@socketsecurity/cli 0.7.2 → 0.8.0

package/README.md

@@ -26,10 +26,10 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 
 * `socket report create <path(s)-to-folder-or-file>` - creates a report on [socket.dev](https://socket.dev/)
 
-  Uploads the specified `package.json` and lock files for JavaScript and Python dependency manifests.
+  Uploads the specified `package.json` and lock files for JavaScript, Python, and Go dependency manifests.
   If any folder is specified, the ones found in there recursively are uploaded.
 
-  Supports globbing such as `**/package.json`, `**/requirements.txt`, and `**/pyproject.toml`.
+  Supports globbing such as `**/package.json`, `**/requirements.txt`, `**/pyproject.toml`, and `**/go.mod`.
 
   Ignores any file specified in your project's `.gitignore`, the `projectIgnorePaths` in your project's [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has a sensible set of [default ignores](https://www.npmjs.com/package/ignore-by-default)
 

package/lib/commands/info/index.js

@@ -11,7 +11,7 @@ import { InputError } from '../../utils/errors.js'
 import { getSeverityCount, formatSeverityCount } from '../../utils/format-issues.js'
 import { printFlagList } from '../../utils/formatting.js'
 import { objectSome } from '../../utils/misc.js'
-import { setupSdk } from '../../utils/sdk.js'
+import { FREE_API_KEY, getDefaultKey, setupSdk } from '../../utils/sdk.js'
 
 /** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
 export const info = {
@@ -124,9 +124,9 @@ function setupCommand (name, description, argv, importMeta) {
  * @returns {Promise<void|PackageData>}
  */
 async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
-  const socketSdk = await setupSdk()
+  const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
   const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
-  const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), spinner, 'looking up package')
+  const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)

package/lib/commands/login/index.js

@@ -2,10 +2,10 @@ import isInteractive from 'is-interactive'
 import meow from 'meow'
 import ora from 'ora'
 import prompts from 'prompts'
+import terminalLink from 'terminal-link'
 
-import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { AuthError, InputError } from '../../utils/errors.js'
-import { setupSdk } from '../../utils/sdk.js'
+import { FREE_API_KEY, setupSdk } from '../../utils/sdk.js'
 import { getSetting, updateSetting } from '../../utils/settings.js'
 
 const description = 'Socket API login'
@@ -29,38 +29,108 @@ export const login = {
       importMeta,
     })
 
+    /**
+     * @param {{aborted: boolean}} state
+     */
+    const promptAbortHandler = (state) => {
+      if (state.aborted) {
+        process.nextTick(() => process.exit(1))
+      }
+    }
+
     if (cli.input.length) cli.showHelp()
 
     if (!isInteractive()) {
       throw new InputError('cannot prompt for credentials in a non-interactive shell')
     }
-    const format = new ChalkOrMarkdown(false)
-    const { apiKey } = await prompts({
+    /**
+     * @type {{ apiKey: string }}
+     */
+    const result = await prompts({
       type: 'password',
       name: 'apiKey',
-      message: `Enter your ${format.hyperlink(
+      message: `Enter your ${terminalLink(
         'Socket.dev API key',
         'https://docs.socket.dev/docs/api-keys'
-      )}`,
+      )} (leave blank for a public key)`,
+      onState: promptAbortHandler
     })
 
-    if (!apiKey) {
-      ora('API key not updated').warn()
-      return
-    }
+    const apiKey = result.apiKey || FREE_API_KEY
 
     const spinner = ora('Verifying API key...').start()
 
-    const oldKey = getSetting('apiKey')
-    updateSetting('apiKey', apiKey)
+    /** @type {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrganizations'>['data']} */
+    let orgs
+
     try {
-      const sdk = await setupSdk()
-      const quota = await sdk.getQuota()
-      if (!quota.success) throw new AuthError()
-      spinner.succeed(`API key ${oldKey ? 'updated' : 'set'}`)
+      const sdk = await setupSdk(apiKey)
+      const result = await sdk.getOrganizations()
+      if (!result.success) throw new AuthError()
+      orgs = result.data
+      spinner.succeed('API key verified\n')
     } catch (e) {
-      updateSetting('apiKey', oldKey)
       spinner.fail('Invalid API key')
+      return
     }
+
+    /**
+     * @template T
+     * @param {T | null | undefined} value
+     * @returns {value is T}
+     */
+    const nonNullish = value => value != null
+
+    /** @type {prompts.Choice[]} */
+    const enforcedChoices = Object.values(orgs.organizations)
+      .filter(nonNullish)
+      .filter(org => org.plan === 'enterprise')
+      .map(org => ({
+        title: org.name,
+        value: org.id
+      }))
+
+    /** @type {string[]} */
+    let enforcedOrgs = []
+
+    if (enforcedChoices.length > 1) {
+      /**
+       * @type { {id: string} }
+       */
+      const { id } = await prompts({
+        type: 'select',
+        name: 'id',
+        hint: '\n  Pick "None" if this is a personal device',
+        message: 'Which organization\'s policies should Socket enforce system-wide?',
+        choices: enforcedChoices.concat({
+          title: 'None',
+          value: null
+        }),
+        onState: promptAbortHandler
+      })
+      if (id) enforcedOrgs = [id]
+    } else if (enforcedChoices.length) {
+      /**
+       * @type { {confirmOrg: boolean} }
+       */
+      const { confirmOrg } = await prompts({
+        type: 'confirm',
+        name: 'confirmOrg',
+        message: `Should Socket enforce ${enforcedChoices[0]?.title}'s security policies system-wide?`,
+        initial: true,
+        onState: promptAbortHandler
+      })
+      if (confirmOrg) {
+        const existing = /** @type {undefined | {value: string}} */(enforcedChoices[0])
+        if (existing) {
+          enforcedOrgs = [existing.value]
+        }
+      }
+    }
+    // MUST DO all updateSetting ON SAME TICK TO AVOID PARTIAL WRITE
+    updateSetting('enforcedOrgs', enforcedOrgs)
+    const oldKey = getSetting('apiKey')
+    updateSetting('apiKey', apiKey)
+    spinner.succeed(`API credentials ${oldKey ? 'updated' : 'set'}`)
   }
 }

package/lib/commands/logout/index.js

@@ -27,6 +27,7 @@ export const logout = {
     if (cli.input.length) cli.showHelp()
 
     updateSetting('apiKey', null)
+    updateSetting('enforcedOrgs', null)
     ora('Successfully logged out').succeed()
   }
 }

package/lib/commands/report/create.js

@@ -86,7 +86,7 @@ async function setupCommand (name, description, argv, importMeta) {
     ...validationFlags,
     debug: {
       type: 'boolean',
-      alias: 'd',
+      shortFlag: 'd',
       default: false,
       description: 'Output debug information',
     },
@@ -97,7 +97,7 @@ async function setupCommand (name, description, argv, importMeta) {
     },
     view: {
       type: 'boolean',
-      alias: 'v',
+      shortFlag: 'v',
       default: false,
       description: 'Will wait for and return the created report'
     },
@@ -107,10 +107,10 @@ async function setupCommand (name, description, argv, importMeta) {
     Usage
       $ ${name} <paths-to-package-folders-and-files>
 
-    Uploads the specified "package.json" and lock files for JavaScript and Python dependency manifests.
+    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
     If any folder is specified, the ones found in there recursively are uploaded.
 
-    Supports globbing such as "**/package.json", "**/requirements.txt", and "**/pyproject.toml".
+    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
 
     Ignores any file specified in your project's ".gitignore", your project's
     "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
@@ -118,13 +118,13 @@ async function setupCommand (name, description, argv, importMeta) {
 
     Options
       ${printFlagList({
-        '--all': 'Include all issues',
-        '--debug': 'Output debug information',
-        '--dry-run': 'Only output what will be done without actually doing it',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if any matching issues are found',
-        '--view': 'Will wait for and return the created report'
+        'all': 'Include all issues',
+        'debug': 'Output debug information',
+        'dry-run': 'Only output what will be done without actually doing it',
+        'json': 'Output result as json',
+        'markdown': 'Output result as markdown',
+        'strict': 'Exits with an error code if any matching issues are found',
+        'view': 'Will wait for and return the created report'
       }, 6)}
 
     Examples
@@ -185,9 +185,11 @@ async function setupCommand (name, description, argv, importMeta) {
     .then(res => {
       if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, ora())
       return res.data
-    }).catch(cause => {
-      throw new ErrorWithCause('Failed getting supported files for report', { cause })
-    })
+    }).catch(
+      /** @type {(cause: Error) => never} */
+      (cause) => {
+        throw new ErrorWithCause('Failed getting supported files for report', { cause })
+      })
 
   const packagePaths = await getPackageFiles(cwd, cli.input, config, supportedFiles, debugLog)
 
@@ -220,7 +222,7 @@ async function createReport (packagePaths, { config, cwd, debugLog, dryRun }) {
   const socketSdk = await setupSdk()
   const spinner = ora(`Creating report with ${packagePaths.length} package files`).start()
   const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, config?.issueRules)
-  const result = await handleApiCall(apiCall, spinner, 'creating report')
+  const result = await handleApiCall(apiCall, 'creating report')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('createReport', result, spinner)

package/lib/commands/report/view.js

@@ -3,6 +3,7 @@
 import chalk from 'chalk'
 import meow from 'meow'
 import ora from 'ora'
+import { ErrorWithCause } from 'pony-cause'
 
 import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
@@ -102,6 +103,8 @@ function setupCommand (name, description, argv, importMeta) {
  * @typedef {import('@socketsecurity/sdk').SocketSdkReturnType<'getReport'>["data"]} ReportData
  */
 
+const MAX_TIMEOUT_RETRY = 5
+
 /**
  * @param {string} reportId
  * @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
@@ -111,8 +114,22 @@ export async function fetchReportData (reportId, { includeAllIssues, strict }) {
   // Do the API call
 
   const socketSdk = await setupSdk()
-  const spinner = ora(`Fetching report with ID ${reportId}`).start()
-  const result = await handleApiCall(socketSdk.getReport(reportId), spinner, 'fetching report')
+  const spinner = ora(`Fetching report with ID ${reportId} (this could take a while)`).start()
+  /** @type {import('@socketsecurity/sdk').SocketSdkResultType<'getReport'> | undefined} */
+  let result
+  for (let retry = 1; !result; ++retry) {
+    try {
+      result = await handleApiCall(socketSdk.getReport(reportId), 'fetching report')
+    } catch (err) {
+      if (
+        retry >= MAX_TIMEOUT_RETRY ||
+        !(err instanceof ErrorWithCause) ||
+        err.cause?.cause?.response?.statusCode !== 524
+      ) {
+        throw err
+      }
+    }
+  }
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getReport', result, spinner)
@@ -147,9 +164,7 @@ export function formatReportDataOutput (data, { name, outputJson, outputMarkdown
     console.log(JSON.stringify(data, undefined, 2))
   } else {
     const format = new ChalkOrMarkdown(!!outputMarkdown)
-    const url = `https://socket.dev/npm/reports/${encodeURIComponent(reportId)}`
-
-    console.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, url, { fallbackToUrl: true }))
+    console.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, data.url, { fallbackToUrl: true }))
     if (!outputMarkdown) {
       console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
     }

package/lib/flags/output.js

@@ -3,13 +3,13 @@ import { prepareFlags } from '../utils/flags.js'
 export const outputFlags = prepareFlags({
   json: {
     type: 'boolean',
-    alias: 'j',
+    shortFlag: 'j',
     default: false,
   description: 'Output result as json',
   },
   markdown: {
     type: 'boolean',
-    alias: 'm',
+    shortFlag: 'm',
     default: false,
   description: 'Output result as markdown',
   },

package/lib/shadow/link.cjs

@@ -5,34 +5,34 @@ const path = require('path')
 const which = require('which')
 
 if (process.platform === 'win32') {
-  console.error('Socket npm and socket npx wrapper Windows suppport is limited to WSL at this time.')
+  console.error('Socket dependency manager Windows suppport is limited to WSL at this time.')
   process.exit(1)
 }
 
 /**
  * @param {string} realDirname path to shadow/bin
  * @param {'npm' | 'npx'} binname
- * @returns {string} path to npm provided cli / npx bin
+ * @returns {string} path to original bin
  */
 function installLinks (realDirname, binname) {
-  const realNpmShadowBinDir = realDirname
-  // find npm being shadowed by this process
-  const npms = which.sync(binname, {
+  const realShadowBinDir = realDirname
+  // find package manager being shadowed by this process
+  const bins = which.sync(binname, {
     all: true
   })
   let shadowIndex = -1
-  const npmpath = npms.find((npmPath, i) => {
-    const isShadow = realpathSync(path.dirname(npmPath)) === realNpmShadowBinDir
+  const binpath = bins.find((binPath, i) => {
+    const isShadow = realpathSync(path.dirname(binPath)) === realShadowBinDir
     if (isShadow) {
       shadowIndex = i
     }
     return !isShadow
   })
-  if (npmpath && process.platform === 'win32') {
-    return npmpath
+  if (binpath && process.platform === 'win32') {
+    return binpath
   }
-  if (!npmpath) {
-    console.error('Socket unable to locate npm ensure it is available in the PATH environment variable')
+  if (!binpath) {
+    console.error(`Socket unable to locate ${binname}; ensure it is available in the PATH environment variable`)
     process.exit(127)
   }
   if (shadowIndex === -1) {
@@ -45,6 +45,6 @@ function installLinks (realDirname, binname) {
       process.env['PATH']
     }`
   }
-  return npmpath
+  return binpath
 }
 module.exports = installLinks