socket 0.15.30 → 0.15.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +135 -66
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/external/@socketsecurity/registry/lib/debug.js +0 -2
- package/package.json +1 -1
- package/dist/vendor.js.map +0 -1
package/dist/cli.js
CHANGED
|
@@ -3641,6 +3641,22 @@ const cmdDiffScan = {
|
|
|
3641
3641
|
}
|
|
3642
3642
|
};
|
|
3643
3643
|
|
|
3644
|
+
async function outputFixResult(result, outputKind) {
|
|
3645
|
+
if (!result.ok) {
|
|
3646
|
+
process.exitCode = result.code ?? 1;
|
|
3647
|
+
}
|
|
3648
|
+
if (outputKind === 'json') {
|
|
3649
|
+
logger.logger.log(utils.serializeResultJson(result));
|
|
3650
|
+
return;
|
|
3651
|
+
}
|
|
3652
|
+
if (!result.ok) {
|
|
3653
|
+
logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
|
|
3654
|
+
return;
|
|
3655
|
+
}
|
|
3656
|
+
logger.logger.log('');
|
|
3657
|
+
logger.logger.success('Finished!');
|
|
3658
|
+
}
|
|
3659
|
+
|
|
3644
3660
|
function formatBranchName(name) {
|
|
3645
3661
|
return name.replace(/[-_.\\/]+/g, '-').replace(/[^-a-zA-Z0-9]+/g, '').replace(/^-+|-+$/g, '');
|
|
3646
3662
|
}
|
|
@@ -4164,37 +4180,8 @@ function getAlertsMapOptions(options = {}) {
|
|
|
4164
4180
|
}
|
|
4165
4181
|
};
|
|
4166
4182
|
}
|
|
4167
|
-
function normalizeFixOptions(options_) {
|
|
4168
|
-
const options = {
|
|
4169
|
-
__proto__: null,
|
|
4170
|
-
...options_
|
|
4171
|
-
};
|
|
4172
|
-
if (typeof options.autopilot !== 'boolean') {
|
|
4173
|
-
options.autopilot = false;
|
|
4174
|
-
}
|
|
4175
|
-
if (typeof options.autoMerge !== 'boolean') {
|
|
4176
|
-
options.autoMerge = !!options.autopilot;
|
|
4177
|
-
}
|
|
4178
|
-
if (typeof options.cwd !== 'string') {
|
|
4179
|
-
options.cwd = process.cwd();
|
|
4180
|
-
}
|
|
4181
|
-
const limit = typeof options.limit === 'number' ? options.limit : parseInt(`${options.limit || ''}`, 10);
|
|
4182
|
-
options.limit = Number.isNaN(limit) ? Infinity : limit;
|
|
4183
|
-
options.purls = Array.isArray(options.purls) ? options.purls.flatMap(p => p.split(/, */)) : [];
|
|
4184
|
-
if (typeof options.rangeStyle !== 'string') {
|
|
4185
|
-
options.rangeStyle = 'preserve';
|
|
4186
|
-
}
|
|
4187
|
-
if (typeof options.test !== 'boolean') {
|
|
4188
|
-
options.test = !!options.autopilot || !!options.testScript;
|
|
4189
|
-
}
|
|
4190
|
-
if (typeof options.testScript !== 'string') {
|
|
4191
|
-
options.testScript = 'test';
|
|
4192
|
-
}
|
|
4193
|
-
return options;
|
|
4194
|
-
}
|
|
4195
4183
|
|
|
4196
4184
|
const {
|
|
4197
|
-
DRY_RUN_NOT_SAVING: DRY_RUN_NOT_SAVING$1,
|
|
4198
4185
|
NPM: NPM$a
|
|
4199
4186
|
} = constants;
|
|
4200
4187
|
async function install$1(arb, options) {
|
|
@@ -4218,17 +4205,12 @@ async function install$1(arb, options) {
|
|
|
4218
4205
|
async function npmFix(pkgEnvDetails, {
|
|
4219
4206
|
autoMerge,
|
|
4220
4207
|
cwd,
|
|
4221
|
-
dryRun,
|
|
4222
4208
|
limit,
|
|
4223
4209
|
purls,
|
|
4224
4210
|
rangeStyle,
|
|
4225
4211
|
test,
|
|
4226
4212
|
testScript
|
|
4227
4213
|
}) {
|
|
4228
|
-
if (dryRun) {
|
|
4229
|
-
logger.logger.log(DRY_RUN_NOT_SAVING$1);
|
|
4230
|
-
return;
|
|
4231
|
-
}
|
|
4232
4214
|
// Lazily access constants.spinner.
|
|
4233
4215
|
const {
|
|
4234
4216
|
spinner
|
|
@@ -4576,7 +4558,6 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4576
4558
|
}
|
|
4577
4559
|
|
|
4578
4560
|
const {
|
|
4579
|
-
DRY_RUN_NOT_SAVING,
|
|
4580
4561
|
NPM: NPM$9,
|
|
4581
4562
|
OVERRIDES: OVERRIDES$2,
|
|
4582
4563
|
PNPM: PNPM$7
|
|
@@ -4620,17 +4601,12 @@ async function install(pkgEnvDetails, options) {
|
|
|
4620
4601
|
async function pnpmFix(pkgEnvDetails, {
|
|
4621
4602
|
autoMerge,
|
|
4622
4603
|
cwd,
|
|
4623
|
-
dryRun,
|
|
4624
4604
|
limit,
|
|
4625
4605
|
purls,
|
|
4626
4606
|
rangeStyle,
|
|
4627
4607
|
test,
|
|
4628
4608
|
testScript
|
|
4629
4609
|
}) {
|
|
4630
|
-
if (dryRun) {
|
|
4631
|
-
logger.logger.log(DRY_RUN_NOT_SAVING);
|
|
4632
|
-
return;
|
|
4633
|
-
}
|
|
4634
4610
|
// Lazily access constants.spinner.
|
|
4635
4611
|
const {
|
|
4636
4612
|
spinner
|
|
@@ -5100,28 +5076,91 @@ const {
|
|
|
5100
5076
|
NPM: NPM$8,
|
|
5101
5077
|
PNPM: PNPM$6
|
|
5102
5078
|
} = constants;
|
|
5103
|
-
async function runFix(
|
|
5104
|
-
|
|
5105
|
-
|
|
5079
|
+
async function runFix({
|
|
5080
|
+
autoMerge,
|
|
5081
|
+
cwd,
|
|
5082
|
+
limit,
|
|
5083
|
+
purls,
|
|
5084
|
+
rangeStyle,
|
|
5085
|
+
test,
|
|
5086
|
+
testScript
|
|
5087
|
+
}) {
|
|
5088
|
+
// TODO: make detectAndValidatePackageEnvironment return a CResult<pkgEnvDetails> and propagate it
|
|
5089
|
+
const pkgEnvDetails = await utils.detectAndValidatePackageEnvironment(cwd, {
|
|
5106
5090
|
cmdName: CMD_NAME$1,
|
|
5107
5091
|
logger: logger.logger
|
|
5108
5092
|
});
|
|
5109
5093
|
if (!pkgEnvDetails) {
|
|
5110
|
-
return
|
|
5094
|
+
return {
|
|
5095
|
+
ok: false,
|
|
5096
|
+
message: 'No package found',
|
|
5097
|
+
cause: `No valid package environment was found in given cwd (${cwd})`
|
|
5098
|
+
};
|
|
5111
5099
|
}
|
|
5112
5100
|
logger.logger.info(`Fixing packages for ${pkgEnvDetails.agent}.\n`);
|
|
5113
5101
|
const {
|
|
5114
5102
|
agent
|
|
5115
5103
|
} = pkgEnvDetails;
|
|
5116
5104
|
if (agent === NPM$8) {
|
|
5117
|
-
|
|
5105
|
+
// TODO: make npmFix return a CResult and propagate it
|
|
5106
|
+
await npmFix(pkgEnvDetails, {
|
|
5107
|
+
autoMerge,
|
|
5108
|
+
cwd,
|
|
5109
|
+
limit,
|
|
5110
|
+
purls,
|
|
5111
|
+
rangeStyle,
|
|
5112
|
+
test,
|
|
5113
|
+
testScript
|
|
5114
|
+
});
|
|
5118
5115
|
} else if (agent === PNPM$6) {
|
|
5119
|
-
|
|
5116
|
+
// TODO: make pnpmFix return a CResult and propagate it
|
|
5117
|
+
await pnpmFix(pkgEnvDetails, {
|
|
5118
|
+
autoMerge,
|
|
5119
|
+
cwd,
|
|
5120
|
+
limit,
|
|
5121
|
+
purls,
|
|
5122
|
+
rangeStyle,
|
|
5123
|
+
test,
|
|
5124
|
+
testScript
|
|
5125
|
+
});
|
|
5120
5126
|
} else {
|
|
5121
|
-
|
|
5127
|
+
return {
|
|
5128
|
+
ok: false,
|
|
5129
|
+
message: 'Not supported',
|
|
5130
|
+
cause: `${agent} is not supported by this command at the moment.`
|
|
5131
|
+
};
|
|
5122
5132
|
}
|
|
5133
|
+
return {
|
|
5134
|
+
ok: true,
|
|
5135
|
+
data: undefined
|
|
5136
|
+
};
|
|
5123
5137
|
}
|
|
5124
5138
|
|
|
5139
|
+
async function handleFix({
|
|
5140
|
+
autoMerge,
|
|
5141
|
+
cwd,
|
|
5142
|
+
limit,
|
|
5143
|
+
outputKind,
|
|
5144
|
+
purls,
|
|
5145
|
+
rangeStyle,
|
|
5146
|
+
test,
|
|
5147
|
+
testScript
|
|
5148
|
+
}) {
|
|
5149
|
+
const result = await runFix({
|
|
5150
|
+
autoMerge,
|
|
5151
|
+
cwd,
|
|
5152
|
+
limit,
|
|
5153
|
+
purls,
|
|
5154
|
+
rangeStyle,
|
|
5155
|
+
test,
|
|
5156
|
+
testScript
|
|
5157
|
+
});
|
|
5158
|
+
await outputFixResult(result, outputKind);
|
|
5159
|
+
}
|
|
5160
|
+
|
|
5161
|
+
const {
|
|
5162
|
+
DRY_RUN_NOT_SAVING
|
|
5163
|
+
} = constants;
|
|
5125
5164
|
const config$F = {
|
|
5126
5165
|
commandName: 'fix',
|
|
5127
5166
|
description: 'Update dependencies with "fixable" Socket alerts',
|
|
@@ -5200,11 +5239,25 @@ async function run$F(argv, importMeta, {
|
|
|
5200
5239
|
parentName
|
|
5201
5240
|
});
|
|
5202
5241
|
const {
|
|
5242
|
+
autopilot,
|
|
5203
5243
|
json,
|
|
5204
5244
|
markdown
|
|
5205
5245
|
} = cli.flags;
|
|
5206
|
-
|
|
5207
|
-
|
|
5246
|
+
let {
|
|
5247
|
+
autoMerge,
|
|
5248
|
+
rangeStyle,
|
|
5249
|
+
test
|
|
5250
|
+
} = cli.flags;
|
|
5251
|
+
// TODO: impl json/md further
|
|
5252
|
+
const outputKind = utils.getOutputKind(json, markdown);
|
|
5253
|
+
let [cwd = '.'] = cli.input;
|
|
5254
|
+
// Note: path.resolve vs .join:
|
|
5255
|
+
// If given path is absolute then cwd should not affect it.
|
|
5256
|
+
cwd = path.resolve(process.cwd(), cwd);
|
|
5257
|
+
if (autopilot) {
|
|
5258
|
+
autoMerge = true;
|
|
5259
|
+
test = true;
|
|
5260
|
+
}
|
|
5208
5261
|
const wasValidInput = utils.checkCommandInput(outputKind, {
|
|
5209
5262
|
test: utils.RangeStyles.includes(cli.flags['rangeStyle']),
|
|
5210
5263
|
message: `Expecting range style of ${arrays.joinOr(utils.RangeStyles)}`,
|
|
@@ -5214,15 +5267,24 @@ async function run$F(argv, importMeta, {
|
|
|
5214
5267
|
if (!wasValidInput) {
|
|
5215
5268
|
return;
|
|
5216
5269
|
}
|
|
5217
|
-
|
|
5218
|
-
|
|
5219
|
-
|
|
5220
|
-
|
|
5221
|
-
|
|
5222
|
-
|
|
5223
|
-
|
|
5224
|
-
|
|
5225
|
-
|
|
5270
|
+
if (cli.flags['dryRun']) {
|
|
5271
|
+
logger.logger.log(DRY_RUN_NOT_SAVING);
|
|
5272
|
+
return;
|
|
5273
|
+
}
|
|
5274
|
+
let purls = Array.isArray(cli.flags['purl']) ? cli.flags['purl'] : [];
|
|
5275
|
+
purls = purls.flatMap(p => p.split(/, */));
|
|
5276
|
+
if (!['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'].includes(rangeStyle)) {
|
|
5277
|
+
rangeStyle = 'preserve';
|
|
5278
|
+
}
|
|
5279
|
+
await handleFix({
|
|
5280
|
+
autoMerge: Boolean(autoMerge),
|
|
5281
|
+
cwd,
|
|
5282
|
+
limit: (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity,
|
|
5283
|
+
outputKind,
|
|
5284
|
+
purls,
|
|
5285
|
+
rangeStyle: rangeStyle,
|
|
5286
|
+
test: Boolean(test),
|
|
5287
|
+
testScript: String(cli.flags['testScript'] || 'test')
|
|
5226
5288
|
});
|
|
5227
5289
|
}
|
|
5228
5290
|
|
|
@@ -5928,7 +5990,8 @@ async function run$A(argv, importMeta, {
|
|
|
5928
5990
|
const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
|
|
5929
5991
|
const verbose = !!verboseFlag;
|
|
5930
5992
|
let [cwd = '.'] = cli.input;
|
|
5931
|
-
// Note: path.resolve vs .join:
|
|
5993
|
+
// Note: path.resolve vs .join:
|
|
5994
|
+
// If given path is absolute then cwd should not affect it.
|
|
5932
5995
|
cwd = path.resolve(process.cwd(), cwd);
|
|
5933
5996
|
if (verbose) {
|
|
5934
5997
|
logger.logger.group('- ', parentName, config$A.commandName, ':');
|
|
@@ -6043,7 +6106,8 @@ async function run$z(argv, importMeta, {
|
|
|
6043
6106
|
} = cli.flags;
|
|
6044
6107
|
const outputKind = utils.getOutputKind(json, markdown);
|
|
6045
6108
|
let [cwd = '.'] = cli.input;
|
|
6046
|
-
// Note: path.resolve vs .join:
|
|
6109
|
+
// Note: path.resolve vs .join:
|
|
6110
|
+
// If given path is absolute then cwd should not affect it.
|
|
6047
6111
|
cwd = path.resolve(process.cwd(), cwd);
|
|
6048
6112
|
const socketJson = await utils.readOrDefaultSocketJson(cwd);
|
|
6049
6113
|
|
|
@@ -6200,7 +6264,8 @@ async function run$y(argv, importMeta, {
|
|
|
6200
6264
|
} = cli.flags;
|
|
6201
6265
|
const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
|
|
6202
6266
|
let [cwd = '.'] = cli.input;
|
|
6203
|
-
// Note: path.resolve vs .join:
|
|
6267
|
+
// Note: path.resolve vs .join:
|
|
6268
|
+
// If given path is absolute then cwd should not affect it.
|
|
6204
6269
|
cwd = path.resolve(process.cwd(), cwd);
|
|
6205
6270
|
const socketJson = await utils.readOrDefaultSocketJson(cwd);
|
|
6206
6271
|
debug.debugLog('[DEBUG] socket.json gradle override:', socketJson?.defaults?.manifest?.gradle);
|
|
@@ -6356,7 +6421,8 @@ async function run$x(argv, importMeta, {
|
|
|
6356
6421
|
} = cli.flags;
|
|
6357
6422
|
const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
|
|
6358
6423
|
let [cwd = '.'] = cli.input;
|
|
6359
|
-
// Note: path.resolve vs .join:
|
|
6424
|
+
// Note: path.resolve vs .join:
|
|
6425
|
+
// If given path is absolute then cwd should not affect it.
|
|
6360
6426
|
cwd = path.resolve(process.cwd(), cwd);
|
|
6361
6427
|
const socketJson = await utils.readOrDefaultSocketJson(cwd);
|
|
6362
6428
|
debug.debugLog('[DEBUG] socket.json gradle override:', socketJson?.defaults?.manifest?.gradle);
|
|
@@ -6521,7 +6587,8 @@ async function run$w(argv, importMeta, {
|
|
|
6521
6587
|
} = cli.flags;
|
|
6522
6588
|
const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
|
|
6523
6589
|
let [cwd = '.'] = cli.input;
|
|
6524
|
-
// Note: path.resolve vs .join:
|
|
6590
|
+
// Note: path.resolve vs .join:
|
|
6591
|
+
// If given path is absolute then cwd should not affect it.
|
|
6525
6592
|
cwd = path.resolve(process.cwd(), cwd);
|
|
6526
6593
|
const socketJson = await utils.readOrDefaultSocketJson(cwd);
|
|
6527
6594
|
debug.debugLog('[DEBUG] socket.json sbt override:', socketJson?.defaults?.manifest?.sbt);
|
|
@@ -7078,7 +7145,8 @@ async function run$v(argv, importMeta, {
|
|
|
7078
7145
|
defaultOnReadError = false
|
|
7079
7146
|
} = cli.flags;
|
|
7080
7147
|
let [cwd = '.'] = cli.input;
|
|
7081
|
-
// Note: path.resolve vs .join:
|
|
7148
|
+
// Note: path.resolve vs .join:
|
|
7149
|
+
// If given path is absolute then cwd should not affect it.
|
|
7082
7150
|
cwd = path.resolve(process.cwd(), cwd);
|
|
7083
7151
|
if (cli.flags['dryRun']) {
|
|
7084
7152
|
logger.logger.log(DRY_RUN_BAILING_NOW$s);
|
|
@@ -11647,7 +11715,8 @@ async function handleCreateGithubScan({
|
|
|
11647
11715
|
logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
|
|
11648
11716
|
return;
|
|
11649
11717
|
}
|
|
11650
|
-
logger.logger.
|
|
11718
|
+
logger.logger.log('');
|
|
11719
|
+
logger.logger.success('Finished!');
|
|
11651
11720
|
}
|
|
11652
11721
|
|
|
11653
11722
|
const {
|
|
@@ -13380,5 +13449,5 @@ void (async () => {
|
|
|
13380
13449
|
await utils.captureException(e);
|
|
13381
13450
|
}
|
|
13382
13451
|
})();
|
|
13383
|
-
//# debugId=
|
|
13452
|
+
//# debugId=f63b101d-52ad-4179-9782-bc01737be1b3
|
|
13384
13453
|
//# sourceMappingURL=cli.js.map
|