socket 1.1.85 → 1.1.86

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/dist/cli.js +65 -7
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +3 -3
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/ci/handle-ci.d.mts.map +1 -1
  8. package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
  9. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
  10. package/dist/types/commands/scan/cmd-scan-reach.d.mts.map +1 -1
  11. package/dist/types/commands/scan/perform-reachability-analysis.d.mts +4 -0
  12. package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
  13. package/dist/types/commands/scan/reachability-flags.d.mts.map +1 -1
  14. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
+ ## [1.1.86](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.86) - 2026-04-24
8
+
9
+ ### Changed
10
+ - `socket fix` now fails with a clear error when a `.socket.facts.json` analysis artifact is present alongside manifest files, prompting you to delete it before re-running
11
+
7
12
  ## [1.1.85](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.85) - 2026-04-20
8
13
 
9
14
  ### Changed
package/dist/cli.js CHANGED
@@ -1661,7 +1661,7 @@ async function performReachabilityAnalysis(options) {
1661
1661
  spinner?.infoAndStop('Running reachability analysis with Coana...');
1662
1662
  const outputFilePath = outputPath || constants.default.DOT_SOCKET_DOT_FACTS_JSON;
1663
1663
  // Build Coana arguments.
1664
- const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
1664
+ const coanaArgs = ['run', analysisTarget, '--output-dir', path.dirname(outputFilePath), '--socket-mode', outputFilePath, '--disable-report-submission', ...(reachabilityOptions.reachAnalysisTimeout ? ['--analysis-timeout', `${reachabilityOptions.reachAnalysisTimeout}`] : []), ...(reachabilityOptions.reachAnalysisMemoryLimit ? ['--memory-limit', `${reachabilityOptions.reachAnalysisMemoryLimit}`] : []), ...(reachabilityOptions.reachConcurrency ? ['--concurrency', `${reachabilityOptions.reachConcurrency}`] : []), ...(reachabilityOptions.reachContinueOnAnalysisErrors ? ['--reach-continue-on-analysis-errors'] : []), ...(reachabilityOptions.reachContinueOnInstallErrors ? ['--reach-continue-on-install-errors'] : []), ...(reachabilityOptions.reachContinueOnMissingLockFiles ? ['--reach-continue-on-missing-lock-files'] : []), ...(reachabilityOptions.reachContinueOnNoSourceFiles ? ['--reach-continue-on-no-source-files'] : []), ...(reachabilityOptions.reachDebug ? ['--debug'] : []), ...(reachabilityOptions.reachDetailedAnalysisLogFile ? ['--print-analysis-log-file'] : []), ...(reachabilityOptions.reachDisableAnalytics ? ['--disable-analytics-sharing'] : []), ...(reachabilityOptions.reachDisableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(reachabilityOptions.reachEnableAnalysisSplitting ? [] : ['--disable-analysis-splitting']), ...(tarHash ? ['--run-without-docker', '--manifests-tar-hash', tarHash] : []),
1665
1665
  // Empty reachEcosystems implies scanning all ecosystems.
1666
1666
  ...(reachabilityOptions.reachEcosystems.length ? ['--purl-types', ...reachabilityOptions.reachEcosystems] : []), ...(reachabilityOptions.reachExcludePaths.length ? ['--exclude-dirs', ...reachabilityOptions.reachExcludePaths] : []), ...(reachabilityOptions.reachLazyMode ? ['--lazy-mode'] : []), ...(reachabilityOptions.reachSkipCache ? ['--skip-cache-usage'] : []), ...(reachabilityOptions.reachUseOnlyPregeneratedSboms ? ['--use-only-pregenerated-sboms'] : [])];
1667
1667
 
@@ -2451,6 +2451,10 @@ async function handleCi(autoManifest) {
2451
2451
  reachAnalysisMemoryLimit: 0,
2452
2452
  reachAnalysisTimeout: 0,
2453
2453
  reachConcurrency: 1,
2454
+ reachContinueOnAnalysisErrors: false,
2455
+ reachContinueOnInstallErrors: false,
2456
+ reachContinueOnMissingLockFiles: false,
2457
+ reachContinueOnNoSourceFiles: false,
2454
2458
  reachDebug: false,
2455
2459
  reachDetailedAnalysisLogFile: false,
2456
2460
  reachDisableAnalytics: false,
@@ -3840,10 +3844,20 @@ async function coanaFix(fixConfig) {
3840
3844
  config: socketConfig,
3841
3845
  cwd
3842
3846
  });
3843
- // Exclude any .socket.facts.json files that happen to be in the scan
3844
- // folder before the analysis was run.
3845
- const filepathsToUpload = scanFilepaths.filter(p => path.basename(p).toLowerCase() !== constants.DOT_SOCKET_DOT_FACTS_JSON);
3846
- const uploadCResult = await utils.handleApiCall(sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, cwd), {
3847
+ // Fail if any .socket.facts.json files are present in the scan folder.
3848
+ // These are analysis artifacts and must be removed before re-running fix.
3849
+ const factsFiles = scanFilepaths.filter(p => path.basename(p).toLowerCase() === constants.DOT_SOCKET_DOT_FACTS_JSON);
3850
+ if (factsFiles.length) {
3851
+ if (!silence) {
3852
+ spinner?.stop();
3853
+ }
3854
+ return {
3855
+ ok: false,
3856
+ message: `Found ${constants.DOT_SOCKET_DOT_FACTS_JSON} in manifest files`,
3857
+ cause: `Delete the following ${words.pluralize('file', factsFiles.length)} before running socket fix again:\n` + factsFiles.map(p => ` - ${p}`).join('\n')
3858
+ };
3859
+ }
3860
+ const uploadCResult = await utils.handleApiCall(sockSdk.uploadManifestFiles(orgSlug, scanFilepaths, cwd), {
3847
3861
  description: 'upload manifests',
3848
3862
  spinner,
3849
3863
  silence
@@ -11014,6 +11028,30 @@ const reachabilityFlags = {
11014
11028
  default: 1,
11015
11029
  description: 'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.'
11016
11030
  },
11031
+ reachContinueOnAnalysisErrors: {
11032
+ type: 'boolean',
11033
+ default: false,
11034
+ hidden: true,
11035
+ description: 'Continue reachability analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) results. By default, the CLI halts on analysis errors.'
11036
+ },
11037
+ reachContinueOnInstallErrors: {
11038
+ type: 'boolean',
11039
+ default: false,
11040
+ hidden: true,
11041
+ description: 'Continue reachability analysis when package installation fails, falling back to precomputed (Tier 2) results. By default, the CLI halts on installation errors.'
11042
+ },
11043
+ reachContinueOnMissingLockFiles: {
11044
+ type: 'boolean',
11045
+ default: false,
11046
+ hidden: true,
11047
+ description: 'Continue reachability analysis when a Gradle or SBT project is missing its lock file (or version catalog / pre-generated SBOM). By default, the CLI halts.'
11048
+ },
11049
+ reachContinueOnNoSourceFiles: {
11050
+ type: 'boolean',
11051
+ default: false,
11052
+ hidden: true,
11053
+ description: 'Continue reachability analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts.'
11054
+ },
11017
11055
  reachDisableExternalToolChecks: {
11018
11056
  type: 'boolean',
11019
11057
  default: false,
@@ -11314,6 +11352,10 @@ async function run$d(argv, importMeta, {
11314
11352
  reachAnalysisMemoryLimit,
11315
11353
  reachAnalysisTimeout,
11316
11354
  reachConcurrency,
11355
+ reachContinueOnAnalysisErrors,
11356
+ reachContinueOnInstallErrors,
11357
+ reachContinueOnMissingLockFiles,
11358
+ reachContinueOnNoSourceFiles,
11317
11359
  reachDebug,
11318
11360
  reachDetailedAnalysisLogFile,
11319
11361
  reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
@@ -11466,7 +11508,7 @@ async function run$d(argv, importMeta, {
11466
11508
  const isUsingNonDefaultConcurrency = reachConcurrency !== reachabilityFlags['reachConcurrency']?.default;
11467
11509
  const isUsingNonDefaultAnalytics = reachDisableAnalytics !== reachabilityFlags['reachDisableAnalytics']?.default;
11468
11510
  const isUsingNonDefaultVersion = reachVersion !== reachabilityFlags['reachVersion']?.default;
11469
- const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachEnableAnalysisSplitting || reachLazyMode || reachSkipCache || reachUseOnlyPregeneratedSboms;
11511
+ const isUsingAnyReachabilityFlags = hasReachEcosystems || hasReachExcludePaths || isUsingNonDefaultAnalytics || isUsingNonDefaultConcurrency || isUsingNonDefaultMemoryLimit || isUsingNonDefaultTimeout || isUsingNonDefaultVersion || reachContinueOnAnalysisErrors || reachContinueOnInstallErrors || reachContinueOnMissingLockFiles || reachContinueOnNoSourceFiles || reachEnableAnalysisSplitting || reachLazyMode || reachSkipCache || reachUseOnlyPregeneratedSboms;
11470
11512
 
11471
11513
  // Validate target constraints when --reach is enabled.
11472
11514
  const reachTargetValidation = reach ? await validateReachabilityTarget(targets, cwd) : {
@@ -11554,6 +11596,10 @@ async function run$d(argv, importMeta, {
11554
11596
  reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
11555
11597
  reachAnalysisTimeout: Number(reachAnalysisTimeout),
11556
11598
  reachConcurrency: Number(reachConcurrency),
11599
+ reachContinueOnAnalysisErrors: Boolean(reachContinueOnAnalysisErrors),
11600
+ reachContinueOnInstallErrors: Boolean(reachContinueOnInstallErrors),
11601
+ reachContinueOnMissingLockFiles: Boolean(reachContinueOnMissingLockFiles),
11602
+ reachContinueOnNoSourceFiles: Boolean(reachContinueOnNoSourceFiles),
11557
11603
  reachDebug: Boolean(reachDebug),
11558
11604
  reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
11559
11605
  reachDisableAnalytics: Boolean(reachDisableAnalytics),
@@ -12208,6 +12254,10 @@ async function scanOneRepo(repoSlug, {
12208
12254
  reachAnalysisMemoryLimit: 0,
12209
12255
  reachAnalysisTimeout: 0,
12210
12256
  reachConcurrency: 1,
12257
+ reachContinueOnAnalysisErrors: false,
12258
+ reachContinueOnInstallErrors: false,
12259
+ reachContinueOnMissingLockFiles: false,
12260
+ reachContinueOnNoSourceFiles: false,
12211
12261
  reachDebug: false,
12212
12262
  reachDetailedAnalysisLogFile: false,
12213
12263
  reachDisableAnalytics: false,
@@ -13517,6 +13567,10 @@ async function run$7(argv, importMeta, {
13517
13567
  reachAnalysisMemoryLimit,
13518
13568
  reachAnalysisTimeout,
13519
13569
  reachConcurrency,
13570
+ reachContinueOnAnalysisErrors,
13571
+ reachContinueOnInstallErrors,
13572
+ reachContinueOnMissingLockFiles,
13573
+ reachContinueOnNoSourceFiles,
13520
13574
  reachDebug,
13521
13575
  reachDetailedAnalysisLogFile,
13522
13576
  reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
@@ -13619,6 +13673,10 @@ async function run$7(argv, importMeta, {
13619
13673
  reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
13620
13674
  reachAnalysisTimeout: Number(reachAnalysisTimeout),
13621
13675
  reachConcurrency: Number(reachConcurrency),
13676
+ reachContinueOnAnalysisErrors: Boolean(reachContinueOnAnalysisErrors),
13677
+ reachContinueOnInstallErrors: Boolean(reachContinueOnInstallErrors),
13678
+ reachContinueOnMissingLockFiles: Boolean(reachContinueOnMissingLockFiles),
13679
+ reachContinueOnNoSourceFiles: Boolean(reachContinueOnNoSourceFiles),
13622
13680
  reachDebug: Boolean(reachDebug),
13623
13681
  reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
13624
13682
  reachDisableAnalytics: Boolean(reachDisableAnalytics),
@@ -15555,5 +15613,5 @@ process.on('unhandledRejection', async (reason, promise) => {
15555
15613
  // eslint-disable-next-line n/no-process-exit
15556
15614
  process.exit(1);
15557
15615
  });
15558
- //# debugId=74ad19c5-bbe4-4587-bb79-5a9bb77194f
15616
+ //# debugId=88bbd944-b943-4785-a2f1-659724fdd70f
15559
15617
  //# sourceMappingURL=cli.js.map