@socketsecurity/cli-with-sentry 1.1.27 → 1.1.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/cli.js +69 -15
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts +1 -0
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts +2 -0
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
- package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
- package/dist/types/utils/dlx.d.mts.map +1 -1
- package/dist/utils.js +7 -5
- package/dist/utils.js.map +1 -1
- package/package.json +2 -1
- package/shadow-bin/npm +1 -1
- package/shadow-bin/npx +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.29](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.29) - 2025-11-16
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
- Added options `--reach-concurrency <number>` and `--reach-disable-analysis-splitting` for `socket scan create --reach`
|
|
11
|
+
|
|
12
|
+
## [1.1.28](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.28) - 2025-11-13
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
- Backported `socket fix` with `--json` improvements
|
|
16
|
+
|
|
7
17
|
## [1.1.27](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.27) - 2025-11-12
|
|
8
18
|
|
|
9
19
|
### Added
|
package/dist/cli.js
CHANGED
|
@@ -18,6 +18,7 @@ var prompts = require('../external/@socketsecurity/registry/lib/prompts');
|
|
|
18
18
|
var spawn = require('../external/@socketsecurity/registry/lib/spawn');
|
|
19
19
|
var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
|
|
20
20
|
var strings = require('../external/@socketsecurity/registry/lib/strings');
|
|
21
|
+
var os = require('node:os');
|
|
21
22
|
var path$1 = require('../external/@socketsecurity/registry/lib/path');
|
|
22
23
|
var require$$11 = require('../external/@socketsecurity/registry/lib/objects');
|
|
23
24
|
var registry = require('../external/@socketsecurity/registry');
|
|
@@ -26,7 +27,6 @@ var require$$12 = require('../external/@socketsecurity/registry/lib/promises');
|
|
|
26
27
|
var regexps = require('../external/@socketsecurity/registry/lib/regexps');
|
|
27
28
|
var require$$0$1 = require('node:crypto');
|
|
28
29
|
var require$$1 = require('node:util');
|
|
29
|
-
var os = require('node:os');
|
|
30
30
|
var promises = require('node:stream/promises');
|
|
31
31
|
|
|
32
32
|
var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
|
|
@@ -1631,7 +1631,7 @@ async function performReachabilityAnalysis(options) {
|
|
|
1631
1631
|
spinner?.infoAndStop('Running reachability analysis with Coana...');
|
|
1632
1632
|
|
|
1633
1633
|
// Build Coana arguments.
|
|
1634
|
-
const coanaArgs = ['run', cwd, '--output-dir', cwd, '--socket-mode', constants.default.DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1634
|
+
const coanaArgs = ['run', cwd, '--output-dir', cwd, '--socket-mode', constants.default.DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableAnalysisSplitting ? ['--disable-analysis-splitting'] : []), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1635
1635
|
// Empty reachEcosystems implies scanning all ecosystems.
|
|
1636
1636
|
...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : [])];
|
|
1637
1637
|
|
|
@@ -2371,7 +2371,9 @@ async function handleCi(autoManifest) {
|
|
|
2371
2371
|
reach: {
|
|
2372
2372
|
reachAnalysisTimeout: 0,
|
|
2373
2373
|
reachAnalysisMemoryLimit: 0,
|
|
2374
|
+
reachConcurrency: 1,
|
|
2374
2375
|
reachDisableAnalytics: false,
|
|
2376
|
+
reachDisableAnalysisSplitting: false,
|
|
2375
2377
|
reachEcosystems: [],
|
|
2376
2378
|
reachExcludePaths: [],
|
|
2377
2379
|
reachSkipCache: false,
|
|
@@ -3631,18 +3633,47 @@ async function coanaFix(fixConfig) {
|
|
|
3631
3633
|
}
|
|
3632
3634
|
};
|
|
3633
3635
|
}
|
|
3634
|
-
|
|
3635
|
-
|
|
3636
|
-
|
|
3637
|
-
|
|
3638
|
-
|
|
3639
|
-
|
|
3640
|
-
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
|
|
3636
|
+
|
|
3637
|
+
// Create a temporary file for the output.
|
|
3638
|
+
const tmpDir = os.tmpdir();
|
|
3639
|
+
const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
|
|
3640
|
+
try {
|
|
3641
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3642
|
+
cwd,
|
|
3643
|
+
spinner,
|
|
3644
|
+
stdio: 'inherit'
|
|
3645
|
+
});
|
|
3646
|
+
spinner?.stop();
|
|
3647
|
+
if (!fixCResult.ok) {
|
|
3648
|
+
return fixCResult;
|
|
3644
3649
|
}
|
|
3645
|
-
|
|
3650
|
+
|
|
3651
|
+
// Read the temporary file to get the actual fixes result.
|
|
3652
|
+
const fixesResultJson = fs$2.readJsonSync(tmpFile, {
|
|
3653
|
+
throws: false
|
|
3654
|
+
});
|
|
3655
|
+
|
|
3656
|
+
// Copy to outputFile if provided.
|
|
3657
|
+
if (outputFile) {
|
|
3658
|
+
logger.logger.info(`Copying fixes result to ${outputFile}`);
|
|
3659
|
+
const tmpContent = await fs$1.promises.readFile(tmpFile, 'utf8');
|
|
3660
|
+
await fs$1.promises.writeFile(outputFile, tmpContent, 'utf8');
|
|
3661
|
+
}
|
|
3662
|
+
return {
|
|
3663
|
+
ok: true,
|
|
3664
|
+
data: {
|
|
3665
|
+
data: fixesResultJson,
|
|
3666
|
+
fixed: true
|
|
3667
|
+
}
|
|
3668
|
+
};
|
|
3669
|
+
} finally {
|
|
3670
|
+
// Clean up the temporary file.
|
|
3671
|
+
try {
|
|
3672
|
+
await fs$1.promises.unlink(tmpFile);
|
|
3673
|
+
} catch (e) {
|
|
3674
|
+
// Ignore cleanup errors.
|
|
3675
|
+
}
|
|
3676
|
+
}
|
|
3646
3677
|
}
|
|
3647
3678
|
|
|
3648
3679
|
// Adjust limit based on open Socket Fix PRs.
|
|
@@ -3967,8 +3998,10 @@ async function handleFix({
|
|
|
3967
3998
|
include,
|
|
3968
3999
|
limit,
|
|
3969
4000
|
minimumReleaseAge,
|
|
4001
|
+
minSatisfying,
|
|
3970
4002
|
orgSlug,
|
|
3971
4003
|
outputFile,
|
|
4004
|
+
prCheck,
|
|
3972
4005
|
rangeStyle,
|
|
3973
4006
|
showAffectedDirectDependencies,
|
|
3974
4007
|
spinner,
|
|
@@ -10827,11 +10860,21 @@ const reachabilityFlags = {
|
|
|
10827
10860
|
default: 0,
|
|
10828
10861
|
description: 'Set timeout for the reachability analysis. Split analysis runs may cause the total scan time to exceed this timeout significantly.'
|
|
10829
10862
|
},
|
|
10863
|
+
reachConcurrency: {
|
|
10864
|
+
type: 'number',
|
|
10865
|
+
default: 1,
|
|
10866
|
+
description: 'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.'
|
|
10867
|
+
},
|
|
10830
10868
|
reachDisableAnalytics: {
|
|
10831
10869
|
type: 'boolean',
|
|
10832
10870
|
default: false,
|
|
10833
10871
|
description: 'Disable reachability analytics sharing with Socket. Also disables caching-based optimizations.'
|
|
10834
10872
|
},
|
|
10873
|
+
reachDisableAnalysisSplitting: {
|
|
10874
|
+
type: 'boolean',
|
|
10875
|
+
default: false,
|
|
10876
|
+
description: 'Limits Coana to at most 1 reachability analysis run per workspace.'
|
|
10877
|
+
},
|
|
10835
10878
|
reachEcosystems: {
|
|
10836
10879
|
type: 'string',
|
|
10837
10880
|
isMultiple: true,
|
|
@@ -11050,6 +11093,8 @@ async function run$d(argv, importMeta, {
|
|
|
11050
11093
|
reach,
|
|
11051
11094
|
reachAnalysisMemoryLimit,
|
|
11052
11095
|
reachAnalysisTimeout,
|
|
11096
|
+
reachConcurrency,
|
|
11097
|
+
reachDisableAnalysisSplitting,
|
|
11053
11098
|
reachDisableAnalytics,
|
|
11054
11099
|
reachSkipCache,
|
|
11055
11100
|
readOnly,
|
|
@@ -11177,8 +11222,9 @@ async function run$d(argv, importMeta, {
|
|
|
11177
11222
|
const hasReachExcludePaths = reachExcludePaths.length > 0;
|
|
11178
11223
|
const isUsingNonDefaultMemoryLimit = reachAnalysisMemoryLimit !== reachabilityFlags['reachAnalysisMemoryLimit']?.default;
|
|
11179
11224
|
const isUsingNonDefaultTimeout = reachAnalysisTimeout !== reachabilityFlags['reachAnalysisTimeout']?.default;
|
|
11225
|
+
const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
|
|
11180
11226
|
const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
|
|
11181
|
-
const isUsingAnyReachabilityFlags = isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultAnalytics || hasReachEcosystems || hasReachExcludePaths || reachSkipCache;
|
|
11227
|
+
const isUsingAnyReachabilityFlags = isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultConcurrency || isUsingNonDefaultAnalytics || hasReachEcosystems || hasReachExcludePaths || reachSkipCache || reachDisableAnalysisSplitting;
|
|
11182
11228
|
const wasValidInput = utils.checkCommandInput(outputKind, {
|
|
11183
11229
|
nook: true,
|
|
11184
11230
|
test: !!orgSlug,
|
|
@@ -11239,6 +11285,8 @@ async function run$d(argv, importMeta, {
|
|
|
11239
11285
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
11240
11286
|
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
11241
11287
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
11288
|
+
reachConcurrency: Number(reachConcurrency),
|
|
11289
|
+
reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
|
|
11242
11290
|
reachEcosystems,
|
|
11243
11291
|
reachExcludePaths,
|
|
11244
11292
|
reachSkipCache: Boolean(reachSkipCache)
|
|
@@ -11884,6 +11932,8 @@ async function scanOneRepo(repoSlug, {
|
|
|
11884
11932
|
reachDisableAnalytics: false,
|
|
11885
11933
|
reachAnalysisTimeout: 0,
|
|
11886
11934
|
reachAnalysisMemoryLimit: 0,
|
|
11935
|
+
reachConcurrency: 1,
|
|
11936
|
+
reachDisableAnalysisSplitting: false,
|
|
11887
11937
|
reachEcosystems: [],
|
|
11888
11938
|
reachExcludePaths: [],
|
|
11889
11939
|
reachSkipCache: false
|
|
@@ -13154,6 +13204,8 @@ async function run$7(argv, importMeta, {
|
|
|
13154
13204
|
org: orgFlag,
|
|
13155
13205
|
reachAnalysisMemoryLimit,
|
|
13156
13206
|
reachAnalysisTimeout,
|
|
13207
|
+
reachConcurrency,
|
|
13208
|
+
reachDisableAnalysisSplitting,
|
|
13157
13209
|
reachDisableAnalytics,
|
|
13158
13210
|
reachSkipCache
|
|
13159
13211
|
} = cli.flags;
|
|
@@ -13219,7 +13271,9 @@ async function run$7(argv, importMeta, {
|
|
|
13219
13271
|
reachabilityOptions: {
|
|
13220
13272
|
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
13221
13273
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
13274
|
+
reachConcurrency: Number(reachConcurrency),
|
|
13222
13275
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
13276
|
+
reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
|
|
13223
13277
|
reachEcosystems,
|
|
13224
13278
|
reachExcludePaths,
|
|
13225
13279
|
reachSkipCache: Boolean(reachSkipCache)
|
|
@@ -15060,5 +15114,5 @@ void (async () => {
|
|
|
15060
15114
|
await utils.captureException(e);
|
|
15061
15115
|
}
|
|
15062
15116
|
})();
|
|
15063
|
-
//# debugId=
|
|
15117
|
+
//# debugId=af14f2c8-7f1a-4f12-bd1a-322165537e4f
|
|
15064
15118
|
//# sourceMappingURL=cli.js.map
|