@socketsecurity/cli-with-sentry 1.1.39 → 1.1.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/dist/cli.js +60 -24
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +4 -4
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
  8. package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
  9. package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
  10. package/dist/types/commands/fix/handle-fix.d.mts +2 -1
  11. package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
  12. package/dist/types/commands/fix/types.d.mts +1 -0
  13. package/dist/types/commands/fix/types.d.mts.map +1 -1
  14. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
  15. package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
  16. package/dist/types/commands/scan/perform-reachability-analysis.d.mts +3 -2
  17. package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
  18. package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
  19. package/dist/types/utils/dlx.d.mts +4 -1
  20. package/dist/types/utils/dlx.d.mts.map +1 -1
  21. package/dist/utils.js +102 -102
  22. package/dist/utils.js.map +1 -1
  23. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
+ ## [1.1.41](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-02
8
+
9
+ ### Added
10
+ - Added `--reach-version` flag to `socket scan create` and `socket scan reach` to override the @coana-tech/cli version used for reachability analysis.
11
+ - Added `--fix-version` flag to `socket fix` to override the @coana-tech/cli version used for fix analysis.
12
+
13
+ ## [1.1.40](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-02
14
+
15
+ ### Fixed
16
+ - Fix a bug where vulnerabilities were not found correctly during `socket fix`.
17
+
18
+ ### Changed
19
+ - Updated the Coana CLI to v `14.12.110`.
20
+
7
21
  ## [1.1.39](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.39) - 2025-12-01
8
22
 
9
23
  ### Added
package/dist/cli.js CHANGED
@@ -1658,6 +1658,7 @@ async function performReachabilityAnalysis(options) {
1658
1658
 
1659
1659
  // Run Coana with the manifests tar hash.
1660
1660
  const coanaResult = await utils.spawnCoanaDlx(coanaArgs, orgSlug, {
1661
+ coanaVersion: reachabilityOptions.reachVersion,
1661
1662
  cwd,
1662
1663
  env: coanaEnv,
1663
1664
  spinner,
@@ -2380,15 +2381,16 @@ async function handleCi(autoManifest) {
2380
2381
  pendingHead: true,
2381
2382
  pullRequest: 0,
2382
2383
  reach: {
2383
- reachAnalysisTimeout: 0,
2384
2384
  reachAnalysisMemoryLimit: 0,
2385
+ reachAnalysisTimeout: 0,
2385
2386
  reachConcurrency: 1,
2386
2387
  reachDebug: false,
2387
- reachDisableAnalytics: false,
2388
2388
  reachDisableAnalysisSplitting: false,
2389
+ reachDisableAnalytics: false,
2389
2390
  reachEcosystems: [],
2390
2391
  reachExcludePaths: [],
2391
2392
  reachSkipCache: false,
2393
+ reachVersion: undefined,
2392
2394
  runReachabilityAnalysis: false
2393
2395
  },
2394
2396
  repoName,
@@ -3689,7 +3691,7 @@ async function getFixEnv() {
3689
3691
  * Discovers GHSA IDs by running coana without applying fixes.
3690
3692
  * Returns a list of GHSA IDs, optionally limited.
3691
3693
  */
3692
- async function discoverGhsaIds(orgSlug, tarHash, fixConfig, options) {
3694
+ async function discoverGhsaIds(orgSlug, tarHash, options) {
3693
3695
  const {
3694
3696
  cwd = process.cwd(),
3695
3697
  limit,
@@ -3698,12 +3700,22 @@ async function discoverGhsaIds(orgSlug, tarHash, fixConfig, options) {
3698
3700
  __proto__: null,
3699
3701
  ...options
3700
3702
  };
3701
- const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(fixConfig.minimumReleaseAge ? ['--minimum-release-age', fixConfig.minimumReleaseAge] : []), ...(fixConfig.include.length ? ['--include', ...fixConfig.include] : []), ...(fixConfig.exclude.length ? ['--exclude', ...fixConfig.exclude] : []), ...(fixConfig.disableMajorUpdates ? ['--disable-major-updates'] : []), ...(fixConfig.showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], orgSlug, {
3703
+ const foundCResult = await utils.spawnCoanaDlx(['find-vulnerabilities', cwd, '--manifests-tar-hash', tarHash], orgSlug, {
3702
3704
  cwd,
3703
- spinner
3705
+ spinner,
3706
+ coanaVersion: options?.coanaVersion
3707
+ }, {
3708
+ stdio: 'pipe'
3704
3709
  });
3705
3710
  if (foundCResult.ok) {
3706
- const foundIds = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found:).*/.exec(foundCResult.data));
3711
+ // Coana prints ghsaIds as json-formatted string on the final line of the output
3712
+ const foundIds = [];
3713
+ try {
3714
+ const ghsaIdsRaw = foundCResult.data.trim().split('\n').pop();
3715
+ if (ghsaIdsRaw) {
3716
+ foundIds.push(...JSON.parse(ghsaIdsRaw));
3717
+ }
3718
+ } catch {}
3707
3719
  return limit !== undefined ? foundIds.slice(0, limit) : foundIds;
3708
3720
  }
3709
3721
  return [];
@@ -3712,6 +3724,7 @@ async function coanaFix(fixConfig) {
3712
3724
  const {
3713
3725
  applyFixes,
3714
3726
  autopilot,
3727
+ coanaVersion,
3715
3728
  cwd,
3716
3729
  disableMajorUpdates,
3717
3730
  exclude,
@@ -3781,10 +3794,11 @@ async function coanaFix(fixConfig) {
3781
3794
  }
3782
3795
  let ids;
3783
3796
  if (isAll && limit > 0) {
3784
- ids = await discoverGhsaIds(orgSlug, tarHash, fixConfig, {
3797
+ ids = await discoverGhsaIds(orgSlug, tarHash, {
3785
3798
  cwd,
3786
3799
  limit,
3787
- spinner
3800
+ spinner,
3801
+ coanaVersion
3788
3802
  });
3789
3803
  } else if (limit > 0) {
3790
3804
  ids = ghsas.slice(0, limit);
@@ -3806,6 +3820,7 @@ async function coanaFix(fixConfig) {
3806
3820
  const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
3807
3821
  try {
3808
3822
  const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3823
+ coanaVersion,
3809
3824
  cwd,
3810
3825
  spinner,
3811
3826
  stdio: 'inherit'
@@ -3864,10 +3879,11 @@ async function coanaFix(fixConfig) {
3864
3879
  const shouldSpawnCoana = adjustedLimit > 0;
3865
3880
  let ids;
3866
3881
  if (shouldSpawnCoana && isAll) {
3867
- ids = await discoverGhsaIds(orgSlug, tarHash, fixConfig, {
3882
+ ids = await discoverGhsaIds(orgSlug, tarHash, {
3868
3883
  cwd,
3869
3884
  limit: adjustedLimit,
3870
- spinner
3885
+ spinner,
3886
+ coanaVersion
3871
3887
  });
3872
3888
  } else if (shouldSpawnCoana) {
3873
3889
  ids = ghsas.slice(0, adjustedLimit);
@@ -3904,6 +3920,7 @@ async function coanaFix(fixConfig) {
3904
3920
  // Apply fix for single GHSA ID.
3905
3921
  // eslint-disable-next-line no-await-in-loop
3906
3922
  const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3923
+ coanaVersion,
3907
3924
  cwd,
3908
3925
  spinner,
3909
3926
  stdio: 'inherit'
@@ -4160,6 +4177,7 @@ async function convertIdsToGhsas(ids) {
4160
4177
  async function handleFix({
4161
4178
  applyFixes,
4162
4179
  autopilot,
4180
+ coanaVersion,
4163
4181
  cwd,
4164
4182
  disableMajorUpdates,
4165
4183
  exclude,
@@ -4181,6 +4199,7 @@ async function handleFix({
4181
4199
  require$$9.debugDir('inspect', {
4182
4200
  applyFixes,
4183
4201
  autopilot,
4202
+ coanaVersion,
4184
4203
  cwd,
4185
4204
  disableMajorUpdates,
4186
4205
  exclude,
@@ -4199,6 +4218,7 @@ async function handleFix({
4199
4218
  await outputFixResult(await coanaFix({
4200
4219
  applyFixes,
4201
4220
  autopilot,
4221
+ coanaVersion,
4202
4222
  cwd,
4203
4223
  disableMajorUpdates,
4204
4224
  exclude,
@@ -4233,6 +4253,10 @@ const generalFlags$2 = {
4233
4253
  default: false,
4234
4254
  description: `Enable auto-merge for pull requests that Socket opens.\nSee ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
4235
4255
  },
4256
+ fixVersion: {
4257
+ type: 'string',
4258
+ description: `Override the version of @coana-tech/cli used for fix analysis. Default: ${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}.`
4259
+ },
4236
4260
  applyFixes: {
4237
4261
  aliases: ['onlyCompute'],
4238
4262
  type: 'boolean',
@@ -4411,6 +4435,7 @@ async function run$K(argv, importMeta, {
4411
4435
  applyFixes,
4412
4436
  autopilot,
4413
4437
  exclude,
4438
+ fixVersion,
4414
4439
  include,
4415
4440
  json,
4416
4441
  limit,
@@ -4467,6 +4492,7 @@ async function run$K(argv, importMeta, {
4467
4492
  await handleFix({
4468
4493
  applyFixes,
4469
4494
  autopilot,
4495
+ coanaVersion: fixVersion,
4470
4496
  cwd,
4471
4497
  disableMajorUpdates,
4472
4498
  exclude: excludePatterns,
@@ -11059,6 +11085,10 @@ const cmdRepository = {
11059
11085
  };
11060
11086
 
11061
11087
  const reachabilityFlags = {
11088
+ reachVersion: {
11089
+ type: 'string',
11090
+ description: `Override the version of @coana-tech/cli used for reachability analysis. Default: ${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}.`
11091
+ },
11062
11092
  reachAnalysisMemoryLimit: {
11063
11093
  type: 'number',
11064
11094
  default: 8192,
@@ -11347,6 +11377,7 @@ async function run$d(argv, importMeta, {
11347
11377
  reachDisableAnalysisSplitting,
11348
11378
  reachDisableAnalytics,
11349
11379
  reachSkipCache,
11380
+ reachVersion,
11350
11381
  readOnly,
11351
11382
  reportLevel,
11352
11383
  setAsAlertsPage: pendingHeadFlag,
@@ -11474,7 +11505,8 @@ async function run$d(argv, importMeta, {
11474
11505
  const isUsingNonDefaultTimeout = reachAnalysisTimeout !== reachabilityFlags['reachAnalysisTimeout']?.default;
11475
11506
  const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
11476
11507
  const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
11477
- const isUsingAnyReachabilityFlags = isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultConcurrency || isUsingNonDefaultAnalytics || hasReachEcosystems || hasReachExcludePaths || reachSkipCache || reachDisableAnalysisSplitting;
11508
+ const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
11509
+ const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache;
11478
11510
 
11479
11511
  // Validate target constraints when --reach is enabled.
11480
11512
  const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
@@ -11559,16 +11591,17 @@ async function run$d(argv, importMeta, {
11559
11591
  pendingHead: Boolean(pendingHead),
11560
11592
  pullRequest: Number(pullRequest),
11561
11593
  reach: {
11562
- runReachabilityAnalysis: Boolean(reach),
11563
- reachDisableAnalytics: Boolean(reachDisableAnalytics),
11564
- reachAnalysisTimeout: Number(reachAnalysisTimeout),
11565
11594
  reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
11595
+ reachAnalysisTimeout: Number(reachAnalysisTimeout),
11566
11596
  reachConcurrency: Number(reachConcurrency),
11567
11597
  reachDebug: Boolean(reachDebug),
11568
11598
  reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
11599
+ reachDisableAnalytics: Boolean(reachDisableAnalytics),
11569
11600
  reachEcosystems,
11570
11601
  reachExcludePaths,
11571
- reachSkipCache: Boolean(reachSkipCache)
11602
+ reachSkipCache: Boolean(reachSkipCache),
11603
+ reachVersion,
11604
+ runReachabilityAnalysis: Boolean(reach)
11572
11605
  },
11573
11606
  readOnly: Boolean(readOnly),
11574
11607
  repoName,
@@ -12207,16 +12240,17 @@ async function scanOneRepo(repoSlug, {
12207
12240
  pendingHead: true,
12208
12241
  pullRequest: 0,
12209
12242
  reach: {
12210
- runReachabilityAnalysis: false,
12211
- reachDisableAnalytics: false,
12212
- reachAnalysisTimeout: 0,
12213
12243
  reachAnalysisMemoryLimit: 0,
12244
+ reachAnalysisTimeout: 0,
12214
12245
  reachConcurrency: 1,
12215
12246
  reachDebug: false,
12216
12247
  reachDisableAnalysisSplitting: false,
12248
+ reachDisableAnalytics: false,
12217
12249
  reachEcosystems: [],
12218
12250
  reachExcludePaths: [],
12219
- reachSkipCache: false
12251
+ reachSkipCache: false,
12252
+ reachVersion: undefined,
12253
+ runReachabilityAnalysis: false
12220
12254
  },
12221
12255
  readOnly: false,
12222
12256
  repoName: repoSlug,
@@ -13502,7 +13536,8 @@ async function run$7(argv, importMeta, {
13502
13536
  reachDebug,
13503
13537
  reachDisableAnalysisSplitting,
13504
13538
  reachDisableAnalytics,
13505
- reachSkipCache
13539
+ reachSkipCache,
13540
+ reachVersion
13506
13541
  } = cli.flags;
13507
13542
  const dryRun = !!cli.flags['dryRun'];
13508
13543
 
@@ -13592,15 +13627,16 @@ async function run$7(argv, importMeta, {
13592
13627
  outputKind,
13593
13628
  outputPath: outputPath || '',
13594
13629
  reachabilityOptions: {
13595
- reachAnalysisTimeout: Number(reachAnalysisTimeout),
13596
13630
  reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
13631
+ reachAnalysisTimeout: Number(reachAnalysisTimeout),
13597
13632
  reachConcurrency: Number(reachConcurrency),
13598
13633
  reachDebug: Boolean(reachDebug),
13599
- reachDisableAnalytics: Boolean(reachDisableAnalytics),
13600
13634
  reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
13635
+ reachDisableAnalytics: Boolean(reachDisableAnalytics),
13601
13636
  reachEcosystems,
13602
13637
  reachExcludePaths,
13603
- reachSkipCache: Boolean(reachSkipCache)
13638
+ reachSkipCache: Boolean(reachSkipCache),
13639
+ reachVersion
13604
13640
  },
13605
13641
  targets
13606
13642
  });
@@ -15439,5 +15475,5 @@ void (async () => {
15439
15475
  await utils.captureException(e);
15440
15476
  }
15441
15477
  })();
15442
- //# debugId=8693f005-3cc6-4712-ba1e-c0aa7f093c42
15478
+ //# debugId=3354d2a8-858e-47ae-8d62-34c8832fddf8
15443
15479
  //# sourceMappingURL=cli.js.map