@socketsecurity/cli 0.11.0 → 0.11.1

package/lib/utils/issue-rules.cjs

@@ -1,180 +0,0 @@
-//#region UX Constants
-/**
- * @typedef {{block: boolean, display: boolean}} RuleActionUX
- */
-const IGNORE_UX = {
-  block: false,
-  display: false
-}
-const WARN_UX = {
-  block: false,
-  display: true
-}
-const ERROR_UX = {
-  block: true,
-  display: true
-}
-//#endregion
-//#region utils
-/**
- * @typedef { NonNullable<NonNullable<NonNullable<(Awaited<ReturnType<import('@socketsecurity/sdk').SocketSdk['postSettings']>> & {success: true})['data']['entries'][number]['settings'][string]>['issueRules']>>[string] | boolean } NonNormalizedIssueRule
- */
-/**
- * @typedef { (NonNullable<NonNullable<(Awaited<ReturnType<import('@socketsecurity/sdk').SocketSdk['postSettings']>> & {success: true})['data']['defaults']['issueRules']>[string]> & { action: string }) | boolean } NonNormalizedResolvedIssueRule
- */
-/**
- * Iterates over all entries with ordered issue rule for deferal
- * Iterates over all issue rules and finds the first defined value that does not defer otherwise uses the defaultValue
- * Takes the value and converts into a UX workflow
- *
- * @param {Iterable<Iterable<NonNormalizedIssueRule>>} entriesOrderedIssueRules
- * @param {NonNormalizedResolvedIssueRule} defaultValue
- * @returns {RuleActionUX}
- */
-function resolveIssueRuleUX (entriesOrderedIssueRules, defaultValue) {
-  if (defaultValue === true || defaultValue == null) {
-    defaultValue = {
-      action: 'error'
-    }
-  } else if (defaultValue === false) {
-    defaultValue = {
-      action: 'ignore'
-    }
-  }
-  let block = false
-  let display = false
-  let needDefault = true
-  iterate_entries:
-  for (const issueRuleArr of entriesOrderedIssueRules) {
-    for (const rule of issueRuleArr) {
-      if (issueRuleValueDoesNotDefer(rule)) {
-        // there was a rule, even if a defer, don't narrow to the default
-        needDefault = false
-        const narrowingFilter = uxForDefinedNonDeferValue(rule)
-        block = block || narrowingFilter.block
-        display = display || narrowingFilter.display
-        continue iterate_entries
-      }
-    }
-    // all rules defer, narrow
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue)
-    block = block || narrowingFilter.block
-    display = display || narrowingFilter.display
-  }
-  if (needDefault) {
-    // no config set a
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue)
-    block = block || narrowingFilter.block
-    display = display || narrowingFilter.display
-  }
-  return {
-    block,
-    display
-  }
-}
-
-/**
- * Negative form because it is narrowing the type
- *
- * @type {(issueRuleValue: NonNormalizedIssueRule) => issueRuleValue is NonNormalizedResolvedIssueRule}
- */
-function issueRuleValueDoesNotDefer (issueRule) {
-  if (issueRule === undefined) {
-    return false
-  } else if (typeof issueRule === 'object' && issueRule) {
-    const { action } = issueRule
-    if (action === undefined || action === 'defer') {
-      return false
-    }
-  }
-  return true
-}
-
-/**
- * Handles booleans for backwards compatibility
- *
- * @param {NonNormalizedResolvedIssueRule} issueRuleValue
- * @returns {RuleActionUX}
- */
-function uxForDefinedNonDeferValue (issueRuleValue) {
-  if (typeof issueRuleValue === 'boolean') {
-    return issueRuleValue ? ERROR_UX : IGNORE_UX
-  }
-  const { action } = issueRuleValue
-  if (action === 'warn') {
-    return WARN_UX
-  } else if (action === 'ignore') {
-    return IGNORE_UX
-  }
-  return ERROR_UX
-}
-//#endregion
-//#region exports
-module.exports = {
-  /**
-   *
-   * @param {(Awaited<ReturnType<import('@socketsecurity/sdk').SocketSdk['postSettings']>> & {success: true})['data']} settings
-   * @returns {(context: {package: {name: string, version: string}, issue: {type: string}}) => RuleActionUX}
-   */
-  createIssueUXLookup (settings) {
-    /**
-     * @type {Map<keyof (typeof settings.defaults.issueRules), RuleActionUX>}
-     */
-    const cachedUX = new Map()
-    return (context) => {
-      const key = context.issue.type
-      /**
-       * @type {RuleActionUX | undefined}
-       */
-      let ux = cachedUX.get(key)
-      if (ux) {
-        return ux
-      }
-      /**
-       * @type {Array<Array<NonNormalizedIssueRule>>}
-       */
-      const entriesOrderedIssueRules = []
-      for (const settingsEntry of settings.entries) {
-        /**
-         * @type {Array<NonNormalizedIssueRule>}
-         */
-        const orderedIssueRules = []
-        let target = settingsEntry.start
-        while (target !== null) {
-          const resolvedTarget = settingsEntry.settings[target]
-          if (!resolvedTarget) {
-            break
-          }
-          const issueRuleValue = resolvedTarget.issueRules?.[key]
-          if (typeof issueRuleValue !== 'undefined') {
-            orderedIssueRules.push(issueRuleValue)
-          }
-          target = resolvedTarget.deferTo ?? null
-        }
-        entriesOrderedIssueRules.push(orderedIssueRules)
-      }
-      const defaultValue = settings.defaults.issueRules[key]
-      /**
-       * @type {NonNormalizedResolvedIssueRule}
-       */
-      let resolvedDefaultValue = {
-        action: 'error'
-      }
-      // @ts-ignore backcompat, cover with tests
-      if (defaultValue === false) {
-        resolvedDefaultValue = {
-          action: 'ignore'
-        }
-      // @ts-ignore backcompat, cover with tests
-      } else if (defaultValue && defaultValue !== true) {
-        resolvedDefaultValue = {
-          action: defaultValue.action ?? 'error'
-        }
-      }
-      ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue)
-      cachedUX.set(key, ux)
-      return ux
-    }
-  }
-}
-//#endregion

package/lib/utils/meow-with-subcommands.js

@@ -1,87 +0,0 @@
-import meow from 'meow'
-
-import { printFlagList, printHelpList } from './formatting.js'
-
-/**
- * @typedef CliAlias
- * @property {string} description
- * @property {readonly string[]} argv
- */
-
-/** @typedef {Record<string, CliAlias>} CliAliases */
-
-/**
- * @callback CliSubcommandRun
- * @param {readonly string[]} argv
- * @param {ImportMeta} importMeta
- * @param {{ parentName: string }} context
- * @returns {Promise<void>|void}
- */
-
-/**
- * @typedef CliSubcommand
- * @property {string} description
- * @property {CliSubcommandRun} run
- */
-
-/**
- * @param {Record<string, CliSubcommand>} subcommands
- * @param {import('meow').Options<any> & { aliases?: CliAliases, argv: readonly string[], name: string }} options
- * @returns {Promise<void>}
- */
-export async function meowWithSubcommands (subcommands, options) {
-  const {
-    aliases = {},
-    argv,
-    name,
-    importMeta,
-    ...additionalOptions
-  } = options
-
-  const [commandOrAliasName, ...rawCommandArgv] = argv
-
-  // If we got at least some args, then lets find out if we can find a command
-  if (commandOrAliasName) {
-    const alias = aliases[commandOrAliasName]
-
-    // First: Resolve argv data from alias if its an alias that's been given
-    const [commandName, ...commandArgv] = alias
-      ? [...alias.argv, ...rawCommandArgv]
-      : [commandOrAliasName, ...rawCommandArgv]
-
-    // Second: Find a command definition using that data
-    const commandDefinition = commandName ? subcommands[commandName] : undefined
-
-    // Third: If a valid command has been found, then we run it...
-    if (commandDefinition) {
-      return await commandDefinition.run(
-        commandArgv,
-        importMeta,
-        {
-          parentName: name
-        }
-      )
-    }
-  }
-
-  // ...else we provide basic instructions and help
-  const cli = meow(`
-    Usage
-      $ ${name} <command>
-
-    Commands
-      ${printHelpList({ ...subcommands, ...aliases }, 6)}
-
-    Options
-      ${printFlagList({}, 6)}
-
-    Examples
-      $ ${name} --help
-  `, {
-    argv,
-    importMeta,
-    ...additionalOptions,
-  })
-
-  cli.showHelp()
-}

package/lib/utils/misc.js

@@ -1,61 +0,0 @@
-import { logSymbols } from './chalk-markdown.js'
-
-/**
- * @param {boolean|undefined} printDebugLogs
- * @returns {typeof console.error}
- */
-export function createDebugLogger (printDebugLogs) {
-  return printDebugLogs
-    // eslint-disable-next-line no-console
-    ? /** @type { (...params: unknown[]) => void } */(...params) => console.error(logSymbols.info, ...params)
-    : () => {}
-}
-
-/**
- * @param {(string|undefined)[]} list
- * @param {string} separator
- * @returns {string}
- */
-export function stringJoinWithSeparateFinalSeparator (list, separator = ' and ') {
-  const values = list.filter(value => !!value)
-
-  if (values.length < 2) {
-    return values[0] || ''
-  }
-
-  const finalValue = values.pop()
-
-  return values.join(', ') + separator + finalValue
-}
-
-/**
- * Returns a new object with only the specified keys from the input object
- * @template {Record<string,any>} T
- * @template {keyof T} K
- * @param {T} input
- * @param {K[]|ReadonlyArray<K>} keys
- * @returns {Pick<T, K>}
- */
-export function pick (input, keys) {
-  /** @type {Partial<Pick<T, K>>} */
-  const result = {}
-
-  for (const key of keys) {
-    result[key] = input[key]
-  }
-
-  return /** @type {Pick<T, K>} */ (result)
-}
-
-/**
- * @param {Record<string,any>} obj
- * @returns {boolean}
- */
-export function objectSome (obj) {
-  for (const key in obj) {
-    if (obj[key]) {
-      return true
-    }
-  }
-  return false
-}

package/lib/utils/path-resolve.js

@@ -1,204 +0,0 @@
-import { stat } from 'node:fs/promises'
-import path from 'node:path'
-
-import { globby } from 'globby'
-import ignore from 'ignore'
-// @ts-ignore This package provides no types
-import { directories } from 'ignore-by-default'
-import { ErrorWithCause } from 'pony-cause'
-
-import { InputError } from './errors.js'
-import { isErrnoException } from './type-helpers.cjs'
-
-/**
- * There are a lot of possible folders that we should not be looking in and "ignore-by-default" helps us with defining those
- * @type {readonly string[]}
- */
-const ignoreByDefault = directories()
-
-/** @type {import('globby').Options} */
-const BASE_GLOBBY_OPTS = {
-  absolute: true,
-  expandDirectories: false,
-  gitignore: true,
-  ignore: [
-    ...ignoreByDefault.map(item => '**/' + item)
-  ],
-  markDirectories: true,
-  unique: true,
-}
-
-/**
- * Resolves package.json and lockfiles from (globbed) input paths, applying relevant ignores
- * @param {string} cwd The working directory to use when resolving paths
- * @param {string[]} inputPaths A list of paths to folders, package.json files and/or recognized lockfiles. Supports globs.
- * @param {import('@socketsecurity/config').SocketYml|undefined} config
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<"getReportSupportedFiles">['data']} supportedFiles
- * @param {typeof console.error} debugLog
- * @returns {Promise<string[]>}
- * @throws {InputError}
- */
-export async function getPackageFiles (cwd, inputPaths, config, supportedFiles, debugLog) {
-  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)
-
-  // TODO: Does not support `~/` paths
-  const entries = await globby(inputPaths, {
-    ...BASE_GLOBBY_OPTS,
-    cwd,
-    onlyFiles: false
-  })
-
-  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries)
-
-  const packageFiles = await mapGlobResultToFiles(entries, supportedFiles)
-
-  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles)
-
-  const includedPackageFiles = config?.projectIgnorePaths?.length
-    // @ts-ignore
-    ? ignore()
-      .add(config.projectIgnorePaths)
-      .filter(packageFiles.map(item => path.relative(cwd, item)))
-      .map((/** @type {string} */ item) => path.resolve(cwd, item))
-    : packageFiles
-
-  return includedPackageFiles
-}
-
-/**
- * Resolves package.json and lockfiles from (globbed) input paths, applying relevant ignores
- * @param {string} cwd The working directory to use when resolving paths
- * @param {string[]} inputPaths A list of paths to folders, package.json files and/or recognized lockfiles. Supports globs.
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<"getReportSupportedFiles">['data']} supportedFiles
- * @param {typeof console.error} debugLog
- * @returns {Promise<string[]>}
- * @throws {InputError}
- */
-export async function getPackageFilesFullScans (cwd, inputPaths, supportedFiles, debugLog) {
-  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)
-
-  // TODO: Does not support `~/` paths
-  const entries = await globby(inputPaths, {
-    ...BASE_GLOBBY_OPTS,
-    cwd,
-    onlyFiles: false
-  })
-
-  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries)
-
-  const packageFiles = await mapGlobResultToFiles(entries, supportedFiles)
-
-  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles)
-
-  return packageFiles
-}
-
-/**
- * Takes paths to folders, package.json and/or recognized lock files and resolves them to package.json + lockfile pairs (where possible)
- * @param {string[]} entries
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<"getReportSupportedFiles">['data']} supportedFiles
- * @returns {Promise<string[]>}
- * @throws {InputError}
- */
-export async function mapGlobResultToFiles (entries, supportedFiles) {
-  const packageFiles = await Promise.all(
-    entries.map(entry => mapGlobEntryToFiles(entry, supportedFiles))
-  )
-
-  const uniquePackageFiles = [...new Set(packageFiles.flat())]
-
-  return uniquePackageFiles
-}
-
-/**
- * Takes a single path to a folder, package.json or a recognized lock file and resolves to a package.json + lockfile pair (where possible)
- * @param {string} entry
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getReportSupportedFiles'>['data']} supportedFiles
- * @returns {Promise<string[]>}
- * @throws {InputError}
- */
-export async function mapGlobEntryToFiles (entry, supportedFiles) {
-  const jsSupported = supportedFiles['npm'] || {}
-  const jsLockFilePatterns = Object.values(jsSupported)
-    // .filter(key => key !== 'packagejson')
-    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
-
-  const pyFilePatterns = Object.values(supportedFiles['pypi'] || {})
-    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
-
-  const goSupported = supportedFiles['golang'] || {}
-  const goSupplementalPatterns = Object.values(goSupported)
-    // .filter(key => key !== 'gomod')
-    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
-
-  const files = await globby([
-    ...jsLockFilePatterns,
-    ...pyFilePatterns,
-    ...goSupplementalPatterns
-  ], {
-    ...BASE_GLOBBY_OPTS,
-    onlyFiles: true,
-    cwd: path.resolve((await stat(entry)).isDirectory() ? entry : path.dirname(entry))
-  })
-  return files
-
-  // if (entry.endsWith('/')) {
-  //   // If the match is a folder and that folder contains a package.json file, then include it
-  //   const jsPkg = path.resolve(entry, 'package.json')
-  //   if (await fileExists(jsPkg)) pkgJSFile = jsPkg
-
-  //   const goPkg = path.resolve(entry, 'go.mod')
-  //   if (await fileExists(goPkg)) pkgGoFile = goPkg
-
-  //   pyFiles = await globby(pyFilePatterns, {
-  //     ...BASE_GLOBBY_OPTS,
-  //     cwd: entry
-  //   })
-  // } else {
-  //   const entryFile = path.basename(entry)
-
-  //   if (entryFile === 'package.json') {
-  //     // If the match is a package.json file, then include it
-  //     pkgJSFile = entry
-  //   } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) {
-  //     jsLockFiles = [entry]
-  //     pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
-  //     if (!(await fileExists(pkgJSFile))) return []
-  //   } else if (entryFile === 'go.mod') {
-  //     pkgGoFile = entry
-  //   } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) {
-  //     goExtraFiles = [entry]
-  //     pkgGoFile = path.resolve(path.dirname(entry), 'go.mod')
-  //   } else if (micromatch.isMatch(entryFile, pyFilePatterns)) {
-  //     pyFiles = [entry]
-  //   }
-  // }
-
-  // return [...jsLockFiles, ...pyFiles, ...goExtraFiles]
-  //   .concat(pkgJSFile ? [pkgJSFile] : [])
-  //   .concat(pkgGoFile ? [pkgGoFile] : [])
-}
-
-/**
- * @param {string} filePath
- * @returns {Promise<boolean>}
- */
-export async function fileExists (filePath) {
-  /** @type {import('node:fs').Stats} */
-  let pathStat
-
-  try {
-    pathStat = await stat(filePath)
-  } catch (err) {
-    if (isErrnoException(err) && err.code === 'ENOENT') {
-      return false
-    }
-    throw new ErrorWithCause('Error while checking if file exists', { cause: err })
-  }
-
-  if (!pathStat.isFile()) {
-    throw new InputError(`Expected '${filePath}' to be a file`)
-  }
-
-  return true
-}

package/lib/utils/sdk.js

@@ -1,99 +0,0 @@
-import { readFile } from 'node:fs/promises'
-import { dirname, join } from 'node:path'
-import { fileURLToPath } from 'node:url'
-
-import { SocketSdk, createUserAgentFromPkgJson } from '@socketsecurity/sdk'
-import isInteractive from 'is-interactive'
-import prompts from 'prompts'
-
-import { AuthError } from './errors.js'
-import { getSetting } from './settings.js'
-
-export const FREE_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api'
-
-/**
- * This API key should be stored globally for the duration of the CLI execution
- * @type {string | undefined}
- */
-let defaultKey
-
-/** @returns {string | undefined} */
-export function getDefaultKey () {
-  defaultKey = process.env['SOCKET_SECURITY_API_KEY'] || getSetting('apiKey') || defaultKey
-  return defaultKey
-}
-
-/**
- * The API server that should be used for operations
- * @type {string | undefined}
- */
-let defaultAPIBaseUrl
-
-/**
- * @returns {string | undefined}
- */
-export function getDefaultAPIBaseUrl () {
-  defaultAPIBaseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || getSetting('apiBaseUrl') || undefined
-  return defaultAPIBaseUrl
-}
-
-/**
- * The API server that should be used for operations
- * @type {string | undefined}
- */
-let defaultApiProxy
-
-/**
- * @returns {string | undefined}
- */
-export function getDefaultHTTPProxy () {
-  defaultApiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || getSetting('apiProxy') || undefined
-  return defaultApiProxy
-}
-
-/**
- * @param {string} [apiKey]
- * @param {string} [apiBaseUrl]
- * @param {string} [proxy]
- * @returns {Promise<import('@socketsecurity/sdk').SocketSdk>}
- */
-export async function setupSdk (apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
-  if (apiKey == null && isInteractive()) {
-    /**
-     * @type {{ apiKey: string }}
-     */
-    const input = await prompts({
-      type: 'password',
-      name: 'apiKey',
-      message: 'Enter your Socket.dev API key (not saved, use socket login to persist)',
-    })
-
-    apiKey = defaultKey = input.apiKey
-  }
-
-  if (!apiKey) {
-    throw new AuthError('You need to provide an API key')
-  }
-
-  /** @type {import('@socketsecurity/sdk').SocketSdkOptions["agent"]} */
-  let agent
-
-  if (proxy) {
-    const { HttpProxyAgent, HttpsProxyAgent } = await import('hpagent')
-    agent = {
-      http: new HttpProxyAgent({ proxy }),
-      https: new HttpsProxyAgent({ proxy }),
-    }
-  }
-  const packageJsonPath = join(dirname(fileURLToPath(import.meta.url)), '../../package.json')
-  const packageJson = await readFile(packageJsonPath, 'utf8')
-
-  /** @type {import('@socketsecurity/sdk').SocketSdkOptions} */
-  const sdkOptions = {
-    agent,
-    baseUrl: apiBaseUrl,
-    userAgent: createUserAgentFromPkgJson(JSON.parse(packageJson))
-  }
-
-  return new SocketSdk(apiKey || '', sdkOptions)
-}

package/lib/utils/settings.js

@@ -1,69 +0,0 @@
-import * as fs from 'fs'
-import * as os from 'os'
-import * as path from 'path'
-
-import ora from 'ora'
-
-let dataHome = process.platform === 'win32'
-  ? process.env['LOCALAPPDATA']
-  : process.env['XDG_DATA_HOME']
-
-if (!dataHome) {
-  if (process.platform === 'win32') throw new Error('missing %LOCALAPPDATA%')
-  const home = os.homedir()
-  dataHome = path.join(home, ...(process.platform === 'darwin'
-    ? ['Library', 'Application Support']
-    : ['.local', 'share']
-  ))
-}
-
-const settingsPath = path.join(dataHome, 'socket', 'settings')
-
-/**
- * @typedef {Record<string, boolean | {action: 'error' | 'warn' | 'ignore' | 'defer'}>} IssueRules
- */
-
-/** @type {{apiKey?: string | null, enforcedOrgs?: string[] | null, apiBaseUrl?: string | null, apiProxy?: string | null}} */
-let settings = {}
-
-if (fs.existsSync(settingsPath)) {
-  const raw = fs.readFileSync(settingsPath, 'utf-8')
-  try {
-    settings = JSON.parse(Buffer.from(raw, 'base64').toString())
-  } catch (e) {
-    ora(`Failed to parse settings at ${settingsPath}`).warn()
-  }
-} else {
-  fs.mkdirSync(path.dirname(settingsPath), { recursive: true })
-}
-
-/**
- * @template {keyof typeof settings} Key
- * @param {Key} key
- * @returns {typeof settings[Key]}
- */
-export function getSetting (key) {
-  return settings[key]
-}
-
-let pendingSave = false
-
-/**
- * @template {keyof typeof settings} Key
- * @param {Key} key
- * @param {typeof settings[Key]} value
- * @returns {void}
- */
-export function updateSetting (key, value) {
-  settings[key] = value
-  if (!pendingSave) {
-    pendingSave = true
-    process.nextTick(() => {
-      pendingSave = false
-      fs.writeFileSync(
-        settingsPath,
-        Buffer.from(JSON.stringify(settings)).toString('base64')
-      )
-    })
-  }
-}