@socketsecurity/cli 0.10.1 → 0.11.1

package/lib/commands/scan/list.js

@@ -1,192 +0,0 @@
-/* eslint-disable no-console */
-
-import chalk from 'chalk'
-// @ts-ignore
-import chalkTable from 'chalk-table'
-import meow from 'meow'
-import ora from 'ora'
-
-import { outputFlags } from '../../flags/index.js'
-import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
-import { prepareFlags } from '../../utils/flags.js'
-import { printFlagList } from '../../utils/formatting.js'
-import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const list = {
-  description: 'List scans for an organization',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' list'
-
-    const input = setupCommand(name, list.description, argv, importMeta)
-    if (input) {
-      const spinnerText = 'Listing scans... \n'
-      const spinner = ora(spinnerText).start()
-      await listOrgFullScan(input.orgSlug, input, spinner)
-    }
-  }
-}
-
-const listFullScanFlags = prepareFlags({
-  sort: {
-    type: 'string',
-    shortFlag: 's',
-    default: 'created_at',
-    description: 'Sorting option (`name` or `created_at`) - default is `created_at`',
-  },
-  direction: {
-    type: 'string',
-    shortFlag: 'd',
-    default: 'desc',
-    description: 'Direction option (`desc` or `asc`) - Default is `desc`',
-  },
-  perPage: {
-    type: 'number',
-    shortFlag: 'pp',
-    default: 30,
-    description: 'Results per page - Default is 30',
-  },
-  page: {
-    type: 'number',
-    shortFlag: 'p',
-    default: 1,
-    description: 'Page number - Default is 1',
-  },
-  fromTime: {
-    type: 'string',
-    shortFlag: 'f',
-    default: '',
-    description: 'From time - as a unix timestamp',
-  },
-  untilTime: {
-    type: 'string',
-    shortFlag: 'u',
-    default: '',
-    description: 'Until time - as a unix timestamp',
-  }
-})
-
-// Internal functions
-
-/**
- * @typedef CommandContext
- * @property {boolean} outputJson
- * @property {boolean} outputMarkdown
- * @property {string} orgSlug
- * @property {string} sort
- * @property {string} direction
- * @property {number} per_page
- * @property {number} page
- * @property {string} from_time
- * @property {string} until_time
- */
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void|CommandContext}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = {
-    ...outputFlags,
-    ...listFullScanFlags
-  }
-
-  const cli = meow(`
-    Usage
-      $ ${name} <org slug>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} FakeOrg
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    sort,
-    direction,
-    perPage,
-    page,
-    fromTime,
-    untilTime
-  } = cli.flags
-
-  if (!cli.input[0]) {
-    console.error(`${chalk.bgRed('Input error')}: Please specify an organization slug.\n`)
-    cli.showHelp()
-    return
-  }
-
-  const [orgSlug = ''] = cli.input
-
-  return {
-    outputJson,
-    outputMarkdown,
-    orgSlug,
-    sort,
-    direction,
-    per_page: perPage,
-    page,
-    from_time: fromTime,
-    until_time: untilTime
-  }
-}
-
-/**
- * @typedef FullScansData
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrgFullScanList'>["data"]} data
- */
-
-/**
- * @param {string} orgSlug
- * @param {CommandContext} input
- * @param {import('ora').Ora} spinner
- * @returns {Promise<void|FullScansData>}
- */
-async function listOrgFullScan (orgSlug, input, spinner) {
-  const socketSdk = await setupSdk(getDefaultKey())
-  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans')
-
-  if (!result.success) {
-    return handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner)
-  }
-  spinner.stop()
-
-  console.log(`\n Listing scans for: ${orgSlug} \n`)
-
-  const options = {
-    columns: [
-      { field: 'id', name: chalk.magenta('ID') },
-      { field: 'report_url', name: chalk.magenta('Scan URL') },
-      { field: 'branch', name: chalk.magenta('Branch') },
-      { field: 'created_at', name: chalk.magenta('Created at') }
-    ]
-  }
-
-  const formattedResults = result.data.results.map(d => {
-    return {
-      id: d.id,
-      report_url: chalk.underline(`${d.html_report_url}`),
-      created_at: d.created_at ? new Date(d.created_at).toLocaleDateString('en-us', { year: 'numeric', month: 'numeric', day: 'numeric' }) : '',
-      branch: d.branch
-    }
-  })
-
-  const table = chalkTable(options, formattedResults)
-
-  console.log(table, '\n')
-
-  return {
-    data: result.data
-  }
-}

package/lib/commands/scan/metadata.js

@@ -1,113 +0,0 @@
-/* eslint-disable no-console */
-
-import chalk from 'chalk'
-import meow from 'meow'
-import ora from 'ora'
-
-import { outputFlags } from '../../flags/index.js'
-import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
-import { printFlagList } from '../../utils/formatting.js'
-import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const metadata = {
-  description: 'Get a scan\'s metadata',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' metadata'
-
-    const input = setupCommand(name, metadata.description, argv, importMeta)
-    if (input) {
-      const spinnerText = 'Getting scan\'s metadata... \n'
-      const spinner = ora(spinnerText).start()
-      await getOrgScanMetadata(input.orgSlug, input.scanID, spinner)
-    }
-  }
-}
-
-// Internal functions
-
-/**
- * @typedef CommandContext
- * @property {boolean} outputJson
- * @property {boolean} outputMarkdown
- * @property {string} orgSlug
- * @property {string} scanID
- */
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void|CommandContext}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = {
-    ...outputFlags,
-  }
-
-  const cli = meow(`
-    Usage
-      $ ${name} <org slug> <scan id>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  const {
-    json: outputJson,
-    markdown: outputMarkdown,
-  } = cli.flags
-
-  if (cli.input.length < 2) {
-    console.error(`${chalk.bgRed('Input error')}: Please specify an organization slug and a scan ID.\n`)
-    cli.showHelp()
-    return
-  }
-
-  const [orgSlug = '', scanID = ''] = cli.input
-
-  return {
-    outputJson,
-    outputMarkdown,
-    orgSlug,
-    scanID
-  }
-}
-
-/**
- * @typedef FullScansData
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrgFullScanMetadata'>["data"]} data
- */
-
-/**
- * @param {string} orgSlug
- * @param {string} scanId
- * @param {import('ora').Ora} spinner
- * @returns {Promise<void|FullScansData>}
- */
-async function getOrgScanMetadata (orgSlug, scanId, spinner) {
-  const socketSdk = await setupSdk(getDefaultKey())
-  const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans')
-
-  if (!result.success) {
-    return handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner)
-  }
-  spinner.stop()
-
-  console.log('\nScan metadata: \n')
-
-  console.log(result.data)
-
-  return {
-    data: result.data
-  }
-}

package/lib/commands/scan/stream.js

@@ -1,115 +0,0 @@
-/* eslint-disable no-console */
-
-import chalk from 'chalk'
-import meow from 'meow'
-import ora from 'ora'
-
-import { outputFlags } from '../../flags/index.js'
-import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
-import { printFlagList } from '../../utils/formatting.js'
-import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const stream = {
-  description: 'Stream the output of a scan',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' stream'
-
-    const input = setupCommand(name, stream.description, argv, importMeta)
-    if (input) {
-      const spinnerText = 'Streaming scan... \n'
-      const spinner = ora(spinnerText).start()
-      await getOrgFullScan(input.orgSlug, input.fullScanId, input.file, spinner)
-    }
-  }
-}
-
-// Internal functions
-
-/**
- * @typedef CommandContext
- * @property {boolean} outputJson
- * @property {boolean} outputMarkdown
- * @property {string} orgSlug
- * @property {string} fullScanId
- * @property {string | undefined} file
- */
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void|CommandContext}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = {
-    ...outputFlags
-  }
-
-  const cli = meow(`
-    Usage
-      $ ${name} <org slug> <scan ID> <path to output file>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  const {
-    json: outputJson,
-    markdown: outputMarkdown,
-  } = cli.flags
-
-  if (cli.input.length < 2) {
-    console.error(`${chalk.bgRed('Input error')}: Please specify an organization slug and a scan ID.\n`)
-    cli.showHelp()
-    return
-  }
-
-  const [orgSlug = '', fullScanId = '', file] = cli.input
-
-  return {
-    outputJson,
-    outputMarkdown,
-    orgSlug,
-    fullScanId,
-    file
-  }
-}
-
-/**
- * @typedef FullScanData
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrgFullScan'>["data"]} data
- */
-
-/**
- * @param {string} orgSlug
- * @param {string} fullScanId
- * @param {string | undefined} file
- * @param {import('ora').Ora} spinner
- * @returns {Promise<void|FullScanData>}
- */
-async function getOrgFullScan (orgSlug, fullScanId, file, spinner) {
-  const socketSdk = await setupSdk(getDefaultKey())
-  const result = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file), 'Streaming a scan')
-
-  if (!result?.success) {
-    return handleUnsuccessfulApiResponse('getOrgFullScan', result, spinner)
-  }
-
-  spinner.stop()
-
-  console.log(file ? `\nFull scan details written to ${file} \n` : '\nFull scan details: \n')
-
-  return {
-    data: result.data
-  }
-}

package/lib/commands/wrapper/index.js

@@ -1,199 +0,0 @@
-/* eslint-disable no-console */
-import fs from 'fs'
-import homedir from 'os'
-import readline from 'readline'
-
-import meow from 'meow'
-
-import { commandFlags } from '../../flags/index.js'
-import { printFlagList } from '../../utils/formatting.js'
-
-const BASH_FILE = `${homedir.homedir()}/.bashrc`
-const ZSH_BASH_FILE = `${homedir.homedir()}/.zshrc`
-
-/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
-export const wrapper = {
-  description: 'Enable or disable the Socket npm/npx wrapper',
-  async run (argv, importMeta, { parentName }) {
-    const name = parentName + ' wrapper'
-
-    setupCommand(name, wrapper.description, argv, importMeta)
-  }
-}
-
-/**
- * @param {string} name
- * @param {string} description
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @returns {void}
- */
-function setupCommand (name, description, argv, importMeta) {
-  const flags = commandFlags
-
-  const cli = meow(`
-    Usage
-      $ ${name} <flag>
-
-    Options
-      ${printFlagList(flags, 6)}
-
-    Examples
-      $ ${name} --enable
-      $ ${name} --disable
-  `, {
-    argv,
-    description,
-    importMeta,
-    flags
-  })
-
-  const { enable, disable } = cli.flags
-
-  if (argv[0] === '--postinstall') {
-    // Check if the wrapper is already enabled before showing the postinstall prompt
-    const socketWrapperEnabled = (fs.existsSync(BASH_FILE) && checkSocketWrapperAlreadySetup(BASH_FILE)) || (fs.existsSync(ZSH_BASH_FILE) && checkSocketWrapperAlreadySetup(ZSH_BASH_FILE))
-
-    if (!socketWrapperEnabled) {
-      installSafeNpm(`The Socket CLI is now successfully installed! 🎉
-
-      To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.
-
-      Do you want to install "safe npm" (this will create an alias to the socket-npm command)? (y/n)`)
-    }
-
-    return
-  }
-
-  if (!enable && !disable) {
-    cli.showHelp()
-    return
-  }
-
-  if (enable) {
-      if (fs.existsSync(BASH_FILE)) {
-        const socketWrapperEnabled = checkSocketWrapperAlreadySetup(BASH_FILE)
-        !socketWrapperEnabled && addAlias(BASH_FILE)
-      }
-      if (fs.existsSync(ZSH_BASH_FILE)) {
-        const socketWrapperEnabled = checkSocketWrapperAlreadySetup(ZSH_BASH_FILE)
-        !socketWrapperEnabled && addAlias(ZSH_BASH_FILE)
-      }
-  } else if (disable) {
-    if (fs.existsSync(BASH_FILE)) {
-      removeAlias(BASH_FILE)
-    }
-    if (fs.existsSync(ZSH_BASH_FILE)) {
-      removeAlias(ZSH_BASH_FILE)
-    }
-  }
-  if (!fs.existsSync(BASH_FILE) && !fs.existsSync(ZSH_BASH_FILE)) {
-    console.error('There was an issue setting up the alias in your bash profile')
-  }
-  return
-}
-
-/**
- * @param {string} query
- * @returns {void}
- */
-const installSafeNpm = (query) => {
-  console.log(`
- _____         _       _
-|   __|___ ___| |_ ___| |_
-|__   | . |  _| '_| -_|  _|
-|_____|___|___|_,_|___|_|
-
-`)
-
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  })
-  return askQuestion(rl, query)
-}
-
-/**
- * @param {any} rl
- * @param {string} query
- * @returns {void}
- */
-const askQuestion = (rl, query) => {
-  rl.question(query, (/** @type {string} */ ans) => {
-    if (ans.toLowerCase() === 'y') {
-      try {
-        if (fs.existsSync(BASH_FILE)) {
-          addAlias(BASH_FILE)
-        }
-        if (fs.existsSync(ZSH_BASH_FILE)) {
-          addAlias(ZSH_BASH_FILE)
-        }
-      } catch (e) {
-        throw new Error(`There was an issue setting up the alias: ${e}`)
-      }
-      rl.close()
-    } else if (ans.toLowerCase() !== 'n') {
-      askQuestion(rl, 'Incorrect input: please enter either y (yes) or n (no): ')
-    } else {
-      rl.close()
-    }
-  })
-}
-
-/**
- * @param {string} file
- * @returns {void}
- */
-const addAlias = (file) => {
-  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', (err) => {
-    if (err) {
-      return new Error(`There was an error setting up the alias: ${err}`)
-    }
-    console.log(`
-The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
-If you want to disable it at any time, run \`socket wrapper --disable\`
-`)
-  })
-}
-
-/**
- * @param {string} file
- * @returns {void}
- */
-const removeAlias = (file) => {
-  return fs.readFile(file, 'utf8', function (err, data) {
-    if (err) {
-      console.error(`There was an error removing the alias: ${err}`)
-      return
-    }
-    const linesWithoutSocketAlias = data.split('\n').filter(l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"')
-
-    const updatedFileContent = linesWithoutSocketAlias.join('\n')
-
-    fs.writeFile(file, updatedFileContent, function (err) {
-      if (err) {
-        console.log(err)
-        return
-      } else {
-         console.log(`
-The alias was removed from ${file}. Running 'npm install' will now run the standard npm command.
-`)
-      }
-    })
-  })
-}
-
-/**
- * @param {string} file
- * @returns {boolean}
- */
-const checkSocketWrapperAlreadySetup = (file) => {
-  const fileContent = fs.readFileSync(file, 'utf-8')
-  const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"')
-
-  if (linesWithSocketAlias.length) {
-    console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`)
-    return true
-  }
-  return false
-}

package/lib/flags/command.js

@@ -1,14 +0,0 @@
-import { prepareFlags } from '../utils/flags.js'
-
-export const commandFlags = prepareFlags({
-  enable: {
-    type: 'boolean',
-    default: false,
-    description: 'Enables the Socket npm/npx wrapper',
-  },
-  disable: {
-    type: 'boolean',
-    default: false,
-    description: 'Disables the Socket npm/npx wrapper',
-  }
-})

package/lib/flags/index.js

@@ -1,3 +0,0 @@
-export { outputFlags } from './output.js'
-export { validationFlags } from './validation.js'
-export { commandFlags } from './command.js'

package/lib/flags/output.js

@@ -1,16 +0,0 @@
-import { prepareFlags } from '../utils/flags.js'
-
-export const outputFlags = prepareFlags({
-  json: {
-    type: 'boolean',
-    shortFlag: 'j',
-    default: false,
-  description: 'Output result as json',
-  },
-  markdown: {
-    type: 'boolean',
-    shortFlag: 'm',
-    default: false,
-  description: 'Output result as markdown',
-  },
-})

package/lib/flags/validation.js

@@ -1,14 +0,0 @@
-import { prepareFlags } from '../utils/flags.js'
-
-export const validationFlags = prepareFlags({
-  all: {
-    type: 'boolean',
-    default: false,
-  description: 'Include all issues',
-  },
-  strict: {
-    type: 'boolean',
-    default: false,
-  description: 'Exits with an error code if any matching issues are found',
-  },
-})

package/lib/shadow/bin/npm

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-require('../npm-cli.cjs')

package/lib/shadow/bin/npx

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-require('../npx-cli.cjs')