@socketsecurity/cli 0.10.1 → 0.11.1

package/lib/commands/login/index.js

@@ -1,170 +0,0 @@
-import isInteractive from 'is-interactive'
-import meow from 'meow'
-import ora from 'ora'
-import prompts from 'prompts'
-import terminalLink from 'terminal-link'
-
-import { AuthError, InputError } from '../../utils/errors.js'
-import { prepareFlags } from '../../utils/flags.js'
-import { printFlagList } from '../../utils/formatting.js'
-import { FREE_API_KEY, setupSdk } from '../../utils/sdk.js'
-import { getSetting, updateSetting } from '../../utils/settings.js'
-
-const description = 'Socket API login'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const login = {
-  description,
-  run: async (argv, importMeta, { parentName }) => {
-    const flags = prepareFlags({
-      apiBaseUrl: {
-        type: 'string',
-        description: 'API server to connect to for login',
-      },
-      apiProxy: {
-        type: 'string',
-        description: 'Proxy to use when making connection to API server'
-      }
-    })
-    const name = parentName + ' login'
-    const cli = meow(`
-      Usage
-        $ ${name}
-
-      Logs into the Socket API by prompting for an API key
-
-      Options
-        ${printFlagList({
-          'api-base-url': flags.apiBaseUrl.description,
-          'api-proxy': flags.apiProxy.description
-        }, 8)}
-
-      Examples
-        $ ${name}
-    `, {
-      argv,
-      description,
-      importMeta,
-      flags
-    })
-
-    /**
-     * @param {{aborted: boolean}} state
-     */
-    const promptAbortHandler = (state) => {
-      if (state.aborted) {
-        process.nextTick(() => process.exit(1))
-      }
-    }
-
-    if (cli.input.length) cli.showHelp()
-
-    if (!isInteractive()) {
-      throw new InputError('cannot prompt for credentials in a non-interactive shell')
-    }
-    /**
-     * @type {{ apiKey: string }}
-     */
-    const result = await prompts({
-      type: 'password',
-      name: 'apiKey',
-      message: `Enter your ${terminalLink(
-        'Socket.dev API key',
-        'https://docs.socket.dev/docs/api-keys'
-      )} (leave blank for a public key)`,
-      onState: promptAbortHandler
-    })
-
-    const apiKey = result.apiKey || FREE_API_KEY
-
-    /**
-     * @type {string | null | undefined}
-     */
-    let apiBaseUrl = cli.flags.apiBaseUrl
-    apiBaseUrl ??= getSetting('apiBaseUrl') ??
-      undefined
-
-    /**
-     * @type {string | null | undefined}
-     */
-    let apiProxy = cli.flags.apiProxy
-    apiProxy ??= getSetting('apiProxy') ??
-      undefined
-
-    const spinner = ora('Verifying API key...').start()
-
-    /** @type {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrganizations'>['data']} */
-    let orgs
-
-    try {
-      const sdk = await setupSdk(apiKey, apiBaseUrl, apiProxy)
-      const result = await sdk.getOrganizations()
-      if (!result.success) throw new AuthError()
-      orgs = result.data
-      spinner.succeed('API key verified\n')
-    } catch (e) {
-      spinner.fail('Invalid API key')
-      return
-    }
-
-    /**
-     * @template T
-     * @param {T | null | undefined} value
-     * @returns {value is T}
-     */
-    const nonNullish = value => value != null
-
-    /** @type {prompts.Choice[]} */
-    const enforcedChoices = Object.values(orgs.organizations)
-      .filter(nonNullish)
-      .filter(org => org.plan === 'enterprise')
-      .map(org => ({
-        title: org.name,
-        value: org.id
-      }))
-
-    /** @type {string[]} */
-    let enforcedOrgs = []
-
-    if (enforcedChoices.length > 1) {
-      /**
-       * @type { {id: string} }
-       */
-      const { id } = await prompts({
-        type: 'select',
-        name: 'id',
-        hint: '\n  Pick "None" if this is a personal device',
-        message: 'Which organization\'s policies should Socket enforce system-wide?',
-        choices: enforcedChoices.concat({
-          title: 'None',
-          value: null
-        }),
-        onState: promptAbortHandler
-      })
-      if (id) enforcedOrgs = [id]
-    } else if (enforcedChoices.length) {
-      /**
-       * @type { {confirmOrg: boolean} }
-       */
-      const { confirmOrg } = await prompts({
-        type: 'confirm',
-        name: 'confirmOrg',
-        message: `Should Socket enforce ${enforcedChoices[0]?.title}'s security policies system-wide?`,
-        initial: true,
-        onState: promptAbortHandler
-      })
-      if (confirmOrg) {
-        const existing = /** @type {undefined | {value: string}} */(enforcedChoices[0])
-        if (existing) {
-          enforcedOrgs = [existing.value]
-        }
-      }
-    }
-    // MUST DO all updateSetting ON SAME TICK TO AVOID PARTIAL WRITE
-    updateSetting('enforcedOrgs', enforcedOrgs)
-    const oldKey = getSetting('apiKey')
-    updateSetting('apiKey', apiKey)
-    updateSetting('apiBaseUrl', apiBaseUrl)
-    spinner.succeed(`API credentials ${oldKey ? 'updated' : 'set'}`)
-  }
-}

package/lib/commands/logout/index.js

@@ -1,35 +0,0 @@
-import meow from 'meow'
-import ora from 'ora'
-
-import { updateSetting } from '../../utils/settings.js'
-
-const description = 'Socket API logout'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const logout = {
-  description,
-  run: async (argv, importMeta, { parentName }) => {
-    const name = parentName + ' logout'
-    const cli = meow(`
-      Usage
-        $ ${name}
-
-      Logs out of the Socket API and clears all Socket credentials from disk
-
-      Examples
-        $ ${name}
-    `, {
-      argv,
-      description,
-      importMeta,
-    })
-
-    if (cli.input.length) cli.showHelp()
-
-    updateSetting('apiKey', null)
-    updateSetting('apiBaseUrl', null)
-    updateSetting('apiProxy', null)
-    updateSetting('enforcedOrgs', null)
-    ora('Successfully logged out').succeed()
-  }
-}

package/lib/commands/npm/index.js

@@ -1,27 +0,0 @@
-import { spawn, execSync } from 'child_process'
-import { fileURLToPath } from 'url'
-
-const description = 'npm wrapper functionality'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const npm = {
-  description,
-  run: async (argv, _importMeta, _ctx) => {
-    const npmVersion = execSync('npm -v').toString()
-    const wrapperPath = fileURLToPath(new URL('../../shadow/npm-cli.cjs', import.meta.url))
-    process.exitCode = 1
-    spawn(process.execPath, [wrapperPath, ...argv], {
-      stdio: 'inherit',
-      env: {
-        ...process.env,
-        NPM_VERSION: npmVersion
-      }
-    }).on('exit', (code, signal) => {
-      if (signal) {
-        process.kill(process.pid, signal)
-      } else if (code !== null) {
-        process.exit(code)
-      }
-    })
-  }
-}

package/lib/commands/npx/index.js

@@ -1,22 +0,0 @@
-import { spawn } from 'child_process'
-import { fileURLToPath } from 'url'
-
-const description = 'npx wrapper functionality'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const npx = {
-  description,
-  run: async (argv, _importMeta, _ctx) => {
-    const wrapperPath = fileURLToPath(new URL('../../shadow/npx-cli.cjs', import.meta.url))
-    process.exitCode = 1
-    spawn(process.execPath, [wrapperPath, ...argv], {
-      stdio: 'inherit'
-    }).on('exit', (code, signal) => {
-      if (signal) {
-        process.kill(process.pid, signal)
-      } else if (code !== null) {
-        process.exit(code)
-      }
-    })
-  }
-}

package/lib/commands/raw-npm/index.js

@@ -1,59 +0,0 @@
-import { spawn } from 'child_process'
-
-import meow from 'meow'
-
-import { validationFlags } from '../../flags/index.js'
-import { printFlagList } from '../../utils/formatting.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const rawNpm = {
-  description: 'Temporarily disable the Socket npm wrapper',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' raw-npm'
-
-    setupCommand(name, rawNpm.description, argv, importMeta)
-  }
-}
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = validationFlags
-
-  const cli = meow(`
-    Usage
-      $ ${name} <npm command>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} install
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  if (!argv[0]) {
-    cli.showHelp()
-    return
-  }
-
-  spawn('npm', [argv.join(' ')], {
-    stdio: 'inherit',
-    shell: true
-  }).on('exit', (code, signal) => {
-    if (signal) {
-      process.kill(process.pid, signal)
-    } else if (code !== null) {
-      process.exit(code)
-    }
-  })
-}

package/lib/commands/raw-npx/index.js

@@ -1,59 +0,0 @@
-import { spawn } from 'child_process'
-
-import meow from 'meow'
-
-import { validationFlags } from '../../flags/index.js'
-import { printFlagList } from '../../utils/formatting.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const rawNpx = {
-  description: 'Temporarily disable the Socket npm/npx wrapper',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' raw-npx'
-
-    setupCommand(name, rawNpx.description, argv, importMeta)
-  }
-}
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = validationFlags
-
-  const cli = meow(`
-    Usage
-      $ ${name} <npx command>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} install
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  if (!argv[0]) {
-    cli.showHelp()
-    return
-  }
-
-  spawn('npx', [argv.join(' ')], {
-    stdio: 'inherit',
-    shell: true
-  }).on('exit', (code, signal) => {
-    if (signal) {
-      process.kill(process.pid, signal)
-    } else if (code !== null) {
-      process.exit(code)
-    }
-  })
-}

package/lib/commands/report/create.js

@@ -1,251 +0,0 @@
-/* eslint-disable no-console */
-
-import path from 'node:path'
-
-import { betterAjvErrors } from '@apideck/better-ajv-errors'
-import { readSocketConfig, SocketValidationError } from '@socketsecurity/config'
-import meow from 'meow'
-import ora from 'ora'
-import { ErrorWithCause } from 'pony-cause'
-
-import { fetchReportData, formatReportDataOutput } from './view.js'
-import { outputFlags, validationFlags } from '../../flags/index.js'
-import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
-import { ChalkOrMarkdown, logSymbols } from '../../utils/chalk-markdown.js'
-import { InputError } from '../../utils/errors.js'
-import { prepareFlags } from '../../utils/flags.js'
-import { printFlagList } from '../../utils/formatting.js'
-import { createDebugLogger } from '../../utils/misc.js'
-import { getPackageFiles } from '../../utils/path-resolve.js'
-import { setupSdk } from '../../utils/sdk.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const create = {
-  description: 'Create a project report',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' create'
-
-    const input = await setupCommand(name, create.description, argv, importMeta)
-
-    if (input) {
-      const {
-        config,
-        cwd,
-        debugLog,
-        dryRun,
-        includeAllIssues,
-        outputJson,
-        outputMarkdown,
-        packagePaths,
-        strict,
-        view,
-      } = input
-
-      const result = input && await createReport(packagePaths, { config, cwd, debugLog, dryRun })
-
-      if (result && view) {
-        const reportId = result.data.id
-        const reportData = input && await fetchReportData(reportId, { includeAllIssues, strict })
-
-        if (reportData) {
-          formatReportDataOutput(reportData, { includeAllIssues, name, outputJson, outputMarkdown, reportId, strict })
-        }
-      } else if (result) {
-        formatReportCreationOutput(result.data, { outputJson, outputMarkdown })
-      }
-    }
-  }
-}
-
-// Internal functions
-
-/**
- * @typedef CommandContext
- * @property {import('@socketsecurity/config').SocketYml|undefined} config
- * @property {string} cwd
- * @property {typeof console.error} debugLog
- * @property {boolean} dryRun
- * @property {boolean} includeAllIssues
- * @property {boolean} outputJson
- * @property {boolean} outputMarkdown
- * @property {string[]} packagePaths
- * @property {boolean} strict
- * @property {boolean} view
- */
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {Promise<void|CommandContext>}
- */
-async function setupCommand (name, description, argv, importMeta) {
-  const flags = prepareFlags({
-    ...outputFlags,
-    ...validationFlags,
-    debug: {
-      type: 'boolean',
-      shortFlag: 'd',
-      default: false,
-      description: 'Output debug information',
-    },
-    dryRun: {
-      type: 'boolean',
-      default: false,
-      description: 'Only output what will be done without actually doing it',
-    },
-    view: {
-      type: 'boolean',
-      shortFlag: 'v',
-      default: false,
-      description: 'Will wait for and return the created report'
-    },
-  })
-
-  const cli = meow(`
-    Usage
-      $ ${name} <paths-to-package-folders-and-files>
-
-    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
-    If any folder is specified, the ones found in there recursively are uploaded.
-
-    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
-
-    Ignores any file specified in your project's ".gitignore", your project's
-    "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
-    default ignores from the "ignore-by-default" module.
-
-    Options
-      ${printFlagList({
-        'all': 'Include all issues',
-        'debug': 'Output debug information',
-        'dry-run': 'Only output what will be done without actually doing it',
-        'json': 'Output result as json',
-        'markdown': 'Output result as markdown',
-        'strict': 'Exits with an error code if any matching issues are found',
-        'view': 'Will wait for and return the created report'
-      }, 6)}
-
-    Examples
-      $ ${name} .
-      $ ${name} '**/package.json'
-      $ ${name} /path/to/a/package.json /path/to/another/package.json
-      $ ${name} . --view --json
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags,
-  })
-
-  const {
-    all: includeAllIssues,
-    dryRun,
-    json: outputJson,
-    markdown: outputMarkdown,
-    strict,
-    view,
-  } = cli.flags
-
-  if (!cli.input[0]) {
-    cli.showHelp()
-    return
-  }
-
-  const debugLog = createDebugLogger(dryRun || cli.flags.debug)
-
-  // TODO: Allow setting a custom cwd and/or configFile path?
-  const cwd = process.cwd()
-  const absoluteConfigPath = path.join(cwd, 'socket.yml')
-
-  const config = await readSocketConfig(absoluteConfigPath)
-    .catch(/** @param {unknown} cause */ cause => {
-      if (cause && typeof cause === 'object' && cause instanceof SocketValidationError) {
-        // Inspired by workbox-build: https://github.com/GoogleChrome/workbox/blob/95f97a207fd51efb3f8a653f6e3e58224183a778/packages/workbox-build/src/lib/validate-options.ts#L68-L71
-        const betterErrors = betterAjvErrors({
-          basePath: 'config',
-          data: cause.data,
-          errors: cause.validationErrors,
-          // @ts-ignore
-          schema: cause.schema,
-        })
-        throw new InputError(
-          'The socket.yml config is not valid',
-          betterErrors.map((err) => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n')
-        )
-      } else {
-        throw new ErrorWithCause('Failed to read socket.yml config', { cause })
-      }
-    })
-
-  const socketSdk = await setupSdk()
-  const supportedFiles = await socketSdk.getReportSupportedFiles()
-    .then(res => {
-      if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, ora())
-      return res.data
-    }).catch(
-      /** @type {(cause: Error) => never} */
-      (cause) => {
-        throw new ErrorWithCause('Failed getting supported files for report', { cause })
-      })
-
-  const packagePaths = await getPackageFiles(cwd, cli.input, config, supportedFiles, debugLog)
-
-  return {
-    config,
-    cwd,
-    debugLog,
-    dryRun,
-    includeAllIssues,
-    outputJson,
-    outputMarkdown,
-    packagePaths,
-    strict,
-    view,
-  }
-}
-
-/**
- * @param {string[]} packagePaths
- * @param {Pick<CommandContext, 'config' | 'cwd' | 'debugLog' | 'dryRun'>} context
- * @returns {Promise<void|import('@socketsecurity/sdk').SocketSdkReturnType<'createReport'>>}
- */
-async function createReport (packagePaths, { config, cwd, debugLog, dryRun }) {
-  debugLog('Uploading:', packagePaths.join(`\n${logSymbols.info} Uploading: `))
-
-  if (dryRun) {
-    return
-  }
-
-  const socketSdk = await setupSdk()
-  const spinner = ora(`Creating report with ${packagePaths.length} package files`).start()
-  const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, config?.issueRules)
-  const result = await handleApiCall(apiCall, 'creating report')
-
-  if (result.success === false) {
-    return handleUnsuccessfulApiResponse('createReport', result, spinner)
-  }
-
-  // Conclude the status of the API call
-
-  spinner.succeed()
-
-  return result
-}
-
-/**
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'createReport'>["data"]} data
- * @param {Pick<CommandContext, 'outputJson' | 'outputMarkdown'>} context
- * @returns {void}
- */
-function formatReportCreationOutput (data, { outputJson, outputMarkdown }) {
-  if (outputJson) {
-    console.log(JSON.stringify(data, undefined, 2))
-    return
-  }
-
-  const format = new ChalkOrMarkdown(!!outputMarkdown)
-
-  console.log('\nNew report: ' + format.hyperlink(data.id, data.url, { fallbackToUrl: true }))
-}

package/lib/commands/report/index.js

@@ -1,24 +0,0 @@
-import { create } from './create.js'
-import { view } from './view.js'
-import { meowWithSubcommands } from '../../utils/meow-with-subcommands.js'
-
-const description = 'Project report related commands'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const report = {
-  description,
-  run: async (argv, importMeta, { parentName }) => {
-    await meowWithSubcommands(
-      {
-        create,
-        view,
-      },
-      {
-        argv,
-        description,
-        importMeta,
-        name: parentName + ' report',
-      }
-    )
-  }
-}