socket 1.1.84 → 1.1.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/cli.js +65 -7
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +4 -4
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
- package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts +4 -0
- package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
- package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.86](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.86) - 2026-04-24
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
- `socket fix` now fails with a clear error when a `.socket.facts.json` analysis artifact is present alongside manifest files, prompting you to delete it before re-running
|
|
11
|
+
|
|
12
|
+
## [1.1.85](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.85) - 2026-04-20
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
- Updated the Coana CLI to v `14.12.219`.
|
|
16
|
+
|
|
7
17
|
## [1.1.84](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.84) - 2026-04-17
|
|
8
18
|
|
|
9
19
|
### Changed
|
package/dist/cli.js
CHANGED
|
@@ -1661,7 +1661,7 @@ async function performReachabilityAnalysis(options) {
|
|
|
1661
1661
|
spinner?.infoAndStop('Running reachability analysis with Coana...');
|
|
1662
1662
|
const outputFilePath = outputPath || constants.default.DOT_SOCKET_DOT_FACTS_JSON;
|
|
1663
1663
|
// Build Coana arguments.
|
|
1664
|
-
const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1664
|
+
const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachContinueOnAnalysisErrors ? ['--reach-continue-on-analysis-errors'] : []), ...(reachabilityOptions.reachContinueOnInstallErrors ? ['--reach-continue-on-install-errors'] : []), ...(reachabilityOptions.reachContinueOnMissingLockFiles ? ['--reach-continue-on-missing-lock-files'] : []), ...(reachabilityOptions.reachContinueOnNoSourceFiles ? ['--reach-continue-on-no-source-files'] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
|
|
1665
1665
|
// Empty reachEcosystems implies scanning all ecosystems.
|
|
1666
1666
|
...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachLazyMode ? ['--lazy-mode'] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ...(reachabilityOptions.reachUseOnlyPregeneratedSboms ? ['--use-only-pregenerated-sboms'] : [])];
|
|
1667
1667
|
|
|
@@ -2451,6 +2451,10 @@ async function handleCi(autoManifest) {
|
|
|
2451
2451
|
reachAnalysisMemoryLimit: 0,
|
|
2452
2452
|
reachAnalysisTimeout: 0,
|
|
2453
2453
|
reachConcurrency: 1,
|
|
2454
|
+
reachContinueOnAnalysisErrors: false,
|
|
2455
|
+
reachContinueOnInstallErrors: false,
|
|
2456
|
+
reachContinueOnMissingLockFiles: false,
|
|
2457
|
+
reachContinueOnNoSourceFiles: false,
|
|
2454
2458
|
reachDebug: false,
|
|
2455
2459
|
reachDetailedAnalysisLogFile: false,
|
|
2456
2460
|
reachDisableAnalytics: false,
|
|
@@ -3840,10 +3844,20 @@ async function coanaFix(fixConfig) {
|
|
|
3840
3844
|
config: socketConfig,
|
|
3841
3845
|
cwd
|
|
3842
3846
|
});
|
|
3843
|
-
//
|
|
3844
|
-
//
|
|
3845
|
-
const
|
|
3846
|
-
|
|
3847
|
+
// Fail if any .socket.facts.json files are present in the scan folder.
|
|
3848
|
+
// These are analysis artifacts and must be removed before re-running fix.
|
|
3849
|
+
const factsFiles = scanFilepaths.filter(p => path.basename(p).toLowerCase() === constants.DOT_SOCKET_DOT_FACTS_JSON);
|
|
3850
|
+
if (factsFiles.length) {
|
|
3851
|
+
if (!silence) {
|
|
3852
|
+
spinner?.stop();
|
|
3853
|
+
}
|
|
3854
|
+
return {
|
|
3855
|
+
ok: false,
|
|
3856
|
+
message: `Found ${constants.DOT_SOCKET_DOT_FACTS_JSON} in manifest files`,
|
|
3857
|
+
cause: `Delete the following ${words.pluralize('file', factsFiles.length)} before running socket fix again:\n` + factsFiles.map(p => ` - ${p}`).join('\n')
|
|
3858
|
+
};
|
|
3859
|
+
}
|
|
3860
|
+
const uploadCResult = await utils.handleApiCall(sockSdk.uploadManifestFiles(orgSlug, scanFilepaths, cwd), {
|
|
3847
3861
|
description: 'upload manifests',
|
|
3848
3862
|
spinner,
|
|
3849
3863
|
silence
|
|
@@ -11014,6 +11028,30 @@ const reachabilityFlags = {
|
|
|
11014
11028
|
default: 1,
|
|
11015
11029
|
description: 'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.'
|
|
11016
11030
|
},
|
|
11031
|
+
reachContinueOnAnalysisErrors: {
|
|
11032
|
+
type: 'boolean',
|
|
11033
|
+
default: false,
|
|
11034
|
+
hidden: true,
|
|
11035
|
+
description: 'Continue reachability analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) results. By default, the CLI halts on analysis errors.'
|
|
11036
|
+
},
|
|
11037
|
+
reachContinueOnInstallErrors: {
|
|
11038
|
+
type: 'boolean',
|
|
11039
|
+
default: false,
|
|
11040
|
+
hidden: true,
|
|
11041
|
+
description: 'Continue reachability analysis when package installation fails, falling back to precomputed (Tier 2) results. By default, the CLI halts on installation errors.'
|
|
11042
|
+
},
|
|
11043
|
+
reachContinueOnMissingLockFiles: {
|
|
11044
|
+
type: 'boolean',
|
|
11045
|
+
default: false,
|
|
11046
|
+
hidden: true,
|
|
11047
|
+
description: 'Continue reachability analysis when a Gradle or SBT project is missing its lock file (or version catalog / pre-generated SBOM). By default, the CLI halts.'
|
|
11048
|
+
},
|
|
11049
|
+
reachContinueOnNoSourceFiles: {
|
|
11050
|
+
type: 'boolean',
|
|
11051
|
+
default: false,
|
|
11052
|
+
hidden: true,
|
|
11053
|
+
description: 'Continue reachability analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts.'
|
|
11054
|
+
},
|
|
11017
11055
|
reachDisableExternalToolChecks: {
|
|
11018
11056
|
type: 'boolean',
|
|
11019
11057
|
default: false,
|
|
@@ -11314,6 +11352,10 @@ async function run$d(argv, importMeta, {
|
|
|
11314
11352
|
reachAnalysisMemoryLimit,
|
|
11315
11353
|
reachAnalysisTimeout,
|
|
11316
11354
|
reachConcurrency,
|
|
11355
|
+
reachContinueOnAnalysisErrors,
|
|
11356
|
+
reachContinueOnInstallErrors,
|
|
11357
|
+
reachContinueOnMissingLockFiles,
|
|
11358
|
+
reachContinueOnNoSourceFiles,
|
|
11317
11359
|
reachDebug,
|
|
11318
11360
|
reachDetailedAnalysisLogFile,
|
|
11319
11361
|
reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
|
|
@@ -11466,7 +11508,7 @@ async function run$d(argv, importMeta, {
|
|
|
11466
11508
|
const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
|
|
11467
11509
|
const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
|
|
11468
11510
|
const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
|
|
11469
|
-
const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachEnableAnalysisSplitting || reachLazyMode || reachSkipCache || reachUseOnlyPregeneratedSboms;
|
|
11511
|
+
const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachContinueOnAnalysisErrors || reachContinueOnInstallErrors || reachContinueOnMissingLockFiles || reachContinueOnNoSourceFiles || reachEnableAnalysisSplitting || reachLazyMode || reachSkipCache || reachUseOnlyPregeneratedSboms;
|
|
11470
11512
|
|
|
11471
11513
|
// Validate target constraints when --reach is enabled.
|
|
11472
11514
|
const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
|
|
@@ -11554,6 +11596,10 @@ async function run$d(argv, importMeta, {
|
|
|
11554
11596
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
11555
11597
|
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
11556
11598
|
reachConcurrency: Number(reachConcurrency),
|
|
11599
|
+
reachContinueOnAnalysisErrors: Boolean(reachContinueOnAnalysisErrors),
|
|
11600
|
+
reachContinueOnInstallErrors: Boolean(reachContinueOnInstallErrors),
|
|
11601
|
+
reachContinueOnMissingLockFiles: Boolean(reachContinueOnMissingLockFiles),
|
|
11602
|
+
reachContinueOnNoSourceFiles: Boolean(reachContinueOnNoSourceFiles),
|
|
11557
11603
|
reachDebug: Boolean(reachDebug),
|
|
11558
11604
|
reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
|
|
11559
11605
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
@@ -12208,6 +12254,10 @@ async function scanOneRepo(repoSlug, {
|
|
|
12208
12254
|
reachAnalysisMemoryLimit: 0,
|
|
12209
12255
|
reachAnalysisTimeout: 0,
|
|
12210
12256
|
reachConcurrency: 1,
|
|
12257
|
+
reachContinueOnAnalysisErrors: false,
|
|
12258
|
+
reachContinueOnInstallErrors: false,
|
|
12259
|
+
reachContinueOnMissingLockFiles: false,
|
|
12260
|
+
reachContinueOnNoSourceFiles: false,
|
|
12211
12261
|
reachDebug: false,
|
|
12212
12262
|
reachDetailedAnalysisLogFile: false,
|
|
12213
12263
|
reachDisableAnalytics: false,
|
|
@@ -13517,6 +13567,10 @@ async function run$7(argv, importMeta, {
|
|
|
13517
13567
|
reachAnalysisMemoryLimit,
|
|
13518
13568
|
reachAnalysisTimeout,
|
|
13519
13569
|
reachConcurrency,
|
|
13570
|
+
reachContinueOnAnalysisErrors,
|
|
13571
|
+
reachContinueOnInstallErrors,
|
|
13572
|
+
reachContinueOnMissingLockFiles,
|
|
13573
|
+
reachContinueOnNoSourceFiles,
|
|
13520
13574
|
reachDebug,
|
|
13521
13575
|
reachDetailedAnalysisLogFile,
|
|
13522
13576
|
reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
|
|
@@ -13619,6 +13673,10 @@ async function run$7(argv, importMeta, {
|
|
|
13619
13673
|
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
|
|
13620
13674
|
reachAnalysisTimeout: Number(reachAnalysisTimeout),
|
|
13621
13675
|
reachConcurrency: Number(reachConcurrency),
|
|
13676
|
+
reachContinueOnAnalysisErrors: Boolean(reachContinueOnAnalysisErrors),
|
|
13677
|
+
reachContinueOnInstallErrors: Boolean(reachContinueOnInstallErrors),
|
|
13678
|
+
reachContinueOnMissingLockFiles: Boolean(reachContinueOnMissingLockFiles),
|
|
13679
|
+
reachContinueOnNoSourceFiles: Boolean(reachContinueOnNoSourceFiles),
|
|
13622
13680
|
reachDebug: Boolean(reachDebug),
|
|
13623
13681
|
reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
|
|
13624
13682
|
reachDisableAnalytics: Boolean(reachDisableAnalytics),
|
|
@@ -15555,5 +15613,5 @@ process.on('unhandledRejection', async (reason, promise) => {
|
|
|
15555
15613
|
// eslint-disable-next-line n/no-process-exit
|
|
15556
15614
|
process.exit(1);
|
|
15557
15615
|
});
|
|
15558
|
-
//# debugId=
|
|
15616
|
+
//# debugId=88bbd944-b943-4785-a2f1-659724fdd70f
|
|
15559
15617
|
//# sourceMappingURL=cli.js.map
|