@socketsecurity/cli 0.3.0 → 0.4.1

package/LICENSE

@@ -1,4 +1,4 @@
-The MIT License (MIT)
+MIT License
 
 Copyright (c) 2022 Socket Inc
 

package/README.md

@@ -1,5 +1,6 @@
 # Socket CLI
 
+[![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/cli)](https://socket.dev/npm/package/@socketsecurity/cli)
 [![npm version](https://img.shields.io/npm/v/@socketsecurity/cli.svg?style=flat)](https://www.npmjs.com/package/@socketsecurity/cli)
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](https://github.com/SocketDev/eslint-config)
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
@@ -33,6 +34,12 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 
 * `socket report view <report-id>` - looks up issues and scores from a report
 
+## Aliases
+
+All aliases supports flags and arguments of the commands they alias.
+
+* `socket ci` - alias for `socket report create --view --strict` which creates a report and quits with an exit code if the result is unhealthy. Use like eg. `socket ci .` for a report for the current folder
+
 ## Flags
 
 ### Command specific flags
@@ -47,7 +54,7 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 ## Strictness flags
 
 * `--all` - by default only `high` and `critical` issues are included, by setting this flag all issues will be included
-* `--strict` - when set, exits with an error code if any issues were found
+* `--strict` - when set, exits with an error code if report result is deemed unhealthy
 
 ### Other flags
 

package/cli.js

@@ -18,6 +18,12 @@ try {
   await meowWithSubcommands(
     cliCommands,
     {
+      aliases: {
+        ci: {
+          description: 'Alias for "report create --view --strict"',
+          argv: ['report', 'create', '--view', '--strict']
+        },
+      },
       argv: process.argv.slice(2),
       name: 'socket',
       importMeta: import.meta

package/lib/commands/report/create.js

@@ -8,6 +8,7 @@ import meow from 'meow'
 import ora from 'ora'
 import { ErrorWithCause } from 'pony-cause'
 
+import { fetchReportData, formatReportDataOutput } from './view.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown, logSymbols } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
@@ -15,7 +16,6 @@ import { printFlagList } from '../../utils/formatting.js'
 import { createDebugLogger } from '../../utils/misc.js'
 import { getPackageFiles } from '../../utils/path-resolve.js'
 import { setupSdk } from '../../utils/sdk.js'
-import { fetchReportData, formatReportDataOutput } from './view.js'
 
 /** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
 export const create = {
@@ -27,6 +27,7 @@ export const create = {
 
     if (input) {
       const {
+        config,
         cwd,
         debugLog,
         dryRun,
@@ -38,7 +39,7 @@ export const create = {
         view,
       } = input
 
-      const result = input && await createReport(packagePaths, { cwd, debugLog, dryRun })
+      const result = input && await createReport(packagePaths, { config, cwd, debugLog, dryRun })
 
       if (result && view) {
         const reportId = result.data.id
@@ -58,6 +59,7 @@ export const create = {
 
 /**
  * @typedef CommandContext
+ * @property {import('@socketsecurity/config').SocketYml|undefined} config
  * @property {string} cwd
  * @property {typeof console.error} debugLog
  * @property {boolean} dryRun
@@ -191,6 +193,7 @@ async function setupCommand (name, description, argv, importMeta) {
   const packagePaths = await getPackageFiles(cwd, cli.input, config, debugLog)
 
   return {
+    config,
     cwd,
     debugLog,
     dryRun,
@@ -205,10 +208,10 @@ async function setupCommand (name, description, argv, importMeta) {
 
 /**
  * @param {string[]} packagePaths
- * @param {Pick<CommandContext, 'cwd' | 'debugLog' | 'dryRun'>} context
+ * @param {Pick<CommandContext, 'config' | 'cwd' | 'debugLog' | 'dryRun'>} context
  * @returns {Promise<void|import('@socketsecurity/sdk').SocketSdkReturnType<'createReport'>>}
  */
-async function createReport (packagePaths, { cwd, debugLog, dryRun }) {
+async function createReport (packagePaths, { config, cwd, debugLog, dryRun }) {
   debugLog('Uploading:', packagePaths.join(`\n${logSymbols.info} Uploading: `))
 
   if (dryRun) {
@@ -217,7 +220,8 @@ async function createReport (packagePaths, { cwd, debugLog, dryRun }) {
 
   const socketSdk = await setupSdk()
   const spinner = ora(`Creating report with ${packagePaths.length} package files`).start()
-  const result = await handleApiCall(socketSdk.createReportFromFilePaths(packagePaths, cwd), spinner, 'creating report')
+  const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, config?.issueRules)
+  const result = await handleApiCall(apiCall, spinner, 'creating report')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse(result, spinner)

package/lib/commands/report/index.js

@@ -1,6 +1,6 @@
-import { meowWithSubcommands } from '../../utils/meow-with-subcommands.js'
 import { create } from './create.js'
 import { view } from './view.js'
+import { meowWithSubcommands } from '../../utils/meow-with-subcommands.js'
 
 const description = 'Project report related commands'
 

package/lib/commands/report/view.js

@@ -9,7 +9,6 @@ import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
 import { getSeverityCount, formatSeverityCount } from '../../utils/format-issues.js'
 import { printFlagList } from '../../utils/formatting.js'
-import { objectSome } from '../../utils/misc.js'
 import { setupSdk } from '../../utils/sdk.js'
 
 /** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
@@ -56,7 +55,7 @@ function setupCommand (name, description, argv, importMeta) {
         '--all': 'Include all issues',
         '--json': 'Output result as json',
         '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if any matching issues are found',
+        '--strict': 'Exits with an error code if report result is deemed unhealthy',
       }, 6)}
 
     Examples
@@ -119,9 +118,7 @@ function setupCommand (name, description, argv, importMeta) {
 }
 
 /**
- * @typedef ReportData
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getReport'>["data"]} data
- * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
+ * @typedef {import('@socketsecurity/sdk').SocketSdkReturnType<'getReport'>["data"]} ReportData
  */
 
 /**
@@ -142,27 +139,29 @@ export async function fetchReportData (reportId, { includeAllIssues, strict }) {
 
   // Conclude the status of the API call
 
-  const severityCount = getSeverityCount(result.data.issues, includeAllIssues ? undefined : 'high')
-
-  if (objectSome(severityCount)) {
+  if (strict) {
+    if (result.data.healthy) {
+      spinner.succeed('Report result is healthy and great!')
+    } else {
+      spinner.fail('Report result deemed unhealthy for project')
+    }
+  } else if (result.data.healthy === false) {
+    const severityCount = getSeverityCount(result.data.issues, includeAllIssues ? undefined : 'high')
     const issueSummary = formatSeverityCount(severityCount)
-    spinner[strict ? 'fail' : 'succeed'](`Report has these issues: ${issueSummary}`)
+    spinner.succeed(`Report has these issues: ${issueSummary}`)
   } else {
     spinner.succeed('Report has no issues')
   }
 
-  return {
-    data: result.data,
-    severityCount,
-  }
+  return result.data
 }
 
 /**
- * @param {ReportData} reportData
+ * @param {ReportData} data
  * @param {{ name: string } & CommandContext} context
  * @returns {void}
  */
-export function formatReportDataOutput ({ data, severityCount }, { name, outputJson, outputMarkdown, reportId, strict }) {
+export function formatReportDataOutput (data, { name, outputJson, outputMarkdown, reportId, strict }) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
@@ -175,7 +174,7 @@ export function formatReportDataOutput ({ data, severityCount }, { name, outputJ
     }
   }
 
-  if (strict && objectSome(severityCount)) {
+  if (strict && data.healthy === false) {
     process.exit(1)
   }
 }

package/lib/utils/meow-with-subcommands.js

@@ -1,7 +1,14 @@
 import meow from 'meow'
 
 import { printFlagList, printHelpList } from './formatting.js'
-import { ensureIsKeyOf } from './type-helpers.js'
+
+/**
+ * @typedef CliAlias
+ * @property {string} description
+ * @property {readonly string[]} argv
+ */
+
+/** @typedef {Record<string, CliAlias>} CliAliases */
 
 /**
  * @callback CliSubcommandRun
@@ -20,39 +27,51 @@ import { ensureIsKeyOf } from './type-helpers.js'
 /**
  * @template {import('meow').AnyFlags} Flags
  * @param {Record<string, CliSubcommand>} subcommands
- * @param {import('meow').Options<Flags> & { argv: readonly string[], name: string }} options
+ * @param {import('meow').Options<Flags> & { aliases?: CliAliases, argv: readonly string[], name: string }} options
  * @returns {Promise<void>}
  */
 export async function meowWithSubcommands (subcommands, options) {
   const {
+    aliases = {},
     argv,
     name,
     importMeta,
     ...additionalOptions
   } = options
-  const [rawCommandName, ...commandArgv] = argv
-
-  const commandName = ensureIsKeyOf(subcommands, rawCommandName)
-  const command = commandName ? subcommands[commandName] : undefined
-
-  // If a valid command has been specified, run it...
-  if (command) {
-    return await command.run(
-      commandArgv,
-      importMeta,
-      {
-        parentName: name
-      }
-    )
+
+  const [commandOrAliasName, ...rawCommandArgv] = argv
+
+  // If we got at least some args, then lets find out if we can find a command
+  if (commandOrAliasName) {
+    const alias = aliases[commandOrAliasName]
+
+    // First: Resolve argv data from alias if its an alias that's been given
+    const [commandName, ...commandArgv] = alias
+      ? [...alias.argv, ...rawCommandArgv]
+      : [commandOrAliasName, ...rawCommandArgv]
+
+    // Second: Find a command definition using that data
+    const commandDefinition = commandName ? subcommands[commandName] : undefined
+
+    // Third: If a valid command has been found, then we run it...
+    if (commandDefinition) {
+      return await commandDefinition.run(
+        commandArgv,
+        importMeta,
+        {
+          parentName: name
+        }
+      )
+    }
   }
 
-  // ...else provide basic instructions and help
+  // ...else we provide basic instructions and help
   const cli = meow(`
     Usage
       $ ${name} <command>
 
     Commands
-      ${printHelpList(subcommands, 6)}
+      ${printHelpList({ ...subcommands, ...aliases }, 6)}
 
     Options
       ${printFlagList({}, 6)}

package/lib/utils/path-resolve.js

@@ -39,6 +39,9 @@ const GLOB_IGNORE = [
  * @throws {InputError}
  */
 export async function getPackageFiles (cwd, inputPaths, config, debugLog) {
+  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)
+
+  // TODO: Does not support `~/` paths
   const entries = await globby(inputPaths, {
     absolute: true,
     cwd,

package/lib/utils/sdk.js

@@ -1,4 +1,8 @@
-import { SocketSdk } from '@socketsecurity/sdk'
+import { readFile } from 'node:fs/promises'
+import { dirname, join } from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+import { SocketSdk, createUserAgentFromPkgJson } from '@socketsecurity/sdk'
 import isInteractive from 'is-interactive'
 import prompts from 'prompts'
 
@@ -34,11 +38,14 @@ export async function setupSdk () {
       https: new HttpsProxyAgent({ proxy: process.env['SOCKET_SECURITY_API_PROXY'] }),
     }
   }
+  const packageJsonPath = join(dirname(fileURLToPath(import.meta.url)), '../../package.json')
+  const packageJson = await readFile(packageJsonPath, 'utf8')
 
   /** @type {import('@socketsecurity/sdk').SocketSdkOptions} */
   const sdkOptions = {
     agent,
     baseUrl: process.env['SOCKET_SECURITY_API_BASE_URL'],
+    userAgent: createUserAgentFromPkgJson(JSON.parse(packageJson))
   }
 
   return new SocketSdk(apiKey || '', sdkOptions)

package/lib/utils/type-helpers.js

@@ -1,13 +1,3 @@
-/**
- * @template T
- * @param {T} obj
- * @param {string|undefined} key
- * @returns {(keyof T) | undefined}
- */
-export function ensureIsKeyOf (obj, key) {
-  return /** @type {keyof T} */ (key && Object.prototype.hasOwnProperty.call(obj, key) ? key : undefined)
-}
-
 /**
  * @param {unknown} value
  * @returns {value is NodeJS.ErrnoException}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.3.0",
+  "version": "0.4.1",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli-js",
   "repository": {
@@ -47,36 +47,36 @@
     "@types/node": "^14.18.31",
     "@types/prompts": "^2.4.1",
     "@types/update-notifier": "^6.0.1",
-    "@typescript-eslint/eslint-plugin": "^5.44.0",
-    "@typescript-eslint/parser": "^5.44.0",
+    "@typescript-eslint/eslint-plugin": "^5.48.2",
+    "@typescript-eslint/parser": "^5.48.2",
     "c8": "^7.12.0",
     "chai": "^4.3.6",
     "chai-as-promised": "^7.1.1",
     "dependency-check": "^5.0.0-7",
-    "eslint": "^8.28.0",
+    "eslint": "^8.32.0",
     "eslint-config-standard": "^17.0.0",
     "eslint-config-standard-jsx": "^11.0.0",
-    "eslint-import-resolver-typescript": "^3.5.2",
-    "eslint-plugin-import": "^2.26.0",
+    "eslint-import-resolver-typescript": "^3.5.3",
+    "eslint-plugin-import": "^2.27.5",
     "eslint-plugin-jsdoc": "^39.5.0",
-    "eslint-plugin-n": "^15.5.1",
+    "eslint-plugin-n": "^15.6.1",
     "eslint-plugin-promise": "^6.1.1",
-    "eslint-plugin-react": "^7.31.11",
+    "eslint-plugin-react": "^7.32.1",
     "eslint-plugin-react-hooks": "^4.6.0",
     "eslint-plugin-unicorn": "^45.0.2",
     "husky": "^8.0.1",
     "installed-check": "^6.0.5",
     "mocha": "^10.0.0",
     "mock-fs": "^5.2.0",
-    "nock": "^13.2.9",
+    "nock": "^13.3.0",
     "npm-run-all2": "^6.0.2",
     "type-coverage": "^2.24.1",
-    "typescript": "~4.9.3"
+    "typescript": "~4.9.4"
   },
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
-    "@socketsecurity/config": "^1.2.0",
-    "@socketsecurity/sdk": "^0.4.0",
+    "@socketsecurity/config": "^2.0.0",
+    "@socketsecurity/sdk": "^0.5.2",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",