socket 1.1.77 → 1.1.79

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/cli.js +26 -2
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +4 -4
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
  8. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
  9. package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +1 -1
  10. package/dist/types/commands/scan/handle-scan-reach.d.mts.map +1 -1
  11. package/dist/types/commands/scan/output-scan-reach.d.mts.map +1 -1
  12. package/dist/types/utils/coana.d.mts +7 -0
  13. package/dist/types/utils/coana.d.mts.map +1 -1
  14. package/dist/types/utils/npm-paths.d.mts.map +1 -1
  15. package/dist/utils.js +76 -3
  16. package/dist/utils.js.map +1 -1
  17. package/package.json +5 -4
package/CHANGELOG.md CHANGED
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
+ ## [1.1.79](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.79) - 2026-04-08
8
+
9
+ ### Changed
10
+ - Updated the Coana CLI to v `14.12.205`.
11
+
12
+ ## [1.1.78](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.78) - 2026-04-01
13
+
14
+ ### Fixed
15
+ - `socket scan create`, `socket scan reach`, and `socket fix` now respect `projectIgnorePaths` from `socket.yml` when collecting files
16
+
7
17
  ## [1.1.77](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.77) - 2026-04-01
8
18
 
9
19
  ### Fixed
package/dist/cli.js CHANGED
@@ -2285,7 +2285,12 @@ async function handleCreateNewScan({
2285
2285
  require$$9.debugFn('notice', `Fetched ${supportedFilesCResult.data['size']} supported file types`);
2286
2286
  spinner.start('Searching for local files to include in scan...');
2287
2287
  const supportedFiles = supportedFilesCResult.data;
2288
+
2289
+ // Load socket.yml to respect projectIgnorePaths when collecting files.
2290
+ const socketYmlResult = utils.findSocketYmlSync(cwd);
2291
+ const socketConfig = socketYmlResult.ok ? socketYmlResult.data?.parsed : undefined;
2288
2292
  const packagePaths = await utils.getPackageFilesForScan(targets, supportedFiles, {
2293
+ config: socketConfig,
2289
2294
  cwd
2290
2295
  });
2291
2296
  spinner.successAndStop(`Found ${packagePaths.length} ${words.pluralize('file', packagePaths.length)} to include in scan.`);
@@ -3827,7 +3832,12 @@ async function coanaFix(fixConfig) {
3827
3832
  return supportedFilesCResult;
3828
3833
  }
3829
3834
  const supportedFiles = supportedFilesCResult.data;
3835
+
3836
+ // Load socket.yml to respect projectIgnorePaths when collecting files.
3837
+ const socketYmlResult = utils.findSocketYmlSync(cwd);
3838
+ const socketConfig = socketYmlResult.ok ? socketYmlResult.data?.parsed : undefined;
3830
3839
  const scanFilepaths = await utils.getPackageFilesForScan(['.'], supportedFiles, {
3840
+ config: socketConfig,
3831
3841
  cwd
3832
3842
  });
3833
3843
  // Exclude any .socket.facts.json files that happen to be in the scan
@@ -11218,7 +11228,6 @@ async function run$d(argv, importMeta, {
11218
11228
  ...generalFlags$1,
11219
11229
  ...reachabilityFlags
11220
11230
  },
11221
- // TODO: Your project's "socket.yml" file's "projectIgnorePaths".
11222
11231
  help: command => `
11223
11232
  Usage
11224
11233
  $ ${command} [options] [TARGET...]
@@ -13333,6 +13342,16 @@ async function outputScanReach(result, {
13333
13342
  logger.logger.log('');
13334
13343
  logger.logger.success('Reachability analysis completed successfully!');
13335
13344
  logger.logger.info(`Reachability report has been written to: ${actualOutputPath}`);
13345
+
13346
+ // Warn about individual vulnerabilities where reachability analysis errored.
13347
+ const errors = utils.extractReachabilityErrors(result.data.reachabilityReport);
13348
+ if (errors.length) {
13349
+ logger.logger.log('');
13350
+ logger.logger.warn(`Reachability analysis returned ${errors.length} ${words.pluralize('error', errors.length)} for individual ${words.pluralize('vulnerability', errors.length)}:`);
13351
+ for (const err of errors) {
13352
+ logger.logger.warn(` - ${err.ghsaId} in ${err.componentName}@${err.componentVersion} (${err.subprojectPath})`);
13353
+ }
13354
+ }
13336
13355
  }
13337
13356
 
13338
13357
  async function handleScanReach({
@@ -13361,7 +13380,12 @@ async function handleScanReach({
13361
13380
  }
13362
13381
  spinner.start('Searching for local manifest files to include in reachability analysis...');
13363
13382
  const supportedFiles = supportedFilesCResult.data;
13383
+
13384
+ // Load socket.yml to respect projectIgnorePaths when collecting files.
13385
+ const socketYmlResult = utils.findSocketYmlSync(cwd);
13386
+ const socketConfig = socketYmlResult.ok ? socketYmlResult.data?.parsed : undefined;
13364
13387
  const packagePaths = await utils.getPackageFilesForScan(targets, supportedFiles, {
13388
+ config: socketConfig,
13365
13389
  cwd
13366
13390
  });
13367
13391
  spinner.successAndStop(`Found ${packagePaths.length} ${words.pluralize('manifest file', packagePaths.length)} for reachability analysis.`);
@@ -15515,5 +15539,5 @@ process.on('unhandledRejection', async (reason, promise) => {
15515
15539
  // eslint-disable-next-line n/no-process-exit
15516
15540
  process.exit(1);
15517
15541
  });
15518
- //# debugId=2e8b0e58-10dd-4133-8246-12b5cdb37c09
15542
+ //# debugId=f5bad35b-2e1d-49ea-bc1c-dbacdf631051
15519
15543
  //# sourceMappingURL=cli.js.map