@socketsecurity/cli-with-sentry 1.1.23 → 1.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/dist/cli.js +117 -28
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +6 -4
  5. package/dist/constants.js.map +1 -1
  6. package/dist/socket-completion.bash +0 -0
  7. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  8. package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
  9. package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
  10. package/dist/types/commands/fix/handle-fix.d.mts +2 -1
  11. package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
  12. package/dist/types/commands/fix/types.d.mts +3 -0
  13. package/dist/types/commands/fix/types.d.mts.map +1 -1
  14. package/dist/types/commands/organization/fetch-organization-list.d.mts +1 -1
  15. package/dist/types/commands/organization/fetch-organization-list.d.mts.map +1 -1
  16. package/dist/types/commands/scan/create-scan-from-github.d.mts.map +1 -1
  17. package/dist/types/commands/scan/fetch-create-org-full-scan.d.mts.map +1 -1
  18. package/dist/types/constants.d.mts +1 -0
  19. package/dist/types/constants.d.mts.map +1 -1
  20. package/dist/types/utils/api.d.mts +0 -1
  21. package/dist/types/utils/api.d.mts.map +1 -1
  22. package/dist/types/utils/debug.d.mts +7 -2
  23. package/dist/types/utils/debug.d.mts.map +1 -1
  24. package/dist/types/utils/dlx.d.mts +3 -0
  25. package/dist/types/utils/dlx.d.mts.map +1 -1
  26. package/dist/types/utils/organization.d.mts.map +1 -1
  27. package/dist/types/utils/sdk.d.mts.map +1 -1
  28. package/dist/utils.js +97 -34
  29. package/dist/utils.js.map +1 -1
  30. package/dist/vendor.js +8550 -7310
  31. package/package.json +127 -58
  32. package/shadow-bin/npm +0 -0
  33. package/shadow-bin/npx +0 -0
  34. package/shadow-bin/pnpm +0 -0
  35. package/shadow-bin/yarn +0 -0
package/CHANGELOG.md CHANGED
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
+ ## [1.1.26](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.26) - 2025-11-08
8
+
9
+ ### Added
10
+ - Debug logging of API requests/responses
11
+
7
12
  ## [1.1.23](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.23) - 2025-09-22
8
13
 
9
14
  ### Changed
package/dist/cli.js CHANGED
@@ -12,9 +12,9 @@ var constants = require('./constants.js');
12
12
  var flags = require('./flags.js');
13
13
  var path = require('node:path');
14
14
  var words = require('../external/@socketsecurity/registry/lib/words');
15
+ var fs$1 = require('node:fs');
15
16
  var arrays = require('../external/@socketsecurity/registry/lib/arrays');
16
17
  var prompts = require('../external/@socketsecurity/registry/lib/prompts');
17
- var fs$1 = require('node:fs');
18
18
  var spawn = require('../external/@socketsecurity/registry/lib/spawn');
19
19
  var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
20
20
  var strings = require('../external/@socketsecurity/registry/lib/strings');
@@ -907,6 +907,17 @@ async function fetchCreateOrgFullScan(packagePaths, orgSlug, config, options) {
907
907
  return sockSdkCResult;
908
908
  }
909
909
  const sockSdk = sockSdkCResult.data;
910
+ if (constants.default.ENV.SOCKET_CLI_DEBUG) {
911
+ const fileInfo = await Promise.all(packagePaths.map(async p => {
912
+ const absPath = path.resolve(process.cwd(), p);
913
+ const stat = await fs$1.promises.stat(absPath);
914
+ return {
915
+ path: absPath,
916
+ size: stat.size
917
+ };
918
+ }));
919
+ logger.logger.info(`[DEBUG] ${new Date().toISOString()} Uploading full scan manifests: ${JSON.stringify(fileInfo)}`);
920
+ }
910
921
  return await utils.handleApiCall(sockSdk.createOrgFullScan(orgSlug, packagePaths, cwd, {
911
922
  ...(branchName ? {
912
923
  branch: branchName
@@ -3547,11 +3558,14 @@ async function coanaFix(fixConfig) {
3547
3558
  applyFixes,
3548
3559
  autopilot,
3549
3560
  cwd,
3561
+ disableMajorUpdates,
3550
3562
  ghsas,
3551
3563
  glob,
3552
3564
  limit,
3565
+ minimumReleaseAge,
3553
3566
  orgSlug,
3554
3567
  outputFile,
3568
+ showAffectedDirectDependencies,
3555
3569
  spinner
3556
3570
  } = fixConfig;
3557
3571
  const fixEnv = await getFixEnv();
@@ -3616,7 +3630,7 @@ async function coanaFix(fixConfig) {
3616
3630
  }
3617
3631
  };
3618
3632
  }
3619
- const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3633
+ const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3620
3634
  cwd,
3621
3635
  spinner,
3622
3636
  stdio: 'inherit'
@@ -3651,7 +3665,7 @@ async function coanaFix(fixConfig) {
3651
3665
  const shouldSpawnCoana = adjustedLimit > 0;
3652
3666
  let ids;
3653
3667
  if (shouldSpawnCoana && isAll) {
3654
- const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3668
+ const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3655
3669
  cwd,
3656
3670
  spinner
3657
3671
  });
@@ -3693,7 +3707,7 @@ async function coanaFix(fixConfig) {
3693
3707
 
3694
3708
  // Apply fix for single GHSA ID.
3695
3709
  // eslint-disable-next-line no-await-in-loop
3696
- const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3710
+ const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3697
3711
  cwd,
3698
3712
  spinner,
3699
3713
  stdio: 'inherit'
@@ -3906,15 +3920,18 @@ async function handleFix({
3906
3920
  applyFixes,
3907
3921
  autopilot,
3908
3922
  cwd,
3923
+ disableMajorUpdates,
3909
3924
  ghsas,
3910
3925
  glob,
3911
3926
  limit,
3912
3927
  minSatisfying,
3928
+ minimumReleaseAge,
3913
3929
  orgSlug,
3914
3930
  outputFile,
3915
3931
  outputKind,
3916
3932
  prCheck,
3917
3933
  rangeStyle,
3934
+ showAffectedDirectDependencies,
3918
3935
  spinner,
3919
3936
  unknownFlags
3920
3937
  }) {
@@ -3922,6 +3939,7 @@ async function handleFix({
3922
3939
  require$$9.debugDir('inspect', {
3923
3940
  autopilot,
3924
3941
  cwd,
3942
+ disableMajorUpdates,
3925
3943
  ghsas,
3926
3944
  glob,
3927
3945
  limit,
@@ -3931,18 +3949,22 @@ async function handleFix({
3931
3949
  outputKind,
3932
3950
  prCheck,
3933
3951
  rangeStyle,
3952
+ showAffectedDirectDependencies,
3934
3953
  unknownFlags
3935
3954
  });
3936
3955
  await outputFixResult(await coanaFix({
3937
3956
  autopilot,
3938
3957
  applyFixes,
3939
3958
  cwd,
3959
+ disableMajorUpdates,
3940
3960
  // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
3941
3961
  ghsas: await convertIdsToGhsas(ghsas),
3942
3962
  glob,
3943
3963
  limit,
3964
+ minimumReleaseAge,
3944
3965
  orgSlug,
3945
3966
  rangeStyle,
3967
+ showAffectedDirectDependencies,
3946
3968
  spinner,
3947
3969
  unknownFlags,
3948
3970
  outputFile
@@ -3972,6 +3994,13 @@ const generalFlags$2 = {
3972
3994
  // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant.
3973
3995
  hidden: true
3974
3996
  },
3997
+ majorUpdates: {
3998
+ type: 'boolean',
3999
+ default: true,
4000
+ description: 'Allow major version updates. Use --no-major-updates to disable.',
4001
+ // Hidden to allow custom documenting of the negated `--no-major-updates` variant.
4002
+ hidden: true
4003
+ },
3975
4004
  id: {
3976
4005
  type: 'string',
3977
4006
  default: [],
@@ -4001,6 +4030,16 @@ Available styles:
4001
4030
  type: 'string',
4002
4031
  default: '',
4003
4032
  description: 'Path to store upgrades as a JSON file at this path.'
4033
+ },
4034
+ minimumReleaseAge: {
4035
+ type: 'string',
4036
+ default: '',
4037
+ description: 'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.'
4038
+ },
4039
+ showAffectedDirectDependencies: {
4040
+ type: 'boolean',
4041
+ default: false,
4042
+ description: 'List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities'
4004
4043
  }
4005
4044
  };
4006
4045
  const hiddenFlags = {
@@ -4084,6 +4123,12 @@ async function run$K(argv, importMeta, {
4084
4123
  noApplyFixes: {
4085
4124
  ...config.flags['applyFixes'],
4086
4125
  hidden: false
4126
+ },
4127
+ // Explicitly document the negated --no-major-updates variant.
4128
+ noMajorUpdates: {
4129
+ ...config.flags['majorUpdates'],
4130
+ description: 'Do not suggest or apply fixes that require major version updates of direct or transitive dependencies',
4131
+ hidden: false
4087
4132
  }
4088
4133
  })}
4089
4134
 
@@ -4113,17 +4158,21 @@ async function run$K(argv, importMeta, {
4113
4158
  glob,
4114
4159
  json,
4115
4160
  limit,
4161
+ majorUpdates,
4116
4162
  markdown,
4117
4163
  maxSatisfying,
4164
+ minimumReleaseAge,
4118
4165
  outputFile,
4119
4166
  prCheck,
4120
4167
  rangeStyle,
4168
+ showAffectedDirectDependencies,
4121
4169
  // We patched in this feature with `npx custompatch meow` at
4122
4170
  // socket-cli/patches/meow#13.2.0.patch.
4123
4171
  unknownFlags = []
4124
4172
  } = cli.flags;
4125
4173
  const dryRun = !!cli.flags['dryRun'];
4126
4174
  const minSatisfying = cli.flags['minSatisfying'] || !maxSatisfying;
4175
+ const disableMajorUpdates = !majorUpdates;
4127
4176
  const outputKind = utils.getOutputKind(json, markdown);
4128
4177
  const wasValidInput = utils.checkCommandInput(outputKind, {
4129
4178
  test: utils.RangeStyles.includes(rangeStyle),
@@ -4161,14 +4210,17 @@ async function run$K(argv, importMeta, {
4161
4210
  autopilot,
4162
4211
  applyFixes,
4163
4212
  cwd,
4213
+ disableMajorUpdates,
4164
4214
  ghsas,
4165
4215
  glob,
4166
4216
  limit,
4217
+ minimumReleaseAge,
4167
4218
  minSatisfying,
4168
4219
  prCheck,
4169
4220
  orgSlug,
4170
4221
  outputKind,
4171
4222
  rangeStyle,
4223
+ showAffectedDirectDependencies,
4172
4224
  spinner,
4173
4225
  unknownFlags,
4174
4226
  outputFile
@@ -11928,12 +11980,20 @@ async function downloadManifestFile({
11928
11980
  require$$9.debugDir('inspect', {
11929
11981
  fileUrl
11930
11982
  });
11931
- const downloadUrlResponse = await fetch(fileUrl, {
11932
- method: 'GET',
11933
- headers: {
11934
- Authorization: `Bearer ${githubToken}`
11935
- }
11936
- });
11983
+ utils.debugApiRequest('GET', fileUrl);
11984
+ let downloadUrlResponse;
11985
+ try {
11986
+ downloadUrlResponse = await fetch(fileUrl, {
11987
+ method: 'GET',
11988
+ headers: {
11989
+ Authorization: `Bearer ${githubToken}`
11990
+ }
11991
+ });
11992
+ utils.debugApiResponse('GET', fileUrl, downloadUrlResponse.status);
11993
+ } catch (e) {
11994
+ utils.debugApiResponse('GET', fileUrl, undefined, e);
11995
+ throw e;
11996
+ }
11937
11997
  require$$9.debugFn('notice', 'complete: request');
11938
11998
  const downloadUrlText = await downloadUrlResponse.text();
11939
11999
  require$$9.debugFn('inspect', 'response: raw download url', downloadUrlText);
@@ -11970,7 +12030,9 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
11970
12030
  let response; // Declare response here to access it in catch if needed
11971
12031
 
11972
12032
  try {
12033
+ utils.debugApiRequest('GET', downloadUrl);
11973
12034
  response = await fetch(downloadUrl);
12035
+ utils.debugApiResponse('GET', downloadUrl, response.status);
11974
12036
  if (!response.ok) {
11975
12037
  const errorMsg = `Download failed due to bad server response: ${response.status} ${response.statusText} for ${downloadUrl}`;
11976
12038
  logger.logger.fail(errorMsg);
@@ -12009,6 +12071,9 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
12009
12071
  data: localPath
12010
12072
  };
12011
12073
  } catch (e) {
12074
+ if (!response) {
12075
+ utils.debugApiResponse('GET', downloadUrl, undefined, e);
12076
+ }
12012
12077
  logger.logger.fail('An error was thrown while trying to download a manifest file... url:', downloadUrl);
12013
12078
  require$$9.debugDir('error', e);
12014
12079
 
@@ -12050,11 +12115,19 @@ async function getLastCommitDetails({
12050
12115
  logger.logger.info(`Requesting last commit for default branch ${defaultBranch} for ${orgGithub}/${repoSlug}...`);
12051
12116
  const commitApiUrl = `${repoApiUrl}/commits?sha=${defaultBranch}&per_page=1`;
12052
12117
  require$$9.debugFn('inspect', 'url: commit', commitApiUrl);
12053
- const commitResponse = await fetch(commitApiUrl, {
12054
- headers: {
12055
- Authorization: `Bearer ${githubToken}`
12056
- }
12057
- });
12118
+ utils.debugApiRequest('GET', commitApiUrl);
12119
+ let commitResponse;
12120
+ try {
12121
+ commitResponse = await fetch(commitApiUrl, {
12122
+ headers: {
12123
+ Authorization: `Bearer ${githubToken}`
12124
+ }
12125
+ });
12126
+ utils.debugApiResponse('GET', commitApiUrl, commitResponse.status);
12127
+ } catch (e) {
12128
+ utils.debugApiResponse('GET', commitApiUrl, undefined, e);
12129
+ throw e;
12130
+ }
12058
12131
  const commitText = await commitResponse.text();
12059
12132
  require$$9.debugFn('inspect', 'response: commit', commitText);
12060
12133
  let lastCommit;
@@ -12146,12 +12219,20 @@ async function getRepoDetails({
12146
12219
  require$$9.debugDir('inspect', {
12147
12220
  repoApiUrl
12148
12221
  });
12149
- const repoDetailsResponse = await fetch(repoApiUrl, {
12150
- method: 'GET',
12151
- headers: {
12152
- Authorization: `Bearer ${githubToken}`
12153
- }
12154
- });
12222
+ let repoDetailsResponse;
12223
+ try {
12224
+ utils.debugApiRequest('GET', repoApiUrl);
12225
+ repoDetailsResponse = await fetch(repoApiUrl, {
12226
+ method: 'GET',
12227
+ headers: {
12228
+ Authorization: `Bearer ${githubToken}`
12229
+ }
12230
+ });
12231
+ utils.debugApiResponse('GET', repoApiUrl, repoDetailsResponse.status);
12232
+ } catch (e) {
12233
+ utils.debugApiResponse('GET', repoApiUrl, undefined, e);
12234
+ throw e;
12235
+ }
12155
12236
  logger.logger.success(`Request completed.`);
12156
12237
  const repoDetailsText = await repoDetailsResponse.text();
12157
12238
  require$$9.debugFn('inspect', 'response: repo', repoDetailsText);
@@ -12194,12 +12275,20 @@ async function getRepoBranchTree({
12194
12275
  logger.logger.info(`Requesting default branch file tree; branch \`${defaultBranch}\`, repo \`${orgGithub}/${repoSlug}\`...`);
12195
12276
  const treeApiUrl = `${repoApiUrl}/git/trees/${defaultBranch}?recursive=1`;
12196
12277
  require$$9.debugFn('inspect', 'url: tree', treeApiUrl);
12197
- const treeResponse = await fetch(treeApiUrl, {
12198
- method: 'GET',
12199
- headers: {
12200
- Authorization: `Bearer ${githubToken}`
12201
- }
12202
- });
12278
+ let treeResponse;
12279
+ try {
12280
+ utils.debugApiRequest('GET', treeApiUrl);
12281
+ treeResponse = await fetch(treeApiUrl, {
12282
+ method: 'GET',
12283
+ headers: {
12284
+ Authorization: `Bearer ${githubToken}`
12285
+ }
12286
+ });
12287
+ utils.debugApiResponse('GET', treeApiUrl, treeResponse.status);
12288
+ } catch (e) {
12289
+ utils.debugApiResponse('GET', treeApiUrl, undefined, e);
12290
+ throw e;
12291
+ }
12203
12292
  const treeText = await treeResponse.text();
12204
12293
  require$$9.debugFn('inspect', 'response: tree', treeText);
12205
12294
  let treeDetails;
@@ -14954,5 +15043,5 @@ void (async () => {
14954
15043
  await utils.captureException(e);
14955
15044
  }
14956
15045
  })();
14957
- //# debugId=7d7feb5c-caaa-4477-9563-76861e408418
15046
+ //# debugId=6efb19e5-82e5-4a78-9747-dd32059707f5
14958
15047
  //# sourceMappingURL=cli.js.map