@socketsecurity/cli 0.4.2 → 0.5.2

package/lib/commands/index.js

@@ -1,2 +1,4 @@
 export * from './info/index.js'
 export * from './report/index.js'
+export * from './npm/index.js'
+export * from './npx/index.js'

package/lib/commands/info/index.js

@@ -4,6 +4,7 @@ import chalk from 'chalk'
 import meow from 'meow'
 import ora from 'ora'
 
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
@@ -47,17 +48,17 @@ export const info = {
  * @returns {void|CommandContext}
  */
 function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...validationFlags,
+  }
+
   const cli = meow(`
     Usage
       $ ${name} <name>
 
     Options
-      ${printFlagList({
-        '--all': 'Include all issues',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if any matching issues are found',
-      }, 6)}
+      ${printFlagList(flags, 6)}
 
     Examples
       $ ${name} webtorrent
@@ -66,26 +67,7 @@ function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-    }
+    flags
   })
 
   const {
@@ -147,7 +129,7 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), spinner, 'looking up package')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/commands/npm/index.js

@@ -0,0 +1,22 @@
+import { spawn } from 'child_process'
+import { fileURLToPath } from 'url'
+
+const description = 'npm wrapper functionality'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const npm = {
+  description,
+  run: async (argv, _importMeta, _ctx) => {
+    const wrapperPath = fileURLToPath(new URL('../../shadow/npm-cli.cjs', import.meta.url))
+    process.exitCode = 1
+    spawn(process.execPath, [wrapperPath, ...argv], {
+      stdio: 'inherit'
+    }).on('exit', (code, signal) => {
+      if (signal) {
+        process.kill(process.pid, signal)
+      } else if (code !== null) {
+        process.exit(code)
+      }
+    })
+  }
+}

package/lib/commands/npx/index.js

@@ -0,0 +1,22 @@
+import { spawn } from 'child_process'
+import { fileURLToPath } from 'url'
+
+const description = 'npx wrapper functionality'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const npx = {
+  description,
+  run: async (argv, _importMeta, _ctx) => {
+    const wrapperPath = fileURLToPath(new URL('../../shadow/npx-cli.cjs', import.meta.url))
+    process.exitCode = 1
+    spawn(process.execPath, [wrapperPath, ...argv], {
+      stdio: 'inherit'
+    }).on('exit', (code, signal) => {
+      if (signal) {
+        process.kill(process.pid, signal)
+      } else if (code !== null) {
+        process.exit(code)
+      }
+    })
+  }
+}

package/lib/commands/report/create.js

@@ -9,9 +9,11 @@ import ora from 'ora'
 import { ErrorWithCause } from 'pony-cause'
 
 import { fetchReportData, formatReportDataOutput } from './view.js'
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown, logSymbols } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
+import { prepareFlags } from '../../utils/flags.js'
 import { printFlagList } from '../../utils/formatting.js'
 import { createDebugLogger } from '../../utils/misc.js'
 import { getPackageFiles } from '../../utils/path-resolve.js'
@@ -79,6 +81,28 @@ export const create = {
  * @returns {Promise<void|CommandContext>}
  */
 async function setupCommand (name, description, argv, importMeta) {
+  const flags = prepareFlags({
+    ...outputFlags,
+    ...validationFlags,
+    debug: {
+      type: 'boolean',
+      alias: 'd',
+      default: false,
+      description: 'Output debug information',
+    },
+    dryRun: {
+      type: 'boolean',
+      default: false,
+      description: 'Only output what will be done without actually doing it',
+    },
+    view: {
+      type: 'boolean',
+      alias: 'v',
+      default: false,
+      description: 'Will wait for and return the created report'
+    },
+  })
+
   const cli = meow(`
     Usage
       $ ${name} <paths-to-package-folders-and-files>
@@ -114,40 +138,7 @@ async function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      debug: {
-        type: 'boolean',
-        alias: 'd',
-        default: false,
-      },
-      dryRun: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-      view: {
-        type: 'boolean',
-        alias: 'v',
-        default: false,
-      },
-    }
+    flags,
   })
 
   const {
@@ -224,7 +215,7 @@ async function createReport (packagePaths, { config, cwd, debugLog, dryRun }) {
   const result = await handleApiCall(apiCall, spinner, 'creating report')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('createReport', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/commands/report/view.js

@@ -4,6 +4,7 @@ import chalk from 'chalk'
 import meow from 'meow'
 import ora from 'ora'
 
+import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
@@ -28,7 +29,6 @@ export const view = {
 
 // Internal functions
 
-// TODO: Share more of the flag setup inbetween the commands
 /**
  * @typedef CommandContext
  * @property {boolean} includeAllIssues
@@ -46,17 +46,17 @@ export const view = {
  * @returns {void|CommandContext}
  */
 function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...validationFlags,
+  }
+
   const cli = meow(`
     Usage
       $ ${name} <report-identifier>
 
     Options
-      ${printFlagList({
-        '--all': 'Include all issues',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if report result is deemed unhealthy',
-      }, 6)}
+      ${printFlagList(flags, 6)}
 
     Examples
       $ ${name} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
@@ -64,26 +64,7 @@ function setupCommand (name, description, argv, importMeta) {
     argv,
     description,
     importMeta,
-    flags: {
-      all: {
-        type: 'boolean',
-        default: false,
-      },
-      json: {
-        type: 'boolean',
-        alias: 'j',
-        default: false,
-      },
-      markdown: {
-        type: 'boolean',
-        alias: 'm',
-        default: false,
-      },
-      strict: {
-        type: 'boolean',
-        default: false,
-      },
-    }
+    flags,
   })
 
   // Extract the input
@@ -134,7 +115,7 @@ export async function fetchReportData (reportId, { includeAllIssues, strict }) {
   const result = await handleApiCall(socketSdk.getReport(reportId), spinner, 'fetching report')
 
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse(result, spinner)
+    return handleUnsuccessfulApiResponse('getReport', result, spinner)
   }
 
   // Conclude the status of the API call

package/lib/flags/index.js

@@ -0,0 +1,2 @@
+export { outputFlags } from './output.js'
+export { validationFlags } from './validation.js'

package/lib/flags/output.js

@@ -0,0 +1,16 @@
+import { prepareFlags } from '../utils/flags.js'
+
+export const outputFlags = prepareFlags({
+  json: {
+    type: 'boolean',
+    alias: 'j',
+    default: false,
+  description: 'Output result as json',
+  },
+  markdown: {
+    type: 'boolean',
+    alias: 'm',
+    default: false,
+  description: 'Output result as markdown',
+  },
+})

package/lib/flags/validation.js

@@ -0,0 +1,14 @@
+import { prepareFlags } from '../utils/flags.js'
+
+export const validationFlags = prepareFlags({
+  all: {
+    type: 'boolean',
+    default: false,
+  description: 'Include all issues',
+  },
+  strict: {
+    type: 'boolean',
+    default: false,
+  description: 'Exits with an error code if any matching issues are found',
+  },
+})

package/lib/shadow/bin/npm

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+require('../npm-cli.cjs')

package/lib/shadow/bin/npx

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+require('../npx-cli.cjs')

package/lib/shadow/global.d.ts

@@ -0,0 +1,3 @@
+declare module 'hyperlinker' {
+  export = (msg: string, href: URL['href']) => string
+}

package/lib/shadow/link.cjs

@@ -0,0 +1,43 @@
+/* eslint-disable no-console */
+const { chmodSync, realpathSync } = require('fs')
+const path = require('path')
+
+const which = require('which')
+
+/**
+ * @param {string} realDirname path to shadow/bin
+ * @param {'npm' | 'npx'} binname
+ * @returns {string} path to npm provided cli / npx bin
+ */
+function installLinks (realDirname, binname) {
+  const realNpmShadowBinDir = realDirname
+  // find npm being shadowed by this process
+  const npms = which.sync(binname, {
+    all: true
+  })
+  let shadowIndex = -1
+  const npmpath = npms.find((npmPath, i) => {
+    const isShadow = realpathSync(path.dirname(npmPath)) === realNpmShadowBinDir
+    if (isShadow) {
+      shadowIndex = i
+    }
+    return !isShadow
+  })
+  if (!npmpath) {
+    console.error('Socket unable to locate npm ensure it is available in the PATH environment variable')
+    process.exit(127)
+  }
+  if (shadowIndex === -1) {
+    chmodSync(realNpmShadowBinDir, parseInt('755', 8))
+    const bindir = path.join(realDirname)
+    process.env['PATH'] = `${
+      bindir
+    }${
+      process.platform === 'win32' ? ';' : ':'
+    }${
+      process.env['PATH']
+    }`
+  }
+  return npmpath
+}
+module.exports = installLinks

package/lib/shadow/npm-cli.cjs

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+// THIS FILE USES .cjs to get around the extension-free entrypoint problem with ESM
+'use strict'
+const { spawn } = require('child_process')
+const { realpathSync } = require('fs')
+const path = require('path')
+
+const realFilename = realpathSync(__filename)
+const realDirname = path.dirname(realFilename)
+
+/**
+ */
+async function main () {
+  const npmpath = await require('./link.cjs')(path.join(realDirname, 'bin'), 'npm')
+  process.exitCode = 1
+  const injectionpath = path.join(realDirname, 'npm-injection.cjs')
+  spawn(process.execPath, ['--require', injectionpath, npmpath, ...process.argv.slice(2)], {
+    stdio: 'inherit'
+  }).on('exit', (code, signal) => {
+    if (signal) {
+      process.kill(process.pid, signal)
+    } else if (code !== null) {
+      process.exit(code)
+    }
+  })
+}
+main()