@socketsecurity/cli-with-sentry 1.0.104 → 1.0.105

package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"perform-reachability-analysis.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/perform-reachability-analysis.mts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAA;AAEnE,MAAM,MAAM,mBAAmB,GAAG;IAChC,oBAAoB,EAAE,MAAM,CAAA;IAC5B,wBAAwB,EAAE,MAAM,CAAA;IAChC,qBAAqB,EAAE,OAAO,CAAA;IAC9B,eAAe,EAAE,SAAS,EAAE,CAAA;IAC5B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IACnC,mBAAmB,EAAE,mBAAmB,CAAA;IACxC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,kBAAkB,EAAE,MAAM,CAAA;IAC1B,uBAAuB,EAAE,MAAM,GAAG,SAAS,CAAA;CAC5C,CAAA;AAED,wBAAsB,2BAA2B,CAC/C,OAAO,CAAC,EAAE,2BAA2B,GAAG,SAAS,GAChD,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CA6J9C"}
+{"version":3,"file":"perform-reachability-analysis.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/perform-reachability-analysis.mts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAA;AAEnE,MAAM,MAAM,mBAAmB,GAAG;IAChC,oBAAoB,EAAE,MAAM,CAAA;IAC5B,wBAAwB,EAAE,MAAM,CAAA;IAChC,qBAAqB,EAAE,OAAO,CAAA;IAC9B,eAAe,EAAE,SAAS,EAAE,CAAA;IAC5B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IACnC,mBAAmB,EAAE,mBAAmB,CAAA;IACxC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,kBAAkB,EAAE,MAAM,CAAA;IAC1B,uBAAuB,EAAE,MAAM,GAAG,SAAS,CAAA;CAC5C,CAAA;AAED,wBAAsB,2BAA2B,CAC/C,OAAO,CAAC,EAAE,2BAA2B,GAAG,SAAS,GAChD,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CA+J9C"}

package/dist/vendor.js

@@ -27442,7 +27442,7 @@ var isInteractiveExports = /*@__PURE__*/ requireIsInteractive();
 var dist$e = {};
 
 var name$2 = "@socketsecurity/sdk";
-var version$5 = "1.4.79";
+var version$5 = "1.4.80";
 var license = "MIT";
 var description = "SDK for the Socket API client";
 var author = {
@@ -175287,5 +175287,5 @@ exports.terminalLinkExports = terminalLinkExports;
 exports.updater = updater$1;
 exports.yargsParser = yargsParser;
 exports.yoctocolorsCjsExports = yoctocolorsCjsExports;
-//# debugId=f5e9f44c-6738-4a2d-947f-077a45beb5d9
+//# debugId=63796303-c4df-4409-b8a5-da5950acd29d
 //# sourceMappingURL=vendor.js.map

package/external/@coana-tech/cli/cli.mjs

@@ -197891,6 +197891,7 @@ async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, eco
 }
 async function getLatestBucketsSocket(subprojectPath, workspacePath) {
   try {
+    if (!process.env.SOCKET_REPO_NAME || !process.env.SOCKET_BRANCH_NAME) return void 0;
     const url2 = getSocketApiUrl("tier1-reachability-scan/latest-buckets");
     const params = {
       workspacePath,
@@ -197989,12 +197990,14 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
     return void 0;
   }
 }
-async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
     const data2 = {
       manifestsTarHash,
-      repositoryName,
+      // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
       options,
       cliCommand
     };
@@ -210391,6 +210394,11 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
     const ecosystemToWorkspaceToVulnerabilities = {};
     const purlsFailedToFindWorkspace = /* @__PURE__ */ new Set();
     for (const artifact of artifacts) {
+      let processToplevelAncestors2 = function(artifact2) {
+        const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact2.id);
+        allAncestorIds.forEach((ancestorId) => artifactMap.get(ancestorId)?.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file)));
+      };
+      var processToplevelAncestors = processToplevelAncestors2;
       const ecosystem = getAdvisoryEcosystemFromPurlType(artifact.type);
       if (!ecosystem)
         continue;
@@ -210409,12 +210417,12 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
           if (pipArtifactToRepresentativeManifest[sPurl]) {
             manifestFiles.push(...(pipArtifactToRepresentativeManifest[sPurl].manifestFiles ?? []).map((ref) => ref.file));
           }
+          processToplevelAncestors2(artifact);
           break;
         }
         default: {
           artifact.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file));
-          const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact.id);
-          allAncestorIds.forEach((ancestorId) => artifactMap.get(ancestorId)?.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file)));
+          processToplevelAncestors2(artifact);
           break;
         }
       }
@@ -225602,7 +225610,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.6";
+var version2 = "14.12.10";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -226293,7 +226301,7 @@ async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
   logger.silent = options.silent;
   let cliRunId = cliFixRunId;
   if (!cliRunId && options.manifestsTarHash) {
-    cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "upgrade-purls");
+    cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "upgrade-purls");
   }
   const upgradePurlRunId = cliRunId && await getSocketAPI().registerUpgradePurlRun(cliRunId, upgrades);
   Spinner.instance({ text: "Running Coana Upgrade Purl CLI", isSilent: options.silent }).start();
@@ -226423,7 +226431,7 @@ ${vulnerabilityFixes.map((fix) => `	${fix.dependencyName} from ${fix.currentVers
 
 // dist/cli-compute-fixes-and-upgrade-purls.js
 async function computeFixesAndUpgradePurls(path2, options, logFile) {
-  const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "autofix");
+  const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "autofix");
   const { artifacts, ghsaToVulnerableArtifactIds } = await computeInputForComputingFixes(path2, options);
   if (Object.keys(ghsaToVulnerableArtifactIds).length === 0) {
     logger.info("No vulnerabilities to compute fixes for");

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs

@@ -73366,6 +73366,7 @@ async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, eco
 }
 async function getLatestBucketsSocket(subprojectPath, workspacePath) {
   try {
+    if (!process.env.SOCKET_REPO_NAME || !process.env.SOCKET_BRANCH_NAME) return void 0;
     const url2 = getSocketApiUrl("tier1-reachability-scan/latest-buckets");
     const params = {
       workspacePath,
@@ -73399,12 +73400,14 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
-async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
     const data2 = {
       manifestsTarHash,
-      repositoryName,
+      // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
       options,
       cliCommand
     };
@@ -96991,11 +96994,12 @@ function getPreInstalledDepInfos(workspaceData) {
 var { groupBy } = import_lodash17.default;
 var CLI_VERSION_TO_USE_CACHING_FROM = { PIP: "14.9.15" };
 var CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT = "13.16.6";
+var SOCKET_MODE = process.env.SOCKET_MODE === "true";
 function assertVulnChainDetails(vs) {
   assert8(vs.every((v) => v.vulnChainDetails));
 }
 var apiKey = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
-var dashboardAPI = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
+var dashboardAPI = new DashboardAPI(SOCKET_MODE, process.env.DISABLE_ANALYTICS_SHARING === "true");
 async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecomputeForTimeoutsAndAborts, codeAwareScanner, analysisMetadataCollector, statusUpdater) {
   logger.debug("Starting analyzeWithHeuristics");
   assertVulnChainDetails(vulns);
@@ -97083,7 +97087,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
     }
   }
   async function getBucketsBasedOnPreviousResults() {
-    if (process.env.SOCKET_MODE !== "true" && (!COANA_REPORT_ID || apiKey.type === "missing"))
+    if (!SOCKET_MODE && (!COANA_REPORT_ID || apiKey.type === "missing"))
       return void 0;
     const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
     if (!bucketsFromLastAnalysisAndCliVersion)
@@ -97319,6 +97323,13 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
   for (const v of vulns) {
     const detectedOccurrences = result.computeDetectedOccurrences(v);
     if (Array.isArray(detectedOccurrences) ? detectedOccurrences.length === 0 : detectedOccurrences.stacks.length === 0) {
+      if (SOCKET_MODE && result.terminatedEarly && !result.reachedDependencies && Object.keys(v.vulnChainDetails.transitiveDependencies).length > 1) {
+        v.results = {
+          type: "analysisError",
+          message: "Analysis terminated early and did not reach any dependencies"
+        };
+        continue;
+      }
       const packageOnPathFailedToInstall = Object.values(v.vulnChainDetails.transitiveDependencies).map((p) => p.packageName).find((p) => packagesFailedToInstall.includes(p));
       if (packageOnPathFailedToInstall) {
         v.results = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.104",
+  "version": "1.0.105",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -86,7 +86,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.2",
-    "@coana-tech/cli": "14.12.6",
+    "@coana-tech/cli": "14.12.10",
     "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
@@ -114,7 +114,7 @@
     "@socketregistry/packageurl-js": "1.0.9",
     "@socketsecurity/config": "3.0.1",
     "@socketsecurity/registry": "1.0.275",
-    "@socketsecurity/sdk": "1.4.79",
+    "@socketsecurity/sdk": "1.4.80",
     "@types/blessed": "0.1.25",
     "@types/cmd-shim": "5.0.2",
     "@types/js-yaml": "4.0.9",