@socketsecurity/cli 1.1.31 → 1.1.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/cli.js +45 -11
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +5 -5
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
  8. package/dist/utils.js +2 -2
  9. package/dist/utils.js.map +1 -1
  10. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
+ ## [1.1.32](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.32) - 2025-11-20
8
+
9
+ ### Changed
10
+ - Updated @coana-tech/cli to 14.12.90
11
+ - Updated @cyclonedx/cdxgen to 11.11.0
12
+
13
+ ### Fixed
14
+ - Resolved `--limit` flag behavior to correctly restrict vulnerability processing in `socket fix` local mode
15
+ - Exclude `.socket.facts.json` files from `socket fix` manifest uploads
16
+
7
17
  ## [1.1.31](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.31) - 2025-11-19
8
18
 
9
19
  ### Fixed
package/dist/cli.js CHANGED
@@ -3673,6 +3673,29 @@ async function getFixEnv() {
3673
3673
  };
3674
3674
  }
3675
3675
 
3676
+ /**
3677
+ * Discovers GHSA IDs by running coana without applying fixes.
3678
+ * Returns a list of GHSA IDs, optionally limited.
3679
+ */
3680
+ async function discoverGhsaIds(orgSlug, tarHash, fixConfig, options) {
3681
+ const {
3682
+ cwd = process.cwd(),
3683
+ limit,
3684
+ spinner
3685
+ } = {
3686
+ __proto__: null,
3687
+ ...options
3688
+ };
3689
+ const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(fixConfig.minimumReleaseAge ? ['--minimum-release-age', fixConfig.minimumReleaseAge] : []), ...(fixConfig.include.length ? ['--include', ...fixConfig.include] : []), ...(fixConfig.exclude.length ? ['--exclude', ...fixConfig.exclude] : []), ...(fixConfig.disableMajorUpdates ? ['--disable-major-updates'] : []), ...(fixConfig.showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], orgSlug, {
3690
+ cwd,
3691
+ spinner
3692
+ });
3693
+ if (foundCResult.ok) {
3694
+ const foundIds = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found:).*/.exec(foundCResult.data));
3695
+ return limit !== undefined ? foundIds.slice(0, limit) : foundIds;
3696
+ }
3697
+ return [];
3698
+ }
3676
3699
  async function coanaFix(fixConfig) {
3677
3700
  const {
3678
3701
  applyFixes,
@@ -3709,7 +3732,10 @@ async function coanaFix(fixConfig) {
3709
3732
  const scanFilepaths = await utils.getPackageFilesForScan(['.'], supportedFiles, {
3710
3733
  cwd
3711
3734
  });
3712
- const uploadCResult = await utils.handleApiCall(sockSdk.uploadManifestFiles(orgSlug, scanFilepaths), {
3735
+ // Exclude any .socket.facts.json files that happen to be in the scan
3736
+ // folder before the analysis was run.
3737
+ const filepathsToUpload = scanFilepaths.filter(p => path.basename(p).toLowerCase() !== constants.DOT_SOCKET_DOT_FACTS_JSON);
3738
+ const uploadCResult = await utils.handleApiCall(sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload), {
3713
3739
  description: 'upload manifests',
3714
3740
  spinner
3715
3741
  });
@@ -3741,8 +3767,19 @@ async function coanaFix(fixConfig) {
3741
3767
  logger.logger.info('Running in local mode - fixes will be applied directly to your working directory.\n' + getCiEnvInstructions());
3742
3768
  }
3743
3769
  }
3744
- const ids = isAll ? ['all'] : ghsas.slice(0, limit);
3745
- if (!ids.length) {
3770
+ let ids;
3771
+ if (isAll && limit > 0) {
3772
+ ids = await discoverGhsaIds(orgSlug, tarHash, fixConfig, {
3773
+ cwd,
3774
+ limit,
3775
+ spinner
3776
+ });
3777
+ } else if (limit > 0) {
3778
+ ids = ghsas.slice(0, limit);
3779
+ } else {
3780
+ ids = [];
3781
+ }
3782
+ if (limit < 1 || ids.length === 0) {
3746
3783
  spinner?.stop();
3747
3784
  return {
3748
3785
  ok: true,
@@ -3756,7 +3793,7 @@ async function coanaFix(fixConfig) {
3756
3793
  const tmpDir = os.tmpdir();
3757
3794
  const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
3758
3795
  try {
3759
- const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3796
+ const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3760
3797
  cwd,
3761
3798
  spinner,
3762
3799
  stdio: 'inherit'
@@ -3788,7 +3825,7 @@ async function coanaFix(fixConfig) {
3788
3825
  // Clean up the temporary file.
3789
3826
  try {
3790
3827
  await fs$1.promises.unlink(tmpFile);
3791
- } catch (e) {
3828
+ } catch {
3792
3829
  // Ignore cleanup errors.
3793
3830
  }
3794
3831
  }
@@ -3815,14 +3852,11 @@ async function coanaFix(fixConfig) {
3815
3852
  const shouldSpawnCoana = adjustedLimit > 0;
3816
3853
  let ids;
3817
3854
  if (shouldSpawnCoana && isAll) {
3818
- const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
3855
+ ids = await discoverGhsaIds(orgSlug, tarHash, fixConfig, {
3819
3856
  cwd,
3857
+ limit: adjustedLimit,
3820
3858
  spinner
3821
3859
  });
3822
- if (foundCResult.ok) {
3823
- const foundIds = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found:).*/.exec(foundCResult.data));
3824
- ids = foundIds.slice(0, adjustedLimit);
3825
- }
3826
3860
  } else if (shouldSpawnCoana) {
3827
3861
  ids = ghsas.slice(0, adjustedLimit);
3828
3862
  }
@@ -15277,5 +15311,5 @@ void (async () => {
15277
15311
  await utils.captureException(e);
15278
15312
  }
15279
15313
  })();
15280
- //# debugId=4f8753fd-5919-4ea2-a850-0b907ec7bd09
15314
+ //# debugId=24f79e28-d381-4303-8ec8-8eade398a936
15281
15315
  //# sourceMappingURL=cli.js.map