npm - socket - Versions diffs - 1.0.2 → 1.0.3 - Mend

socket 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/cli.js +39 -23
package/dist/cli.js.map +1 -1
package/dist/constants.js +3 -3
package/dist/constants.js.map +1 -1
package/dist/types/commands/fix/handle-fix.d.mts +5 -10
package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
package/dist/types/commands/package/output-purls-shallow-score.d.mts.map +1 -1
package/dist/types/commands/scan/handle-reach-scan.d.mts.map +1 -1
package/dist/types/commands/scan/output-scan-reach.d.mts +1 -1
package/dist/types/commands/scan/output-scan-reach.d.mts.map +1 -1
package/dist/types/utils/fail-msg-with-badge.d.mts +1 -1
package/dist/types/utils/fail-msg-with-badge.d.mts.map +1 -1
package/dist/utils.js +5 -3
package/dist/utils.js.map +1 -1
package/dist/vendor.js +85080 -79950
package/package.json +3 -1
package/dist/types/commands/scan/scan-reachability.d.mts +0 -3
package/dist/types/commands/scan/scan-reachability.d.mts.map +0 -1

package/dist/cli.js CHANGED Viewed

@@ -14,6 +14,7 @@ var fs$1 = require('node:fs');
 var path = require('node:path');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
+var words = require('../external/@socketsecurity/registry/lib/words');
 var registry = require('../external/@socketsecurity/registry');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
@@ -24,7 +25,6 @@ var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var shadowNpmInject = require('./shadow-npm-inject.js');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var objects = require('../external/@socketsecurity/registry/lib/objects');
-var words = require('../external/@socketsecurity/registry/lib/words');
 var shadowNpmBin = require('./shadow-npm-bin.js');
 var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
 var require$$1 = require('node:util');
@@ -4236,9 +4236,24 @@ async function npmFix(pkgEnvDetails, options) {
         limit: Math.max(limit, openPrs.length)
       }));
     } else {
+      const npmPath = path.resolve(fs$1.realpathSync(pkgEnvDetails.agentExecPath), '../..');
+      const config = new vendor.libExports$2({
+        argv: [],
+        cwd: process.cwd(),
+        definitions: vendor.definitionsExports.definitions,
+        // Lazily access constants.execPath.
+        execPath: constants.execPath,
+        env: process.env,
+        flatten: vendor.definitionsExports.flatten,
+        npmPath,
+        platform: process.platform,
+        shorthands: vendor.definitionsExports.shorthands
+      });
+      await config.load();
       const arb = new shadowNpmInject.Arborist({
         path: pkgEnvDetails.pkgPath,
-        ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+        ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,
+        config
       });
       actualTree = await arb.reify();
       // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
@@ -4471,7 +4486,7 @@ const {
   NPM: NPM$7,
   PNPM: PNPM$6
 } = constants;
-async function handleFix({
+async function handleFix(argv, {
   autoMerge,
   cwd,
   ghsas,
@@ -4490,7 +4505,7 @@ async function handleFix({
     const {
       spinner
     } = constants;
-    spinner.start();
+    spinner.start('Fetching GHSA IDs...');
     if (ghsasCount === 1 && ghsas[0] === 'auto') {
       const autoCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd], {
         cwd,
@@ -4504,16 +4519,21 @@ async function handleFix({
         ghsasCount = 0;
       }
     }
-    spinner.stop();
     if (ghsasCount) {
-      spinner.start();
-      await outputFixResult(await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--apply-fixes-to', ...ghsas], {
+      spinner.info(`Found ${ghsasCount} GHSA ${words.pluralize('ID', ghsasCount)}.`);
+      await outputFixResult(await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--apply-fixes-to', ...ghsas, ...argv], {
         cwd,
         spinner
       }), outputKind);
       spinner.stop();
       return;
     }
+    spinner.infoAndStop('No GHSA IDs found.');
+    await outputFixResult({
+      ok: true,
+      data: ''
+    }, outputKind);
+    return;
   }
   const pkgEnvCResult = await utils.detectAndValidatePackageEnvironment(cwd, {
     cmdName: CMD_NAME$1,
@@ -4529,8 +4549,8 @@ async function handleFix({
   if (!pkgEnvDetails) {
     await outputFixResult({
       ok: false,
-      message: 'No package found',
-      cause: `No valid package environment was found in given cwd (${cwd})`
+      message: 'No package found.',
+      cause: `No valid package environment found for project path: ${cwd}`
     }, outputKind);
     return;
   }
@@ -4541,7 +4561,7 @@ async function handleFix({
   if (agent !== NPM$7 && agent !== PNPM$6) {
     await outputFixResult({
       ok: false,
-      message: 'Not supported',
+      message: 'Not supported.',
       cause: `${agent} is not supported by this command at the moment.`
     }, outputKind);
     return;
@@ -4691,7 +4711,7 @@ async function run$H(argv, importMeta, {
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
   const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
   const testScript = String(cli.flags['testScript'] || 'test');
-  await handleFix({
+  await handleFix(argv, {
     autoMerge,
     cwd,
     ghsas,
@@ -8837,7 +8857,7 @@ function formatReportCard(artifact, color) {
   };
   const alertString = getAlertString(artifact.alerts, !color);
   if (!artifact.ecosystem) {
-    console.log('WTF?', artifact);
+    debug.debugLog('miss: Artifact ecosystem', artifact);
   }
   const purl = `pkg:${artifact.ecosystem}/${artifact.name}${artifact.version ? '@' + artifact.version : ''}`;
   return ['Package: ' + (color ? vendor.yoctocolorsCjsExports.bold(purl) : purl), '', ...Object.entries(scoreResult).map(score => `- ${score[0]}:`.padEnd(20, ' ') + `  ${formatScore(score[1], !color, true)}`), alertString].join('\n');
@@ -12265,7 +12285,7 @@ async function run$7(argv, importMeta, {
   await handleOrgScanMetadata(orgSlug, scanId, outputKind);
 }
-async function outputScanReach(result, cwd, outputKind) {
+async function outputScanReach(result, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
   }
@@ -12277,29 +12297,25 @@ async function outputScanReach(result, cwd, outputKind) {
     logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
     return;
   }
-  logger.logger.success('finished on', cwd);
+  logger.logger.log('');
+  logger.logger.success('Finished!');
 }
 const {
   DOT_SOCKET_DOT_FACTS_JSON
 } = constants;
-async function scanReachability(argv, cwd) {
+async function handleScanReach(argv, cwd, outputKind) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start();
+  spinner.start('Running reachability scan...');
   const result = await utils.spawnCoana(['run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...argv], {
     cwd,
     spinner
   });
   spinner.stop();
-  return result;
-}
-async function handleScanReach(argv, cwd, outputKind) {
-  const result = await scanReachability(argv, cwd);
-  await outputScanReach(result, cwd, outputKind);
+  await outputScanReach(result, outputKind);
 }
 const {
@@ -14124,5 +14140,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=214e9941-f13a-4601-a726-83de349925db
+//# debugId=7eb55598-7509-4018-b34f-5184fd83870f
 //# sourceMappingURL=cli.js.map