mobbdev 0.0.9 → 0.0.11

package/.env

@@ -1,4 +1,5 @@
-# production@v3
+# production@v5
 WEB_LOGIN_URL="https://app.mobb.dev/cli-login"
 WEB_REPORT_URL="https://app.mobb.dev/report/"
-API_URL="https://api.mobb.dev/v1/graphql"
+API_URL="https://api.mobb.dev/v1/graphql"
+WEB_APP_URL="https://app.mobb.dev"

package/index.mjs

@@ -5,7 +5,7 @@ const tmpObj = tmp.dirSync({
     unsafeCleanup: true,
 });
 
-main(tmpObj.name, process.argv.at(2))
+main(tmpObj.name, process.argv[2])
     .catch((err) => {
         console.error(
             'Something went wrong, please try again or contact support if issue persists.'

package/package.json

@@ -1,8 +1,8 @@
 {
     "name": "mobbdev",
-    "version": "0.0.9",
+    "version": "0.0.11",
     "description": "Automated secure code remediation tool",
-    "main": "index.js",
+    "main": "index.mjs",
     "scripts": {
         "lint": "prettier --check . && eslint **/*.mjs",
         "lint:fix": "prettier --write . && eslint --fix **/*.mjs",
@@ -19,9 +19,9 @@
         "configstore": "6.0.0",
         "dotenv": "16.0.3",
         "extract-zip": "2.0.1",
-        "form-data": "4.0.0",
-        "got": "12.6.0",
+        "node-fetch": "3.3.1",
         "open": "8.4.2",
+        "semver": "7.5.0",
         "snyk": "1.1118.0",
         "tmp": "0.2.1",
         "zod": "3.21.4"
@@ -33,12 +33,12 @@
         "prettier": "2.8.4"
     },
     "engines": {
-        "node": ">=8.5.0"
+        "node": ">=12.20.0"
     },
+    "type": "module",
     "files": [
         "bin",
         "src",
-        "index.mjs",
         ".env",
         "README.md",
         "LICENSE",

package/src/constants.mjs

@@ -9,7 +9,7 @@ dotenv.config({ path: path.join(__dirname, '../.env') });
 const envVariablesSchema = z
     .object({
         WEB_LOGIN_URL: z.string(),
-        WEB_REPORT_URL: z.string(),
+        WEB_APP_URL: z.string(),
         API_URL: z.string(),
     })
     .required();
@@ -17,5 +17,5 @@ const envVariablesSchema = z
 const envVariables = envVariablesSchema.parse(process.env);
 
 export const WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
-export const WEB_REPORT_URL = envVariables.WEB_REPORT_URL;
+export const WEB_APP_URL = envVariables.WEB_APP_URL;
 export const API_URL = envVariables.API_URL;

package/src/github.mjs

@@ -1,9 +1,9 @@
-import got from 'got';
 import fs from 'node:fs';
-import { promisify } from 'node:util';
 import stream from 'node:stream';
-import extract from 'extract-zip';
 import path from 'node:path';
+import { promisify } from 'node:util';
+import fetch from 'node-fetch';
+import extract from 'extract-zip';
 
 const pipeline = promisify(stream.pipeline);
 
@@ -18,44 +18,37 @@ export async function getDefaultBranch(repoUrl) {
         slug = slug.substring(0, slug.length - '.git'.length);
     }
 
-    try {
-        const repoInfo = await got(`https://api.github.com/repos/${slug}`, {
-            method: 'GET',
-            headers: {
-                Accept: 'application/vnd.github+json',
-                'X-GitHub-Api-Version': '2022-11-28',
-            },
-        }).json();
-
-        return repoInfo.default_branch;
-    } catch (e) {
+    const response = await fetch(`https://api.github.com/repos/${slug}`, {
+        method: 'GET',
+        headers: {
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+
+    if (!response.ok) {
         throw new Error(
             `Can't get default branch, make sure the repository is public: ${repoUrl}.`
         );
     }
+
+    const repoInfo = await response.json();
+
+    return repoInfo.default_branch;
 }
 
 export async function downloadRepo(repoUrl, reference, dirname) {
     const zipFilePath = path.join(dirname, 'repo.zip');
-    const downloadStream = got.stream(`${repoUrl}/zipball/${reference}`);
+    const response = await fetch(`${repoUrl}/zipball/${reference}`);
     const fileWriterStream = fs.createWriteStream(zipFilePath);
 
-    downloadStream.on('downloadProgress', ({ transferred, percent }) => {
-        if (transferred > 0) {
-            console.log(
-                `Progress: ${transferred} (${Math.round(percent * 100)}%) ...`
-            );
-        }
-    });
-
-    await pipeline(downloadStream, fileWriterStream);
+    await pipeline(response.body, fileWriterStream);
     await extract(zipFilePath, { dir: dirname });
 
     const repoRoot = fs
         .readdirSync(dirname, { withFileTypes: true })
         .filter((dirent) => dirent.isDirectory())
-        .map((dirent) => dirent.name)
-        .at(0);
+        .map((dirent) => dirent.name)[0];
 
     return path.join(dirname, repoRoot);
 }

package/src/gql.mjs

@@ -1,19 +1,29 @@
-import got from 'got';
+import fetch from 'node-fetch';
 import { API_URL } from './constants.mjs';
 
 const ME = `
-query me {
-  me {
+query Me {
+  user {
+    id
     email
-    projectId
+    userOrganizations {
+      organization {
+        id
+        projects {
+          id
+        }
+      }
+    }
   }
 }
 `;
 
 const CREATE_COMMUNITY_USER = `
 mutation CreateCommunityUser {
-  createCommunityUser {
-    status
+ initOrganizationAndProject {
+    userId
+    projectId
+    organizationId
   }
 }
 `;
@@ -34,13 +44,13 @@ mutation uploadS3BucketInfo($fileName: String!) {
 `;
 
 const SUBMIT_VULNERABILITY_REPORT = `
-mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $repoUrl: String!, $reference: String!) {
+mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!) {
   submitVulnerabilityReport(
     fixReportId: $fixReportId
     repoUrl: $repoUrl
     reference: $reference
     vulnerabilityReportFileName: $vulnerabilityReportFileName
-    githubAuthToken: null
+    projectId: $projectId
   ) {
     __typename
   }
@@ -48,40 +58,65 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 `;
 
 export class GQLClient {
-    #token;
-
     constructor(token) {
-        this.#token = token;
+        this._token = token;
+        this._projectId = undefined;
+        this._organizationId = undefined;
     }
 
-    async #apiCall(query, variables = {}) {
-        const response = await got(API_URL, {
+    async _apiCall(query, variables = {}) {
+        const response = await fetch(API_URL, {
             method: 'POST',
             headers: {
-                authorization: `Bearer ${this.#token}`,
+                authorization: `Bearer ${this._token}`,
             },
             body: JSON.stringify({
                 query,
                 variables,
             }),
-        }).json();
+        });
 
-        if (response.errors) {
+        if (!response.ok) {
+            throw new Error(`API call failed: ${response.status}`);
+        }
+
+        const data = await response.json();
+
+        if (data.errors) {
             throw new Error(`API error: ${response.errors[0].message}`);
         }
 
-        if (!response.data) {
+        if (!data.data) {
             throw new Error('No data returned for the API query.');
         }
 
-        return response.data;
+        return data.data;
+    }
+
+    getOrganizationId() {
+        return this._organizationId;
+    }
+
+    getProjectId() {
+        return this._projectId;
     }
 
     async verifyToken() {
         await this.createCommunityUser();
 
         try {
-            await this.#apiCall(ME);
+            const userInfo = await this._apiCall(ME);
+            const {
+                user: [{ userOrganizations }],
+            } = userInfo;
+            const [
+                {
+                    organization: { id: organizationId, projects },
+                },
+            ] = userOrganizations;
+            const [{ id: projectId }] = projects;
+            this._projectId = projectId;
+            this._organizationId = organizationId;
         } catch (e) {
             return false;
         }
@@ -90,14 +125,14 @@ export class GQLClient {
 
     async createCommunityUser() {
         try {
-            await this.#apiCall(CREATE_COMMUNITY_USER);
+            await this._apiCall(CREATE_COMMUNITY_USER);
         } catch (e) {
             // Ignore errors
         }
     }
 
     async uploadS3BucketInfo() {
-        const data = await this.#apiCall(UPLOAD_S3_BUCKET_INFO, {
+        const data = await this._apiCall(UPLOAD_S3_BUCKET_INFO, {
             fileName: 'report.json',
         });
 
@@ -112,11 +147,12 @@ export class GQLClient {
     }
 
     async submitVulnerabilityReport(fixReportId, repoUrl, reference) {
-        await this.#apiCall(SUBMIT_VULNERABILITY_REPORT, {
+        await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
             repoUrl,
             reference,
             vulnerabilityReportFileName: 'report.json',
+            projectId: this._projectId,
         });
     }
 }

package/src/index.mjs

@@ -1,6 +1,7 @@
 import { fileURLToPath } from 'node:url';
 import fs from 'node:fs';
 import path from 'node:path';
+import semver from 'semver';
 import open from 'open';
 import Configstore from 'configstore';
 import { GQLClient } from './gql.mjs';
@@ -8,12 +9,20 @@ import { webLogin } from './web-login.mjs';
 import { downloadRepo, getDefaultBranch } from './github.mjs';
 import { getSnykReport } from './snyk.mjs';
 import { uploadFile } from './upload-file.mjs';
-import { WEB_REPORT_URL } from './constants.mjs';
+import { WEB_APP_URL } from './constants.mjs';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const packageJson = JSON.parse(
     fs.readFileSync(path.join(__dirname, '../package.json'), 'utf8')
 );
+
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+    console.error(
+        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+    );
+    process.exit(1);
+}
+
 const config = new Configstore(packageJson.name, { token: '' });
 
 export async function main(dirname, repoUrl) {
@@ -66,12 +75,17 @@ export async function main(dirname, repoUrl) {
         reference
     );
 
-    if ((report.runs?.at(0)?.results?.length ?? 0) === 0) {
+    const results = ((report.runs || [])[0] || {}).results || [];
+    if (results.length === 0) {
         console.log('Snyk has not found any vulnerabilities — nothing to fix.');
     } else {
         console.log(
             'You will be redirected to our report page, please wait until the analysis is finished and enjoy your fixes.'
         );
-        await open(`${WEB_REPORT_URL}${uploadData.fixReportId}`);
+        const projectId = gqlClient.getProjectId();
+        const organizationId = gqlClient.getOrganizationId();
+        await open(
+            `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${uploadData.fixReportId}`
+        );
     }
 }

package/src/upload-file.mjs

@@ -1,6 +1,4 @@
-import FormData from 'form-data';
-import fs from 'node:fs';
-import got from 'got';
+import fetch, { FormData, fileFrom } from 'node-fetch';
 
 export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     const form = new FormData();
@@ -10,10 +8,14 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     }
 
     form.append('key', uploadKey);
-    form.append('file', fs.createReadStream(reportPath));
+    form.append('file', await fileFrom(reportPath));
 
-    await got(url, {
+    const response = await fetch(url, {
         method: 'POST',
         body: form,
     });
+
+    if (!response.ok) {
+        throw new Error(`Failed to upload the report: ${response.status}`);
+    }
 }