d2b9a8c-0021-4a50-be2d-f6b89034705e
+//# debugId=7eb55598-7509-4018-b34f-5184fd83870f
 //# sourceMappingURL=cli.js.map