diff --git a/src/commands/fix/cmd-fix.mts b/src/commands/fix/cmd-fix.mts index a2d6ec7b8..f765525e1 100644 --- a/src/commands/fix/cmd-fix.mts +++ b/src/commands/fix/cmd-fix.mts @@ -52,12 +52,14 @@ const generalFlags: MeowFlags = { 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository', )} for managing auto-merge for pull requests in your repository.`, }, - dontApplyFixes: { + applyFixes: { aliases: ['onlyCompute'], type: 'boolean', - default: false, + default: true, description: 'Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied.', + // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant. + hidden: true, }, id: { type: 'string', @@ -182,7 +184,14 @@ async function run( ${getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME}`)} Options - ${getFlagListOutput(config.flags)} + ${getFlagListOutput({ + ...config.flags, + // Explicitly document the negated --no-apply-fixes variant. + noApplyFixes: { + ...config.flags['applyFixes'], + hidden: false, + } as MeowFlag, + })} Environment Variables (for CI/PR mode) CI Set to enable CI mode @@ -208,8 +217,8 @@ async function run( ) const { + applyFixes, autopilot, - dontApplyFixes, glob, json, limit, @@ -223,7 +232,7 @@ async function run( unknownFlags = [], } = cli.flags as { autopilot: boolean - dontApplyFixes: boolean + applyFixes: boolean glob: string limit: number json: boolean @@ -292,7 +301,7 @@ async function run( await handleFix({ autopilot, - dontApplyFixes, + applyFixes, cwd, ghsas, glob, diff --git a/src/commands/fix/cmd-fix.test.mts b/src/commands/fix/cmd-fix.test.mts index 1736bbbad..a1655c8cb 100644 --- a/src/commands/fix/cmd-fix.test.mts +++ b/src/commands/fix/cmd-fix.test.mts @@ -172,7 +172,6 @@ describe('socket fix', async () => { Options --autopilot Enable auto-merge for pull requests that Socket opens. See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository. - --dont-apply-fixes Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied. --id Provide a list of vulnerability identifiers to compute fixes for: - GHSA IDs (https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids) (e.g., GHSA-xxxx-xxxx-xxxx) - CVE IDs (https://cve.mitre.org/cve/identifiers/) (e.g., CVE-2025-1234) - automatically converted to GHSA @@ -181,6 +180,7 @@ describe('socket fix', async () => { --json Output as JSON --limit The number of fixes to attempt at a time (default 10) --markdown Output as Markdown + --no-apply-fixes Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied. --output-file Path to store upgrades as a JSON file at this path. --range-style Define how dependency version ranges are updated in package.json (default 'preserve'). Available styles: diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts index 5365d3c97..b1fd574d8 100644 --- a/src/commands/fix/coana-fix.mts +++ b/src/commands/fix/coana-fix.mts @@ -43,9 +43,9 @@ export async function coanaFix( fixConfig: FixConfig, ): Promise> { const { + applyFixes, autopilot, cwd, - dontApplyFixes, ghsas, glob, limit, @@ -106,7 +106,7 @@ export async function coanaFix( if (!shouldOpenPrs) { // Inform user about local mode when fixes will be applied. - if (!dontApplyFixes && ghsas.length) { + if (applyFixes && ghsas.length) { const envCheck = checkCiEnvVars() if (envCheck.present.length) { // Some CI vars are set but not all - show what's missing. @@ -143,7 +143,7 @@ export async function coanaFix( ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), - ...(dontApplyFixes ? [FLAG_DRY_RUN] : []), + ...(!applyFixes ? [FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags, ], diff --git a/src/commands/fix/handle-fix.mts b/src/commands/fix/handle-fix.mts index c37fb9e7e..534e180a9 100644 --- a/src/commands/fix/handle-fix.mts +++ b/src/commands/fix/handle-fix.mts @@ -16,7 +16,7 @@ const CVE_FORMAT_REGEXP = /^CVE-\d{4}-\d{4,}$/ export type HandleFixConfig = Remap< FixConfig & { - dontApplyFixes: boolean + applyFixes: boolean ghsas: string[] glob: string orgSlug: string @@ -98,9 +98,9 @@ export async function convertIdsToGhsas(ids: string[]): Promise { } export async function handleFix({ + applyFixes, autopilot, cwd, - dontApplyFixes, ghsas, glob, limit, @@ -121,7 +121,7 @@ export async function handleFix({ glob, limit, minSatisfying, - dontApplyFixes, + applyFixes, outputFile, outputKind, prCheck, @@ -132,7 +132,7 @@ export async function handleFix({ await outputFixResult( await coanaFix({ autopilot, - dontApplyFixes, + applyFixes, cwd, // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only ghsas: await convertIdsToGhsas(ghsas), diff --git a/src/commands/fix/types.mts b/src/commands/fix/types.mts index a21b7bda8..aaca8db35 100644 --- a/src/commands/fix/types.mts +++ b/src/commands/fix/types.mts @@ -3,7 +3,7 @@ import type { Spinner } from '@socketsecurity/registry/lib/spinner' export type FixConfig = { autopilot: boolean - dontApplyFixes: boolean + applyFixes: boolean cwd: string ghsas: string[] glob: string