@socketsecurity/cli-with-sentry 1.1.48 → 1.1.50

package/CHANGELOG.md

@@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.50](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.50) - 2025-12-19
+
+### Fixed
+- Fixed exit code when blocking alerts are found
+
+## [1.1.49](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.49) - 2025-12-17
+
+### Added
+- Added initial telemetry functionality to track CLI usage and help improve the Socket experience.
+
+### Fixed
+- Fixed error propagation when npm package finalization failed in `socket fix`.
+
+### Changed
+- Updated the Coana CLI to v `14.12.134`.
+
 ## [1.1.48](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.48) - 2025-12-16
 
 ### Changed

package/bin/npm-cli.js

@@ -11,7 +11,7 @@ void (async () => {
 
   process.exitCode = 1
 
-  const { spawnPromise } = await shadowNpmBin('npm', process.argv.slice(2), {
+  const { spawnPromise } = await shadowNpmBin(process.argv.slice(2), {
     stdio: 'inherit',
   })
 

package/bin/npx-cli.js

@@ -7,11 +7,11 @@ void (async () => {
   const rootPath = path.join(__dirname, '..')
   Module.enableCompileCache?.(path.join(rootPath, '.cache'))
 
-  const shadowNpmBin = require(path.join(rootPath, 'dist/shadow-npm-bin.js'))
+  const shadowNpxBin = require(path.join(rootPath, 'dist/shadow-npx-bin.js'))
 
   process.exitCode = 1
 
-  const { spawnPromise } = await shadowNpmBin('npx', process.argv.slice(2), {
+  const { spawnPromise } = await shadowNpxBin(process.argv.slice(2), {
     stdio: 'inherit',
   })
 

package/dist/cli.js

@@ -1361,6 +1361,10 @@ async function outputScanReport(result, {
     logger.logger.fail(utils.failMsgWithBadge(scanReport.message, scanReport.cause));
     return;
   }
+  if (!scanReport.data.healthy) {
+    // When report contains healthy: false, process should exit with non-zero code.
+    process.exitCode = 1;
+  }
 
   // I don't think we emit the default error message with banner for an unhealthy report, do we?
   // if (!scanReport.data.healthy) {
@@ -6825,20 +6829,28 @@ async function run$x(argv, importMeta, context) {
     ...flags.commonFlags,
     ...flags.outputFlags
   }, [constants.FLAG_JSON]);
+
+  // Track subprocess start.
+  const subprocessStartTime = await utils.trackSubprocessStart(constants.NPM);
   const {
     spawnPromise
   } = await shadowNpmBin(argsToForward, {
     stdio: 'inherit'
   });
 
+  // Handle exit codes and signals using event-based pattern.
   // See https://nodejs.org/api/child_process.html#event-exit.
   spawnPromise.process.on('exit', (code, signalName) => {
-    if (signalName) {
-      process.kill(process.pid, signalName);
-    } else if (typeof code === 'number') {
-      // eslint-disable-next-line n/no-process-exit
-      process.exit(code);
-    }
+    // Track subprocess exit and flush telemetry before exiting.
+    // Use .then() to ensure telemetry completes before process.exit().
+    void utils.trackSubprocessExit(constants.NPM, subprocessStartTime, code).then(() => {
+      if (signalName) {
+        process.kill(process.pid, signalName);
+      } else if (typeof code === 'number') {
+        // eslint-disable-next-line n/no-process-exit
+        process.exit(code);
+      }
+    });
   });
   await spawnPromise;
 }
@@ -6892,20 +6904,28 @@ async function run$w(argv, importMeta, {
   }
   const shadowNpxBin = /*@__PURE__*/require$4(constants.default.shadowNpxBinPath);
   process.exitCode = 1;
+
+  // Track subprocess start.
+  const subprocessStartTime = await utils.trackSubprocessStart(constants.NPX);
   const {
     spawnPromise
   } = await shadowNpxBin(argv, {
     stdio: 'inherit'
   });
 
+  // Handle exit codes and signals using event-based pattern.
   // See https://nodejs.org/api/child_process.html#event-exit.
   spawnPromise.process.on('exit', (code, signalName) => {
-    if (signalName) {
-      process.kill(process.pid, signalName);
-    } else if (typeof code === 'number') {
-      // eslint-disable-next-line n/no-process-exit
-      process.exit(code);
-    }
+    // Track subprocess exit and flush telemetry before exiting.
+    // Use .then() to ensure telemetry completes before process.exit().
+    void utils.trackSubprocessExit(constants.NPX, subprocessStartTime, code).then(() => {
+      if (signalName) {
+        process.kill(process.pid, signalName);
+      } else if (typeof code === 'number') {
+        // eslint-disable-next-line n/no-process-exit
+        process.exit(code);
+      }
+    });
   });
   await spawnPromise;
 }
@@ -10014,13 +10034,30 @@ async function run$l(argv, importMeta, context) {
 
   // Filter Socket flags from argv.
   const filteredArgv = utils.filterFlags(argv, config.flags);
+
+  // Track subprocess start.
+  const subprocessStartTime = await utils.trackSubprocessStart(constants.PNPM);
   const {
     spawnPromise
   } = await shadowPnpmBin(filteredArgv, {
     stdio: 'inherit'
   });
+
+  // Handle exit codes and signals using event-based pattern.
+  // See https://nodejs.org/api/child_process.html#event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    // Track subprocess exit and flush telemetry before exiting.
+    // Use .then() to ensure telemetry completes before process.exit().
+    void utils.trackSubprocessExit(constants.PNPM, subprocessStartTime, code).then(() => {
+      if (signalName) {
+        process.kill(process.pid, signalName);
+      } else if (typeof code === 'number') {
+        // eslint-disable-next-line n/no-process-exit
+        process.exit(code);
+      }
+    });
+  });
   await spawnPromise;
-  process.exitCode = 0;
 }
 
 async function runRawNpm(argv) {
@@ -15369,11 +15406,29 @@ async function run(argv, importMeta, context) {
 
   // Filter Socket flags from argv.
   const filteredArgv = utils.filterFlags(argv, config.flags);
+
+  // Track subprocess start.
+  const subprocessStartTime = await utils.trackSubprocessStart(constants.YARN);
   const {
     spawnPromise
   } = await shadowYarnBin(filteredArgv, {
     stdio: 'inherit'
   });
+
+  // Handle exit codes and signals using event-based pattern.
+  // See https://nodejs.org/api/child_process.html#event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    // Track subprocess exit and flush telemetry before exiting.
+    // Use .then() to ensure telemetry completes before process.exit().
+    void utils.trackSubprocessExit(constants.YARN, subprocessStartTime, code).then(() => {
+      if (signalName) {
+        process.kill(process.pid, signalName);
+      } else if (typeof code === 'number') {
+        // eslint-disable-next-line n/no-process-exit
+        process.exit(code);
+      }
+    });
+  });
   await spawnPromise;
   process.exitCode = 0;
 }
@@ -15489,7 +15544,15 @@ const rootAliases = {
 };
 
 const __filename$1 = require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+
+// Capture CLI start time at module level for global error handlers.
+const cliStartTime = Date.now();
+
+// Set up telemetry exit handlers early to catch all exit scenarios.
+utils.setupTelemetryExitHandlers();
 void (async () => {
+  // Track CLI start for telemetry.
+  await utils.trackCliStart(process.argv);
   const registryUrl = vendor.registryUrl();
   await vendor.updater({
     authInfo: vendor.registryAuthTokenExports(registryUrl, {
@@ -15515,8 +15578,14 @@ void (async () => {
     }, {
       aliases: rootAliases
     });
+
+    // Track successful CLI completion.
+    await utils.trackCliComplete(process.argv, cliStartTime, process.exitCode);
   } catch (e) {
     process.exitCode = 1;
+
+    // Track CLI error for telemetry.
+    await utils.trackCliError(process.argv, cliStartTime, e, process.exitCode);
     require$$9.debugFn('error', 'CLI uncaught error');
     require$$9.debugDir('error', e);
     let errorBody;
@@ -15569,6 +15638,47 @@ void (async () => {
     }
     await utils.captureException(e);
   }
-})();
-//# debugId=b69f666d-f56b-4628-89f1-ad39341fe24f
+})().catch(async err => {
+  // Fatal error in main async function.
+  console.error('Fatal error:', err);
+
+  // Track CLI error for fatal exceptions.
+  await utils.trackCliError(process.argv, cliStartTime, err, 1);
+
+  // Finalize telemetry before fatal exit.
+  await utils.finalizeTelemetry();
+
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(1);
+});
+
+// Handle uncaught exceptions.
+process.on('uncaughtException', async err => {
+  console.error('Uncaught exception:', err);
+
+  // Track CLI error for uncaught exception.
+  await utils.trackCliError(process.argv, cliStartTime, err, 1);
+
+  // Finalize telemetry before exit.
+  await utils.finalizeTelemetry();
+
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(1);
+});
+
+// Handle unhandled promise rejections.
+process.on('unhandledRejection', async (reason, promise) => {
+  console.error('Unhandled rejection at:', promise, 'reason:', reason);
+
+  // Track CLI error for unhandled rejection.
+  const error = reason instanceof Error ? reason : new Error(String(reason));
+  await utils.trackCliError(process.argv, cliStartTime, error, 1);
+
+  // Finalize telemetry before exit.
+  await utils.finalizeTelemetry();
+
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(1);
+});
+//# debugId=3f5f54d9-596a-4c89-8916-eb66d170a333
 //# sourceMappingURL=cli.js.map