Filter to only error action when using SOCKET_CLI_ACCEPT_RISKS

jdalton · jdalton · commit 8195cc577077 · 2025-04-05T21:58:57.000-05:00
diff --git a/src/shadow/npm/arborist/lib/arborist/index.ts b/src/shadow/npm/arborist/lib/arborist/index.ts
@@ -119,9 +119,11 @@ export class SafeArborist extends Arborist {
         options['yes'] ||
         acceptAllRisks
           ? {
+              actions: ['error'],
               blocked: true,
               critical: false,
               cve: false,
+              existing: true,
               unfixable: false
             }
           : {
diff --git a/src/utils/alert/artifact.ts b/src/utils/alert/artifact.ts
@@ -3,6 +3,8 @@ import constants from '../../constants'
 import type { Remap } from '@socketsecurity/registry/lib/objects'
 import type { components, operations } from '@socketsecurity/sdk/types/api'
 
+export type ALERT_ACTION = 'error' | 'monitor' | 'warn' | 'ignore'
+
 export type ALERT_TYPE = keyof NonNullable<
   operations['getOrgSecurityPolicy']['responses']['200']['content']['application/json']['securityPolicyRules']
 >
diff --git a/src/utils/arborist-helpers.ts b/src/utils/arborist-helpers.ts
@@ -207,6 +207,7 @@ export async function getAlertsMapFromArborist(
 
   const include = {
     __proto__: null,
+    actions: undefined,
     blocked: true,
     critical: true,
     cve: true,
@@ -262,7 +263,8 @@ export async function getAlertsMapFromArborist(
     {
       alerts: 'true',
       compact: 'true',
-      fixable: include.unfixable ? 'false' : 'true'
+      ...(include.actions ? { actions: include.actions.join(',') } : {}),
+      ...(include.unfixable ? {} : { fixable: 'true' })
     },
     {
       components: pkgIds.map(id => ({ purl: `pkg:npm/${id}` }))
diff --git a/src/utils/pnpm-lock-yaml.ts b/src/utils/pnpm-lock-yaml.ts
@@ -28,6 +28,7 @@ export async function getAlertsMapFromPnpmLockfile(
 
   const include = {
     __proto__: null,
+    actions: undefined,
     blocked: true,
     critical: true,
     cve: true,
diff --git a/src/utils/socket-package-alert.ts b/src/utils/socket-package-alert.ts
@@ -17,6 +17,7 @@ import constants from '../constants'
 import { findSocketYmlSync } from './config'
 
 import type {
+  ALERT_ACTION,
   ALERT_TYPE,
   CompactSocketArtifact,
   CompactSocketArtifactAlert
@@ -159,6 +160,7 @@ function getSeverityLabel(severity: `${ALERT_SEVERITY}`): string {
 }
 
 export type AlertIncludeFilter = {
+  actions?: ALERT_ACTION[] | undefined
   blocked?: boolean | undefined
   critical?: boolean | undefined
   cve?: boolean | undefined
@@ -194,6 +196,7 @@ export async function addArtifactToAlertsMap<T extends AlertsByPkgId>(
 
   const include = {
     __proto__: null,
+    actions: undefined,
     blocked: true,
     critical: true,
     cve: true,

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,8 @@ import constants from '../../constants'`
`3`	`3`	`import type { Remap } from '@socketsecurity/registry/lib/objects'`
`4`	`4`	`import type { components, operations } from '@socketsecurity/sdk/types/api'`
`5`	`5`
	`6`	`+export type ALERT_ACTION = 'error' \| 'monitor' \| 'warn' \| 'ignore'`
	`7`	`+`
`6`	`8`	`export type ALERT_TYPE = keyof NonNullable<`
`7`	`9`	`operations['getOrgSecurityPolicy']['responses']['200']['content']['application/json']['securityPolicyRules']`
`8`	`10`	`>`