@socketsecurity/cli 0.4.2 → 0.5.1

package/lib/commands/index.js

@@ -1,2 +1,4 @@
 export * from './info/index.js'
 export * from './report/index.js'
+export * from './npm/index.js'
+export * from './npx/index.js'

package/lib/commands/info/index.js

@@ -4,6 +4,7 @@ import chalk from 'chalk'
 import meow from 'meow'
 import ora from 'ora'
 
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
@@ -47,17 +48,17 @@ export const info = {
  * @returns {void|CommandContext}
  */
 function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...validationFlags,
+  }
+
   const cli = meow(`
     Usage
       $ ${name} <name>
 
     Options
-      ${printFlagList({
-        '--all': 'Include all issues',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if any matching issues are found',
-      }, 6)}
+      ${printFlagList(flags, 6)}
 
     Examples
       $ ${name} webtorrent
@@ -66,26 +67,7 @@ function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-    }
+    flags
   })
 
   const {
@@ -147,7 +129,7 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), spinner, 'looking up package')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/commands/npm/index.js

@@ -0,0 +1,22 @@
+import { spawn } from 'child_process'
+import { fileURLToPath } from 'url'
+
+const description = 'npm wrapper functionality'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const npm = {
+  description,
+  run: async (argv, _importMeta, _ctx) => {
+    const wrapperPath = fileURLToPath(new URL('../../shadow/npm-cli.cjs', import.meta.url))
+    process.exitCode = 1
+    spawn(process.execPath, [wrapperPath, ...argv], {
+      stdio: 'inherit'
+    }).on('exit', (code, signal) => {
+      if (signal) {
+        process.kill(process.pid, signal)
+      } else if (code !== null) {
+        process.exit(code)
+      }
+    })
+  }
+}

package/lib/commands/npx/index.js

@@ -0,0 +1,22 @@
+import { spawn } from 'child_process'
+import { fileURLToPath } from 'url'
+
+const description = 'npx wrapper functionality'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const npx = {
+  description,
+  run: async (argv, _importMeta, _ctx) => {
+    const wrapperPath = fileURLToPath(new URL('../../shadow/npx-cli.cjs', import.meta.url))
+    process.exitCode = 1
+    spawn(process.execPath, [wrapperPath, ...argv], {
+      stdio: 'inherit'
+    }).on('exit', (code, signal) => {
+      if (signal) {
+        process.kill(process.pid, signal)
+      } else if (code !== null) {
+        process.exit(code)
+      }
+    })
+  }
+}

package/lib/commands/report/create.js

@@ -9,9 +9,11 @@ import ora from 'ora'
 import { ErrorWithCause } from 'pony-cause'
 
 import { fetchReportData, formatReportDataOutput } from './view.js'
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown, logSymbols } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
+import { prepareFlags } from '../../utils/flags.js'
 import { printFlagList } from '../../utils/formatting.js'
 import { createDebugLogger } from '../../utils/misc.js'
 import { getPackageFiles } from '../../utils/path-resolve.js'
@@ -79,6 +81,28 @@ export const create = {
  * @returns {Promise<void|CommandContext>}
  */
 async function setupCommand (name, description, argv, importMeta) {
+  const flags = prepareFlags({
+    ...outputFlags,
+    ...validationFlags,
+    debug: {
+      type: 'boolean',
+      alias: 'd',
+      default: false,
+      description: 'Output debug information',
+    },
+    dryRun: {
+      type: 'boolean',
+      default: false,
+      description: 'Only output what will be done without actually doing it',
+    },
+    view: {
+      type: 'boolean',
+      alias: 'v',
+      default: false,
+      description: 'Will wait for and return the created report'
+    },
+  })
+
   const cli = meow(`
     Usage
       $ ${name} <paths-to-package-folders-and-files>
@@ -114,40 +138,7 @@ async function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      debug: {
-        type: 'boolean',
-        alias: 'd',
-        default: false,
-      },
-      dryRun: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-      view: {
-        type: 'boolean',
-        alias: 'v',
-        default: false,
-      },
-    }
+    flags,
   })
 
   const {
@@ -224,7 +215,7 @@ async function createReport (packagePaths, { config, cwd, debugLog, dryRun }) {
   const result = await handleApiCall(apiCall, spinner, 'creating report')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('createReport', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/commands/report/view.js

@@ -4,6 +4,7 @@ import chalk from 'chalk'
 import meow from 'meow'
 import ora from 'ora'
 
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
@@ -28,7 +29,6 @@ export const view = {
 
 // Internal functions
 
-// TODO: Share more of the flag setup inbetween the commands
 /**
  * @typedef CommandContext
  * @property {boolean} includeAllIssues
@@ -46,17 +46,17 @@ export const view = {
  * @returns {void|CommandContext}
  */
 function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...validationFlags,
+  }
+
   const cli = meow(`
     Usage
       $ ${name} <report-identifier>
 
     Options
-      ${printFlagList({
-        '--all': 'Include all issues',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if report result is deemed unhealthy',
-      }, 6)}
+      ${printFlagList(flags, 6)}
 
     Examples
       $ ${name} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
@@ -64,26 +64,7 @@ function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-    }
+    flags,
   })
 
   // Extract the input
@@ -134,7 +115,7 @@ export async function fetchReportData (reportId, { includeAllIssues, strict }) {
   const result = await handleApiCall(socketSdk.getReport(reportId), spinner, 'fetching report')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('getReport', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/flags/index.js

@@ -0,0 +1,2 @@
+export { outputFlags } from './output.js'
+export { validationFlags } from './validation.js'

package/lib/flags/output.js

@@ -0,0 +1,16 @@
+import { prepareFlags } from '../utils/flags.js'
+
+export const outputFlags = prepareFlags({
+  json: {
+    type: 'boolean',
+    alias: 'j',
+    default: false,
+  description: 'Output result as json',
+  },
+  markdown: {
+    type: 'boolean',
+    alias: 'm',
+    default: false,
+  description: 'Output result as markdown',
+  },
+})

package/lib/flags/validation.js

@@ -0,0 +1,14 @@
+import { prepareFlags } from '../utils/flags.js'
+
+export const validationFlags = prepareFlags({
+  all: {
+    type: 'boolean',
+    default: false,
+  description: 'Include all issues',
+  },
+  strict: {
+    type: 'boolean',
+    default: false,
+  description: 'Exits with an error code if any matching issues are found',
+  },
+})

package/lib/shadow/npm-cli.cjs

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+// THIS FILE USES .cjs to get around the extension-free entrypoint problem with ESM
+'use strict'
+const { spawn } = require('child_process')
+const { realpathSync } = require('fs')
+const path = require('path')
+
+const realFilename = realpathSync(__filename)
+const realDirname = path.dirname(realFilename)
+
+/**
+ */
+async function main () {
+  const npmpath = await require('./link.cjs')(path.join(realDirname, 'bin'), 'npm')
+  process.exitCode = 1
+  const injectionpath = path.join(realDirname, 'npm-injection.cjs')
+  spawn(process.execPath, ['--require', injectionpath, npmpath, ...process.argv.slice(2)], {
+    stdio: 'inherit'
+  }).on('exit', (code, signal) => {
+    if (signal) {
+      process.kill(process.pid, signal)
+    } else if (code !== null) {
+      process.exit(code)
+    }
+  })
+}
+main()

package/lib/shadow/npx-cli.cjs

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+// THIS FILE USES .cjs to get around the extension-free entrypoint problem with ESM
+'use strict'
+const { spawn } = require('child_process')
+const { realpathSync } = require('fs')
+const path = require('path')
+
+const realFilename = realpathSync(__filename)
+const realDirname = path.dirname(realFilename)
+
+/**
+ */
+async function main () {
+  const npxpath = await require('./link.cjs')(path.join(realDirname, 'bin'), 'npx')
+  process.exitCode = 1
+  const injectionpath = path.join(realDirname, 'npm-injection.cjs')
+  spawn(process.execPath, ['--require', injectionpath, npxpath, ...process.argv.slice(2)], {
+    stdio: 'inherit'
+  }).on('exit', (code, signal) => {
+    if (signal) {
+      process.kill(process.pid, signal)
+    } else if (code !== null) {
+      process.exit(code)
+    }
+  })
+}
+main()

package/lib/utils/api-helpers.js

@@ -4,12 +4,13 @@ import { ErrorWithCause } from 'pony-cause'
 import { AuthError } from './errors.js'
 
 /**
- * @template T
+ * @template {import('@socketsecurity/sdk').SocketSdkOperations} T
+ * @param {T} _name
  * @param {import('@socketsecurity/sdk').SocketSdkErrorType<T>} result
  * @param {import('ora').Ora} spinner
  * @returns {void}
  */
-export function handleUnsuccessfulApiResponse (result, spinner) {
+export function handleUnsuccessfulApiResponse (_name, result, spinner) {
   const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {}
   const message = 'message' in resultError && typeof resultError.message === 'string' ? resultError.message : 'No error message returned'
 

package/lib/utils/flags.js

@@ -0,0 +1,27 @@
+/**
+ * @typedef FlagExtensions
+ * @property {string} description
+ */
+
+/**
+ * @template {import('meow').FlagType} Type
+ * @template Default
+ * @template {boolean} [IsMultiple=false]
+ * @typedef {import('meow').Flag<Type, Default, IsMultiple> & FlagExtensions} Flag
+ */
+
+/** @typedef {Flag<'string', string> | Flag<'string', string[], true>} StringFlag */
+/** @typedef {Flag<'boolean', boolean> | Flag<'boolean', boolean[], true>} BooleanFlag */
+/** @typedef {Flag<'number', number> | Flag<'number', number[], true>} NumberFlag */
+/** @typedef {StringFlag | BooleanFlag | NumberFlag} AnyFlag */
+/** @typedef {Record<string, AnyFlag>} AnyFlags */
+
+/**
+ * @template {AnyFlags} Flags
+ * @param {Flags} flags
+ * @returns {Readonly<Flags>}
+ */
+export function prepareFlags (flags) {
+  // As we can't do "satisfies AnyFlags" in JS yet (+ we add a bonus through Readonly<>)
+  return flags
+}

package/lib/utils/formatting.js

@@ -1,12 +1,23 @@
 /** @typedef {string|{ description: string }} ListDescription */
 
+/**
+ * @typedef HelpListOptions
+ * @property {string} [keyPrefix]
+ * @property {number} [padName]
+ */
+
 /**
  * @param {Record<string,ListDescription>} list
  * @param {number} indent
- * @param {number} padName
+ * @param {HelpListOptions} options
  * @returns {string}
  */
-export function printHelpList (list, indent, padName = 18) {
+export function printHelpList (list, indent, options = {}) {
+  const {
+    keyPrefix = '',
+    padName = 18,
+  } = options
+
   const names = Object.keys(list).sort()
 
   let result = ''
@@ -15,22 +26,22 @@ export function printHelpList (list, indent, padName = 18) {
     const rawDescription = list[name]
     const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || ''
 
-    result += ''.padEnd(indent) + name.padEnd(padName) + description + '\n'
+    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n'
   }
 
   return result.trim()
 }
 
 /**
- * @param {Record<string,ListDescription>} list
+ * @param {Record<string, ListDescription>} list
  * @param {number} indent
- * @param {number} padName
+ * @param {HelpListOptions} options
  * @returns {string}
  */
- export function printFlagList (list, indent, padName = 18) {
+export function printFlagList (list, indent, options = {}) {
   return printHelpList({
-    '--help': 'Print this help and exits.',
-    '--version': 'Prints current version and exits.',
+    'help': 'Print this help and exits.',
+    'version': 'Prints current version and exits.',
     ...list,
-  }, indent, padName)
+  }, indent, { keyPrefix: '--', ...options })
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.4.2",
+  "version": "0.5.1",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli-js",
   "repository": {
@@ -15,18 +15,21 @@
   },
   "license": "MIT",
   "engines": {
-    "node": "^14.18.0 || >=16.0.0"
+    "node": "^14.18.0 || ^16.13.0 || >=18.0.0"
   },
   "type": "module",
   "bin": {
-    "socket": "cli.js"
+    "socket": "cli.js",
+    "socket-npm": "lib/shadow/npm-cli.cjs",
+    "socket-npx": "lib/shadow/npx-cli.cjs"
   },
   "files": [
     "cli.js",
     "lib/**/*.js"
   ],
   "scripts": {
-    "check:dependency-check": "dependency-check '*.js' 'test/**/*.js' --no-dev",
+    "echo": "echo $PATH",
+    "check:dependency-check": "dependency-check '*.js' 'lib/shadow/*.cjs' '*.mjs' 'test/**/*.js' --no-dev",
     "check:installed-check": "installed-check -i eslint-plugin-jsdoc",
     "check:lint": "eslint --report-unused-disable-directives .",
     "check:tsc": "tsc",
@@ -45,8 +48,11 @@
     "@types/mocha": "^10.0.0",
     "@types/mock-fs": "^4.13.1",
     "@types/node": "^14.18.31",
+    "@types/npm": "^7.19.0",
+    "@types/npmcli__arborist": "^5.6.1",
     "@types/prompts": "^2.4.1",
     "@types/update-notifier": "^6.0.2",
+    "@types/which": "^2.0.2",
     "@typescript-eslint/eslint-plugin": "^5.51.0",
     "@typescript-eslint/parser": "^5.51.0",
     "c8": "^7.12.0",
@@ -76,7 +82,7 @@
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
     "@socketsecurity/config": "^2.0.0",
-    "@socketsecurity/sdk": "^0.5.2",
+    "@socketsecurity/sdk": "^0.5.4",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",
@@ -89,6 +95,7 @@
     "pony-cause": "^2.1.8",
     "prompts": "^2.4.2",
     "terminal-link": "^3.0.0",
-    "update-notifier": "^6.0.2"
+    "update-notifier": "^6.0.2",
+    "which": "^3.0.0"
   }
 }