npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.0.100 → 1.0.102 - Mend

@socketsecurity/cli-with-sentry 1.0.100 → 1.0.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/external/@coana-tech/cli/cli.mjs CHANGED Viewed

@@ -190952,25 +190952,25 @@ var Spinner = class _Spinner {
 };
 // ../utils/src/command-utils.ts
-async function execAndLogOnFailure(cmd, dir, options) {
+async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail(cmd, dir, options);
-  if (result.error) logCommandOutput(result, cmd, dir);
+  if (result.error) logCommandOutput(result, cmd, dir, logLevel);
   return !result.error;
 }
 async function execPipeAndLogOnFailure(cmd, dir, options) {
   return execAndLogOnFailure(cmd, dir, { ...options, pipe: true });
 }
-function logCommandOutput(cmdResult, cmd, dir) {
+function logCommandOutput(cmdResult, cmd, dir, logLevel = "info") {
   const { error, stdout, stderr } = cmdResult;
-  logger.info(error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
-  logger.info(`Directory: ${dir}`);
+  logger[logLevel](error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
+  logger[logLevel](`Directory: ${dir}`);
   if (error) {
     const em = error.message;
-    logger.info(`Error: ${em?.endsWith?.(`
+    logger[logLevel](`Error: ${em?.endsWith?.(`
 ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   }
-  logger.info(`stdout: ${stdout}`);
-  logger.info(`stderr: ${stderr}`);
+  logger[logLevel](`stdout: ${stdout}`);
+  logger[logLevel](`stderr: ${stderr}`);
 }
 async function execNeverFail(cmd, dir, options) {
   return new Promise((resolve24) => {
@@ -197761,6 +197761,14 @@ function parseSocketResponse(responseData) {
     throw new Error(`Unexpected response type from Socket API: ${typeof responseData}`);
   }
 }
+function parseComputeArtifactsResponse(responseData) {
+  const response = parseSocketResponse(responseData);
+  return {
+    artifacts: response.filter((r2) => r2.type === "artifact").map((r2) => r2.value),
+    metadata: response.filter((r2) => r2.type === "metadata").flatMap((r2) => r2.value)
+    // There should always only be one metadata object
+  };
+}
 async function createSocketTier1Scan(cliOptions, coanaCliVersion) {
   try {
     const url2 = getSocketApiUrl("tier1-reachability-scan");
@@ -197948,7 +197956,7 @@ async function fetchArtifactsFromManifestsTarHash(manifestsTarHash) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?tarHash=${manifestsTarHash}`);
     const responseData = (await axios2.post(url2, {}, { headers: getAuthHeaders() })).data;
-    return parseSocketResponse(responseData);
+    return parseComputeArtifactsResponse(responseData);
   } catch (e) {
     if (e instanceof AxiosError2) {
       prettyPrintAxiosError(e);
@@ -197975,12 +197983,7 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
     if (!uploadData.tarHash) {
       throw new Error("No tarHash received from upload-manifest-files response");
     }
-    const computeUrl = getSocketApiUrl(
-      `orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?tarHash=${uploadData.tarHash}`
-    );
-    const computeResponse = await axios2.post(computeUrl, {}, { headers: getAuthHeaders() });
-    const responseData = computeResponse.data;
-    return parseSocketResponse(responseData);
+    return (await fetchArtifactsFromManifestsTarHash(uploadData.tarHash)).artifacts;
   } catch (error) {
     logger.warn("Failed to compute socket fact artifacts", error);
     return void 0;
@@ -205296,23 +205299,23 @@ var Spinner2 = class _Spinner {
 };
 // ../utils/dist/command-utils.js
-async function execAndLogOnFailure2(cmd, dir, options) {
+async function execAndLogOnFailure2(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail2(cmd, dir, options);
   if (result.error)
-    logCommandOutput2(result, cmd, dir);
+    logCommandOutput2(result, cmd, dir, logLevel);
   return !result.error;
 }
-function logCommandOutput2(cmdResult, cmd, dir) {
+function logCommandOutput2(cmdResult, cmd, dir, logLevel = "info") {
   const { error, stdout, stderr } = cmdResult;
-  logger.info(error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
-  logger.info(`Directory: ${dir}`);
+  logger[logLevel](error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
+  logger[logLevel](`Directory: ${dir}`);
   if (error) {
     const em = error.message;
-    logger.info(`Error: ${em?.endsWith?.(`
+    logger[logLevel](`Error: ${em?.endsWith?.(`
 ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   }
-  logger.info(`stdout: ${stdout}`);
-  logger.info(`stderr: ${stderr}`);
+  logger[logLevel](`stdout: ${stdout}`);
+  logger[logLevel](`stderr: ${stderr}`);
 }
 async function execNeverFail2(cmd, dir, options) {
   return new Promise((resolve24) => {
@@ -206483,18 +206486,19 @@ import { access as access2, cp, readdir as readdir3, stat as stat2 } from "fs/pr
 import { basename as basename4, join as join11, relative as relative6, resolve as resolve13 } from "path";
 var { uniq } = import_lodash5.default;
 var { isMatch } = import_micromatch.default;
-function findParent(dir, predicate, wholePath) {
-  let curr = dir;
-  let last2 = dir;
+function* parents(dir) {
+  let [curr, last2] = [dir, dir];
   do {
-    const name = wholePath ? curr : basename4(curr);
-    if (predicate(name))
-      return curr;
-    last2 = curr;
-    curr = resolve13(curr, "..");
+    yield curr;
+    [last2, curr] = [curr, resolve13(curr, "..")];
   } while (curr !== last2);
   return void 0;
 }
+function findParent(dir, predicate, wholePath) {
+  for (const parent2 of parents(dir))
+    if (predicate(wholePath ? parent2 : basename4(parent2)))
+      return parent2;
+}
 // ../utils/dist/constants.js
 var { once: once2 } = import_lodash6.default;
@@ -207378,17 +207382,18 @@ import { access as access3, cp as cp2, readdir as readdir4, stat as stat3 } from
 import { basename as basename5, join as join16, relative as relative7, resolve as resolve15 } from "path";
 var { uniq: uniq2 } = import_lodash8.default;
 var { isMatch: isMatch2 } = import_micromatch2.default;
-function findParent2(dir, predicate, wholePath) {
-  let curr = dir;
-  let last2 = dir;
+function* parents2(dir) {
+  let [curr, last2] = [dir, dir];
   do {
-    const name = wholePath ? curr : basename5(curr);
-    if (predicate(name)) return curr;
-    last2 = curr;
-    curr = resolve15(curr, "..");
+    yield curr;
+    [last2, curr] = [curr, resolve15(curr, "..")];
   } while (curr !== last2);
   return void 0;
 }
+function findParent2(dir, predicate, wholePath) {
+  for (const parent2 of parents2(dir))
+    if (predicate(wholePath ? parent2 : basename5(parent2))) return parent2;
+}
 async function getFilesRelative(dir, excludeDirs) {
   async function helper(subDir, arrayOfFiles) {
     for (const item of await readdir4(join16(dir, subDir), { withFileTypes: true })) {
@@ -209354,6 +209359,7 @@ import { join as join20, resolve as resolve18 } from "path";
 import util3 from "util";
 var { once: once7 } = import_lodash13.default;
 var systemPython = once7(() => execFileSync2("which", ["python"], { encoding: "utf8" }).trim());
+var hasPyenv = once7(async () => !(await execNeverFail("which pyenv")).error);
 // ../utils/src/pip-utils.ts
 async function isSetupPySetuptools(file) {
@@ -210102,8 +210108,8 @@ function getVulnerabilityDependencyType(vulnChainDetails, directDependencies, af
         finalDepType = depType;
       }
     }
-    const parents2 = vcd.parentsMap.get(devIdentifier);
-    for (const p3 of parents2 ?? []) {
+    const parents4 = vcd.parentsMap.get(devIdentifier);
+    for (const p3 of parents4 ?? []) {
       if (p3 === ROOT_NODE_STR) continue;
       const parentNode = vcd.transitiveDependencies[p3];
       if (afd && !afd.has(parentNode)) continue;
@@ -210225,17 +210231,17 @@ function computeVulnChainDetails(dependencyTree, dependencyIdentifier, parentsMa
   function addNode(currentIdentifier, childIdentifier, visited) {
     if (visited.has(currentIdentifier))
       return;
-    const parents2 = parentsMap.get(currentIdentifier);
+    const parents4 = parentsMap.get(currentIdentifier);
     const newCurrentNode = transformToVulnChainNode(dependencyTree.transitiveDependencies[currentIdentifier]);
     res.transitiveDependencies[currentIdentifier] = newCurrentNode;
     if (childIdentifier && !newCurrentNode.children.includes(childIdentifier))
       newCurrentNode.children.push(childIdentifier);
     if (!childIdentifier)
       newCurrentNode.vulnerable = true;
-    if (!parents2)
+    if (!parents4)
       return res;
     visited.add(currentIdentifier);
-    for (const parent2 of parents2) {
+    for (const parent2 of parents4) {
       if (parent2 === ROOT_IDENTIFIER)
         res.children.push(currentIdentifier);
       else
@@ -210339,7 +210345,7 @@ function getAllToplevelAncestors(artifactMap, artifactId) {
 async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash) {
   logger.info("Fetching artifacts from Socket backend using manifests tar hash", manifestsTarHash);
   try {
-    const artifacts = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
+    const { artifacts } = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
     const properPythonProjects = [];
     const venvExcludes = [
       "venv",
@@ -210493,7 +210499,7 @@ function computeVulnChainDetails2(artifacts, vulnerableArtifactId) {
     const currentArtifact = artifactMap.get(currentId);
     if (!currentArtifact)
       return;
-    const parents2 = parentsMap.get(currentId);
+    const parents4 = parentsMap.get(currentId);
     const newCurrentNode = {
       packageName: getNameFromNamespaceAndName(currentArtifact.type, currentArtifact.namespace, currentArtifact.name),
       version: currentArtifact.version ?? void 0,
@@ -210512,8 +210518,8 @@ function computeVulnChainDetails2(artifacts, vulnerableArtifactId) {
       }
     }
     visited.add(currentId);
-    if (parents2) {
-      for (const parentId of parents2) {
+    if (parents4) {
+      for (const parentId of parents4) {
         addNode(parentId, currentId, visited);
       }
     }
@@ -213022,7 +213028,7 @@ __export(traversing_exports, {
   nextUntil: () => nextUntil,
   not: () => not,
   parent: () => parent,
-  parents: () => parents,
+  parents: () => parents3,
   parentsUntil: () => parentsUntil,
   prev: () => prev,
   prevAll: () => prevAll,
@@ -214284,7 +214290,7 @@ function _removeDuplicates(elems) {
   return Array.from(new Set(elems));
 }
 var parent = _singleMatcher(({ parent: parent2 }) => parent2 && !isDocument(parent2) ? parent2 : null, _removeDuplicates);
-var parents = _matcher((elem) => {
+var parents3 = _matcher((elem) => {
   const matched = [];
   while (elem.parent && !isDocument(elem.parent)) {
     matched.push(elem.parent);
@@ -225028,10 +225034,10 @@ var FixesTask = class {
           return;
         }
       }
-      const parents2 = this.getParents(pId, vulnChainDetails);
+      const parents4 = this.getParents(pId, vulnChainDetails);
       let allowedVersionsForCId = potentialVersionsForFix[cId] ? [...potentialVersionsForFix[cId]] : await this.getSafeVersionsOfPackage(vulnChainDetails.transitiveDependencies[cId].packageName);
-      if (parents2.length !== 0) {
-        for (const parent2 of parents2) {
+      if (parents4.length !== 0) {
+        for (const parent2 of parents4) {
           await computeFix(parent2, pId, [key, ...visited]);
           if (res[pId])
             allowedVersionsForCId = await this.filterVersionsAllowedByParent(pId, res[pId], cId, allowedVersionsForCId);
@@ -225060,11 +225066,11 @@ var FixesTask = class {
     const deps = vulnChainDetails.transitiveDependencies;
     const vulnerablePackageIdentifiers = Object.entries(deps ?? []).filter(([_identifier, node]) => node.vulnerable).map(([identifier, _node]) => identifier);
     for (const pId of vulnerablePackageIdentifiers) {
-      const parents2 = this.getParents(pId, vulnChainDetails);
-      if (parents2.length === 0) {
+      const parents4 = this.getParents(pId, vulnChainDetails);
+      if (parents4.length === 0) {
         pickVersionWrapper(pId, [...potentialVersionsForFix[pId]]);
       } else {
-        for (const parent2 of parents2) {
+        for (const parent2 of parents4) {
           await computeFix(parent2, pId, []);
         }
       }
@@ -225125,9 +225131,9 @@ var FixesTask = class {
           safeVersionsForC
         );
         const vs = await filterVersions(pId, versionsOfPAllowingSomeSafeVersions);
-        const parents2 = this.getParents(pId, vuln.vulnChainDetails);
-        if (parents2.length !== 0) {
-          for (const parent2 of parents2) {
+        const parents4 = this.getParents(pId, vuln.vulnChainDetails);
+        if (parents4.length !== 0) {
+          for (const parent2 of parents4) {
             await computePotentialVersionsForFixWithCache(parent2, pId, vs);
           }
         } else {
@@ -225139,17 +225145,17 @@ var FixesTask = class {
     const deps = vuln.vulnChainDetails?.transitiveDependencies;
     const vulnerablePackageIdentifiers = Object.entries(deps ?? []).filter(([_identifier, node]) => node.vulnerable).map(([identifier, _node]) => identifier);
     for (const pId of vulnerablePackageIdentifiers) {
-      const parents2 = this.getParents(pId, vuln.vulnChainDetails);
+      const parents4 = this.getParents(pId, vuln.vulnChainDetails);
       const safeVersionsForVulnerablePackage = await safeVersions(pId);
       const { upgrades, downgrades } = this.groupVersionsInUpgradesAndDowngrades(
         assertDefined(this.packageStructure.transitiveDependencies[pId].version),
         safeVersionsForVulnerablePackage
       );
-      if (parents2.length === 0) {
+      if (parents4.length === 0) {
         if (upgrades.length > 0) res[pId] = upgrades;
         else if (downgrades.length > 0) res[pId] = downgrades;
       } else {
-        for (const parent2 of parents2) {
+        for (const parent2 of parents4) {
           const resClone = { ...res };
           const alreadyComputedCacheClone = new Map(alreadyComputedCache);
           try {
@@ -225583,7 +225589,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version2 = "14.12.3";
+var version2 = "14.12.5";
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;