From 46e6d4f042459e07cb673717c1291523cd41b441 Mon Sep 17 00:00:00 2001
From: Charlie Gerard <charlie.a.gerard@gmail.com>
Date: Tue, 7 Nov 2023 20:21:16 +1100
Subject: [PATCH 1/3] add scores to package data

---
 lib/commands/info/index.js | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/lib/commands/info/index.js b/lib/commands/info/index.js
index 6aebbaed..d3618678 100644
--- a/lib/commands/info/index.js
+++ b/lib/commands/info/index.js
@@ -115,6 +115,7 @@ function setupCommand (name, description, argv, importMeta) {
  * @typedef PackageData
  * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
  * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getScoreByNPMPackage'>["data"]} score
  */
 
 /**
@@ -127,6 +128,7 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
   const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
+  const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
@@ -146,6 +148,7 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   return {
     data: result.data,
     severityCount,
+    score: scoreResult.data
   }
 }
 
@@ -154,10 +157,21 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
  * @param {{ name: string } & CommandContext} context
  * @returns {void}
  */
- function formatPackageDataOutput ({ data, severityCount }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
+ function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
+    console.log('\nPackage report card:\n')
+
+    const scoreResult = {
+      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+      'Maintenance': Math.floor(score.maintenance.score * 100),
+      'Quality': Math.floor(score.quality.score * 100),
+      'Vulnerabilities': Math.floor(score.vulnerability.score * 100),
+      'License': Math.floor(score.license.score * 100)
+    }
+    Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
+
     const format = new ChalkOrMarkdown(!!outputMarkdown)
     const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
 
@@ -171,3 +185,21 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
     process.exit(1)
   }
 }
+
+/**
+ * @param {number} score
+ * @returns {string}
+ */
+function formatScore (score) {
+  const error = chalk.hex('#de7c7b')
+  const warning = chalk.hex('#e59361')
+  const success = chalk.hex('#a4cb9d')
+
+  if (score > 80) {
+    return `${success(score)}`
+  } else if (score < 80 && score > 60) {
+    return `${warning(score)}`
+  } else {
+    return `${error(score)}`
+  }
+}

From 74e8eaafde55ed663ac546268de8fbce269d09ab Mon Sep 17 00:00:00 2001
From: Charlie Gerard <charlie.a.gerard@gmail.com>
Date: Tue, 7 Nov 2023 20:42:23 +1100
Subject: [PATCH 2/3] add ts-ignore, will need to fix

---
 lib/commands/info/index.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/commands/info/index.js b/lib/commands/info/index.js
index d3618678..5416f149 100644
--- a/lib/commands/info/index.js
+++ b/lib/commands/info/index.js
@@ -148,6 +148,7 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   return {
     data: result.data,
     severityCount,
+    // @ts-ignore
     score: scoreResult.data
   }
 }

From cbd4785f937c67a522e8f14f17bd9b51efcc8829 Mon Sep 17 00:00:00 2001
From: Charlie Gerard <charlie.a.gerard@gmail.com>
Date: Wed, 8 Nov 2023 17:02:28 +1100
Subject: [PATCH 3/3] update and handle unsuccessful response

---
 lib/commands/info/index.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/commands/info/index.js b/lib/commands/info/index.js
index 5416f149..abee2416 100644
--- a/lib/commands/info/index.js
+++ b/lib/commands/info/index.js
@@ -134,6 +134,10 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
   }
 
+  if (scoreResult.success === false) {
+    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner)
+  }
+
   // Conclude the status of the API call
 
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
@@ -148,7 +152,6 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   return {
     data: result.data,
     severityCount,
-    // @ts-ignore
     score: scoreResult.data
   }
 }