@socketsecurity/cli-with-sentry 1.0.91 → 1.0.92

package/external/@coana-tech/cli/cli.mjs

@@ -210065,7 +210065,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
     case "NPM": {
       const base = basename7(manifestPath);
       const dir = dirname8(manifestPath);
-      return base === "package.json" ? dir === "" ? "." : dir : void 0;
+      return base === "package.json" ? dir || "." : void 0;
     }
     case "MAVEN": {
       return ".";
@@ -210096,6 +210096,11 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
     case "RUST": {
       return dirname8(manifestPath) || ".";
     }
+    case "GO": {
+      const base = basename7(manifestPath);
+      const dir = dirname8(manifestPath);
+      return base === "go.mod" ? dir || "." : void 0;
+    }
     default: {
       return ".";
     }
@@ -225392,7 +225397,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.11.13";
+var version2 = "14.11.14";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -225572,7 +225577,7 @@ var CliCore = class {
         otherModulesCommunicator,
         this.rootWorkingDirectory,
         ecosystem,
-        ["NPM", "PIP"].includes(ecosystem) && isEcosystemToAnalyze
+        ["NPM", "PIP", "GO"].includes(ecosystem) && isEcosystemToAnalyze
       )).flat());
       this.sendProgress("RUN_ON_SUBPROJECT", false, this.rootWorkingDirectory);
     }

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs

@@ -9234,7 +9234,7 @@ var require_pipeline = __commonJS({
       if (typeof streams[streams.length - 1] !== "function") return noop4;
       return streams.pop();
     }
-    function pipeline() {
+    function pipeline2() {
       for (var _len = arguments.length, streams = new Array(_len), _key = 0; _key < _len; _key++) {
         streams[_key] = arguments[_key];
       }
@@ -9257,7 +9257,7 @@ var require_pipeline = __commonJS({
       });
       return streams.reduce(pipe);
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -11444,7 +11444,7 @@ var require_file = __commonJS({
     var fs12 = __require("fs");
     var path9 = __require("path");
     var asyncSeries = require_series();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var { MESSAGE } = require_triple_beam();
     var { Stream: Stream2, PassThrough } = require_readable();
     var TransportStream = require_winston_transport();
@@ -12013,7 +12013,7 @@ var require_file = __commonJS({
           if (err) {
             return callback();
           }
-          var gzip = zlib2.createGzip();
+          var gzip = zlib3.createGzip();
           var inp = fs12.createReadStream(src);
           var out = fs12.createWriteStream(dest);
           out.on("finish", () => {
@@ -43748,7 +43748,7 @@ var require_client = __commonJS({
     var assert9 = __require("assert");
     var net = __require("net");
     var http2 = __require("http");
-    var { pipeline } = __require("stream");
+    var { pipeline: pipeline2 } = __require("stream");
     var util6 = require_util2();
     var timers = require_timers();
     var Request2 = require_request();
@@ -45166,7 +45166,7 @@ upgrade: ${upgrade}\r
         let onPipeData = function(chunk2) {
           request.onBodySent(chunk2);
         };
-        const pipe = pipeline(
+        const pipe = pipeline2(
           body,
           h2stream,
           (err) => {
@@ -46926,7 +46926,7 @@ var require_api_pipeline = __commonJS({
         util6.destroy(ret, err);
       }
     };
-    function pipeline(opts, handler) {
+    function pipeline2(opts, handler) {
       try {
         const pipelineHandler = new PipelineHandler(opts, handler);
         this.dispatch({ ...opts, body: pipelineHandler.req }, pipelineHandler);
@@ -46935,7 +46935,7 @@ var require_api_pipeline = __commonJS({
         return new PassThrough().destroy(err);
       }
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -49832,7 +49832,7 @@ var require_fetch = __commonJS({
     } = require_response();
     var { Headers } = require_headers();
     var { Request: Request2, makeRequest } = require_request2();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var {
       bytesMatch,
       makePolicyContainer,
@@ -49876,7 +49876,7 @@ var require_fetch = __commonJS({
     } = require_constants3();
     var { kHeadersList } = require_symbols();
     var EE3 = __require("events");
-    var { Readable: Readable2, pipeline } = __require("stream");
+    var { Readable: Readable2, pipeline: pipeline2 } = __require("stream");
     var { addAbortListener, isErrored, isReadable: isReadable2, nodeMajor, nodeMinor } = require_util2();
     var { dataURLProcessor, serializeAMimeType } = require_dataURL();
     var { TransformStream } = __require("stream/web");
@@ -50773,18 +50773,18 @@ var require_fetch = __commonJS({
               if (request.method !== "HEAD" && request.method !== "CONNECT" && !nullBodyStatus.includes(status) && !willFollow) {
                 for (const coding of codings) {
                   if (coding === "x-gzip" || coding === "gzip") {
-                    decoders.push(zlib2.createGunzip({
+                    decoders.push(zlib3.createGunzip({
                       // Be less strict when decoding compressed responses, since sometimes
                       // servers send slightly invalid responses that are still accepted
                       // by common browsers.
                       // Always using Z_SYNC_FLUSH is what cURL does.
-                      flush: zlib2.constants.Z_SYNC_FLUSH,
-                      finishFlush: zlib2.constants.Z_SYNC_FLUSH
+                      flush: zlib3.constants.Z_SYNC_FLUSH,
+                      finishFlush: zlib3.constants.Z_SYNC_FLUSH
                     }));
                   } else if (coding === "deflate") {
-                    decoders.push(zlib2.createInflate());
+                    decoders.push(zlib3.createInflate());
                   } else if (coding === "br") {
-                    decoders.push(zlib2.createBrotliDecompress());
+                    decoders.push(zlib3.createBrotliDecompress());
                   } else {
                     decoders.length = 0;
                     break;
@@ -50795,7 +50795,7 @@ var require_fetch = __commonJS({
                 status,
                 statusText,
                 headersList: headers[kHeadersList],
-                body: decoders.length ? pipeline(this.body, ...decoders, () => {
+                body: decoders.length ? pipeline2(this.body, ...decoders, () => {
                 }) : this.body.on("error", () => {
                 })
               });
@@ -59413,7 +59413,7 @@ var require_upload_gzip = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.createGZipFileInBuffer = exports.createGZipFileOnDisk = void 0;
     var fs12 = __importStar(__require("fs"));
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var util_1 = __require("util");
     var stat3 = (0, util_1.promisify)(fs12.stat);
     var gzipExemptFileExtensions = [
@@ -59449,7 +59449,7 @@ var require_upload_gzip = __commonJS({
         }
         return new Promise((resolve17, reject) => {
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           const outputStream = fs12.createWriteStream(tempFilePath);
           inputStream.pipe(gzip).pipe(outputStream);
           outputStream.on("finish", () => __awaiter(this, void 0, void 0, function* () {
@@ -59469,7 +59469,7 @@ var require_upload_gzip = __commonJS({
         return new Promise((resolve17) => __awaiter(this, void 0, void 0, function* () {
           var _a2, e_1, _b, _c;
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           inputStream.pipe(gzip);
           const chunks = [];
           try {
@@ -60071,7 +60071,7 @@ var require_download_http_client = __commonJS({
     exports.DownloadHttpClient = void 0;
     var fs12 = __importStar(__require("fs"));
     var core = __importStar(require_core());
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var utils_1 = require_utils3();
     var url_1 = __require("url");
     var status_reporter_1 = require_status_reporter();
@@ -60249,7 +60249,7 @@ var require_download_http_client = __commonJS({
         return __awaiter(this, void 0, void 0, function* () {
           yield new Promise((resolve17, reject) => {
             if (isGzip) {
-              const gunzip = zlib2.createGunzip();
+              const gunzip = zlib3.createGunzip();
               response.message.on("error", (error) => {
                 core.info(`An error occurred while attempting to read the response stream`);
                 gunzip.close();
@@ -66504,14 +66504,14 @@ var require_headers2 = __commonJS({
 var require_deflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/deflater.js"(exports, module) {
     module.exports = function(inbuf) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       var opts = { chunkSize: (parseInt(inbuf.length / 1024) + 1) * 1024 };
       return {
         deflate: function() {
-          return zlib2.deflateRawSync(inbuf, opts);
+          return zlib3.deflateRawSync(inbuf, opts);
         },
         deflateAsync: function(callback) {
-          var tmp = zlib2.createDeflateRaw(opts), parts = [], total = 0;
+          var tmp = zlib3.createDeflateRaw(opts), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -66538,14 +66538,14 @@ var require_inflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/inflater.js"(exports, module) {
     var version3 = +(process.versions ? process.versions.node : "").split(".")[0] || 0;
     module.exports = function(inbuf, expectedLength) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       const option = version3 >= 15 && expectedLength > 0 ? { maxOutputLength: expectedLength } : {};
       return {
         inflate: function() {
-          return zlib2.inflateRawSync(inbuf, option);
+          return zlib3.inflateRawSync(inbuf, option);
         },
         inflateAsync: function(callback) {
-          var tmp = zlib2.createInflateRaw(option), parts = [], total = 0;
+          var tmp = zlib3.createInflateRaw(option), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -94983,9 +94983,11 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 // dist/whole-program-code-aware-vulnerability-scanner/go/go-code-aware-vulnerability-scanner.js
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert4 from "assert";
-import { existsSync as existsSync9 } from "fs";
+import { existsSync as existsSync9, createReadStream, createWriteStream as createWriteStream2 } from "fs";
 import { readFile as readFile7, rm as rm4, cp as cp4 } from "fs/promises";
+import zlib2 from "zlib";
 import { join as join13, resolve as resolve10, sep } from "path";
+import { pipeline } from "stream/promises";
 var { uniq: uniq5 } = import_lodash11.default;
 var GoCodeAwareVulnerabilityScanner = class {
   projectDir;
@@ -94995,6 +94997,11 @@ var GoCodeAwareVulnerabilityScanner = class {
     this.projectDir = projectDir;
     this.options = options;
   }
+  get compressedGoanaBinaryName() {
+    const { platform: platform6, arch } = process;
+    const rarch = arch === "arm" ? "arm64" : arch === "x64" ? "amd64" : arch;
+    return `goana-${platform6}-${rarch}.gz`;
+  }
   async runAnalysis(vulns, heuristic, _analyzesAllVulns) {
     logger.info("Started instantiating Go code-aware analysis");
     if (!existsSync9(join13(this.projectDir, "go.mod")))
@@ -95004,14 +95011,19 @@ var GoCodeAwareVulnerabilityScanner = class {
     const vulnsOutputFile = join13(tmpDir, "vulns.json");
     const diagnosticsOutputFile = join13(tmpDir, "diagnostics.json");
     try {
+      const binaryName = this.compressedGoanaBinaryName;
+      const binaryPath = join13(COANA_REPOS_PATH(), "goana/bin", binaryName);
+      if (!await exists(binaryPath))
+        throw new Error(`goana binary '${binaryName}' not found`);
+      await pipeline(createReadStream(binaryPath), zlib2.createGunzip(), createWriteStream2(join13(tmpDir, "goana"), { mode: 493 }));
       const vulnAccPaths = uniq5(vulns.flatMap((v) => v.vulnerabilityAccessPaths));
-      const { error, stderr } = await execNeverFail(cmdt`${COANA_REPOS_PATH()}/goana/goana
+      const { error, stderr } = await execNeverFail(cmdt`${join13(tmpDir, "goana")}
           -output-vulnerabilities ${vulnsOutputFile}
           -output-diagnostics ${diagnosticsOutputFile}
           -topk=4 ${heuristic.includeTests && "-tests"}
           ${this.projectDir} ${vulnAccPaths}`, void 0, {
         timeout: timeoutInSeconds ? timeoutInSeconds * 1e3 : void 0,
-        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MB` } : void 0
+        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0
       });
       if (error) {
         logger.error("Error running Go code-aware analysis", error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.91",
+  "version": "1.0.92",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -85,7 +85,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.0",
-    "@coana-tech/cli": "14.11.13",
+    "@coana-tech/cli": "14.11.14",
     "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.48.4",
     "@eslint/compat": "1.3.2",