npm - socket - Versions diffs - 1.1.44 → 1.1.46 - Mend

socket 1.1.44 → 1.1.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +15 -1
package/dist/cli.js +46 -5
package/dist/cli.js.map +1 -1
package/dist/constants.js +4 -4
package/dist/constants.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +1 -1
package/dist/types/commands/scan/perform-reachability-analysis.d.mts +1 -0
package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
package/dist/vendor.js +8784 -8784
package/package.json +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -3,7 +3,21 @@
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
-## [1.1.44](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.43) - 2025-12-09
+## [1.1.46](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.46) - 2025-12-12
+### Changed
+- Updated the Coana CLI to v `14.12.126`.
+## [1.1.45](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.45) - 2025-12-10
+### Changed
+- Updated the Coana CLI to v `14.12.122`.
+### Added
+- Added `--reach-use-only-pregenerated-sboms` to run the Tier 1 reachability based only on pre-computed CDX and SPDX SBOMs (all other manifests are excluded).
+## [1.1.44](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.44) - 2025-12-09
 ### Changed
 - Updated the Coana CLI to v `14.12.118`.

package/dist/cli.js CHANGED Viewed

@@ -1643,7 +1643,7 @@ async function performReachabilityAnalysis(options) {
   // Build Coana arguments.
   const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableAnalysisSplitting ? ['--disable-analysis-splitting'] : []), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
   // Empty reachEcosystems implies scanning all ecosystems.
-  ...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : [])];
+  ...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ...(reachabilityOptions.reachUseOnlyPregeneratedSboms ? ['--use-only-pregenerated-sboms'] : [])];
   // Build environment variables.
   const coanaEnv = {};
@@ -2157,6 +2157,32 @@ async function generateAutoManifest({
   }
 }
+// Keys for CDX and SPDX in the supported files response.
+const CDX_SPDX_KEYS = ['cdx', 'spdx'];
+function getCdxSpdxPatterns(supportedFiles) {
+  const patterns = [];
+  for (const key of CDX_SPDX_KEYS) {
+    const supported = supportedFiles[key];
+    if (supported) {
+      for (const entry of Object.values(supported)) {
+        patterns.push(`**/${entry.pattern}`);
+      }
+    }
+  }
+  return patterns;
+}
+function filterToCdxSpdxAndFactsFiles(filepaths, supportedFiles) {
+  const patterns = getCdxSpdxPatterns(supportedFiles);
+  return filepaths.filter(filepath => {
+    const basename = path.basename(filepath).toLowerCase();
+    // Include .socket.facts.json files.
+    if (basename === constants.default.DOT_SOCKET_DOT_FACTS_JSON) {
+      return true;
+    }
+    // Include CDX and SPDX files.
+    return vendor.micromatchExports.some(filepath, patterns);
+  });
+}
 async function handleCreateNewScan({
   autoManifest,
   branchName,
@@ -2284,10 +2310,14 @@ async function handleCreateNewScan({
     }
     logger.logger.success('Reachability analysis completed successfully');
     const reachabilityReport = reachResult.data?.reachabilityReport;
-    scanPaths = [...packagePaths.filter(
     // Ensure the .socket.facts.json isn't duplicated in case it happened
     // to be in the scan folder before the analysis was run.
-    p => path.basename(p).toLowerCase() !== constants.default.DOT_SOCKET_DOT_FACTS_JSON), ...(reachabilityReport ? [reachabilityReport] : [])];
+    const filteredPackagePaths = packagePaths.filter(p => path.basename(p).toLowerCase() !== constants.default.DOT_SOCKET_DOT_FACTS_JSON);
+    // When using pregenerated SBOMs only, filter to CDX/SPDX files.
+    const pathsForScan = reach.reachUseOnlyPregeneratedSboms ? filterToCdxSpdxAndFactsFiles(filteredPackagePaths, supportedFiles) : filteredPackagePaths;
+    scanPaths = [...pathsForScan, ...(reachabilityReport ? [reachabilityReport] : [])];
     tier1ReachabilityScanId = reachResult.data?.tier1ReachabilityScanId;
   }
   const fullScanCResult = await fetchCreateOrgFullScan(scanPaths, orgSlug, {
@@ -2390,6 +2420,7 @@ async function handleCi(autoManifest) {
       reachEcosystems: [],
       reachExcludePaths: [],
       reachSkipCache: false,
+      reachUseOnlyPregeneratedSboms: false,
       reachVersion: undefined,
       runReachabilityAnalysis: false
     },
@@ -11175,6 +11206,11 @@ const reachabilityFlags = {
     type: 'boolean',
     default: false,
     description: 'Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.'
+  },
+  reachUseOnlyPregeneratedSboms: {
+    type: 'boolean',
+    default: false,
+    description: 'When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project.'
   }
 };
@@ -11419,6 +11455,7 @@ async function run$d(argv, importMeta, {
     reachDisableAnalysisSplitting,
     reachDisableAnalytics,
     reachSkipCache,
+    reachUseOnlyPregeneratedSboms,
     reachVersion,
     readOnly,
     reportLevel,
@@ -11548,7 +11585,7 @@ async function run$d(argv, importMeta, {
   const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
   const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
   const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
-  const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache;
+  const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachDisableAnalysisSplitting || reachSkipCache || reachUseOnlyPregeneratedSboms;
   // Validate target constraints when --reach is enabled.
   const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
@@ -11642,6 +11679,7 @@ async function run$d(argv, importMeta, {
       reachEcosystems,
       reachExcludePaths,
       reachSkipCache: Boolean(reachSkipCache),
+      reachUseOnlyPregeneratedSboms: Boolean(reachUseOnlyPregeneratedSboms),
       reachVersion,
       runReachabilityAnalysis: Boolean(reach)
     },
@@ -12291,6 +12329,7 @@ async function scanOneRepo(repoSlug, {
       reachEcosystems: [],
       reachExcludePaths: [],
       reachSkipCache: false,
+      reachUseOnlyPregeneratedSboms: false,
       reachVersion: undefined,
       runReachabilityAnalysis: false
     },
@@ -13579,6 +13618,7 @@ async function run$7(argv, importMeta, {
     reachDisableAnalysisSplitting,
     reachDisableAnalytics,
     reachSkipCache,
+    reachUseOnlyPregeneratedSboms,
     reachVersion
   } = cli.flags;
   const dryRun = !!cli.flags['dryRun'];
@@ -13678,6 +13718,7 @@ async function run$7(argv, importMeta, {
       reachEcosystems,
       reachExcludePaths,
       reachSkipCache: Boolean(reachSkipCache),
+      reachUseOnlyPregeneratedSboms: Boolean(reachUseOnlyPregeneratedSboms),
       reachVersion
     },
     targets
@@ -15517,5 +15558,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=ebb27358-0f57-49ac-99e3-bf4b9dd0739e
+//# debugId=596a81f8-f8ca-4a07-9bd3-ec23e7e5503a
 //# sourceMappingURL=cli.js.map