@synkro-sh/cli 1.6.14 → 1.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.js +23 -7
- package/dist/bootstrap.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.js
CHANGED
|
@@ -1322,9 +1322,15 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
|
|
|
1322
1322
|
const summary = scanResp?.summary || '';
|
|
1323
1323
|
const scannedLabel = pkgResults.map((p: any) => p.name + '@' + p.version).join(', ');
|
|
1324
1324
|
if (action === 'block') {
|
|
1325
|
-
|
|
1326
|
-
|
|
1327
|
-
|
|
1325
|
+
// Every critical/high signal (uncapped) + the true CVE total. The grader
|
|
1326
|
+
// only sees what we put in blockContext \u2014 so the real count must be
|
|
1327
|
+
// STATED here; a bare preview lets it under-report (the count is data,
|
|
1328
|
+
// not something the grader should infer from a truncated list).
|
|
1329
|
+
const highSignals = pkgResults
|
|
1330
|
+
.flatMap((p: any) => (p.signals || []).filter((s: any) => s.severity === 'critical' || s.severity === 'high'));
|
|
1331
|
+
const cveCount = pkgResults
|
|
1332
|
+
.flatMap((p: any) => (p.signals || []))
|
|
1333
|
+
.filter((s: any) => s.type === 'cve').length;
|
|
1328
1334
|
const findings: InstallScanResult['findings'] = [];
|
|
1329
1335
|
for (const p of pkgResults) {
|
|
1330
1336
|
for (const s of (p.signals || [])) {
|
|
@@ -1337,10 +1343,20 @@ export async function runInstallScan(command: string, jwt: string): Promise<Inst
|
|
|
1337
1343
|
}
|
|
1338
1344
|
}
|
|
1339
1345
|
}
|
|
1340
|
-
|
|
1346
|
+
// Preview the top 5 detail lines; the headline carries the true total.
|
|
1347
|
+
const blockSignals = highSignals.slice(0, 5);
|
|
1348
|
+
const headline = cveCount > 0
|
|
1349
|
+
? cveCount + ' known CVE' + (cveCount === 1 ? '' : 's') + ' found in ' + (scannedLabel || 'the requested install') + '.\\n'
|
|
1350
|
+
: '';
|
|
1351
|
+
const preview = blockSignals.map((s: any) => s.detail).join('\\n') || summary;
|
|
1352
|
+
const more = highSignals.length > blockSignals.length
|
|
1353
|
+
? '\\n(+' + (highSignals.length - blockSignals.length) + ' more critical/high findings not shown)'
|
|
1354
|
+
: '';
|
|
1341
1355
|
return {
|
|
1342
1356
|
scanned: true, action: 'block',
|
|
1343
|
-
blockContext:
|
|
1357
|
+
blockContext: headline + preview + more
|
|
1358
|
+
+ '\\nReport the CVE count and fix version exactly as stated above \u2014 do not estimate.'
|
|
1359
|
+
+ '\\nDo NOT install packages with security risks. Use a patched version or a different package.',
|
|
1344
1360
|
summary, scannedLabel, findings,
|
|
1345
1361
|
violatedIds: blockSignals.map((s: any) => s.type + ':' + (s.detail || '').slice(0, 40)),
|
|
1346
1362
|
};
|
|
@@ -6504,7 +6520,7 @@ function writeConfigEnv(opts) {
|
|
|
6504
6520
|
`SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
|
|
6505
6521
|
`SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
|
|
6506
6522
|
`SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
|
|
6507
|
-
`SYNKRO_VERSION=${shellQuoteSingle("1.6.
|
|
6523
|
+
`SYNKRO_VERSION=${shellQuoteSingle("1.6.15")}`
|
|
6508
6524
|
];
|
|
6509
6525
|
if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
|
|
6510
6526
|
if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
|
|
@@ -9169,7 +9185,7 @@ var args = process.argv.slice(2);
|
|
|
9169
9185
|
var cmd = args[0] || "";
|
|
9170
9186
|
var subArgs = args.slice(1);
|
|
9171
9187
|
function printVersion() {
|
|
9172
|
-
console.log("1.6.
|
|
9188
|
+
console.log("1.6.15");
|
|
9173
9189
|
}
|
|
9174
9190
|
function printHelp2() {
|
|
9175
9191
|
console.log(`Synkro CLI \u2014 runtime safety for AI coding agents
|