Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Render issues when running socket info #93

Merged
merged 4 commits into from
Nov 13, 2023
Merged

Render issues when running socket info #93

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c050b04
Render issues
charliegerard Nov 13, 2023
83941c0
refactor
charliegerard Nov 13, 2023
b48d5d3
update
charliegerard Nov 13, 2023
1a0d214
small refactor
charliegerard Nov 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 49 additions & 19 deletions lib/commands/info/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,12 @@ export const info = {
const name = parentName + ' info'

const input = setupCommand(name, info.description, argv, importMeta)
const packageData = input && await fetchPackageData(input.pkgName, input.pkgVersion, input)

if (packageData) {
formatPackageDataOutput(packageData, { name, ...input })
if (input) {
const spinner = ora(`Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`).start()
const packageData = await fetchPackageData(input.pkgName, input.pkgVersion, input, spinner)
if (packageData) {
formatPackageDataOutput(packageData, { name, ...input }, spinner)
}
}
}
}
Expand Down Expand Up @@ -121,12 +123,12 @@ function setupCommand (name, description, argv, importMeta) {
/**
* @param {string} pkgName
* @param {string} pkgVersion
* @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
* @param {Pick<CommandContext, 'includeAllIssues'>} context
* @param {import('ora').Ora} spinner
* @returns {Promise<void|PackageData>}
*/
async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues }, spinner) {
const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')

Expand All @@ -139,16 +141,8 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
}

// Conclude the status of the API call

const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')

if (objectSome(severityCount)) {
const issueSummary = formatSeverityCount(severityCount)
spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
} else {
spinner.succeed('Package has no issues')
}

return {
data: result.data,
severityCount,
Expand All @@ -159,14 +153,14 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
/**
* @param {PackageData} packageData
* @param {{ name: string } & CommandContext} context
* @param {import('ora').Ora} spinner
* @returns {void}
*/
function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
if (outputJson) {
console.log(JSON.stringify(data, undefined, 2))
} else {
console.log('\nPackage report card:\n')

console.log('\nPackage report card:')
const scoreResult = {
'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
'Maintenance': Math.floor(score.maintenance.score * 100),
Expand All @@ -176,9 +170,20 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
}
Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))

// Package issues list
if (objectSome(severityCount)) {
const issueSummary = formatSeverityCount(severityCount)
console.log('\n')
spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
formatPackageIssuesDetails(data)
} else {
console.log('\n')
spinner.succeed('Package has no issues')
}

// Link to issues list
const format = new ChalkOrMarkdown(!!outputMarkdown)
const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`

console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
if (!outputMarkdown) {
console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
Expand All @@ -190,6 +195,31 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
}
}

/**
* @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} packageData
* @returns {void[]}
*/
function formatPackageIssuesDetails (packageData) {
const issueDetails = packageData.filter(d => d.value?.severity === 'high' || d.value?.severity === 'critical')
const uniqueIssues = issueDetails.reduce((/** @type {{ [key: string]: number }} */ acc, issue) => {
const { type } = issue
if (type) {
if (!acc[type]) {
acc[type] = 1
} else {
acc[type]++
}
}
return acc
}, {})
return Object.keys(uniqueIssues).map(issue => {
if (uniqueIssues[issue] === 1) {
return console.log(`- ${issue}`)
}
return console.log(`- ${issue}: ${uniqueIssues[issue]}`)
})
}

/**
* @param {number} score
* @returns {string}
Expand Down
Loading