npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.0.17 → 1.0.19 - Mend

@socketsecurity/cli-with-sentry 1.0.17 → 1.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/cli.js +74 -31
package/dist/cli.js.map +1 -1
package/dist/constants.js +3 -3
package/dist/constants.js.map +1 -1
package/dist/shadow-npm-inject.js +14 -3
package/dist/shadow-npm-inject.js.map +1 -1
package/dist/types/commands/fix/agent-fix.d.mts +1 -0
package/dist/types/commands/fix/agent-fix.d.mts.map +1 -1
package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
package/dist/types/commands/fix/handle-fix.d.mts +1 -1
package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
package/dist/types/commands/optimize/apply-optimization.d.mts +6 -1
package/dist/types/commands/optimize/apply-optimization.d.mts.map +1 -1
package/dist/types/commands/optimize/handle-optimize.d.mts +5 -1
package/dist/types/commands/optimize/handle-optimize.d.mts.map +1 -1
package/dist/types/shadow/npm/arborist-helpers.d.mts +5 -1
package/dist/types/shadow/npm/arborist-helpers.d.mts.map +1 -1
package/dist/types/utils/alerts-map.d.mts.map +1 -1
package/dist/utils.js +8 -2
package/dist/utils.js.map +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -3725,6 +3725,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
     autoMerge,
     cwd,
     limit,
+    minSatisfying,
     rangeStyle,
     spinner,
     test,
@@ -3737,9 +3738,13 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
   if (!infoByPartialPurl) {
     spinner?.stop();
     logger.logger.info('No fixable vulns found.');
-    debug.debugFn('inspect:\n', {
-      alertsMap
-    });
+    if (alertsMap.size) {
+      debug.debugFn('inspect:', {
+        alertsMap
+      });
+    } else {
+      debug.debugFn('inspect: { alertsMap: Map(0) {} }');
+    }
     return {
       ok: true,
       data: {
@@ -3872,7 +3877,10 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           firstPatchedVersionIdentifier,
           vulnerableVersionRange
         } of infos) {
-          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
+          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, {
+            minSatisfying,
+            vulnerableVersionRange
+          });
           const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
           if (!(newVersion && newVersionPackument)) {
             warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
@@ -4500,6 +4508,7 @@ async function handleFix({
   cwd,
   ghsas,
   limit,
+  minSatisfying,
   outputKind,
   purls,
   rangeStyle,
@@ -4574,23 +4583,25 @@ async function handleFix({
     }, outputKind);
     return;
   }
-  logger.logger.info(`Fixing packages for ${pkgEnvDetails.agent} v${pkgEnvDetails.agentVersion}.\n`);
   const {
-    agent
+    agent,
+    agentVersion
   } = pkgEnvDetails;
   if (agent !== NPM$7 && agent !== PNPM$6) {
     await outputFixResult({
       ok: false,
       message: 'Not supported.',
-      cause: `${agent} is not supported by this command.`
+      cause: `${agent} v${agentVersion} is not supported by this command.`
     }, outputKind);
     return;
   }
+  logger.logger.info(`Fixing packages for ${agent} v${agentVersion}.\n`);
   const fixer = agent === NPM$7 ? npmFix : pnpmFix;
   await outputFixResult(await fixer(pkgEnvDetails, {
     autoMerge,
     cwd,
     limit,
+    minSatisfying,
     purls,
     rangeStyle,
     spinner,
@@ -4629,6 +4640,17 @@ const config$H = {
       default: Infinity,
       description: 'The number of fixes to attempt at a time'
     },
+    maxSatisfying: {
+      type: 'boolean',
+      default: true,
+      description: 'Use the maximum satisfying version for dependency updates',
+      hidden: true
+    },
+    minSatisfying: {
+      type: 'boolean',
+      default: false,
+      description: 'Constrain dependency updates to the minimum satisfying version'
+    },
     purl: {
       type: 'string',
       default: [],
@@ -4732,6 +4754,8 @@ async function run$H(argv, importMeta, {
   }
   const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
+  const maxSatisfying = Boolean(cli.flags['maxSatisfying']);
+  const minSatisfying = Boolean(cli.flags['minSatisfying']) || !maxSatisfying;
   const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
   const testScript = String(cli.flags['testScript'] || 'test');
   await handleFix({
@@ -4739,6 +4763,7 @@ async function run$H(argv, importMeta, {
     cwd,
     ghsas,
     limit,
+    minSatisfying,
     outputKind,
     purls,
     rangeStyle,
@@ -7595,27 +7620,10 @@ async function updateLockfile(pkgEnvDetails, options) {
   };
 }
-const {
-  VLT
-} = constants;
-async function applyOptimization(cwd, pin, prod) {
-  const result = await utils.detectAndValidatePackageEnvironment(cwd, {
-    cmdName: CMD_NAME,
-    logger: logger.logger,
-    prod
-  });
-  if (!result.ok) {
-    return result;
-  }
-  const pkgEnvDetails = result.data;
-  if (pkgEnvDetails.agent === VLT) {
-    return {
-      ok: false,
-      message: 'Unsupported',
-      cause: utils.cmdPrefixMessage(CMD_NAME, `${VLT} does not support overrides. Soon, though ⚡`)
-    };
-  }
+async function applyOptimization(pkgEnvDetails, {
+  pin,
+  prod
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
@@ -7683,14 +7691,49 @@ function createActionMessage(verb, overrideCount, workspaceCount) {
   return `${verb} ${overrideCount} Socket.dev optimized ${words.pluralize('override', overrideCount)}${workspaceCount ? ` in ${workspaceCount} ${words.pluralize('workspace', workspaceCount)}` : ''}`;
 }
+const {
+  VLT
+} = constants;
 async function handleOptimize({
   cwd,
   outputKind,
   pin,
   prod
 }) {
-  const result = await applyOptimization(cwd, pin, prod);
-  await outputOptimizeResult(result, outputKind);
+  const pkgEnvCResult = await utils.detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME,
+    logger: logger.logger,
+    prod
+  });
+  if (!pkgEnvCResult.ok) {
+    await outputOptimizeResult(pkgEnvCResult, outputKind);
+    return;
+  }
+  const pkgEnvDetails = pkgEnvCResult.data;
+  if (!pkgEnvDetails) {
+    await outputOptimizeResult({
+      ok: false,
+      message: 'No package found.',
+      cause: `No valid package environment found for project path: ${cwd}`
+    }, outputKind);
+    return;
+  }
+  const {
+    agent,
+    agentVersion
+  } = pkgEnvDetails;
+  if (agent === VLT) {
+    return {
+      ok: false,
+      message: 'Unsupported',
+      cause: utils.cmdPrefixMessage(CMD_NAME, `${agent} v${agentVersion} does not support overrides. Soon, though ⚡`)
+    };
+  }
+  logger.logger.info(`Optimizing packages for ${agent} v${agentVersion}.\n`);
+  await outputOptimizeResult(await applyOptimization(pkgEnvDetails, {
+    pin,
+    prod
+  }), outputKind);
 }
 const {
@@ -14184,5 +14227,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=335a870f-91f1-494a-ab58-35161f055590
+//# debugId=32ad27b9-7ef0-4597-96b8-7dac14a0ff3e
 //# sourceMappingURL=cli.js.map