socket 1.1.44 → 1.1.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/CHANGELOG.md +9 -0
  2. package/dist/cli.js +46 -5
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +4 -4
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
  8. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
  9. package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
  10. package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +1 -1
  11. package/dist/types/commands/scan/perform-reachability-analysis.d.mts +1 -0
  12. package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
  13. package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
  14. package/dist/vendor.js +8784 -8784
  15. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -3,6 +3,15 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
+
7
+ ## [1.1.45](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.43) - 2025-12-10
8
+
9
+ ### Changed
10
+ - Updated the Coana CLI to v `14.12.122`.
11
+
12
+ ### Added
13
+ - Added `--reach-use-only-pregenerated-sboms` to run the Tier 1 reachability based only on pre-computed CDX and SPDX SBOMs (all other manifests are excluded).
14
+
6
15
  ## [1.1.44](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.43) - 2025-12-09
7
16
 
8
17
  ### Changed
package/dist/cli.js CHANGED
@@ -1643,7 +1643,7 @@ async function performReachabilityAnalysis(options) {
1643
1643
  // Build Coana arguments.
1644
1644
  const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableAnalysisSplitting ? ['--disable-analysis-splitting'] : []), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
1645
1645
  // Empty reachEcosystems implies scanning all ecosystems.
1646
- ...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : [])];
1646
+ ...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ...(reachabilityOptions.reachUseOnlyPregeneratedSboms ? ['--use-only-pregenerated-sboms'] : [])];
1647
1647
 
1648
1648
  // Build environment variables.
1649
1649
  const coanaEnv = {};
@@ -2157,6 +2157,32 @@ async function generateAutoManifest({
2157
2157
  }
2158
2158
  }
2159
2159
 
2160
+ // Keys for CDX and SPDX in the supported files response.
2161
+ const CDX_SPDX_KEYS = ['cdx', 'spdx'];
2162
+ function getCdxSpdxPatterns(supportedFiles) {
2163
+ const patterns = [];
2164
+ for (const key of CDX_SPDX_KEYS) {
2165
+ const supported = supportedFiles[key];
2166
+ if (supported) {
2167
+ for (const entry of Object.values(supported)) {
2168
+ patterns.push(`**/${entry.pattern}`);
2169
+ }
2170
+ }
2171
+ }
2172
+ return patterns;
2173
+ }
2174
+ function filterToCdxSpdxAndFactsFiles(filepaths, supportedFiles) {
2175
+ const patterns = getCdxSpdxPatterns(supportedFiles);
2176
+ return filepaths.filter(filepath => {
2177
+ const basename = path.basename(filepath).toLowerCase();
2178
+ // Include .socket.facts.json files.
2179
+ if (basename === constants.default.DOT_SOCKET_DOT_FACTS_JSON) {
2180
+ return true;
2181
+ }
2182
+ // Include CDX and SPDX files.
2183
+ return vendor.micromatchExports.some(filepath, patterns);
2184
+ });
2185
+ }
2160
2186
  async function handleCreateNewScan({
2161
2187
  autoManifest,
2162
2188
  branchName,
@@ -2284,10 +2310,14 @@ async function handleCreateNewScan({
2284
2310
  }
2285
2311
  logger.logger.success('Reachability analysis completed successfully');
2286
2312
  const reachabilityReport = reachResult.data?.reachabilityReport;
2287
- scanPaths = [...packagePaths.filter(
2313
+
2288
2314
  // Ensure the .socket.facts.json isn't duplicated in case it happened
2289
2315
  // to be in the scan folder before the analysis was run.
2290
- p => path.basename(p).toLowerCase() !== constants.default.DOT_SOCKET_DOT_FACTS_JSON), ...(reachabilityReport ? [reachabilityReport] : [])];
2316
+ const filteredPackagePaths = packagePaths.filter(p => path.basename(p).toLowerCase() !== constants.default.DOT_SOCKET_DOT_FACTS_JSON);
2317
+
2318
+ // When using pregenerated SBOMs only, filter to CDX/SPDX files.
2319
+ const pathsForScan = reach.reachUseOnlyPregeneratedSboms ? filterToCdxSpdxAndFactsFiles(filteredPackagePaths, supportedFiles) : filteredPackagePaths;
2320
+ scanPaths = [...pathsForScan, ...(reachabilityReport ? [reachabilityReport] : [])];
2291
2321
  tier1ReachabilityScanId = reachResult.data?.tier1ReachabilityScanId;
2292
2322
  }
2293
2323
  const fullScanCResult = await fetchCreateOrgFullScan(scanPaths, orgSlug, {
@@ -2390,6 +2420,7 @@ async function handleCi(autoManifest) {
2390
2420
  reachEcosystems: [],
2391
2421
  reachExcludePaths: [],
2392
2422
  reachSkipCache: false,
2423
+ reachUseOnlyPregeneratedSboms: false,
2393
2424
  reachVersion: undefined,
2394
2425
  runReachabilityAnalysis: false
2395
2426
  },
@@ -11175,6 +11206,11 @@ const reachabilityFlags = {
11175
11206
  type: 'boolean',
11176
11207
  default: false,
11177
11208
  description: 'Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.'
11209
+ },
11210
+ reachUseOnlyPregeneratedSboms: {
11211
+ type: 'boolean',
11212
+ default: false,
11213
+ description: 'When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project.'
11178
11214
  }
11179
11215
  };
11180
11216
 
@@ -11419,6 +11455,7 @@ async function run$d(argv, importMeta, {
11419
11455
  reachDisableAnalysisSplitting,
11420
11456
  reachDisableAnalytics,
11421
11457
  reachSkipCache,
11458
+ reachUseOnlyPregeneratedSboms,
11422
11459
  reachVersion,
11423
11460
  readOnly,
11424
11461
  reportLevel,
@@ -11548,7 +11585,7 @@ async function run$d(argv, importMeta, {
11548
11585
  const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
11549
11586
  const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
11550
11587
  const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
11551
- const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache;
11588
+ const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache || reachUseOnlyPregeneratedSboms;
11552
11589
 
11553
11590
  // Validate target constraints when --reach is enabled.
11554
11591
  const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
@@ -11642,6 +11679,7 @@ async function run$d(argv, importMeta, {
11642
11679
  reachEcosystems,
11643
11680
  reachExcludePaths,
11644
11681
  reachSkipCache: Boolean(reachSkipCache),
11682
+ reachUseOnlyPregeneratedSboms: Boolean(reachUseOnlyPregeneratedSboms),
11645
11683
  reachVersion,
11646
11684
  runReachabilityAnalysis: Boolean(reach)
11647
11685
  },
@@ -12291,6 +12329,7 @@ async function scanOneRepo(repoSlug, {
12291
12329
  reachEcosystems: [],
12292
12330
  reachExcludePaths: [],
12293
12331
  reachSkipCache: false,
12332
+ reachUseOnlyPregeneratedSboms: false,
12294
12333
  reachVersion: undefined,
12295
12334
  runReachabilityAnalysis: false
12296
12335
  },
@@ -13579,6 +13618,7 @@ async function run$7(argv, importMeta, {
13579
13618
  reachDisableAnalysisSplitting,
13580
13619
  reachDisableAnalytics,
13581
13620
  reachSkipCache,
13621
+ reachUseOnlyPregeneratedSboms,
13582
13622
  reachVersion
13583
13623
  } = cli.flags;
13584
13624
  const dryRun = !!cli.flags['dryRun'];
@@ -13678,6 +13718,7 @@ async function run$7(argv, importMeta, {
13678
13718
  reachEcosystems,
13679
13719
  reachExcludePaths,
13680
13720
  reachSkipCache: Boolean(reachSkipCache),
13721
+ reachUseOnlyPregeneratedSboms: Boolean(reachUseOnlyPregeneratedSboms),
13681
13722
  reachVersion
13682
13723
  },
13683
13724
  targets
@@ -15517,5 +15558,5 @@ void (async () => {
15517
15558
  await utils.captureException(e);
15518
15559
  }
15519
15560
  })();
15520
- //# debugId=ebb27358-0f57-49ac-99e3-bf4b9dd0739e
15561
+ //# debugId=596a81f8-f8ca-4a07-9bd3-ec23e7e5503a
15521
15562
  //# sourceMappingURL=cli.js.map