@socketsecurity/cli-with-sentry 1.0.50 → 1.0.52

package/dist/utils.js

@@ -13,11 +13,11 @@ var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var promises = require('node:timers/promises');
+var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs = require('node:fs');
 var registry = require('../external/@socketsecurity/registry');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var Module = require('node:module');
-var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
 var words = require('../external/@socketsecurity/registry/lib/words');
 var fs$1 = require('../external/@socketsecurity/registry/lib/fs');
@@ -25,7 +25,6 @@ var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 const {
-  NPM: NPM$5,
   PNPM: PNPM$2
 } = constants;
 const PNPM_WORKSPACE = `${PNPM$2}-workspace`;
@@ -136,11 +135,13 @@ function workspacePatternToGlobPattern(workspace) {
   return `${workspace}/package.json`;
 }
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
-  const patterns = ['golang', NPM$5, 'maven', 'pypi', 'gem', 'nuget'].reduce((r, n) => {
-    const supported = supportedFiles[n];
-    r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
-    return r;
-  }, []);
+  const patterns = [];
+  for (const key of Object.keys(supportedFiles)) {
+    const supported = supportedFiles[key];
+    if (supported) {
+      patterns.push(...Object.values(supported).map(p => `**/${p.pattern}`));
+    }
+  }
   return entries.filter(p => vendor.micromatchExports.some(p, patterns));
 }
 async function globWithGitIgnore(patterns, options) {
@@ -163,6 +164,7 @@ async function globWithGitIgnore(patterns, options) {
   const globOptions = {
     absolute: true,
     cwd,
+    dot: true,
     expandDirectories: false,
     ignore: hasNegatedPattern ? [] : ignores,
     ...additionalOptions
@@ -1515,11 +1517,11 @@ function msAtHome(isoTimeStamp) {
 }
 
 async function suggestOrgSlug() {
-  const sockSdkResult = await setupSdk();
-  if (!sockSdkResult.ok) {
+  const sockSdkCResult = await setupSdk();
+  if (!sockSdkCResult.ok) {
     return;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const result = await handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
 
   // Ignore a failed request here. It was not the primary goal of
@@ -1626,6 +1628,292 @@ async function determineOrgSlug(orgFlag, interactive, dryRun) {
   return [orgSlug, defaultOrgSlug];
 }
 
+async function getBaseBranch(cwd = process.cwd()) {
+  // Lazily access constants.ENV properties.
+  const {
+    GITHUB_BASE_REF,
+    GITHUB_REF_NAME,
+    GITHUB_REF_TYPE
+  } = constants.ENV;
+  // 1. In a pull request, this is always the base branch.
+  if (GITHUB_BASE_REF) {
+    return GITHUB_BASE_REF;
+  }
+  // 2. If it's a branch (not a tag), GITHUB_REF_TYPE should be 'branch'.
+  if (GITHUB_REF_TYPE === 'branch' && GITHUB_REF_NAME) {
+    return GITHUB_REF_NAME;
+  }
+  // 3. Try to resolve the default remote branch using 'git remote show origin'.
+  // This handles detached HEADs or workflows triggered by tags/releases.
+  try {
+    const originDetails = (await spawn.spawn('git', ['remote', 'show', 'origin'], {
+      cwd
+    })).stdout;
+    const match = /(?<=HEAD branch: ).+/.exec(originDetails);
+    if (match?.[0]) {
+      return match[0].trim();
+    }
+  } catch {}
+  // GitHub and GitLab default to branch name "main"
+  // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
+  return 'main';
+}
+async function getRepoInfo(cwd = process.cwd()) {
+  let info = null;
+  try {
+    const remoteUrl = (await spawn.spawn('git', ['remote', 'get-url', 'origin'], {
+      cwd
+    })).stdout;
+    info = parseGitRemoteUrl(remoteUrl);
+    if (!info) {
+      debug.debugFn('error', 'git: unmatched git remote URL format');
+      debug.debugDir('inspect', {
+        remoteUrl
+      });
+    }
+  } catch (e) {
+    debug.debugFn('error', 'caught: `git remote get-url origin` failed');
+    debug.debugDir('inspect', {
+      error: e
+    });
+  }
+  return info;
+}
+async function getRepoName(cwd = process.cwd()) {
+  const repoInfo = await getRepoInfo(cwd);
+  return repoInfo?.repo ?? null;
+}
+async function gitBranch(cwd = process.cwd()) {
+  const stdioPipeOptions = {
+    cwd
+  };
+  // Try symbolic-ref first which returns the branch name or fails in a
+  // detached HEAD state.
+  try {
+    return (await spawn.spawn('git', ['symbolic-ref', '--short', 'HEAD'], stdioPipeOptions)).stdout;
+  } catch {}
+  // Fallback to using rev-parse to get the short commit hash in a
+  // detached HEAD state.
+  try {
+    return (await spawn.spawn('git', ['rev-parse', '--short', 'HEAD'], stdioPipeOptions)).stdout;
+  } catch {}
+  return null;
+}
+async function gitCleanFdx(cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  // TODO: propagate CResult?
+  await spawn.spawn('git', ['clean', '-fdx'], stdioIgnoreOptions);
+}
+async function gitCheckoutBranch(branch, cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    await spawn.spawn('git', ['checkout', branch], stdioIgnoreOptions);
+    return true;
+  } catch {}
+  return false;
+}
+async function gitCreateBranch(branch, cwd = process.cwd()) {
+  if (await gitLocalBranchExists(branch)) {
+    return true;
+  }
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    await spawn.spawn('git', ['branch', branch], stdioIgnoreOptions);
+    return true;
+  } catch {}
+  return false;
+}
+async function gitPushBranch(branch, cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    await spawn.spawn('git', ['push', '--force', '--set-upstream', 'origin', branch], stdioIgnoreOptions);
+    return true;
+  } catch (e) {
+    debug.debugFn('error', `caught: git push --force --set-upstream origin ${branch} failed`);
+    debug.debugDir('inspect', {
+      error: e
+    });
+  }
+  return false;
+}
+async function gitCommit(commitMsg, filepaths, options) {
+  if (!filepaths.length) {
+    debug.debugFn('notice', `miss: no filepaths to add`);
+    return false;
+  }
+  const {
+    cwd = process.cwd(),
+    // Lazily access constants.ENV.SOCKET_CLI_GIT_USER_EMAIL.
+    email = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL,
+    // Lazily access constants.ENV.SOCKET_CLI_GIT_USER_NAME.
+    user = constants.ENV.SOCKET_CLI_GIT_USER_NAME
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    await gitEnsureIdentity(user, email, cwd);
+    await spawn.spawn('git', ['add', ...filepaths], stdioIgnoreOptions);
+    await spawn.spawn('git', ['commit', '-m', commitMsg], stdioIgnoreOptions);
+    return true;
+  } catch {}
+  return false;
+}
+async function gitDeleteBranch(branch, cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    // Will throw with exit code 1 if branch does not exist.
+    await spawn.spawn('git', ['branch', '-D', branch], stdioIgnoreOptions);
+    return true;
+  } catch {}
+  return false;
+}
+async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  const stdioPipeOptions = {
+    cwd
+  };
+  const identEntries = [['user.email', name], ['user.name', email]];
+  await Promise.all(identEntries.map(async ({
+    0: prop,
+    1: value
+  }) => {
+    let configValue;
+    try {
+      // Will throw with exit code 1 if the config property is not set.
+      configValue = (await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions)).stdout;
+    } catch {}
+    if (configValue !== value) {
+      try {
+        await spawn.spawn('git', ['config', prop, value], stdioIgnoreOptions);
+      } catch (e) {
+        debug.debugFn('error', `caught: git config ${prop} ${value} failed`);
+        debug.debugDir('inspect', {
+          error: e
+        });
+      }
+    }
+  }));
+}
+async function gitLocalBranchExists(branch, cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  try {
+    // Will throw with exit code 1 if the branch does not exist.
+    await spawn.spawn('git', ['show-ref', '--quiet', `refs/heads/${branch}`], stdioIgnoreOptions);
+    return true;
+  } catch {}
+  return false;
+}
+async function gitRemoteBranchExists(branch, cwd = process.cwd()) {
+  const stdioPipeOptions = {
+    cwd
+  };
+  try {
+    return (await spawn.spawn('git', ['ls-remote', '--heads', 'origin', branch], stdioPipeOptions)).stdout.length > 0;
+  } catch {}
+  return false;
+}
+async function gitResetAndClean(branch = 'HEAD', cwd = process.cwd()) {
+  // Discards tracked changes.
+  await gitResetHard(branch, cwd);
+  // Deletes all untracked files and directories.
+  await gitCleanFdx(cwd);
+}
+async function gitResetHard(branch = 'HEAD', cwd = process.cwd()) {
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  await spawn.spawn('git', ['reset', '--hard', branch], stdioIgnoreOptions);
+}
+async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
+  try {
+    const stdioPipeOptions = {
+      cwd
+    };
+    const changedFilesDetails = (await spawn.spawn('git', ['diff', '--name-only'], stdioPipeOptions)).stdout;
+    const relPaths = changedFilesDetails.split('\n') ?? [];
+    return {
+      ok: true,
+      data: relPaths.map(p => path$1.normalizePath(p))
+    };
+  } catch (e) {
+    debug.debugFn('error', 'caught: git diff --name-only failed');
+    debug.debugDir('inspect', {
+      error: e
+    });
+    return {
+      ok: false,
+      message: 'Git Error',
+      cause: 'Unexpected error while trying to ask git whether repo is dirty'
+    };
+  }
+}
+const parsedGitRemoteUrlCache = new Map();
+function parseGitRemoteUrl(remoteUrl) {
+  let result = parsedGitRemoteUrlCache.get(remoteUrl) ?? null;
+  if (result) {
+    return {
+      ...result
+    };
+  }
+  // Handle SSH-style
+  const sshMatch = /^git@[^:]+:([^/]+)\/(.+?)(?:\.git)?$/.exec(remoteUrl);
+  // 1. Handle SSH-style, e.g. git@github.com:owner/repo.git
+  if (sshMatch) {
+    result = {
+      owner: sshMatch[1],
+      repo: sshMatch[2]
+    };
+  } else {
+    // 2. Handle HTTPS/URL-style, e.g. https://github.com/owner/repo.git
+    try {
+      const parsed = new URL(remoteUrl);
+      // Remove leading slashes from pathname and split by "/" to extract segments.
+      const segments = parsed.pathname.replace(/^\/+/, '').split('/');
+      // The second-to-last segment is expected to be the owner (e.g., "owner" in /owner/repo.git).
+      const owner = segments.at(-2);
+      // The last segment is expected to be the repo name, so we remove the ".git" suffix if present.
+      const repo = segments.at(-1)?.replace(/\.git$/, '');
+      if (owner && repo) {
+        result = {
+          owner,
+          repo
+        };
+      }
+    } catch {}
+  }
+  parsedGitRemoteUrlCache.set(remoteUrl, result);
+  return result ? {
+    ...result
+  } : result;
+}
+
 function getPurlObject(purl) {
   return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
 }
@@ -1769,7 +2057,9 @@ async function getPackageFilesForScan(cwd, inputPaths, supportedFiles, config) {
   }
   const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
   spinner.successAndStop(`Found ${packageFiles.length} local ${words.pluralize('file', packageFiles.length)}`);
-  debug.debugFn('inspect', 'paths: absolute', packageFiles);
+  debug.debugDir('inspect', {
+    packageFiles
+  });
   return packageFiles;
 }
 
@@ -2633,12 +2923,12 @@ async function getAlertsMapFromPurls(purls, options_) {
   }
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner?.start(getText());
-  const sockSdkResult = await setupSdk(getPublicToken());
-  if (!sockSdkResult.ok) {
+  const sockSdkCResult = await setupSdk(getPublicToken());
+  if (!sockSdkCResult.ok) {
     spinner?.stop();
     throw new Error('Auth error: Try to run `socket login` first');
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const alertsMapOptions = {
     overrides: options.overrides,
     consolidate: options.consolidate,
@@ -3346,6 +3636,7 @@ exports.extractOverridesFromPnpmLockSrc = extractOverridesFromPnpmLockSrc;
 exports.failMsgWithBadge = failMsgWithBadge;
 exports.getAlertsMapFromPnpmLockfile = getAlertsMapFromPnpmLockfile;
 exports.getAlertsMapFromPurls = getAlertsMapFromPurls;
+exports.getBaseBranch = getBaseBranch;
 exports.getBashrcDetails = getBashrcDetails;
 exports.getConfigValue = getConfigValue;
 exports.getConfigValueOrUndef = getConfigValueOrUndef;
@@ -3361,8 +3652,19 @@ exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
 exports.getPkgFullNameFromPurl = getPkgFullNameFromPurl;
 exports.getPurlObject = getPurlObject;
+exports.getRepoInfo = getRepoInfo;
+exports.getRepoName = getRepoName;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
 exports.getVisibleTokenPrefix = getVisibleTokenPrefix;
+exports.gitBranch = gitBranch;
+exports.gitCheckoutBranch = gitCheckoutBranch;
+exports.gitCommit = gitCommit;
+exports.gitCreateBranch = gitCreateBranch;
+exports.gitDeleteBranch = gitDeleteBranch;
+exports.gitPushBranch = gitPushBranch;
+exports.gitRemoteBranchExists = gitRemoteBranchExists;
+exports.gitResetAndClean = gitResetAndClean;
+exports.gitUnstagedModifiedFiles = gitUnstagedModifiedFiles;
 exports.globWorkspace = globWorkspace;
 exports.handleApiCall = handleApiCall;
 exports.handleApiCallNoSpinner = handleApiCallNoSpinner;
@@ -3405,5 +3707,5 @@ exports.tildify = tildify;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=fdcadc6e-0721-46d4-bb30-7ac0836f5543
+//# debugId=f0a536ee-29b1-4d1e-a6d8-6d4f9395cd8f
 //# sourceMappingURL=utils.js.map