socket 1.1.39 → 1.1.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/dist/cli.js +60 -24
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +4 -4
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
- package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/handle-fix.d.mts +2 -1
- package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/types.d.mts +1 -0
- package/dist/types/commands/fix/types.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts +3 -2
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
- package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
- package/dist/types/utils/dlx.d.mts +4 -1
- package/dist/types/utils/dlx.d.mts.map +1 -1
- package/dist/utils.js +102 -102
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.41](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-02
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
- Added `--reach-version` flag to `socket scan create` and `socket scan reach` to override the @coana-tech/cli version used for reachability analysis.
|
|
11
|
+
- Added `--fix-version` flag to `socket fix` to override the @coana-tech/cli version used for fix analysis.
|
|
12
|
+
|
|
13
|
+
## [1.1.40](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-02
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
- Fix a bug where vulnerabilities were not found correctly during `socket fix`.
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
- Updated the Coana CLI to v `14.12.110`.
|
|
20
|
+
|
|
7
21
|
## [1.1.39](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.39) - 2025-12-01
|
|
8
22
|
|
|
9
23
|
### Added
|
package/dist/cli.js
CHANGED
|
@@ -1658,6 +1658,7 @@ async function performReachabilityAnalysis(options) {
|
|
|
1658
1658
|
|
|
1659
1659
|
// Run Coana with the manifests tar hash.
|
|
1660
1660
|
const coanaResult = await utils.spawnCoanaDlx(coanaArgs, orgSlug, {
|
|
1661
|
+
coanaVersion: reachabilityOptions.reachVersion,
|
|
1661
1662
|
cwd,
|
|
1662
1663
|
env: coanaEnv,
|
|
1663
1664
|
spinner,
|
|
@@ -2380,15 +2381,16 @@ async function handleCi(autoManifest) {
|
|
|
2380
2381
|
pendingHead: true,
|
|
2381
2382
|
pullRequest: 0,
|
|
2382
2383
|
reach: {
|
|
2383
|
-
reachAnalysisTimeout: 0,
|
|
2384
2384
|
reachAnalysisMemoryLimit: 0,
|
|
2385
|
+
reachAnalysisTimeout: 0,
|
|
2385
2386
|
reachConcurrency: 1,
|
|
2386
2387
|
reachDebug: false,
|
|
2387
|
-
reachDisableAnalytics: false,
|
|
2388
2388
|
reachDisableAnalysisSplitting: false,
|
|
2389
|
+
reachDisableAnalytics: false,
|
|
2389
2390
|
reachEcosystems: [],
|
|
2390
2391
|
reachExcludePaths: [],
|
|
2391
2392
|
reachSkipCache: false,
|
|
2393
|
+
reachVersion: undefined,
|
|
2392
2394
|
runReachabilityAnalysis: false
|
|
2393
2395
|
},
|
|
2394
2396
|
repoName,
|
|
@@ -3689,7 +3691,7 @@ async function getFixEnv() {
|
|
|
3689
3691
|
* Discovers GHSA IDs by running coana without applying fixes.
|
|
3690
3692
|
* Returns a list of GHSA IDs, optionally limited.
|
|
3691
3693
|
*/
|
|
3692
|
-
async function discoverGhsaIds(orgSlug, tarHash,
|
|
3694
|
+
async function discoverGhsaIds(orgSlug, tarHash, options) {
|
|
3693
3695
|
const {
|
|
3694
3696
|
cwd = process.cwd(),
|
|
3695
3697
|
limit,
|
|
@@ -3698,12 +3700,22 @@ async function discoverGhsaIds(orgSlug, tarHash, fixConfig, options) {
|
|
|
3698
3700
|
__proto__: null,
|
|
3699
3701
|
...options
|
|
3700
3702
|
};
|
|
3701
|
-
const foundCResult = await utils.spawnCoanaDlx(['
|
|
3703
|
+
const foundCResult = await utils.spawnCoanaDlx(['find-vulnerabilities', cwd, '--manifests-tar-hash', tarHash], orgSlug, {
|
|
3702
3704
|
cwd,
|
|
3703
|
-
spinner
|
|
3705
|
+
spinner,
|
|
3706
|
+
coanaVersion: options?.coanaVersion
|
|
3707
|
+
}, {
|
|
3708
|
+
stdio: 'pipe'
|
|
3704
3709
|
});
|
|
3705
3710
|
if (foundCResult.ok) {
|
|
3706
|
-
|
|
3711
|
+
// Coana prints ghsaIds as json-formatted string on the final line of the output
|
|
3712
|
+
const foundIds = [];
|
|
3713
|
+
try {
|
|
3714
|
+
const ghsaIdsRaw = foundCResult.data.trim().split('\n').pop();
|
|
3715
|
+
if (ghsaIdsRaw) {
|
|
3716
|
+
foundIds.push(...JSON.parse(ghsaIdsRaw));
|
|
3717
|
+
}
|
|
3718
|
+
} catch {}
|
|
3707
3719
|
return limit !== undefined ? foundIds.slice(0, limit) : foundIds;
|
|
3708
3720
|
}
|
|
3709
3721
|
return [];
|
|
@@ -3712,6 +3724,7 @@ async function coanaFix(fixConfig) {
|
|
|
3712
3724
|
const {
|
|
3713
3725
|
applyFixes,
|
|
3714
3726
|
autopilot,
|
|
3727
|
+
coanaVersion,
|
|
3715
3728
|
cwd,
|
|
3716
3729
|
disableMajorUpdates,
|
|
3717
3730
|
exclude,
|
|
@@ -3781,10 +3794,11 @@ async function coanaFix(fixConfig) {
|
|
|
3781
3794
|
}
|
|
3782
3795
|
let ids;
|
|
3783
3796
|
if (isAll && limit > 0) {
|
|
3784
|
-
ids = await discoverGhsaIds(orgSlug, tarHash,
|
|
3797
|
+
ids = await discoverGhsaIds(orgSlug, tarHash, {
|
|
3785
3798
|
cwd,
|
|
3786
3799
|
limit,
|
|
3787
|
-
spinner
|
|
3800
|
+
spinner,
|
|
3801
|
+
coanaVersion
|
|
3788
3802
|
});
|
|
3789
3803
|
} else if (limit > 0) {
|
|
3790
3804
|
ids = ghsas.slice(0, limit);
|
|
@@ -3806,6 +3820,7 @@ async function coanaFix(fixConfig) {
|
|
|
3806
3820
|
const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
|
|
3807
3821
|
try {
|
|
3808
3822
|
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3823
|
+
coanaVersion,
|
|
3809
3824
|
cwd,
|
|
3810
3825
|
spinner,
|
|
3811
3826
|
stdio: 'inherit'
|
|
@@ -3864,10 +3879,11 @@ async function coanaFix(fixConfig) {
|
|
|
3864
3879
|
const shouldSpawnCoana = adjustedLimit > 0;
|
|
3865
3880
|
let ids;
|
|
3866
3881
|
if (shouldSpawnCoana && isAll) {
|
|
3867
|
-
ids = await discoverGhsaIds(orgSlug, tarHash,
|
|
3882
|
+
ids = await discoverGhsaIds(orgSlug, tarHash, {
|
|
3868
3883
|
cwd,
|
|
3869
3884
|
limit: adjustedLimit,
|
|
3870
|
-
spinner
|
|
3885
|
+
spinner,
|
|
3886
|
+
coanaVersion
|
|
3871
3887
|
});
|
|
3872
3888
|
} else if (shouldSpawnCoana) {
|
|
3873
3889
|
ids = ghsas.slice(0, adjustedLimit);
|
|
@@ -3904,6 +3920,7 @@ async function coanaFix(fixConfig) {
|
|
|
3904
3920
|
// Apply fix for single GHSA ID.
|
|
3905
3921
|
// eslint-disable-next-line no-await-in-loop
|
|
3906
3922
|
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3923
|
+
coanaVersion,
|
|
3907
3924
|
cwd,
|
|
3908
3925
|
spinner,
|
|
3909
3926
|
stdio: 'inherit'
|
|
@@ -4160,6 +4177,7 @@ async function convertIdsToGhsas(ids) {
|
|
|
4160
4177
|
async function handleFix({
|
|
4161
4178
|
applyFixes,
|
|
4162
4179
|
autopilot,
|
|
4180
|
+
coanaVersion,
|
|
4163
4181
|
cwd,
|
|
4164
4182
|
disableMajorUpdates,
|
|
4165
4183
|
exclude,
|
|
@@ -4181,6 +4199,7 @@ async function handleFix({
|
|
|
4181
4199
|
require$$9.debugDir('inspect', {
|
|
4182
4200
|
applyFixes,
|
|
4183
4201
|
autopilot,
|
|
4202
|
+
coanaVersion,
|
|
4184
4203
|
cwd,
|
|
4185
4204
|
disableMajorUpdates,
|
|
4186
4205
|
exclude,
|
|
@@ -4199,6 +4218,7 @@ async function handleFix({
|
|
|
4199
4218
|
await outputFixResult(await coanaFix({
|
|
4200
4219
|
applyFixes,
|
|
4201
4220
|
autopilot,
|
|
4221
|
+
coanaVersion,
|
|
4202
4222
|
cwd,
|
|
4203
4223
|
disableMajorUpdates,
|
|
4204
4224
|
exclude,
|
|
@@ -4233,6 +4253,10 @@ const generalFlags$2 = {
|
|
|
4233
4253
|
default: false,
|
|
4234
4254
|
description: `Enable auto-merge for pull requests that Socket opens.\nSee ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4235
4255
|
},
|
|
4256
|
+
fixVersion: {
|
|
4257
|
+
type: 'string',
|
|
4258
|
+
description: `Override the version of @coana-tech/cli used for fix analysis. Default: ${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}.`
|
|
4259
|
+
},
|
|
4236
4260
|
applyFixes: {
|
|
4237
4261
|
aliases: ['onlyCompute'],
|
|
4238
4262
|
type: 'boolean',
|
|
@@ -4411,6 +4435,7 @@ async function run$K(argv, importMeta, {
|
|
|
4411
4435
|
applyFixes,
|
|
4412
4436
|
autopilot,
|
|
4413
4437
|
exclude,
|
|
4438
|
+
fixVersion,
|
|
4414
4439
|
include,
|
|
4415
4440
|
json,
|
|
4416
4441
|
limit,
|
|
@@ -4467,6 +4492,7 @@ async function run$K(argv, importMeta, {
|
|
|
4467
4492
|
await handleFix({
|
|
4468
4493
|
applyFixes,
|
|
4469
4494
|
autopilot,
|
|
4495
|
+
coanaVersion: fixVersion,
|
|
4470
4496
|
cwd,
|
|
4471
4497
|
disableMajorUpdates,
|
|
4472
4498
|
exclude: excludePatterns,
|
|
@@ -11059,6 +11085,10 @@ const cmdRepository = {
|
|
|
11059
11085
|
};
|
|
11060
11086
|
|
|
11061
11087
|
const reachabilityFlags = {
|
|
11088
|
+
reachVersion: {
|
|
11089
|
+
type: 'string',
|
|
11090
|
+
description: `Override the version of @coana-tech/cli used for reachability analysis. Default: ${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}.`
|
|
11091
|
+
},
|
|
11062
11092
|
reachAnalysisMemoryLimit: {
|
|
11063
11093
|
type: 'number',
|
|
11064
11094
|
default: 8192,
|
|
@@ -11347,6 +11377,7 @@ async function run$d(argv, importMeta, {
|
|
|
11347
11377
|
reachDisableAnalysisSplitting,
|
|
11348
11378
|
reachDisableAnalytics,
|
|
11349
11379
|
reachSkipCache,
|
|
11380
|
+
reachVersion,
|
|
11350
11381
|
readOnly,
|
|
11351
11382
|
reportLevel,
|
|
11352
11383
|
setAsAlertsPage: pendingHeadFlag,
|
|
@@ -11474,7 +11505,8 @@ async function run$d(argv, importMeta, {
|
|
|
11474
11505
|
const isUsingNonDefaultTimeout = reachAnalysisTimeout !== reachabilityFlags['reachAnalysisTimeout']?.default;
|
|
11475
11506
|
const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
|
|
11476
11507
|
const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
|
|
11477
|
-
const
|
|
11508
|
+
const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
|
|
11509
|
+
const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache;
|
|
11478
11510
|
|
|
11479
11511
|
// Validate target constraints when --reach is enabled.
|
|
11480
11512
|
const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
|
|
@@ -11559,16 +11591,17 @@ async function run$d(argv, importMeta, {
|
|
|
11559
11591
|
pendingHead: Boolean(pendingHead),
|
|
11560
11592
|
pullRequest: Number(pullRequest),
|
|
11561
11593
|
reach: {
|
|
11562
|
-
runReachabilityAnalysis: Boolean(reach),
|
|
11563
|
-
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
11564
|
-
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
11565
11594
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
11595
|
+
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
11566
11596
|
reachConcurrency: Number(reachConcurrency),
|
|
11567
11597
|
reachDebug: Boolean(reachDebug),
|
|
11568
11598
|
reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
|
|
11599
|
+
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
11569
11600
|
reachEcosystems,
|
|
11570
11601
|
reachExcludePaths,
|
|
11571
|
-
reachSkipCache: Boolean(reachSkipCache)
|
|
11602
|
+
reachSkipCache: Boolean(reachSkipCache),
|
|
11603
|
+
reachVersion,
|
|
11604
|
+
runReachabilityAnalysis: Boolean(reach)
|
|
11572
11605
|
},
|
|
11573
11606
|
readOnly: Boolean(readOnly),
|
|
11574
11607
|
repoName,
|
|
@@ -12207,16 +12240,17 @@ async function scanOneRepo(repoSlug, {
|
|
|
12207
12240
|
pendingHead: true,
|
|
12208
12241
|
pullRequest: 0,
|
|
12209
12242
|
reach: {
|
|
12210
|
-
runReachabilityAnalysis: false,
|
|
12211
|
-
reachDisableAnalytics: false,
|
|
12212
|
-
reachAnalysisTimeout: 0,
|
|
12213
12243
|
reachAnalysisMemoryLimit: 0,
|
|
12244
|
+
reachAnalysisTimeout: 0,
|
|
12214
12245
|
reachConcurrency: 1,
|
|
12215
12246
|
reachDebug: false,
|
|
12216
12247
|
reachDisableAnalysisSplitting: false,
|
|
12248
|
+
reachDisableAnalytics: false,
|
|
12217
12249
|
reachEcosystems: [],
|
|
12218
12250
|
reachExcludePaths: [],
|
|
12219
|
-
reachSkipCache: false
|
|
12251
|
+
reachSkipCache: false,
|
|
12252
|
+
reachVersion: undefined,
|
|
12253
|
+
runReachabilityAnalysis: false
|
|
12220
12254
|
},
|
|
12221
12255
|
readOnly: false,
|
|
12222
12256
|
repoName: repoSlug,
|
|
@@ -13502,7 +13536,8 @@ async function run$7(argv, importMeta, {
|
|
|
13502
13536
|
reachDebug,
|
|
13503
13537
|
reachDisableAnalysisSplitting,
|
|
13504
13538
|
reachDisableAnalytics,
|
|
13505
|
-
reachSkipCache
|
|
13539
|
+
reachSkipCache,
|
|
13540
|
+
reachVersion
|
|
13506
13541
|
} = cli.flags;
|
|
13507
13542
|
const dryRun = !!cli.flags['dryRun'];
|
|
13508
13543
|
|
|
@@ -13592,15 +13627,16 @@ async function run$7(argv, importMeta, {
|
|
|
13592
13627
|
outputKind,
|
|
13593
13628
|
outputPath: outputPath || '',
|
|
13594
13629
|
reachabilityOptions: {
|
|
13595
|
-
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
13596
13630
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
13631
|
+
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
13597
13632
|
reachConcurrency: Number(reachConcurrency),
|
|
13598
13633
|
reachDebug: Boolean(reachDebug),
|
|
13599
|
-
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
13600
13634
|
reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
|
|
13635
|
+
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
13601
13636
|
reachEcosystems,
|
|
13602
13637
|
reachExcludePaths,
|
|
13603
|
-
reachSkipCache: Boolean(reachSkipCache)
|
|
13638
|
+
reachSkipCache: Boolean(reachSkipCache),
|
|
13639
|
+
reachVersion
|
|
13604
13640
|
},
|
|
13605
13641
|
targets
|
|
13606
13642
|
});
|
|
@@ -15439,5 +15475,5 @@ void (async () => {
|
|
|
15439
15475
|
await utils.captureException(e);
|
|
15440
15476
|
}
|
|
15441
15477
|
})();
|
|
15442
|
-
//# debugId=
|
|
15478
|
+
//# debugId=3354d2a8-858e-47ae-8d62-34c8832fddf8
|
|
15443
15479
|
//# sourceMappingURL=cli.js.map
|