socket 0.15.55 → 0.15.57

package/bin/cli.js

@@ -28,8 +28,8 @@ spawn(
     ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD
       ? [
           '--require',
-          // Lazily access constants.distInstrumentWithSentryPath.
-          constants.distInstrumentWithSentryPath,
+          // Lazily access constants.instrumentWithSentryPath.
+          constants.instrumentWithSentryPath,
         ]
       : []),
     // Lazily access constants.distCliPath.

package/dist/cli.js

@@ -12,7 +12,7 @@ var constants = require('./constants.js');
 var words = require('../external/@socketsecurity/registry/lib/words');
 var fs$1 = require('node:fs');
 var path = require('node:path');
-var shadowBin = require('./shadow-bin.js');
+var shadowNpmBin = require('./shadow-npm-bin.js');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var util = require('node:util');
@@ -25,7 +25,7 @@ var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
-var shadowInject = require('./shadow-inject.js');
+var shadowNpmInject = require('./shadow-npm-inject.js');
 var objects = require('../external/@socketsecurity/registry/lib/objects');
 var registryConstants = require('../external/@socketsecurity/registry/lib/constants');
 var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
@@ -834,7 +834,7 @@ async function runCdxgen(yargvWithYes) {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await shadowBin(NPX$1, [...yesArgs,
+        await shadowNpmBin(NPX$1, [...yesArgs,
         // Lazily access constants.ENV.INLINED_SYNP_VERSION.
         `synp@${constants.ENV.INLINED_SYNP_VERSION}`, '--source-file', `./${YARN_LOCK}`]);
         yargv.type = NPM$9;
@@ -842,7 +842,7 @@ async function runCdxgen(yargvWithYes) {
       } catch {}
     }
   }
-  await shadowBin(NPX$1, [...yesArgs,
+  await shadowNpmBin(NPX$1, [...yesArgs,
   // Lazily access constants.ENV.INLINED_CYCLONEDX_CDXGEN_VERSION.
   `@cyclonedx/cdxgen@${constants.ENV.INLINED_CYCLONEDX_CDXGEN_VERSION}`, ...argvToArray(yargv)]);
   if (cleanupPackageLock) {
@@ -4277,7 +4277,7 @@ async function install$1(arb, options) {
     ...options
   };
   try {
-    const newArb = new shadowInject.Arborist({
+    const newArb = new shadowNpmInject.Arborist({
       path: cwd
     });
     newArb.idealTree = await arb.buildIdealTree();
@@ -4317,9 +4317,9 @@ async function npmFix(pkgEnvDetails, {
     author: gitUser
   }) : [];
   let count = 0;
-  const arb = new shadowInject.Arborist({
+  const arb = new shadowNpmInject.Arborist({
     path: rootPath,
-    ...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
   });
   // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
   // and populates arb.actualTree.
@@ -4328,7 +4328,7 @@ async function npmFix(pkgEnvDetails, {
   try {
     alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
       limit: Math.max(limit, openPrs.length)
-    })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
+    })) : await shadowNpmInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
       limit: Math.max(limit, openPrs.length)
     }));
   } catch (e) {
@@ -4425,7 +4425,7 @@ async function npmFix(pkgEnvDetails, {
       const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
       const workspace = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
       const branchWorkspace = isCi ? getSocketBranchWorkspaceComponent(workspace) : '';
-      const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
+      const oldVersions = arrays.arrayUnique(shadowNpmInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
       if (!oldVersions.length) {
         debug.debugFn(`skip: ${name} not found\n`);
         // Skip to next package.
@@ -4450,7 +4450,7 @@ async function npmFix(pkgEnvDetails, {
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId, partialPurlObj.type);
-        const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
+        const node = shadowNpmInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
           debug.debugFn(`skip: ${oldId} not found`);
           continue oldVersionsLoop;
@@ -4463,7 +4463,7 @@ async function npmFix(pkgEnvDetails, {
             debug.debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`);
             continue infosLoop;
           }
-          const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
+          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
           if (activeBranches.find(b => b.workspace === branchWorkspace && b.newVersion === newVersion)) {
             debug.debugFn(`skip: open PR found for ${name}@${newVersion}`);
             if (++count >= limit) {
@@ -4497,8 +4497,8 @@ async function npmFix(pkgEnvDetails, {
               }
             })
           };
-          shadowInject.updateNode(node, newVersion, newVersionPackument);
-          shadowInject.updatePackageJsonFromNode(editablePkgJson,
+          shadowNpmInject.updateNode(node, newVersion, newVersionPackument);
+          shadowNpmInject.updatePackageJsonFromNode(editablePkgJson,
           // eslint-disable-next-line no-await-in-loop
           await arb.buildIdealTree(), node, newVersion, rangeStyle);
           // eslint-disable-next-line no-await-in-loop
@@ -4717,9 +4717,9 @@ async function getActualTree(cwd = process.cwd()) {
   // folders. However, support is iffy resulting in unhappy path errors and hangs.
   // So, to avoid the unhappy path, we restrict our usage to --dry-run loading
   // of the node_modules folder.
-  const arb = new shadowInject.Arborist({
+  const arb = new shadowNpmInject.Arborist({
     path: cwd,
-    ...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
   });
   return await arb.loadActual();
 }
@@ -4950,7 +4950,7 @@ async function pnpmFix(pkgEnvDetails, {
         // Exit early if install fails.
         return handleInstallFail();
       }
-      const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
+      const oldVersions = arrays.arrayUnique(shadowNpmInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
       if (!oldVersions.length) {
         debug.debugFn(`skip: ${name} not found\n`);
         // Skip to next package.
@@ -4978,7 +4978,7 @@ async function pnpmFix(pkgEnvDetails, {
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId, partialPurlObj.type);
-        const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
+        const node = shadowNpmInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
           debug.debugFn(`skip: ${oldId} not found`);
           continue oldVersionsLoop;
@@ -4991,7 +4991,7 @@ async function pnpmFix(pkgEnvDetails, {
             debug.debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`);
             continue infosLoop;
           }
-          const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
+          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
           if (activeBranches.find(b => b.workspace === branchWorkspace && b.newVersion === newVersion)) {
             debug.debugFn(`skip: open PR found for ${name}@${newVersion}`);
             if (++count >= limit) {
@@ -5050,7 +5050,7 @@ async function pnpmFix(pkgEnvDetails, {
             // generates pnpm-lock.yaml it updates transitive dependencies too.
             editablePkgJson.update(updateOverrides);
           }
-          shadowInject.updatePackageJsonFromNode(editablePkgJson, actualTree, node, newVersion, rangeStyle);
+          shadowNpmInject.updatePackageJsonFromNode(editablePkgJson, actualTree, node, newVersion, rangeStyle);
           // eslint-disable-next-line no-await-in-loop
           if (!(await editablePkgJson.save({
             ignoreWhitespace: true
@@ -7511,8 +7511,8 @@ async function run$v(argv, importMeta, {
     return;
   }
 
-  // Lazily access constants.distShadowBinPath.
-  const shadowBin = require$3(constants.distShadowBinPath);
+  // Lazily access constants.shadowNpmBinPath.
+  const shadowBin = require$3(constants.shadowNpmBinPath);
   await shadowBin('npm', argv);
 }
 
@@ -7551,8 +7551,8 @@ async function run$u(argv, importMeta, {
     return;
   }
 
-  // Lazily access constants.distShadowBinPath.
-  const shadowBin = require$2(constants.distShadowBinPath);
+  // Lazily access constants.shadowNpmBinPath.
+  const shadowBin = require$2(constants.shadowNpmBinPath);
   await shadowBin('npx', argv);
 }
 
@@ -12852,13 +12852,13 @@ async function outputScanReach(result, cwd, outputKind) {
 const {
   DOT_SOCKET_DOT_FACTS_JSON
 } = constants;
-async function scanReachability(cwd) {
+async function scanReachability(argv, cwd) {
   try {
     const result = await spawn.spawn(constants.execPath, [
     // Lazily access constants.nodeNoWarningsFlags.
     ...constants.nodeNoWarningsFlags,
     // Lazily access constants.coanaBinPath.
-    constants.coanaBinPath, 'run', cwd, '--output-dir', cwd, '--disable-report-submission', '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON], {
+    constants.coanaBinPath, 'run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...argv], {
       cwd,
       env: {
         ...process.env,
@@ -12880,8 +12880,8 @@ async function scanReachability(cwd) {
   }
 }
 
-async function handleScanReach(cwd, outputKind) {
-  const result = await scanReachability(cwd);
+async function handleScanReach(argv, cwd, outputKind) {
+  const result = await scanReachability(argv, cwd);
   await outputScanReach(result, cwd, outputKind);
 }
 
@@ -12940,7 +12940,7 @@ async function run$6(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAILING_NOW$6);
     return;
   }
-  await handleScanReach(cwd, outputKind);
+  await handleScanReach(argv, cwd, outputKind);
 }
 
 const {
@@ -13725,11 +13725,14 @@ async function fetchThreatFeed({
   direction,
   ecosystem,
   filter,
+  orgSlug,
   page,
-  perPage
+  perPage,
+  pkg,
+  version
 }) {
-  const queryParams = new URLSearchParams([['direction', direction], ['ecosystem', ecosystem], ['filter', filter], ['page', page], ['per_page', String(perPage)]]);
-  return await utils.queryApiSafeJson(`threat-feed?${queryParams}`, 'the Threat Feed data');
+  const queryParams = new URLSearchParams([['direction', direction], ['ecosystem', ecosystem], filter ? ['filter', filter] : ['', ''], ['page_cursor', page], ['per_page', String(perPage)], pkg ? ['name', pkg] : ['', ''], version ? ['version', version] : ['', '']]);
+  return await utils.queryApiSafeJson(`orgs/${orgSlug}/threat-feed?${queryParams}`, 'the Threat Feed data');
 }
 
 const require$1 =Module.createRequire(require$$0.pathToFileURL(__filename).href)
@@ -13868,16 +13871,22 @@ async function handleThreatFeed({
   direction,
   ecosystem,
   filter,
+  orgSlug,
   outputKind,
   page,
-  perPage
+  perPage,
+  pkg,
+  version
 }) {
   const data = await fetchThreatFeed({
     direction,
     ecosystem,
     filter,
+    orgSlug,
     page,
-    perPage
+    perPage,
+    pkg,
+    version
   });
   await outputThreatFeed(data, outputKind);
 }
@@ -13892,6 +13901,24 @@ const config$2 = {
   flags: {
     ...utils.commonFlags,
     ...utils.outputFlags,
+    direction: {
+      type: 'string',
+      shortFlag: 'd',
+      default: 'desc',
+      description: 'Order asc or desc by the createdAt attribute'
+    },
+    eco: {
+      type: 'string',
+      shortFlag: 'e',
+      default: '',
+      description: 'Only show threats for a particular ecosystem'
+    },
+    filter: {
+      type: 'string',
+      shortFlag: 'f',
+      default: 'mal',
+      description: 'Filter what type of threats to return'
+    },
     interactive: {
       type: 'boolean',
       default: true,
@@ -13901,35 +13928,25 @@ const config$2 = {
       type: 'string',
       description: 'Force override the organization slug, overrides the default org from config'
     },
-    perPage: {
-      type: 'number',
-      shortFlag: 'pp',
-      default: 30,
-      description: 'Number of items per page'
-    },
     page: {
       type: 'string',
       shortFlag: 'p',
       default: '1',
       description: 'Page token'
     },
-    direction: {
-      type: 'string',
-      shortFlag: 'd',
-      default: 'desc',
-      description: 'Order asc or desc by the createdAt attribute'
+    perPage: {
+      type: 'number',
+      shortFlag: 'pp',
+      default: 30,
+      description: 'Number of items per page'
     },
-    eco: {
+    pkg: {
       type: 'string',
-      shortFlag: 'e',
-      default: '',
-      description: 'Only show threats for a particular ecosystem'
+      description: 'Filter by this package name'
     },
-    filter: {
+    version: {
       type: 'string',
-      shortFlag: 'f',
-      default: 'mal',
-      description: 'Filter what type of threats to return'
+      description: 'Filter by this package version'
     }
   },
   help: (command, config) => `
@@ -13970,6 +13987,11 @@ const config$2 = {
       - nuget
       - pypi
 
+    Note: if you filter by package name or version, it will do so for anything
+          unless you also filter by that ecosystem and/or package name. When in
+          doubt, look at the threat-feed and see the names in the name/version
+          column. That's what you want to search for.
+
     Examples
       $ ${command}${utils.isTestingV1() ? '' : ' FakeOrg'}
       $ ${command}${utils.isTestingV1() ? '' : ' FakeOrg'} --perPage=5 --page=2 --direction=asc --filter=joke
@@ -13994,7 +14016,9 @@ async function run$2(argv, importMeta, {
     interactive,
     json,
     markdown,
-    org: orgFlag
+    org: orgFlag,
+    pkg,
+    version
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown);
   const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', !!interactive, !!dryRun);
@@ -14030,8 +14054,11 @@ async function run$2(argv, importMeta, {
     ecosystem: String(cli.flags['eco'] || ''),
     filter: String(cli.flags['filter'] || 'mal'),
     outputKind,
+    orgSlug,
     page: String(cli.flags['page'] || '1'),
-    perPage: Number(cli.flags['perPage']) || 30
+    perPage: Number(cli.flags['perPage']) || 30,
+    pkg: String(pkg || ''),
+    version: String(version || '')
   });
 }
 
@@ -14619,5 +14646,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=46cd08dc-8e3e-40e8-bfdb-0a0801cce912
+//# debugId=a6016faa-33fb-4a2d-9347-cd24206bcb99
 //# sourceMappingURL=cli.js.map