socket 1.1.69 → 1.1.71
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/cli.js +36 -6
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +4 -4
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
- package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/handle-fix.d.mts +1 -1
- package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/types.d.mts +1 -0
- package/dist/types/commands/fix/types.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts +1 -0
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
- package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
- package/dist/types/utils/dlx.d.mts.map +1 -1
- package/dist/utils.js +13 -2
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.71](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.71) - 2026-03-11
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
- Updated the Coana CLI to v `14.12.195`.
|
|
11
|
+
|
|
12
|
+
## [1.1.70](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.70) - 2026-03-11
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
- Updated the Coana CLI to v `14.12.194`.
|
|
16
|
+
|
|
7
17
|
## [1.1.69](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.69) - 2026-03-10
|
|
8
18
|
|
|
9
19
|
### Changed
|
package/dist/cli.js
CHANGED
|
@@ -1649,7 +1649,7 @@ async function performReachabilityAnalysis(options) {
|
|
|
1649
1649
|
spinner?.infoAndStop('Running reachability analysis with Coana...');
|
|
1650
1650
|
const outputFilePath = outputPath || constants.default.DOT_SOCKET_DOT_FACTS_JSON;
|
|
1651
1651
|
// Build Coana arguments.
|
|
1652
|
-
const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1652
|
+
const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1653
1653
|
// Empty reachEcosystems implies scanning all ecosystems.
|
|
1654
1654
|
...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachLazyMode ? ['--lazy-mode'] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ...(reachabilityOptions.reachUseOnlyPregeneratedSboms ? ['--use-only-pregenerated-sboms'] : [])];
|
|
1655
1655
|
|
|
@@ -1675,14 +1675,22 @@ async function performReachabilityAnalysis(options) {
|
|
|
1675
1675
|
if (wasSpinning) {
|
|
1676
1676
|
spinner.start();
|
|
1677
1677
|
}
|
|
1678
|
-
|
|
1678
|
+
if (!coanaResult.ok) {
|
|
1679
|
+
const coanaVersion = reachabilityOptions.reachVersion || constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION;
|
|
1680
|
+
logger.logger.error(`Coana reachability analysis failed. Version: ${coanaVersion}, target: ${analysisTarget}, cwd: ${cwd}`);
|
|
1681
|
+
if (coanaResult.message) {
|
|
1682
|
+
logger.logger.error(`Details: ${coanaResult.message}`);
|
|
1683
|
+
}
|
|
1684
|
+
return coanaResult;
|
|
1685
|
+
}
|
|
1686
|
+
return {
|
|
1679
1687
|
ok: true,
|
|
1680
1688
|
data: {
|
|
1681
1689
|
// Use the actual output filename for the scan.
|
|
1682
1690
|
reachabilityReport: outputFilePath,
|
|
1683
1691
|
tier1ReachabilityScanId: utils.extractTier1ReachabilityScanId(outputFilePath)
|
|
1684
1692
|
}
|
|
1685
|
-
}
|
|
1693
|
+
};
|
|
1686
1694
|
}
|
|
1687
1695
|
|
|
1688
1696
|
// The point here is to attempt to detect the various supported manifest files
|
|
@@ -2426,6 +2434,7 @@ async function handleCi(autoManifest) {
|
|
|
2426
2434
|
reachDebug: false,
|
|
2427
2435
|
reachDetailedAnalysisLogFile: false,
|
|
2428
2436
|
reachDisableAnalytics: false,
|
|
2437
|
+
reachDisableExternalToolChecks: false,
|
|
2429
2438
|
reachEcosystems: [],
|
|
2430
2439
|
reachEnableAnalysisSplitting: false,
|
|
2431
2440
|
reachExcludePaths: [],
|
|
@@ -3769,6 +3778,7 @@ async function coanaFix(fixConfig) {
|
|
|
3769
3778
|
coanaVersion,
|
|
3770
3779
|
cwd,
|
|
3771
3780
|
debug,
|
|
3781
|
+
disableExternalToolChecks,
|
|
3772
3782
|
disableMajorUpdates,
|
|
3773
3783
|
ecosystems,
|
|
3774
3784
|
exclude,
|
|
@@ -3874,7 +3884,7 @@ async function coanaFix(fixConfig) {
|
|
|
3874
3884
|
const tmpDir = os.tmpdir();
|
|
3875
3885
|
const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
|
|
3876
3886
|
try {
|
|
3877
|
-
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(debug ? ['--debug'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3887
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(debug ? ['--debug'] : []), ...(disableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3878
3888
|
coanaVersion,
|
|
3879
3889
|
cwd,
|
|
3880
3890
|
spinner: silence ? undefined : spinner,
|
|
@@ -3985,7 +3995,7 @@ async function coanaFix(fixConfig) {
|
|
|
3985
3995
|
|
|
3986
3996
|
// Apply fix for single GHSA ID.
|
|
3987
3997
|
// eslint-disable-next-line no-await-in-loop
|
|
3988
|
-
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(debug ? ['--debug'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), '--output-file', tmpFile, ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3998
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(debug ? ['--debug'] : []), ...(disableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), '--output-file', tmpFile, ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3989
3999
|
coanaVersion,
|
|
3990
4000
|
cwd,
|
|
3991
4001
|
spinner: silence ? undefined : spinner,
|
|
@@ -4322,6 +4332,7 @@ async function handleFix({
|
|
|
4322
4332
|
coanaVersion,
|
|
4323
4333
|
cwd,
|
|
4324
4334
|
debug,
|
|
4335
|
+
disableExternalToolChecks,
|
|
4325
4336
|
disableMajorUpdates,
|
|
4326
4337
|
ecosystems,
|
|
4327
4338
|
exclude,
|
|
@@ -4348,6 +4359,7 @@ async function handleFix({
|
|
|
4348
4359
|
coanaVersion,
|
|
4349
4360
|
cwd,
|
|
4350
4361
|
debug,
|
|
4362
|
+
disableExternalToolChecks,
|
|
4351
4363
|
disableMajorUpdates,
|
|
4352
4364
|
ecosystems,
|
|
4353
4365
|
exclude,
|
|
@@ -4371,6 +4383,7 @@ async function handleFix({
|
|
|
4371
4383
|
coanaVersion,
|
|
4372
4384
|
cwd,
|
|
4373
4385
|
debug,
|
|
4386
|
+
disableExternalToolChecks,
|
|
4374
4387
|
disableMajorUpdates,
|
|
4375
4388
|
ecosystems,
|
|
4376
4389
|
exclude,
|
|
@@ -4488,6 +4501,11 @@ Available styles:
|
|
|
4488
4501
|
description: 'Enable debug logging in the Coana-based Socket Fix CLI invocation.',
|
|
4489
4502
|
shortFlag: 'd'
|
|
4490
4503
|
},
|
|
4504
|
+
disableExternalToolChecks: {
|
|
4505
|
+
type: 'boolean',
|
|
4506
|
+
default: false,
|
|
4507
|
+
description: 'Disable external tool checks during fix analysis.'
|
|
4508
|
+
},
|
|
4491
4509
|
ecosystems: {
|
|
4492
4510
|
type: 'string',
|
|
4493
4511
|
default: [],
|
|
@@ -4614,6 +4632,7 @@ async function run$K(argv, importMeta, {
|
|
|
4614
4632
|
applyFixes,
|
|
4615
4633
|
autopilot,
|
|
4616
4634
|
debug,
|
|
4635
|
+
disableExternalToolChecks,
|
|
4617
4636
|
ecosystems,
|
|
4618
4637
|
exclude,
|
|
4619
4638
|
fixVersion,
|
|
@@ -4700,6 +4719,7 @@ async function run$K(argv, importMeta, {
|
|
|
4700
4719
|
coanaVersion: fixVersion,
|
|
4701
4720
|
cwd,
|
|
4702
4721
|
debug,
|
|
4722
|
+
disableExternalToolChecks,
|
|
4703
4723
|
disableMajorUpdates,
|
|
4704
4724
|
ecosystems: validatedEcosystems,
|
|
4705
4725
|
exclude: excludePatterns,
|
|
@@ -10953,6 +10973,11 @@ const reachabilityFlags = {
|
|
|
10953
10973
|
default: 1,
|
|
10954
10974
|
description: 'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.'
|
|
10955
10975
|
},
|
|
10976
|
+
reachDisableExternalToolChecks: {
|
|
10977
|
+
type: 'boolean',
|
|
10978
|
+
default: false,
|
|
10979
|
+
description: 'Disable external tool checks during reachability analysis.'
|
|
10980
|
+
},
|
|
10956
10981
|
reachDebug: {
|
|
10957
10982
|
type: 'boolean',
|
|
10958
10983
|
default: false,
|
|
@@ -11248,6 +11273,7 @@ async function run$d(argv, importMeta, {
|
|
|
11248
11273
|
reachDetailedAnalysisLogFile,
|
|
11249
11274
|
reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
|
|
11250
11275
|
reachDisableAnalytics,
|
|
11276
|
+
reachDisableExternalToolChecks,
|
|
11251
11277
|
reachEnableAnalysisSplitting,
|
|
11252
11278
|
reachLazyMode,
|
|
11253
11279
|
reachSkipCache,
|
|
@@ -11472,6 +11498,7 @@ async function run$d(argv, importMeta, {
|
|
|
11472
11498
|
reachDebug: Boolean(reachDebug),
|
|
11473
11499
|
reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
|
|
11474
11500
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
11501
|
+
reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
|
|
11475
11502
|
reachEcosystems,
|
|
11476
11503
|
reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
|
|
11477
11504
|
reachExcludePaths,
|
|
@@ -12124,6 +12151,7 @@ async function scanOneRepo(repoSlug, {
|
|
|
12124
12151
|
reachDebug: false,
|
|
12125
12152
|
reachDetailedAnalysisLogFile: false,
|
|
12126
12153
|
reachDisableAnalytics: false,
|
|
12154
|
+
reachDisableExternalToolChecks: false,
|
|
12127
12155
|
reachEcosystems: [],
|
|
12128
12156
|
reachEnableAnalysisSplitting: false,
|
|
12129
12157
|
reachExcludePaths: [],
|
|
@@ -13418,6 +13446,7 @@ async function run$7(argv, importMeta, {
|
|
|
13418
13446
|
reachDetailedAnalysisLogFile,
|
|
13419
13447
|
reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
|
|
13420
13448
|
reachDisableAnalytics,
|
|
13449
|
+
reachDisableExternalToolChecks,
|
|
13421
13450
|
reachEnableAnalysisSplitting,
|
|
13422
13451
|
reachLazyMode,
|
|
13423
13452
|
reachSkipCache,
|
|
@@ -13518,6 +13547,7 @@ async function run$7(argv, importMeta, {
|
|
|
13518
13547
|
reachDebug: Boolean(reachDebug),
|
|
13519
13548
|
reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
|
|
13520
13549
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
13550
|
+
reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
|
|
13521
13551
|
reachEcosystems,
|
|
13522
13552
|
reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
|
|
13523
13553
|
reachExcludePaths,
|
|
@@ -15436,5 +15466,5 @@ process.on('unhandledRejection', async (reason, promise) => {
|
|
|
15436
15466
|
// eslint-disable-next-line n/no-process-exit
|
|
15437
15467
|
process.exit(1);
|
|
15438
15468
|
});
|
|
15439
|
-
//# debugId=
|
|
15469
|
+
//# debugId=bf987bb4-3cfd-43e7-9673-b9d51702fb49
|
|
15440
15470
|
//# sourceMappingURL=cli.js.map
|