npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.1.23 → 1.1.26 - Mend

@socketsecurity/cli-with-sentry 1.1.23 → 1.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/CHANGELOG.md +5 -0
package/dist/cli.js +117 -28
package/dist/cli.js.map +1 -1
package/dist/constants.js +6 -4
package/dist/constants.js.map +1 -1
package/dist/socket-completion.bash +0 -0
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
package/dist/types/commands/fix/handle-fix.d.mts +2 -1
package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
package/dist/types/commands/fix/types.d.mts +3 -0
package/dist/types/commands/fix/types.d.mts.map +1 -1
package/dist/types/commands/organization/fetch-organization-list.d.mts +1 -1
package/dist/types/commands/organization/fetch-organization-list.d.mts.map +1 -1
package/dist/types/commands/scan/create-scan-from-github.d.mts.map +1 -1
package/dist/types/commands/scan/fetch-create-org-full-scan.d.mts.map +1 -1
package/dist/types/constants.d.mts +1 -0
package/dist/types/constants.d.mts.map +1 -1
package/dist/types/utils/api.d.mts +0 -1
package/dist/types/utils/api.d.mts.map +1 -1
package/dist/types/utils/debug.d.mts +7 -2
package/dist/types/utils/debug.d.mts.map +1 -1
package/dist/types/utils/dlx.d.mts +3 -0
package/dist/types/utils/dlx.d.mts.map +1 -1
package/dist/types/utils/organization.d.mts.map +1 -1
package/dist/types/utils/sdk.d.mts.map +1 -1
package/dist/utils.js +97 -34
package/dist/utils.js.map +1 -1
package/dist/vendor.js +8550 -7310
package/package.json +127 -58
package/shadow-bin/npm +0 -0
package/shadow-bin/npx +0 -0
package/shadow-bin/pnpm +0 -0
package/shadow-bin/yarn +0 -0

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+## [1.1.26](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.26) - 2025-11-08
+### Added
+  - Debug logging of API requests/responses
 ## [1.1.23](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.23) - 2025-09-22
 ### Changed

package/dist/cli.js CHANGED Viewed

@@ -12,9 +12,9 @@ var constants = require('./constants.js');
 var flags = require('./flags.js');
 var path = require('node:path');
 var words = require('../external/@socketsecurity/registry/lib/words');
+var fs$1 = require('node:fs');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
-var fs$1 = require('node:fs');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
@@ -907,6 +907,17 @@ async function fetchCreateOrgFullScan(packagePaths, orgSlug, config, options) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
+  if (constants.default.ENV.SOCKET_CLI_DEBUG) {
+    const fileInfo = await Promise.all(packagePaths.map(async p => {
+      const absPath = path.resolve(process.cwd(), p);
+      const stat = await fs$1.promises.stat(absPath);
+      return {
+        path: absPath,
+        size: stat.size
+      };
+    }));
+    logger.logger.info(`[DEBUG] ${new Date().toISOString()} Uploading full scan manifests: ${JSON.stringify(fileInfo)}`);
+  }
   return await utils.handleApiCall(sockSdk.createOrgFullScan(orgSlug, packagePaths, cwd, {
     ...(branchName ? {
       branch: branchName
@@ -3547,11 +3558,14 @@ async function coanaFix(fixConfig) {
     applyFixes,
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     outputFile,
+    showAffectedDirectDependencies,
     spinner
   } = fixConfig;
   const fixEnv = await getFixEnv();
@@ -3616,7 +3630,7 @@ async function coanaFix(fixConfig) {
         }
       };
     }
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3651,7 +3665,7 @@ async function coanaFix(fixConfig) {
   const shouldSpawnCoana = adjustedLimit > 0;
   let ids;
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner
     });
@@ -3693,7 +3707,7 @@ async function coanaFix(fixConfig) {
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3906,15 +3920,18 @@ async function handleFix({
   applyFixes,
   autopilot,
   cwd,
+  disableMajorUpdates,
   ghsas,
   glob,
   limit,
   minSatisfying,
+  minimumReleaseAge,
   orgSlug,
   outputFile,
   outputKind,
   prCheck,
   rangeStyle,
+  showAffectedDirectDependencies,
   spinner,
   unknownFlags
 }) {
@@ -3922,6 +3939,7 @@ async function handleFix({
   require$$9.debugDir('inspect', {
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
@@ -3931,18 +3949,22 @@ async function handleFix({
     outputKind,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     unknownFlags
   });
   await outputFixResult(await coanaFix({
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
     ghsas: await convertIdsToGhsas(ghsas),
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -3972,6 +3994,13 @@ const generalFlags$2 = {
     // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant.
     hidden: true
   },
+  majorUpdates: {
+    type: 'boolean',
+    default: true,
+    description: 'Allow major version updates. Use --no-major-updates to disable.',
+    // Hidden to allow custom documenting of the negated `--no-major-updates` variant.
+    hidden: true
+  },
   id: {
     type: 'string',
     default: [],
@@ -4001,6 +4030,16 @@ Available styles:
     type: 'string',
     default: '',
     description: 'Path to store upgrades as a JSON file at this path.'
+  },
+  minimumReleaseAge: {
+    type: 'string',
+    default: '',
+    description: 'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.'
+  },
+  showAffectedDirectDependencies: {
+    type: 'boolean',
+    default: false,
+    description: 'List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities'
   }
 };
 const hiddenFlags = {
@@ -4084,6 +4123,12 @@ async function run$K(argv, importMeta, {
       noApplyFixes: {
         ...config.flags['applyFixes'],
         hidden: false
+      },
+      // Explicitly document the negated --no-major-updates variant.
+      noMajorUpdates: {
+        ...config.flags['majorUpdates'],
+        description: 'Do not suggest or apply fixes that require major version updates of direct or transitive dependencies',
+        hidden: false
       }
     })}
@@ -4113,17 +4158,21 @@ async function run$K(argv, importMeta, {
     glob,
     json,
     limit,
+    majorUpdates,
     markdown,
     maxSatisfying,
+    minimumReleaseAge,
     outputFile,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     // We patched in this feature with `npx custompatch meow` at
     // socket-cli/patches/meow#13.2.0.patch.
     unknownFlags = []
   } = cli.flags;
   const dryRun = !!cli.flags['dryRun'];
   const minSatisfying = cli.flags['minSatisfying'] || !maxSatisfying;
+  const disableMajorUpdates = !majorUpdates;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.RangeStyles.includes(rangeStyle),
@@ -4161,14 +4210,17 @@ async function run$K(argv, importMeta, {
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     minSatisfying,
     prCheck,
     orgSlug,
     outputKind,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -11928,12 +11980,20 @@ async function downloadManifestFile({
   require$$9.debugDir('inspect', {
     fileUrl
   });
-  const downloadUrlResponse = await fetch(fileUrl, {
-    method: 'GET',
-    headers: {
-      Authorization: `Bearer ${githubToken}`
-    }
-  });
+  utils.debugApiRequest('GET', fileUrl);
+  let downloadUrlResponse;
+  try {
+    downloadUrlResponse = await fetch(fileUrl, {
+      method: 'GET',
+      headers: {
+        Authorization: `Bearer ${githubToken}`
+      }
+    });
+    utils.debugApiResponse('GET', fileUrl, downloadUrlResponse.status);
+  } catch (e) {
+    utils.debugApiResponse('GET', fileUrl, undefined, e);
+    throw e;
+  }
   require$$9.debugFn('notice', 'complete: request');
   const downloadUrlText = await downloadUrlResponse.text();
   require$$9.debugFn('inspect', 'response: raw download url', downloadUrlText);
@@ -11970,7 +12030,9 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
   let response; // Declare response here to access it in catch if needed
   try {
+    utils.debugApiRequest('GET', downloadUrl);
     response = await fetch(downloadUrl);
+    utils.debugApiResponse('GET', downloadUrl, response.status);
     if (!response.ok) {
       const errorMsg = `Download failed due to bad server response: ${response.status} ${response.statusText} for ${downloadUrl}`;
       logger.logger.fail(errorMsg);
@@ -12009,6 +12071,9 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
       data: localPath
     };
   } catch (e) {
+    if (!response) {
+      utils.debugApiResponse('GET', downloadUrl, undefined, e);
+    }
     logger.logger.fail('An error was thrown while trying to download a manifest file... url:', downloadUrl);
     require$$9.debugDir('error', e);
@@ -12050,11 +12115,19 @@ async function getLastCommitDetails({
   logger.logger.info(`Requesting last commit for default branch ${defaultBranch} for ${orgGithub}/${repoSlug}...`);
   const commitApiUrl = `${repoApiUrl}/commits?sha=${defaultBranch}&per_page=1`;
   require$$9.debugFn('inspect', 'url: commit', commitApiUrl);
-  const commitResponse = await fetch(commitApiUrl, {
-    headers: {
-      Authorization: `Bearer ${githubToken}`
-    }
-  });
+  utils.debugApiRequest('GET', commitApiUrl);
+  let commitResponse;
+  try {
+    commitResponse = await fetch(commitApiUrl, {
+      headers: {
+        Authorization: `Bearer ${githubToken}`
+      }
+    });
+    utils.debugApiResponse('GET', commitApiUrl, commitResponse.status);
+  } catch (e) {
+    utils.debugApiResponse('GET', commitApiUrl, undefined, e);
+    throw e;
+  }
   const commitText = await commitResponse.text();
   require$$9.debugFn('inspect', 'response: commit', commitText);
   let lastCommit;
@@ -12146,12 +12219,20 @@ async function getRepoDetails({
   require$$9.debugDir('inspect', {
     repoApiUrl
   });
-  const repoDetailsResponse = await fetch(repoApiUrl, {
-    method: 'GET',
-    headers: {
-      Authorization: `Bearer ${githubToken}`
-    }
-  });
+  let repoDetailsResponse;
+  try {
+    utils.debugApiRequest('GET', repoApiUrl);
+    repoDetailsResponse = await fetch(repoApiUrl, {
+      method: 'GET',
+      headers: {
+        Authorization: `Bearer ${githubToken}`
+      }
+    });
+    utils.debugApiResponse('GET', repoApiUrl, repoDetailsResponse.status);
+  } catch (e) {
+    utils.debugApiResponse('GET', repoApiUrl, undefined, e);
+    throw e;
+  }
   logger.logger.success(`Request completed.`);
   const repoDetailsText = await repoDetailsResponse.text();
   require$$9.debugFn('inspect', 'response: repo', repoDetailsText);
@@ -12194,12 +12275,20 @@ async function getRepoBranchTree({
   logger.logger.info(`Requesting default branch file tree; branch \`${defaultBranch}\`, repo \`${orgGithub}/${repoSlug}\`...`);
   const treeApiUrl = `${repoApiUrl}/git/trees/${defaultBranch}?recursive=1`;
   require$$9.debugFn('inspect', 'url: tree', treeApiUrl);
-  const treeResponse = await fetch(treeApiUrl, {
-    method: 'GET',
-    headers: {
-      Authorization: `Bearer ${githubToken}`
-    }
-  });
+  let treeResponse;
+  try {
+    utils.debugApiRequest('GET', treeApiUrl);
+    treeResponse = await fetch(treeApiUrl, {
+      method: 'GET',
+      headers: {
+        Authorization: `Bearer ${githubToken}`
+      }
+    });
+    utils.debugApiResponse('GET', treeApiUrl, treeResponse.status);
+  } catch (e) {
+    utils.debugApiResponse('GET', treeApiUrl, undefined, e);
+    throw e;
+  }
   const treeText = await treeResponse.text();
   require$$9.debugFn('inspect', 'response: tree', treeText);
   let treeDetails;
@@ -14954,5 +15043,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=7d7feb5c-caaa-4477-9563-76861e408418
+//# debugId=6efb19e5-82e5-4a78-9747-dd32059707f5
 //# sourceMappingURL=cli.js.map