Skip to content

Commit aaba0a2

Browse files
committed
add --reach-version and --fix-version flags to override the default coana CLI version used
1 parent 71aa15b commit aaba0a2

17 files changed

Lines changed: 112 additions & 46 deletions

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
44

55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
66

7+
## [1.1.40](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-01
8+
9+
### Added
10+
- Added `--reach-version` flag to `socket scan create` and `socket scan reach` to override the @coana-tech/cli version used for reachability analysis.
11+
- Added `--fix-version` flag to `socket fix` to override the @coana-tech/cli version used for fix analysis.
12+
713
## [1.1.39](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.39) - 2025-12-01
814

915
### Added

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "socket",
3-
"version": "1.1.39",
3+
"version": "1.1.40",
44
"description": "CLI for Socket.dev",
55
"homepage": "https://github.com/SocketDev/socket-cli",
66
"license": "MIT AND OFL-1.1",

src/commands/ci/handle-ci.mts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,15 +51,16 @@ export async function handleCi(autoManifest: boolean): Promise<void> {
5151
pendingHead: true,
5252
pullRequest: 0,
5353
reach: {
54-
reachAnalysisTimeout: 0,
5554
reachAnalysisMemoryLimit: 0,
55+
reachAnalysisTimeout: 0,
5656
reachConcurrency: 1,
5757
reachDebug: false,
58-
reachDisableAnalytics: false,
5958
reachDisableAnalysisSplitting: false,
59+
reachDisableAnalytics: false,
6060
reachEcosystems: [],
6161
reachExcludePaths: [],
6262
reachSkipCache: false,
63+
reachVersion: undefined,
6364
runReachabilityAnalysis: false,
6465
},
6566
repoName,

src/commands/fix/cmd-fix.integration.test.mts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,7 @@ describe('socket fix', async () => {
167167
--autopilot Enable auto-merge for pull requests that Socket opens.
168168
See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository.
169169
--exclude Exclude workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags
170+
--fix-version Override the version of @coana-tech/cli used for fix analysis. Default: <coana-version>.
170171
--id Provide a list of vulnerability identifiers to compute fixes for:
171172
- GHSA IDs (https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids) (e.g., GHSA-xxxx-xxxx-xxxx)
172173
- CVE IDs (https://cve.mitre.org/cve/identifiers/) (e.g., CVE-2025-1234) - automatically converted to GHSA

src/commands/fix/cmd-fix.mts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ const generalFlags: MeowFlags = {
5252
'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository',
5353
)} for managing auto-merge for pull requests in your repository.`,
5454
},
55+
fixVersion: {
56+
type: 'string',
57+
description: `Override the version of @coana-tech/cli used for fix analysis. Default: ${constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}.`,
58+
},
5559
applyFixes: {
5660
aliases: ['onlyCompute'],
5761
type: 'boolean',
@@ -258,6 +262,7 @@ async function run(
258262
applyFixes,
259263
autopilot,
260264
exclude,
265+
fixVersion,
261266
include,
262267
json,
263268
limit,
@@ -276,6 +281,7 @@ async function run(
276281
applyFixes: boolean
277282
autopilot: boolean
278283
exclude: string[]
284+
fixVersion: string | undefined
279285
include: string[]
280286
json: boolean
281287
limit: number
@@ -353,6 +359,7 @@ async function run(
353359
await handleFix({
354360
applyFixes,
355361
autopilot,
362+
coanaVersion: fixVersion,
356363
cwd,
357364
disableMajorUpdates,
358365
exclude: excludePatterns,

src/commands/fix/coana-fix.mts

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ async function discoverGhsaIds(
9797
...fixConfig.unknownFlags,
9898
],
9999
orgSlug,
100-
{ cwd, spinner },
100+
{ coanaVersion: fixConfig.coanaVersion, cwd, spinner },
101101
)
102102

103103
if (foundCResult.ok) {
@@ -115,6 +115,7 @@ export async function coanaFix(
115115
const {
116116
applyFixes,
117117
autopilot,
118+
coanaVersion,
118119
cwd,
119120
disableMajorUpdates,
120121
exclude,
@@ -253,7 +254,7 @@ export async function coanaFix(
253254
...fixConfig.unknownFlags,
254255
],
255256
fixConfig.orgSlug,
256-
{ cwd, spinner, stdio: 'inherit' },
257+
{ coanaVersion, cwd, spinner, stdio: 'inherit' },
257258
)
258259

259260
spinner?.stop()
@@ -374,7 +375,7 @@ export async function coanaFix(
374375
...fixConfig.unknownFlags,
375376
],
376377
fixConfig.orgSlug,
377-
{ cwd, spinner, stdio: 'inherit' },
378+
{ coanaVersion, cwd, spinner, stdio: 'inherit' },
378379
)
379380

380381
if (!fixCResult.ok) {

src/commands/fix/handle-fix.mts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ const CVE_FORMAT_REGEXP = /^CVE-\d{4}-\d{4,}$/
1717
export type HandleFixConfig = Remap<
1818
FixConfig & {
1919
applyFixes: boolean
20+
coanaVersion?: string | undefined
2021
ghsas: string[]
2122
orgSlug: string
2223
outputKind: OutputKind
@@ -98,6 +99,7 @@ export async function convertIdsToGhsas(ids: string[]): Promise<string[]> {
9899
export async function handleFix({
99100
applyFixes,
100101
autopilot,
102+
coanaVersion,
101103
cwd,
102104
disableMajorUpdates,
103105
exclude,
@@ -119,6 +121,7 @@ export async function handleFix({
119121
debugDir('inspect', {
120122
applyFixes,
121123
autopilot,
124+
coanaVersion,
122125
cwd,
123126
disableMajorUpdates,
124127
exclude,
@@ -139,6 +142,7 @@ export async function handleFix({
139142
await coanaFix({
140143
applyFixes,
141144
autopilot,
145+
coanaVersion,
142146
cwd,
143147
disableMajorUpdates,
144148
exclude,

src/commands/fix/types.mts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import type { Spinner } from '@socketsecurity/registry/lib/spinner'
44
export type FixConfig = {
55
applyFixes: boolean
66
autopilot: boolean
7+
coanaVersion: string | undefined
78
cwd: string
89
disableMajorUpdates: boolean
910
exclude: string[]

src/commands/scan/cmd-scan-create.mts

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -244,15 +244,16 @@ async function run(
244244
reachDisableAnalysisSplitting,
245245
reachDisableAnalytics,
246246
reachSkipCache,
247+
reachVersion,
247248
readOnly,
248249
reportLevel,
249250
setAsAlertsPage: pendingHeadFlag,
250251
tmp,
251252
} = cli.flags as {
252-
cwd: string
253253
commitHash: string
254254
commitMessage: string
255255
committers: string
256+
cwd: string
256257
defaultBranch: boolean
257258
interactive: boolean
258259
json: boolean
@@ -265,13 +266,14 @@ async function run(
265266
tmp: boolean
266267
// Reachability flags.
267268
reach: boolean
268-
reachAnalysisTimeout: number
269269
reachAnalysisMemoryLimit: number
270+
reachAnalysisTimeout: number
270271
reachConcurrency: number
271272
reachDebug: boolean
272-
reachDisableAnalytics: boolean
273273
reachDisableAnalysisSplitting: boolean
274+
reachDisableAnalytics: boolean
274275
reachSkipCache: boolean
276+
reachVersion: string | undefined
275277
}
276278

277279
// Validate ecosystem values.
@@ -444,15 +446,19 @@ async function run(
444446
reachDisableAnalytics !==
445447
reachabilityFlags['reachDisableAnalytics']?.default
446448

449+
const isUsingNonDefaultVersion =
450+
reachVersion !== reachabilityFlags['reachVersion']?.default
451+
447452
const isUsingAnyReachabilityFlags =
448-
isUsingNonDefaultMemoryLimit ||
449-
isUsingNonDefaultTimeout ||
450-
isUsingNonDefaultConcurrency ||
451-
isUsingNonDefaultAnalytics ||
452453
hasReachEcosystems ||
453454
hasReachExcludePaths ||
454-
reachSkipCache ||
455-
reachDisableAnalysisSplitting
455+
isUsingNonDefaultAnalytics ||
456+
isUsingNonDefaultConcurrency ||
457+
isUsingNonDefaultMemoryLimit ||
458+
isUsingNonDefaultTimeout ||
459+
isUsingNonDefaultVersion ||
460+
reachDisableAnalysisSplitting ||
461+
reachSkipCache
456462

457463
// Validate target constraints when --reach is enabled.
458464
const reachTargetValidation = reach
@@ -558,16 +564,17 @@ async function run(
558564
pendingHead: Boolean(pendingHead),
559565
pullRequest: Number(pullRequest),
560566
reach: {
561-
runReachabilityAnalysis: Boolean(reach),
562-
reachDisableAnalytics: Boolean(reachDisableAnalytics),
563-
reachAnalysisTimeout: Number(reachAnalysisTimeout),
564567
reachAnalysisMemoryLimit: Number(reachAnalysisMemoryLimit),
568+
reachAnalysisTimeout: Number(reachAnalysisTimeout),
565569
reachConcurrency: Number(reachConcurrency),
566570
reachDebug: Boolean(reachDebug),
567571
reachDisableAnalysisSplitting: Boolean(reachDisableAnalysisSplitting),
572+
reachDisableAnalytics: Boolean(reachDisableAnalytics),
568573
reachEcosystems,
569574
reachExcludePaths,
570575
reachSkipCache: Boolean(reachSkipCache),
576+
reachVersion,
577+
runReachabilityAnalysis: Boolean(reach),
571578
},
572579
readOnly: Boolean(readOnly),
573580
repoName,

src/commands/scan/cmd-scan-create.test.mts

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ describe('socket scan create', async () => {
6363
--reach-ecosystems List of ecosystems to conduct reachability analysis on, as either a comma separated value or as multiple flags. Defaults to all ecosystems.
6464
--reach-exclude-paths List of paths to exclude from reachability analysis, as either a comma separated value or as multiple flags.
6565
--reach-skip-cache Skip caching-based optimizations. By default, the reachability analysis will use cached configurations from previous runs to speed up the analysis.
66+
--reach-version Override the version of @coana-tech/cli used for reachability analysis. Default: <coana-version>.
6667
6768
Uploads the specified dependency manifest files for Go, Gradle, JavaScript,
6869
Kotlin, Python, and Scala. Files like "package.json" and "requirements.txt".
@@ -102,9 +103,9 @@ describe('socket scan create', async () => {
102103
expect(`\n ${stderr}`).toMatchInlineSnapshot(`
103104
"
104105
_____ _ _ /---------------
105-
| __|___ ___| |_ ___| |_ | CLI: <redacted>
106-
|__ | * | _| '_| -_| _| | token: <redacted>, org: <redacted>
107-
|_____|___|___|_,_|___|_|.dev | Command: \`socket scan create\`, cwd: <redacted>"
106+
| __|___ ___| |_ ___| |_ | CLI: v1.1.40
107+
|__ | * | _| '_| -_| _| | token: (not set), org: (not set)
108+
|_____|___|___|_,_|___|_|.dev | Command: \`socket scan create\`, cwd: ~/socket/socket-cli"
108109
`)
109110

110111
expect(code, 'explicit help should exit with code 0').toBe(0)
@@ -136,9 +137,9 @@ describe('socket scan create', async () => {
136137
expect(`\n ${stderr}`).toMatchInlineSnapshot(`
137138
"
138139
_____ _ _ /---------------
139-
| __|___ ___| |_ ___| |_ | CLI: <redacted>
140-
|__ | * | _| '_| -_| _| | token: <redacted>, org: <redacted>
141-
|_____|___|___|_,_|___|_|.dev | Command: \`socket scan create\`, cwd: <redacted>"
140+
| __|___ ___| |_ ___| |_ | CLI: v1.1.40
141+
|__ | * | _| '_| -_| _| | token: en*** (--config flag), org: fakeOrg (--org flag)
142+
|_____|___|___|_,_|___|_|.dev | Command: \`socket scan create\`, cwd: ~/socket/socket-cli"
142143
`)
143144

144145
expect(code, 'dry-run should exit with code 0 if input ok').toBe(0)

0 commit comments

Comments
 (0)