@socketsecurity/cli 0.8.2 → 0.9.0

package/lib/commands/info/index.js

@@ -20,10 +20,13 @@ export const info = {
     const name = parentName + ' info'
 
     const input = setupCommand(name, info.description, argv, importMeta)
-    const packageData = input && await fetchPackageData(input.pkgName, input.pkgVersion, input)
-
-    if (packageData) {
-      formatPackageDataOutput(packageData, { name, ...input })
+    if (input) {
+      const spinnerText = input.pkgVersion === 'latest' ? `Looking up data for the latest version of ${input.pkgName}\n` : `Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`
+      const spinner = ora(spinnerText).start()
+      const packageData = await fetchPackageData(input.pkgName, input.pkgVersion, input, spinner)
+      if (packageData) {
+        formatPackageDataOutput(packageData, { name, ...input }, spinner)
+      }
     }
   }
 }
@@ -90,16 +93,8 @@ function setupCommand (name, description, argv, importMeta) {
 
   const versionSeparator = rawPkgName.lastIndexOf('@')
 
-  if (versionSeparator < 1) {
-    throw new InputError('Need to specify a full package identifier, like eg: webtorrent@1.0.0')
-  }
-
-  const pkgName = rawPkgName.slice(0, versionSeparator)
-  const pkgVersion = rawPkgName.slice(versionSeparator + 1)
-
-  if (!pkgVersion) {
-    throw new InputError('Need to specify a version, like eg: webtorrent@1.0.0')
-  }
+  const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator)
+  const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1)
 
   return {
     includeAllIssues,
@@ -115,53 +110,78 @@ function setupCommand (name, description, argv, importMeta) {
  * @typedef PackageData
  * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
  * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getScoreByNPMPackage'>["data"]} score
  */
 
 /**
  * @param {string} pkgName
  * @param {string} pkgVersion
- * @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
+ * @param {Pick<CommandContext, 'includeAllIssues'>} context
+ * @param {import('ora').Ora} spinner
  * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
+async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues }, spinner) {
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
-  const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
+  const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
   }
 
-  // Conclude the status of the API call
+  if (scoreResult.success === false) {
+    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner)
+  }
 
+  // Conclude the status of the API call
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
 
-  if (objectSome(severityCount)) {
-    const issueSummary = formatSeverityCount(severityCount)
-    spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
-  } else {
-    spinner.succeed('Package has no issues')
-  }
-
   return {
     data: result.data,
     severityCount,
+    score: scoreResult.data
   }
 }
 
 /**
  * @param {PackageData} packageData
  * @param {{ name: string } & CommandContext} context
+ * @param {import('ora').Ora} spinner
  * @returns {void}
  */
- function formatPackageDataOutput ({ data, severityCount }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
+ function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
+    console.log('\nPackage report card:')
+    const scoreResult = {
+      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+      'Maintenance': Math.floor(score.maintenance.score * 100),
+      'Quality': Math.floor(score.quality.score * 100),
+      'Vulnerabilities': Math.floor(score.vulnerability.score * 100),
+      'License': Math.floor(score.license.score * 100)
+    }
+    Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
+
+    // Package issues list
+    if (objectSome(severityCount)) {
+      const issueSummary = formatSeverityCount(severityCount)
+      console.log('\n')
+      spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+      formatPackageIssuesDetails(data, outputMarkdown)
+    } else {
+      console.log('\n')
+      spinner.succeed('Package has no issues')
+    }
+
+    // Link to issues list
     const format = new ChalkOrMarkdown(!!outputMarkdown)
     const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
-
-    console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
+    if (pkgVersion === 'latest') {
+      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName}`, url, { fallbackToUrl: true }))
+    } else {
+      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
+    }
     if (!outputMarkdown) {
       console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
     }
@@ -171,3 +191,55 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
     process.exit(1)
   }
 }
+
+/**
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} packageData
+ * @param {boolean} outputMarkdown
+ * @returns {void[]}
+ */
+function formatPackageIssuesDetails (packageData, outputMarkdown) {
+  const issueDetails = packageData.filter(d => d.value?.severity === 'high' || d.value?.severity === 'critical')
+
+  const uniqueIssues = issueDetails.reduce((/** @type {{ [key: string]: {count: Number, label: string | undefined} }} */ acc, issue) => {
+  const { type } = issue
+    if (type) {
+      if (!acc[type]) {
+        acc[type] = {
+          label: issue.value?.label,
+          count: 1
+        }
+      } else {
+        // @ts-ignore
+        acc[type].count += 1
+      }
+    }
+    return acc
+  }, {})
+
+  const format = new ChalkOrMarkdown(!!outputMarkdown)
+  return Object.keys(uniqueIssues).map(issue => {
+    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, `https://socket.dev/npm/issue/${issue}`, { fallbackToUrl: true })
+    if (uniqueIssues[issue]?.count === 1) {
+      return console.log(`- ${issueWithLink}`)
+    }
+    return console.log(`- ${issueWithLink}: ${uniqueIssues[issue]?.count}`)
+  })
+}
+
+/**
+ * @param {number} score
+ * @returns {string}
+ */
+function formatScore (score) {
+  const error = chalk.hex('#de7c7b')
+  const warning = chalk.hex('#e59361')
+  const success = chalk.hex('#a4cb9d')
+
+  if (score > 80) {
+    return `${success(score)}`
+  } else if (score < 80 && score > 60) {
+    return `${warning(score)}`
+  } else {
+    return `${error(score)}`
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.8.2",
+  "version": "0.9.0",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli-js",
   "repository": {
@@ -82,7 +82,7 @@
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
     "@socketsecurity/config": "^2.0.0",
-    "@socketsecurity/sdk": "^0.7.2",
+    "@socketsecurity/sdk": "^0.7.3",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",