@socketsecurity/cli 0.9.3 → 0.10.0

package/lib/commands/info/index.js

@@ -7,13 +7,13 @@ import ora from 'ora'
 import { outputFlags, validationFlags } from '../../flags/index.js'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
-import { InputError } from '../../utils/errors.js'
-import { getSeverityCount, formatSeverityCount } from '../../utils/format-issues.js'
+import { prepareFlags } from '../../utils/flags.js'
+import { formatSeverityCount, getCountSeverity } from '../../utils/format-issues.js'
 import { printFlagList } from '../../utils/formatting.js'
 import { objectSome } from '../../utils/misc.js'
 import { FREE_API_KEY, getDefaultKey, setupSdk } from '../../utils/sdk.js'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const info = {
   description: 'Look up info regarding a package',
   async run (argv, importMeta, { parentName }) {
@@ -21,9 +21,9 @@ export const info = {
 
     const input = setupCommand(name, info.description, argv, importMeta)
     if (input) {
-      const spinnerText = input.pkgVersion === 'latest' ? `Looking up data for the latest version of ${input.pkgName}\n` : `Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`
+      const spinnerText = `Looking up data for packages: ${input.packages.join(', ')}\n`
       const spinner = ora(spinnerText).start()
-      const packageData = await fetchPackageData(input.pkgName, input.pkgVersion, input, spinner)
+      const packageData = await fetchPackageData(input.packages, input.includeAlerts, spinner)
       if (packageData) {
         formatPackageDataOutput(packageData, { name, ...input }, spinner)
       }
@@ -31,15 +31,31 @@ export const info = {
   }
 }
 
+const infoFlags = prepareFlags({
+  // At the moment in API v0, alerts and license do the same thing.
+  // The license parameter will be implemented later.
+  // license: {
+  //   type: 'boolean',
+  //   shortFlag: 'l',
+  //   default: false,
+  //   description: 'Include license - Default is false',
+  // },
+  alerts: {
+    type: 'boolean',
+    shortFlag: 'a',
+    default: false,
+    description: 'Include alerts - Default is false',
+  }
+})
+
 // Internal functions
 
 /**
  * @typedef CommandContext
- * @property {boolean} includeAllIssues
+ * @property {boolean} includeAlerts
  * @property {boolean} outputJson
  * @property {boolean} outputMarkdown
- * @property {string} pkgName
- * @property {string} pkgVersion
+ * @property {string[]} packages
  * @property {boolean} strict
  */
 
@@ -54,18 +70,19 @@ function setupCommand (name, description, argv, importMeta) {
   const flags = {
     ...outputFlags,
     ...validationFlags,
+    ...infoFlags
   }
 
   const cli = meow(`
     Usage
-      $ ${name} <name>
+      $ ${name} <ecosystem>:<name>@<version>
 
     Options
       ${printFlagList(flags, 6)}
 
     Examples
-      $ ${name} webtorrent
-      $ ${name} webtorrent@1.9.1
+      $ ${name} npm:webtorrent
+      $ ${name} npm:webtorrent@1.9.1
   `, {
     argv,
     description,
@@ -74,138 +91,162 @@ function setupCommand (name, description, argv, importMeta) {
   })
 
   const {
-    all: includeAllIssues,
+    alerts: includeAlerts,
     json: outputJson,
     markdown: outputMarkdown,
     strict,
   } = cli.flags
 
-  if (cli.input.length > 1) {
-    throw new InputError('Only one package lookup supported at once')
-  }
-
   const [rawPkgName = ''] = cli.input
 
   if (!rawPkgName) {
+    console.error(`${chalk.bgRed('Input error')}: Please provide an ecosystem and package name`)
     cli.showHelp()
     return
   }
 
-  const versionSeparator = rawPkgName.lastIndexOf('@')
+  const /** @type {string[]} */inputPkgs = []
 
-  const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator)
-  const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1)
+  cli.input.map(pkg => {
+    const ecosystem = pkg.split(':')[0]
+    if (!ecosystem) {
+      console.error(`Package name ${pkg} formatted incorrectly.`)
+      return cli.showHelp()
+    } else {
+      const versionSeparator = pkg.lastIndexOf('@')
+      const ecosystemSeparator = pkg.lastIndexOf(ecosystem)
+      const pkgName = versionSeparator < 1 ? pkg.slice(ecosystemSeparator + ecosystem.length + 1) : pkg.slice(ecosystemSeparator + ecosystem.length + 1, versionSeparator)
+      const pkgVersion = versionSeparator < 1 ? 'latest' : pkg.slice(versionSeparator + 1)
+      inputPkgs.push(`${ecosystem}/${pkgName}@${pkgVersion}`)
+    }
+    return inputPkgs
+  })
 
   return {
-    includeAllIssues,
+    includeAlerts,
     outputJson,
     outputMarkdown,
-    pkgName,
-    pkgVersion,
+    packages: inputPkgs,
     strict,
   }
 }
 
 /**
  * @typedef PackageData
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
- * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
- * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getScoreByNPMPackage'>["data"]} score
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'batchPackageFetch'>["data"]} data
  */
 
 /**
- * @param {string} pkgName
- * @param {string} pkgVersion
- * @param {Pick<CommandContext, 'includeAllIssues'>} context
+ * @param {string[]} packages
+ * @param {boolean} includeAlerts
  * @param {import('ora').Ora} spinner
  * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues }, spinner) {
+async function fetchPackageData (packages, includeAlerts, spinner) {
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
-  const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
-  const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')
 
-  if (result.success === false) {
-    return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
-  }
+  const components = packages.map(pkg => {
+    return { 'purl': `pkg:${pkg}` }
+  })
 
-  if (scoreResult.success === false) {
-    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner)
+  const result = await handleApiCall(socketSdk.batchPackageFetch(
+    { alerts: includeAlerts.toString() },
+    {
+        components
+    }), 'looking up package')
+
+  if (!result.success) {
+    return handleUnsuccessfulApiResponse('batchPackageFetch', result, spinner)
   }
 
-  // Conclude the status of the API call
-  const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
+  // @ts-ignore
+  result.data.map(pkg => {
+    const severityCount = pkg.alerts && getCountSeverity(pkg.alerts, includeAlerts ? undefined : 'high')
+    pkg.severityCount = severityCount
+    return pkg
+  })
+
+  spinner.stop()
 
   return {
-    data: result.data,
-    severityCount,
-    score: scoreResult.data
+    data: result.data
   }
 }
 
 /**
- * @param {PackageData} packageData
+ * @param {CommandContext} data
  * @param {{ name: string } & CommandContext} context
  * @param {import('ora').Ora} spinner
  * @returns {void}
  */
- function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
+function formatPackageDataOutput (/** @type {{ [key: string]: any }} */ { data }, { outputJson, outputMarkdown, strict }, spinner) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
-    console.log('\nPackage report card:')
-    const scoreResult = {
-      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
-      'Maintenance': Math.floor(score.maintenance.score * 100),
-      'Quality': Math.floor(score.quality.score * 100),
-      'Vulnerabilities': Math.floor(score.vulnerability.score * 100),
-      'License': Math.floor(score.license.score * 100)
-    }
-    Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
-
-    // Package issues list
-    if (objectSome(severityCount)) {
-      const issueSummary = formatSeverityCount(severityCount)
-      console.log('\n')
-      spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
-      formatPackageIssuesDetails(data, outputMarkdown)
-    } else {
-      console.log('\n')
-      spinner.succeed('Package has no issues')
-    }
+    data.map((/** @type {{[key:string]: any}} */ d) => {
+      const { score, license, name, severityCount, version } = d
+      console.log(`\nPackage metrics for ${name}:`)
+
+      const scoreResult = {
+        'Supply Chain Risk': Math.floor(score.supplyChain * 100),
+        'Maintenance': Math.floor(score.maintenance * 100),
+        'Quality': Math.floor(score.quality * 100),
+        'Vulnerabilities': Math.floor(score.vulnerability * 100),
+        'License': Math.floor(score.license * 100),
+        'Overall': Math.floor(score.overall * 100)
+      }
 
-    // Link to issues list
-    const format = new ChalkOrMarkdown(!!outputMarkdown)
-    const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
-    if (pkgVersion === 'latest') {
-      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName}`, url, { fallbackToUrl: true }))
-    } else {
-      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
-    }
-    if (!outputMarkdown) {
-      console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
-    }
-  }
+      Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
+
+      // Package license
+      console.log('\nPackage license:')
+      console.log(`${license}`)
+
+      // Package issues list
+      if (objectSome(severityCount)) {
+        const issueSummary = formatSeverityCount(severityCount)
+        console.log('\n')
+        spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+        formatPackageIssuesDetails(data.alerts, outputMarkdown)
+      } else if (severityCount && !objectSome(severityCount)) {
+        console.log('\n')
+        spinner.succeed('Package has no issues')
+      }
 
-  if (strict && objectSome(severityCount)) {
-    process.exit(1)
+      // Link to issues list
+      const format = new ChalkOrMarkdown(!!outputMarkdown)
+      const url = `https://socket.dev/npm/package/${name}/overview/${version}`
+      if (version === 'latest') {
+        console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${name}`, url, { fallbackToUrl: true }))
+      } else {
+        console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${name} v${version}`, url, { fallbackToUrl: true }))
+      }
+      if (!outputMarkdown) {
+        console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
+      }
+
+      if (strict && objectSome(severityCount)) {
+        process.exit(1)
+      }
+      return d
+    })
   }
 }
 
 /**
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} packageData
+ * @param {{[key: string]: any}[]} alertsData
  * @param {boolean} outputMarkdown
  * @returns {void[]}
  */
-function formatPackageIssuesDetails (packageData, outputMarkdown) {
-  const issueDetails = packageData.filter(d => d.value?.severity === 'high' || d.value?.severity === 'critical')
+function formatPackageIssuesDetails (alertsData, outputMarkdown) {
+  const issueDetails = alertsData.filter(d => d['severity'] === 'high' || d['severity'] === 'critical')
 
   const uniqueIssues = issueDetails.reduce((/** @type {{ [key: string]: {count: Number, label: string | undefined} }} */ acc, issue) => {
   const { type } = issue
     if (type) {
       if (!acc[type]) {
         acc[type] = {
-          label: issue.value?.label,
+          label: issue['type'],
           count: 1
         }
       } else {
@@ -217,6 +258,7 @@ function formatPackageIssuesDetails (packageData, outputMarkdown) {
   }, {})
 
   const format = new ChalkOrMarkdown(!!outputMarkdown)
+
   return Object.keys(uniqueIssues).map(issue => {
     const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, `https://socket.dev/npm/issue/${issue}`, { fallbackToUrl: true })
     if (uniqueIssues[issue]?.count === 1) {

package/lib/commands/login/index.js

@@ -12,7 +12,7 @@ import { getSetting, updateSetting } from '../../utils/settings.js'
 
 const description = 'Socket API login'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const login = {
   description,
   run: async (argv, importMeta, { parentName }) => {

package/lib/commands/logout/index.js

@@ -5,7 +5,7 @@ import { updateSetting } from '../../utils/settings.js'
 
 const description = 'Socket API logout'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const logout = {
   description,
   run: async (argv, importMeta, { parentName }) => {

package/lib/commands/npm/index.js

@@ -1,16 +1,21 @@
-import { spawn } from 'child_process'
+import { spawn, execSync } from 'child_process'
 import { fileURLToPath } from 'url'
 
 const description = 'npm wrapper functionality'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const npm = {
   description,
   run: async (argv, _importMeta, _ctx) => {
+    const npmVersion = execSync('npm -v').toString()
     const wrapperPath = fileURLToPath(new URL('../../shadow/npm-cli.cjs', import.meta.url))
     process.exitCode = 1
     spawn(process.execPath, [wrapperPath, ...argv], {
-      stdio: 'inherit'
+      stdio: 'inherit',
+      env: {
+        ...process.env,
+        NPM_VERSION: npmVersion
+      }
     }).on('exit', (code, signal) => {
       if (signal) {
         process.kill(process.pid, signal)

package/lib/commands/npx/index.js

@@ -3,7 +3,7 @@ import { fileURLToPath } from 'url'
 
 const description = 'npx wrapper functionality'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const npx = {
   description,
   run: async (argv, _importMeta, _ctx) => {

package/lib/commands/report/create.js

@@ -19,7 +19,7 @@ import { createDebugLogger } from '../../utils/misc.js'
 import { getPackageFiles } from '../../utils/path-resolve.js'
 import { setupSdk } from '../../utils/sdk.js'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const create = {
   description: 'Create a project report',
   async run (argv, importMeta, { parentName }) {

package/lib/commands/report/index.js

@@ -4,7 +4,7 @@ import { meowWithSubcommands } from '../../utils/meow-with-subcommands.js'
 
 const description = 'Project report related commands'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const report = {
   description,
   run: async (argv, importMeta, { parentName }) => {

package/lib/commands/report/view.js

@@ -13,7 +13,7 @@ import { getSeverityCount, formatSeverityCount } from '../../utils/format-issues
 import { printFlagList } from '../../utils/formatting.js'
 import { setupSdk } from '../../utils/sdk.js'
 
-/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
 export const view = {
   description: 'View a project report',
   async run (argv, importMeta, { parentName }) {

package/lib/commands/repos/create.js

@@ -0,0 +1,166 @@
+/* eslint-disable no-console */
+
+import chalk from 'chalk'
+import meow from 'meow'
+import ora from 'ora'
+
+import { outputFlags } from '../../flags/index.js'
+import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
+import { prepareFlags } from '../../utils/flags.js'
+import { printFlagList } from '../../utils/formatting.js'
+import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const create = {
+  description: 'Create a repository in an organization',
+  async run (argv, importMeta, { parentName }) {
+    const name = parentName + ' create'
+
+    const input = setupCommand(name, create.description, argv, importMeta)
+    if (input) {
+      const spinnerText = 'Creating repository... \n'
+      const spinner = ora(spinnerText).start()
+      await createRepo(input.orgSlug, input, spinner)
+    }
+  }
+}
+
+const repositoryCreationFlags = prepareFlags({
+  repoName: {
+    type: 'string',
+    shortFlag: 'n',
+    default: '',
+    description: 'Repository name',
+  },
+  repoDescription: {
+    type: 'string',
+    shortFlag: 'd',
+    default: '',
+    description: 'Repository description',
+  },
+  homepage: {
+    type: 'string',
+    shortFlag: 'h',
+    default: '',
+    description: 'Repository url',
+  },
+  defaultBranch: {
+    type: 'string',
+    shortFlag: 'b',
+    default: 'main',
+    description: 'Repository default branch',
+  },
+  visibility: {
+    type: 'string',
+    shortFlag: 'v',
+    default: 'private',
+    description: 'Repository visibility (Default Private)',
+  }
+})
+
+// Internal functions
+
+/**
+ * @typedef CommandContext
+ * @property {boolean} outputJson
+ * @property {boolean} outputMarkdown
+ * @property {string} orgSlug
+ * @property {string} name
+ * @property {string} description
+ * @property {string} homepage
+ * @property {string} default_branch
+ * @property {string} visibility
+ */
+
+/**
+ * @param {string} name
+ * @param {string} description
+ * @param {readonly string[]} argv
+ * @param {ImportMeta} importMeta
+ * @returns {void|CommandContext}
+ */
+function setupCommand (name, description, argv, importMeta) {
+  const flags = {
+    ...outputFlags,
+    ...repositoryCreationFlags
+  }
+
+  const cli = meow(`
+    Usage
+      $ ${name} <org slug>
+
+    Options
+      ${printFlagList(flags, 6)}
+
+    Examples
+      $ ${name} FakeOrg --repoName=test-repo
+  `, {
+    argv,
+    description,
+    importMeta,
+    flags
+  })
+
+  const {
+    json: outputJson,
+    markdown: outputMarkdown,
+    repoName,
+    repoDescription,
+    homepage,
+    defaultBranch,
+    visibility
+  } = cli.flags
+
+  const [orgSlug = ''] = cli.input
+
+  if (!orgSlug) {
+    console.error(`${chalk.bgRed('Input error')}: Please provide an organization slug \n`)
+    cli.showHelp()
+    return
+  }
+
+  if (!repoName) {
+    console.error(`${chalk.bgRed('Input error')}: Repository name is required. \n`)
+    cli.showHelp()
+    return
+  }
+
+  return {
+    outputJson,
+    outputMarkdown,
+    orgSlug,
+    name: repoName,
+    description: repoDescription,
+    homepage,
+    default_branch: defaultBranch,
+    visibility
+  }
+}
+
+/**
+ * @typedef RepositoryData
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'createOrgRepo'>["data"]} data
+ */
+
+/**
+ * @param {string} orgSlug
+ * @param {CommandContext} input
+ * @param {import('ora').Ora} spinner
+ * @returns {Promise<void|RepositoryData>}
+ */
+async function createRepo (orgSlug, input, spinner) {
+  const socketSdk = await setupSdk(getDefaultKey())
+  const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, input), 'creating repository')
+
+  if (!result.success) {
+    return handleUnsuccessfulApiResponse('createOrgRepo', result, spinner)
+  }
+
+  spinner.stop()
+
+  console.log('\n✅ Repository created successfully \n')
+
+  return {
+    data: result.data
+  }
+}

package/lib/commands/repos/delete.js

@@ -0,0 +1,93 @@
+/* eslint-disable no-console */
+
+import chalk from 'chalk'
+import meow from 'meow'
+import ora from 'ora'
+
+import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
+import { getDefaultKey, setupSdk } from '../../utils/sdk.js'
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const del = {
+  description: 'Delete a repository in an organization',
+  async run (argv, importMeta, { parentName }) {
+    const name = parentName + ' del'
+
+    const input = setupCommand(name, del.description, argv, importMeta)
+    if (input) {
+      const spinnerText = 'Deleting repository... \n'
+      const spinner = ora(spinnerText).start()
+      await deleteRepository(input.orgSlug, input.repoName, spinner)
+    }
+  }
+}
+
+// Internal functions
+
+/**
+ * @typedef CommandContext
+ * @property {string} orgSlug
+ * @property {string} repoName
+ */
+
+/**
+ * @param {string} name
+ * @param {string} description
+ * @param {readonly string[]} argv
+ * @param {ImportMeta} importMeta
+ * @returns {void|CommandContext}
+ */
+function setupCommand (name, description, argv, importMeta) {
+  const cli = meow(`
+    Usage
+      $ ${name} <org slug> <repo slug>
+
+    Examples
+      $ ${name} FakeOrg test-repo
+  `, {
+    argv,
+    description,
+    importMeta
+  })
+
+  const [orgSlug = '', repoName = ''] = cli.input
+
+  if (!orgSlug || !repoName) {
+    console.error(`${chalk.bgRed('Input error')}: Please provide an organization slug and repository slug \n`)
+    cli.showHelp()
+    return
+  }
+
+  return {
+    orgSlug,
+    repoName
+  }
+}
+
+/**
+ * @typedef RepositoryData
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'deleteOrgRepo'>["data"]} data
+ */
+
+/**
+ * @param {string} orgSlug
+ * @param {string} repoName
+ * @param {import('ora').Ora} spinner
+ * @returns {Promise<void|RepositoryData>}
+ */
+async function deleteRepository (orgSlug, repoName, spinner) {
+  const socketSdk = await setupSdk(getDefaultKey())
+  const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository')
+
+  if (!result.success) {
+    return handleUnsuccessfulApiResponse('deleteOrgRepo', result, spinner)
+  }
+
+  spinner.stop()
+
+  console.log('\n✅ Repository deleted successfully \n')
+
+  return {
+    data: result.data
+  }
+}