@socketsecurity/cli-with-sentry 1.0.104 → 1.0.106

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs

@@ -73366,6 +73366,7 @@ async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, eco
 }
 async function getLatestBucketsSocket(subprojectPath, workspacePath) {
   try {
+    if (!process.env.SOCKET_REPO_NAME || !process.env.SOCKET_BRANCH_NAME) return void 0;
     const url2 = getSocketApiUrl("tier1-reachability-scan/latest-buckets");
     const params = {
       workspacePath,
@@ -73399,12 +73400,14 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
-async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
     const data2 = {
       manifestsTarHash,
-      repositoryName,
+      // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
       options,
       cliCommand
     };
@@ -73986,201 +73989,6 @@ function getVulnReachability(c) {
   return hasReachableMatches(c.detectedOccurrences) ? "REACHABLE" : "UNREACHABLE";
 }
 
-// dist/env.js
-var COANA_API_KEY = process.env.COANA_API_KEY;
-var COANA_REPORT_ID = process.env.COANA_REPORT_ID;
-
-// dist/whole-program-code-aware-vulnerability-scanner/dotnet/heuristics.js
-var CocoaHeuristics = {
-  ALL_PACKAGES: {
-    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
-    name: "ALL_PACKAGES",
-    getPackagesToAnalyze: (_vulnerabilities) => void 0,
-    splitAnalysisInBuckets: false
-  },
-  ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES: {
-    // analyse only application source fil
-    name: "ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES",
-    getPackagesToAnalyze: (_vulnerabilities) => void 0,
-    splitAnalysisInBuckets: false
-  }
-};
-
-// dist/whole-program-code-aware-vulnerability-scanner/go/heuristics.js
-var GoanaHeuristics = {
-  DEFAULT: {
-    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
-    name: "DEFAULT",
-    includeTests: true,
-    splitAnalysisInBuckets: false
-  },
-  NO_TESTS: {
-    name: "NO_TESTS",
-    includeTests: false,
-    splitAnalysisInBuckets: false
-  },
-  IMPORT_REACHABILITY: {
-    // pre-analysis to filter out vulnerabilities that are unreachable based on the import graph
-    name: "IMPORT_REACHABILITY",
-    includeTests: true,
-    splitAnalysisInBuckets: false
-  }
-};
-
-// dist/whole-program-code-aware-vulnerability-scanner/java/heuristics.js
-var AlucardHeuristics = {
-  ALL_PACKAGES: {
-    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
-    name: "ALL_PACKAGES",
-    getPackagesToAnalyze: (_vulnerabilities) => void 0,
-    splitAnalysisInBuckets: false
-  },
-  ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES: {
-    // analyse only application source fil
-    name: "ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES",
-    getPackagesToAnalyze: (_vulnerabilities) => void 0,
-    splitAnalysisInBuckets: false
-  }
-};
-
-// dist/whole-program-code-aware-vulnerability-scanner/js/heuristics.js
-var AllPackagesHeuristic = {
-  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed
-  name: "ALL_PACKAGES",
-  getOptions: getAllPackagesHeuristicOptions,
-  splitAnalysisInBuckets: false
-};
-var DefaultOptionsHeuristic = {
-  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed
-  name: "DEFAULT_OPTIONS",
-  getOptions: () => ({}),
-  splitAnalysisInBuckets: false
-};
-var MaxRounds2Heuristic = {
-  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 3
-  name: "MAX_ROUNDS_2",
-  getOptions: () => getMaxRoundsHeuristicOptions(2),
-  splitAnalysisInBuckets: false
-};
-var MaxRounds3Heuristic = {
-  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 3
-  name: "MAX_ROUNDS_3",
-  getOptions: () => getMaxRoundsHeuristicOptions(3),
-  splitAnalysisInBuckets: false
-};
-var MaxRounds5Heuristic = {
-  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 5
-  name: "MAX_ROUNDS_5",
-  getOptions: () => getMaxRoundsHeuristicOptions(5),
-  splitAnalysisInBuckets: false
-};
-var OnlyVulnPathPackagesExceptVulnerablePackageHeuristic = {
-  // Analyzing only packages that are in the path of the vulnerabilities being analyzed
-  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE",
-  getOptions: getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions,
-  splitAnalysisInBuckets: true
-};
-var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds2Heuristic = {
-  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 2
-  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_2",
-  getOptions: (vulnerabilities) => ({
-    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
-    ...getMaxRoundsHeuristicOptions(2)
-  }),
-  splitAnalysisInBuckets: true
-};
-var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds3Heuristic = {
-  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 3
-  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_3",
-  getOptions: (vulnerabilities) => ({
-    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
-    ...getMaxRoundsHeuristicOptions(3)
-  }),
-  splitAnalysisInBuckets: true
-};
-var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds8Heuristic = {
-  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 8
-  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_8",
-  getOptions: (vulnerabilities) => ({
-    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
-    ...getMaxRoundsHeuristicOptions(8)
-  }),
-  splitAnalysisInBuckets: true
-};
-var IgnoreDependenciesAndMaxRounds3Heuristic = {
-  name: "IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3",
-  getOptions: () => ({ includePackages: ["some_non_existing_package"], ...getMaxRoundsHeuristicOptions(3) }),
-  // This heuristic will ignore all dependencies, but we need to provide a package name to have a value for the --include-packages option
-  splitAnalysisInBuckets: false
-};
-var heuristics = {
-  ALL_PACKAGES: AllPackagesHeuristic,
-  DEFAULT_OPTIONS: DefaultOptionsHeuristic,
-  MAX_ROUNDS_2: MaxRounds2Heuristic,
-  MAX_ROUNDS_3: MaxRounds3Heuristic,
-  MAX_ROUNDS_5: MaxRounds5Heuristic,
-  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE: OnlyVulnPathPackagesExceptVulnerablePackageHeuristic,
-  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_2: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds2Heuristic,
-  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_3: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds3Heuristic,
-  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_8: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds8Heuristic,
-  createIncludePackagesHeuristic: (packageNames, options) => ({
-    // Create a heuristic for only analyzing the packages in the packageNames array
-    name: `INCLUDE_PACKAGES_${packageNames.join("_")}`,
-    getOptions: () => ({ ...options, includePackages: packageNames }),
-    splitAnalysisInBuckets: true
-  }),
-  IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3: IgnoreDependenciesAndMaxRounds3Heuristic
-};
-function getAllPackagesHeuristicOptions() {
-  return {};
-}
-function getMaxRoundsHeuristicOptions(maxRounds) {
-  return {
-    maxIndirections: maxRounds
-  };
-}
-function getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities) {
-  return {
-    includePackages: computePackagesOnVulnPathExcludingVulnerablePackage(vulnerabilities)
-  };
-}
-function computePackagesOnVulnPathExcludingVulnerablePackage(vulnerabilities) {
-  const packagesToAnalyze = /* @__PURE__ */ new Set();
-  vulnerabilities.filter((v) => !v.vulnerabilityAccessPaths || typeof v.vulnerabilityAccessPaths !== "string").forEach((v) => {
-    const visitedIdentifiers = [];
-    const helper = (node) => {
-      if (node.children && node.children.length > 0)
-        packagesToAnalyze.add(node.packageName);
-      node.children?.filter((c) => !visitedIdentifiers.includes(c)).forEach((c) => {
-        visitedIdentifiers.push(c);
-        helper(v.vulnChainDetails.transitiveDependencies[c]);
-      });
-    };
-    helper(v.vulnChainDetails);
-  });
-  return [...packagesToAnalyze];
-}
-
-// dist/whole-program-code-aware-vulnerability-scanner/python/heuristics.js
-var MambaladeHeuristics = {
-  ALL_PACKAGES: {
-    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
-    name: "ALL_PACKAGES",
-    splitAnalysisInBuckets: false
-  },
-  createOnlyVulnPathPackagesHeuristic(depInfos) {
-    return {
-      // analyzes only packages that are in the path of the vulnerabilities being analyzed
-      name: "ONLY_VULN_PATH_PACKAGES",
-      getPackagesToExcludeFromAnalysis: (vulnerabilities) => {
-        const packagesToAnalyze = new Set(vulnerabilities.flatMap((v) => Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).map((d) => d.packageName)));
-        return new Set(depInfos.map((d) => d.packageName).filter((name2) => !packagesToAnalyze.has(name2)));
-      },
-      splitAnalysisInBuckets: true
-    };
-  }
-};
-
 // dist/analyzers/pip-analyzer.js
 var import_lodash16 = __toESM(require_lodash(), 1);
 import assert7 from "assert";
@@ -74402,6 +74210,26 @@ function uvTool(executable) {
   return ["uv", "tool", "run", "--python", executable ?? systemPython()];
 }
 
+// dist/whole-program-code-aware-vulnerability-scanner/python/heuristics.js
+var MambaladeHeuristics = {
+  ALL_PACKAGES: {
+    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
+    name: "ALL_PACKAGES",
+    splitAnalysisInBuckets: false
+  },
+  createOnlyVulnPathPackagesHeuristic(depInfos) {
+    return {
+      // analyzes only packages that are in the path of the vulnerabilities being analyzed
+      name: "ONLY_VULN_PATH_PACKAGES",
+      getPackagesToExcludeFromAnalysis: (vulnerabilities) => {
+        const packagesToAnalyze = new Set(vulnerabilities.flatMap((v) => Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).map((d) => d.packageName)));
+        return new Set(depInfos.map((d) => d.packageName).filter((name2) => !packagesToAnalyze.has(name2)));
+      },
+      splitAnalysisInBuckets: true
+    };
+  }
+};
+
 // dist/whole-program-code-aware-vulnerability-scanner/python/phantom-deps.js
 var import_lodash15 = __toESM(require_lodash(), 1);
 import fs11 from "fs/promises";
@@ -74592,6 +74420,22 @@ function assertDefined(value) {
   return value;
 }
 
+// dist/whole-program-code-aware-vulnerability-scanner/dotnet/heuristics.js
+var CocoaHeuristics = {
+  ALL_PACKAGES: {
+    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
+    name: "ALL_PACKAGES",
+    getPackagesToAnalyze: (_vulnerabilities) => void 0,
+    splitAnalysisInBuckets: false
+  },
+  ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES: {
+    // analyse only application source fil
+    name: "ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES",
+    getPackagesToAnalyze: (_vulnerabilities) => void 0,
+    splitAnalysisInBuckets: false
+  }
+};
+
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
 var import_adm_zip = __toESM(require_adm_zip(), 1);
 import { mkdir, readFile as readFile5, writeFile as writeFile3 } from "fs/promises";
@@ -88440,6 +88284,22 @@ async function findArtifactsForPackageInRemoteRepository(repository, groupId, ar
   }
 }
 
+// dist/whole-program-code-aware-vulnerability-scanner/java/heuristics.js
+var AlucardHeuristics = {
+  ALL_PACKAGES: {
+    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
+    name: "ALL_PACKAGES",
+    getPackagesToAnalyze: (_vulnerabilities) => void 0,
+    splitAnalysisInBuckets: false
+  },
+  ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES: {
+    // analyse only application source fil
+    name: "ONLY_APPLICATION_SOURCE_FILES_FOR_KNOWN_LANGUAGES",
+    getPackagesToAnalyze: (_vulnerabilities) => void 0,
+    splitAnalysisInBuckets: false
+  }
+};
+
 // dist/whole-program-code-aware-vulnerability-scanner/java/java-code-aware-vulnerability-scanner.js
 var import_packageurl_js5 = __toESM(require_packageurl_js(), 1);
 import { randomUUID as randomUUID2 } from "crypto";
@@ -94950,6 +94810,124 @@ async function createSymlinksForEachDependency(dependencyInfosForDependenciesToI
   }
 }
 
+// dist/whole-program-code-aware-vulnerability-scanner/js/heuristics.js
+var AllPackagesHeuristic = {
+  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed
+  name: "ALL_PACKAGES",
+  getOptions: getAllPackagesHeuristicOptions,
+  splitAnalysisInBuckets: false
+};
+var DefaultOptionsHeuristic = {
+  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed
+  name: "DEFAULT_OPTIONS",
+  getOptions: () => ({}),
+  splitAnalysisInBuckets: false
+};
+var MaxRounds2Heuristic = {
+  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 3
+  name: "MAX_ROUNDS_2",
+  getOptions: () => getMaxRoundsHeuristicOptions(2),
+  splitAnalysisInBuckets: false
+};
+var MaxRounds3Heuristic = {
+  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 3
+  name: "MAX_ROUNDS_3",
+  getOptions: () => getMaxRoundsHeuristicOptions(3),
+  splitAnalysisInBuckets: false
+};
+var MaxRounds5Heuristic = {
+  // Analyzing all packages disregarding what vulnerabilities affect the project being analyzed and limiting the number of rounds to 5
+  name: "MAX_ROUNDS_5",
+  getOptions: () => getMaxRoundsHeuristicOptions(5),
+  splitAnalysisInBuckets: false
+};
+var OnlyVulnPathPackagesExceptVulnerablePackageHeuristic = {
+  // Analyzing only packages that are in the path of the vulnerabilities being analyzed
+  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE",
+  getOptions: getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions,
+  splitAnalysisInBuckets: true
+};
+var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds2Heuristic = {
+  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 2
+  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_2",
+  getOptions: (vulnerabilities) => ({
+    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
+    ...getMaxRoundsHeuristicOptions(2)
+  }),
+  splitAnalysisInBuckets: true
+};
+var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds3Heuristic = {
+  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 3
+  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_3",
+  getOptions: (vulnerabilities) => ({
+    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
+    ...getMaxRoundsHeuristicOptions(3)
+  }),
+  splitAnalysisInBuckets: true
+};
+var OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds8Heuristic = {
+  // Analyzing only packages that are in the path of the vulnerabilities being analyzed and limiting the number of rounds to 8
+  name: "ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_8",
+  getOptions: (vulnerabilities) => ({
+    ...getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities),
+    ...getMaxRoundsHeuristicOptions(8)
+  }),
+  splitAnalysisInBuckets: true
+};
+var IgnoreDependenciesAndMaxRounds3Heuristic = {
+  name: "IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3",
+  getOptions: () => ({ includePackages: ["some_non_existing_package"], ...getMaxRoundsHeuristicOptions(3) }),
+  // This heuristic will ignore all dependencies, but we need to provide a package name to have a value for the --include-packages option
+  splitAnalysisInBuckets: false
+};
+var heuristics = {
+  ALL_PACKAGES: AllPackagesHeuristic,
+  DEFAULT_OPTIONS: DefaultOptionsHeuristic,
+  MAX_ROUNDS_2: MaxRounds2Heuristic,
+  MAX_ROUNDS_3: MaxRounds3Heuristic,
+  MAX_ROUNDS_5: MaxRounds5Heuristic,
+  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE: OnlyVulnPathPackagesExceptVulnerablePackageHeuristic,
+  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_2: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds2Heuristic,
+  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_3: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds3Heuristic,
+  ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE_AND_MAX_ROUNDS_8: OnlyVulnPathPackagesExceptVulnerablePackageAndMaxRounds8Heuristic,
+  createIncludePackagesHeuristic: (packageNames, options) => ({
+    // Create a heuristic for only analyzing the packages in the packageNames array
+    name: `INCLUDE_PACKAGES_${packageNames.join("_")}`,
+    getOptions: () => ({ ...options, includePackages: packageNames }),
+    splitAnalysisInBuckets: true
+  }),
+  IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3: IgnoreDependenciesAndMaxRounds3Heuristic
+};
+function getAllPackagesHeuristicOptions() {
+  return {};
+}
+function getMaxRoundsHeuristicOptions(maxRounds) {
+  return {
+    maxIndirections: maxRounds
+  };
+}
+function getOnlyPackagesInVulnPathsWithoutLeafPackagesHeuristicOptions(vulnerabilities) {
+  return {
+    includePackages: computePackagesOnVulnPathExcludingVulnerablePackage(vulnerabilities)
+  };
+}
+function computePackagesOnVulnPathExcludingVulnerablePackage(vulnerabilities) {
+  const packagesToAnalyze = /* @__PURE__ */ new Set();
+  vulnerabilities.filter((v) => !v.vulnerabilityAccessPaths || typeof v.vulnerabilityAccessPaths !== "string").forEach((v) => {
+    const visitedIdentifiers = [];
+    const helper = (node) => {
+      if (node.children && node.children.length > 0)
+        packagesToAnalyze.add(node.packageName);
+      node.children?.filter((c) => !visitedIdentifiers.includes(c)).forEach((c) => {
+        visitedIdentifiers.push(c);
+        helper(v.vulnChainDetails.transitiveDependencies[c]);
+      });
+    };
+    helper(v.vulnChainDetails);
+  });
+  return [...packagesToAnalyze];
+}
+
 // dist/whole-program-code-aware-vulnerability-scanner/js/js-code-aware-vulnerability-scanner.js
 var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
   mainProjectDir;
@@ -95126,6 +95104,29 @@ import { existsSync as existsSync9, createReadStream, createWriteStream as creat
 import { readFile as readFile8, rm as rm4, cp as cp4 } from "fs/promises";
 import zlib2 from "zlib";
 import { join as join17, resolve as resolve9, sep } from "path";
+
+// dist/whole-program-code-aware-vulnerability-scanner/go/heuristics.js
+var GoanaHeuristics = {
+  DEFAULT: {
+    // analyzes all packages disregarding what vulnerabilities affect the project being analyzed
+    name: "DEFAULT",
+    includeTests: true,
+    splitAnalysisInBuckets: false
+  },
+  NO_TESTS: {
+    name: "NO_TESTS",
+    includeTests: false,
+    splitAnalysisInBuckets: false
+  },
+  IMPORT_REACHABILITY: {
+    // pre-analysis to filter out vulnerabilities that are unreachable based on the import graph
+    name: "IMPORT_REACHABILITY",
+    includeTests: true,
+    splitAnalysisInBuckets: false
+  }
+};
+
+// dist/whole-program-code-aware-vulnerability-scanner/go/go-code-aware-vulnerability-scanner.js
 import { pipeline } from "stream/promises";
 var { uniq: uniq5 } = import_lodash11.default;
 var GoCodeAwareVulnerabilityScanner = class {
@@ -96987,15 +96988,20 @@ function getPreInstalledDepInfos(workspaceData) {
   }
 }
 
+// dist/env.js
+var COANA_API_KEY = process.env.COANA_API_KEY;
+var COANA_REPORT_ID = process.env.COANA_REPORT_ID;
+
 // dist/whole-program-code-aware-vulnerability-scanner/analyze-in-buckets.js
 var { groupBy } = import_lodash17.default;
 var CLI_VERSION_TO_USE_CACHING_FROM = { PIP: "14.9.15" };
 var CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT = "13.16.6";
+var SOCKET_MODE = process.env.SOCKET_MODE === "true";
 function assertVulnChainDetails(vs) {
   assert8(vs.every((v) => v.vulnChainDetails));
 }
 var apiKey = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
-var dashboardAPI = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
+var dashboardAPI = new DashboardAPI(SOCKET_MODE, process.env.DISABLE_ANALYTICS_SHARING === "true");
 async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecomputeForTimeoutsAndAborts, codeAwareScanner, analysisMetadataCollector, statusUpdater) {
   logger.debug("Starting analyzeWithHeuristics");
   assertVulnChainDetails(vulns);
@@ -97083,7 +97089,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
     }
   }
   async function getBucketsBasedOnPreviousResults() {
-    if (process.env.SOCKET_MODE !== "true" && (!COANA_REPORT_ID || apiKey.type === "missing"))
+    if (state.otherAnalysisOptions.skipCacheUsage || !SOCKET_MODE && (!COANA_REPORT_ID || apiKey.type === "missing"))
       return void 0;
     const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
     if (!bucketsFromLastAnalysisAndCliVersion)
@@ -97319,6 +97325,13 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
   for (const v of vulns) {
     const detectedOccurrences = result.computeDetectedOccurrences(v);
     if (Array.isArray(detectedOccurrences) ? detectedOccurrences.length === 0 : detectedOccurrences.stacks.length === 0) {
+      if (SOCKET_MODE && result.terminatedEarly && !result.reachedDependencies && Object.keys(v.vulnChainDetails.transitiveDependencies).length > 1) {
+        v.results = {
+          type: "analysisError",
+          message: "Analysis terminated early and did not reach any dependencies"
+        };
+        continue;
+      }
       const packageOnPathFailedToInstall = Object.values(v.vulnChainDetails.transitiveDependencies).map((p) => p.packageName).find((p) => packagesFailedToInstall.includes(p));
       if (packageOnPathFailedToInstall) {
         v.results = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.104",
+  "version": "1.0.106",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -86,7 +86,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.2",
-    "@coana-tech/cli": "14.12.6",
+    "@coana-tech/cli": "14.12.12",
     "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
@@ -114,7 +114,7 @@
     "@socketregistry/packageurl-js": "1.0.9",
     "@socketsecurity/config": "3.0.1",
     "@socketsecurity/registry": "1.0.275",
-    "@socketsecurity/sdk": "1.4.79",
+    "@socketsecurity/sdk": "1.4.80",
     "@types/blessed": "0.1.25",
     "@types/cmd-shim": "5.0.2",
     "@types/js-yaml": "4.0.9",