From 8974996ff0d51cfe8a5eca574fb8a9584d96375e Mon Sep 17 00:00:00 2001 From: jdalton Date: Wed, 9 Apr 2025 13:10:46 -0600 Subject: [PATCH 1/2] Add range-style flag to fix command --- .dep-stats.json | 2 +- src/commands/fix/cmd-fix.test.ts | 24 +++++++++++++++-------- src/commands/fix/cmd-fix.ts | 33 ++++++++++++++++++++++++++++++++ src/commands/fix/npm-fix.ts | 2 ++ src/commands/fix/pnpm-fix.ts | 9 +++++---- src/commands/fix/run-fix.ts | 5 +++++ src/commands/fix/types.ts | 3 +++ 7 files changed, 65 insertions(+), 13 deletions(-) create mode 100644 src/commands/fix/types.ts diff --git a/.dep-stats.json b/.dep-stats.json index c720a8469..8a08a71c9 100644 --- a/.dep-stats.json +++ b/.dep-stats.json @@ -10,7 +10,7 @@ "@socketregistry/is-interactive": "1.0.5", "@socketregistry/packageurl-js": "1.0.5", "@socketsecurity/config": "2.1.3", - "@socketsecurity/registry": "1.0.139", + "@socketsecurity/registry": "1.0.140", "@socketsecurity/sdk": "1.4.26", "browserslist": "4.24.4", "chalk-table": "1.0.2", diff --git a/src/commands/fix/cmd-fix.test.ts b/src/commands/fix/cmd-fix.test.ts index 2e9624346..229d68b74 100644 --- a/src/commands/fix/cmd-fix.test.ts +++ b/src/commands/fix/cmd-fix.test.ts @@ -20,14 +20,22 @@ describe('socket fix', async () => { ` "Fix "fixable" Socket alerts - Usage - $ socket fix - - Options - --dryRun Do input validation for a command and exit 0 when input is ok - --help Print this help - --test Very the fix by running unit tests - --testScript The test script to run for each fix attempt" + Usage + $ socket fix + + Options + --dryRun Do input validation for a command and exit 0 when input is ok + --help Print this help + --rangeStyle Define how updated dependency versions should be written in package.json. + Available styles: + *\\x09caret - Use ^ range for compatible updates (e.g. ^1.2.3) + *\\x09gt - Use >= to allow any newer version (e.g. >=1.2.3) + *\\x09lt - Use < to allow only lower versions (e.g. <1.2.3) + *\\x09pin - Use the exact version (e.g. 1.2.3) + *\\x09preserve - Retain the existing version range as-is + *\\x09tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3) + --test Very the fix by running unit tests + --testScript The test script to run for each fix attempt" ` ) expect(`\n ${stderr}`).toMatchInlineSnapshot(` diff --git a/src/commands/fix/cmd-fix.ts b/src/commands/fix/cmd-fix.ts index dbb1f9327..b6bdf7dbb 100644 --- a/src/commands/fix/cmd-fix.ts +++ b/src/commands/fix/cmd-fix.ts @@ -1,11 +1,17 @@ +import { stripIndent } from 'common-tags' + +import { joinOr } from '@socketsecurity/registry/lib/arrays' import { logger } from '@socketsecurity/registry/lib/logger' import { runFix } from './run-fix' +import { RangeStyles } from './types' import constants from '../../constants' import { commonFlags } from '../../flags' +import { handleBadInput } from '../../utils/handle-bad-input' import { meowOrExit } from '../../utils/meow-with-subcommands' import { getFlagListOutput } from '../../utils/output-formatting' +import type { RangeStyle } from './types' import type { CliCommandConfig } from '../../utils/meow-with-subcommands' const { DRY_RUN_BAIL_TEXT } = constants @@ -16,6 +22,20 @@ const config: CliCommandConfig = { hidden: true, flags: { ...commonFlags, + rangeStyle: { + type: 'string', + default: 'preserve', + description: stripIndent` + Define how updated dependency versions should be written in package.json. + Available styles: + * caret - Use ^ range for compatible updates (e.g. ^1.2.3) + * gt - Use >= to allow any newer version (e.g. >=1.2.3) + * lt - Use < to allow only lower versions (e.g. <1.2.3) + * pin - Use the exact version (e.g. 1.2.3) + * preserve - Retain the existing version range as-is + * tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3) + ` + }, test: { type: 'boolean', default: true, @@ -54,6 +74,16 @@ async function run( parentName }) + const wasBadInput = handleBadInput({ + test: RangeStyles.includes(cli.flags['rangeStyle'] as string), + message: `Expecting range style of ${joinOr(RangeStyles)}`, + pass: 'ok', + fail: 'missing' + }) + if (wasBadInput) { + return + } + if (cli.flags['dryRun']) { logger.log(DRY_RUN_BAIL_TEXT) return @@ -64,6 +94,9 @@ async function run( await runFix({ spinner, + rangeStyle: (cli.flags['rangeStyle'] ?? undefined) as + | RangeStyle + | undefined, test: Boolean(cli.flags['test']), testScript: cli.flags['testScript'] as string | undefined }) diff --git a/src/commands/fix/npm-fix.ts b/src/commands/fix/npm-fix.ts index 4889174bb..ac965fc74 100644 --- a/src/commands/fix/npm-fix.ts +++ b/src/commands/fix/npm-fix.ts @@ -23,6 +23,7 @@ import { } from '../../utils/arborist-helpers' import { getCveInfoByAlertsMap } from '../../utils/socket-package-alert' +import type { RangeStyle } from './types' import type { SafeNode } from '../../shadow/npm/arborist/lib/node' import type { EnvDetails } from '../../utils/package-environment' import type { PackageJson } from '@socketsecurity/registry/lib/packages' @@ -49,6 +50,7 @@ async function install( type NpmFixOptions = { cwd?: string | undefined + rangeStyle?: RangeStyle | undefined spinner?: Spinner | undefined test?: boolean | undefined testScript?: string | undefined diff --git a/src/commands/fix/pnpm-fix.ts b/src/commands/fix/pnpm-fix.ts index 96b6a13f0..aaf0aa747 100644 --- a/src/commands/fix/pnpm-fix.ts +++ b/src/commands/fix/pnpm-fix.ts @@ -25,14 +25,14 @@ import { getAlertsMapFromPnpmLockfile } from '../../utils/pnpm-lock-yaml' import { getCveInfoByAlertsMap } from '../../utils/socket-package-alert' import { runAgentInstall } from '../optimize/run-agent' +import type { RangeStyle } from './types' +import type { StringKeyValueObject } from '../../types' import type { EnvDetails } from '../../utils/package-environment' import type { PackageJson } from '@socketsecurity/registry/lib/packages' import type { Spinner } from '@socketsecurity/registry/lib/spinner' const { CI, NPM, OVERRIDES, PNPM } = constants -type StringKeyedObject = { [key: string]: string } - type InstallOptions = { spinner?: Spinner | undefined } @@ -51,6 +51,7 @@ async function install( type PnpmFixOptions = { cwd?: string | undefined + rangeStyle?: RangeStyle | undefined spinner?: Spinner | undefined test?: boolean | undefined testScript?: string | undefined @@ -136,9 +137,9 @@ export async function pnpmFix( ? packument.versions[targetVersion] : undefined if (targetVersion && targetPackument) { - const oldPnpm = pkgJson[PNPM] as StringKeyedObject | undefined + const oldPnpm = pkgJson[PNPM] as StringKeyValueObject | undefined const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0 - const oldOverrides = (oldPnpm as StringKeyedObject)?.[OVERRIDES] as + const oldOverrides = (oldPnpm as StringKeyValueObject)?.[OVERRIDES] as | Record | undefined const overridesCount = oldOverrides diff --git a/src/commands/fix/run-fix.ts b/src/commands/fix/run-fix.ts index d183880d8..9b12d42a7 100644 --- a/src/commands/fix/run-fix.ts +++ b/src/commands/fix/run-fix.ts @@ -5,6 +5,7 @@ import { pnpmFix } from './pnpm-fix' import constants from '../../constants' import { detectAndValidatePackageEnvironment } from '../../utils/package-environment' +import type { RangeStyle } from './types' import type { Spinner } from '@socketsecurity/registry/lib/spinner' const { NPM, PNPM } = constants @@ -13,6 +14,7 @@ const CMD_NAME = 'socket fix' type RunFixOptions = { cwd?: string | undefined + rangeStyle?: RangeStyle | undefined spinner?: Spinner | undefined test?: boolean | undefined testScript?: string | undefined @@ -20,6 +22,7 @@ type RunFixOptions = { export async function runFix({ cwd = process.cwd(), + rangeStyle, spinner, test = false, testScript = 'test' @@ -36,6 +39,7 @@ export async function runFix({ switch (pkgEnvDetails.agent) { case NPM: { await npmFix(pkgEnvDetails, { + rangeStyle, spinner, test, testScript @@ -44,6 +48,7 @@ export async function runFix({ } case PNPM: { await pnpmFix(pkgEnvDetails, { + rangeStyle, spinner, test, testScript diff --git a/src/commands/fix/types.ts b/src/commands/fix/types.ts new file mode 100644 index 000000000..f75819c8d --- /dev/null +++ b/src/commands/fix/types.ts @@ -0,0 +1,3 @@ +export type RangeStyle = 'caret' | 'gt' | 'lt' | 'pin' | 'preserve' | 'tilde' + +export const RangeStyles = ['caret', 'gt', 'lt', 'pin', 'preserve', 'tilde'] From 41d1124622f02307ae3b88fecf5c102aab69ecd9 Mon Sep 17 00:00:00 2001 From: John-David Dalton Date: Wed, 9 Apr 2025 14:06:46 -0600 Subject: [PATCH 2/2] Update src/commands/fix/cmd-fix.test.ts Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com> Signed-off-by: John-David Dalton --- src/commands/fix/cmd-fix.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/fix/cmd-fix.test.ts b/src/commands/fix/cmd-fix.test.ts index 229d68b74..1429f6f85 100644 --- a/src/commands/fix/cmd-fix.test.ts +++ b/src/commands/fix/cmd-fix.test.ts @@ -34,7 +34,7 @@ describe('socket fix', async () => { *\\x09pin - Use the exact version (e.g. 1.2.3) *\\x09preserve - Retain the existing version range as-is *\\x09tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3) - --test Very the fix by running unit tests + --test Verify the fix by running unit tests --testScript The test script to run for each fix attempt" ` )