Merge branch 'main' into cmd_pkg_score

Author: pvdz

.dep-stats.json

@@ -5,11 +5,11 @@
     "@pnpm/lockfile.detect-dep-types": "^1001.0.5",
     "@socketregistry/hyrious__bun.lockb": "1.0.16",
     "@socketregistry/indent-string": "1.0.12",
-    "@socketregistry/is-interactive": "1.0.4",
+    "@socketregistry/is-interactive": "1.0.5",
     "@socketregistry/packageurl-js": "1.0.4",
     "@socketsecurity/config": "2.1.3",
-    "@socketsecurity/registry": "1.0.133",
-    "@socketsecurity/sdk": "1.4.11",
+    "@socketsecurity/registry": "1.0.135",
+    "@socketsecurity/sdk": "1.4.16",
     "blessed": "0.1.81",
     "blessed-contrib": "4.11.0",
     "browserslist": "4.24.4",

knip.json

@@ -1,5 +1,20 @@
 {
-  "entry": ["scripts/**/*.js", "src/**/*.ts", "test/**/*.test.ts"],
-  "project": ["scripts/**/*", "src/**/*", "test/**/*"],
-  "ignore": ["dist/**/*"]
+  "entry": [
+    ".config/*.{js,mjs}",
+    "bin/*.js",
+    "scripts/**/*.js",
+    "shadow-bin/**",
+    "src/**/*.ts",
+    "test/**/*.test.ts",
+    "*.js"
+  ],
+  "project": [
+    ".config/**",
+    "bin/**",
+    "scripts/**",
+    "shadow-bin/**",
+    "src/**",
+    "test/**"
+  ],
+  "ignore": ["dist/**"]
 }

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "0.14.64",
+  "version": "0.14.67",
   "description": "CLI tool for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -76,11 +76,11 @@
     "@pnpm/lockfile.detect-dep-types": "^1001.0.5",
     "@socketregistry/hyrious__bun.lockb": "1.0.16",
     "@socketregistry/indent-string": "1.0.12",
-    "@socketregistry/is-interactive": "1.0.4",
+    "@socketregistry/is-interactive": "1.0.5",
     "@socketregistry/packageurl-js": "1.0.4",
     "@socketsecurity/config": "2.1.3",
-    "@socketsecurity/registry": "1.0.133",
-    "@socketsecurity/sdk": "1.4.11",
+    "@socketsecurity/registry": "1.0.135",
+    "@socketsecurity/sdk": "1.4.16",
     "blessed": "0.1.81",
     "blessed-contrib": "4.11.0",
     "browserslist": "4.24.4",
@@ -110,12 +110,12 @@
     "@babel/plugin-transform-export-namespace-from": "^7.25.9",
     "@babel/plugin-transform-runtime": "^7.26.10",
     "@babel/preset-env": "^7.26.9",
-    "@babel/preset-typescript": "^7.26.0",
-    "@babel/runtime": "^7.26.10",
+    "@babel/preset-typescript": "^7.27.0",
+    "@babel/runtime": "^7.27.0",
     "@biomejs/biome": "^1.9.4",
     "@cyclonedx/cdxgen": "^11.2.2",
     "@eslint/compat": "^1.2.7",
-    "@eslint/js": "^9.22.0",
+    "@eslint/js": "^9.23.0",
     "@rollup/plugin-commonjs": "^28.0.3",
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^16.0.1",
@@ -126,20 +126,17 @@
     "@types/common-tags": "^1.8.4",
     "@types/micromatch": "^4.0.9",
     "@types/mock-fs": "^4.13.4",
-    "@types/node": "^22.13.10",
+    "@types/node": "^22.13.13",
     "@types/npmcli__arborist": "^6.3.0",
-    "@types/npmcli__promise-spawn": "^6.0.3",
     "@types/proc-log": "^3.0.4",
     "@types/semver": "^7.5.8",
-    "@types/update-notifier": "^6.0.8",
     "@types/which": "^3.0.4",
     "@types/yargs-parser": "^21.0.3",
-    "@typescript-eslint/eslint-plugin": "^8.27.0",
-    "@typescript-eslint/parser": "^8.27.0",
+    "@typescript-eslint/parser": "^8.28.0",
     "@vitest/coverage-v8": "3.0.9",
     "cross-env": "^7.0.3",
     "del-cli": "^6.0.0",
-    "eslint": "^9.22.0",
+    "eslint": "^9.23.0",
     "eslint-import-resolver-oxc": "^0.13.1",
     "eslint-plugin-import-x": "^4.9.1",
     "eslint-plugin-n": "^17.16.2",
@@ -153,14 +150,14 @@
     "mock-fs": "^5.5.0",
     "nock": "^14.0.1",
     "npm-run-all2": "^7.0.2",
-    "oxlint": "0.16.1",
+    "oxlint": "0.16.2",
     "read-package-up": "^11.0.0",
-    "rollup": "4.36.0",
+    "rollup": "4.37.0",
     "rollup-plugin-ts": "^3.4.5",
     "synp": "^1.9.14",
     "type-coverage": "^2.29.7",
     "typescript": "5.4.5",
-    "typescript-eslint": "^8.27.0",
+    "typescript-eslint": "^8.28.0",
     "unplugin-purge-polyfills": "^0.0.7",
     "vitest": "3.0.9"
   },
@@ -189,7 +186,7 @@
     "tiny-colors": "$yoctocolors-cjs",
     "typedarray": "npm:@socketregistry/typedarray@^1",
     "undici": "^6.21.1",
-    "vite": "^6.2.0",
+    "vite": "^6.2.3",
     "xml2js": "^0.5.0",
     "yaml": "2.7.0"
   },

package.json

@@ -12,6 +12,7 @@ import { logger } from '@socketsecurity/registry/lib/logger'
 import { cmdAnalytics } from './commands/analytics/cmd-analytics'
 import { cmdAuditLog } from './commands/audit-log/cmd-audit-log'
 import { cmdCdxgen } from './commands/cdxgen/cmd-cdxgen'
+import { cmdConfig } from './commands/config/cmd-config'
 import { cmdScanCreate } from './commands/dependencies/cmd-dependencies'
 import { cmdDiffScan } from './commands/diff-scan/cmd-diff-scan'
 import { cmdFix } from './commands/fix/cmd-fix'
@@ -51,6 +52,7 @@ void (async () => {
     await meowWithSubcommands(
       {
         cdxgen: cmdCdxgen,
+        config: cmdConfig,
         fix: cmdFix,
         info: cmdInfo,
         login: cmdLogin,

src/cli.ts

@@ -11,10 +11,13 @@ describe('socket analytics', async () => {
   // Lazily access constants.rootBinPath.
   const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
 
-  cmdit(['analytics', '--help'], 'should support --help', async cmd => {
-    const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
-    expect(stdout).toMatchInlineSnapshot(
-      `
+  cmdit(
+    ['analytics', '--help', '--config', '{}'],
+    'should support --help',
+    async cmd => {
+      const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
+      expect(stdout).toMatchInlineSnapshot(
+        `
       "Look up analytics data
 
         Usage
@@ -38,23 +41,24 @@ describe('socket analytics', async () => {
           $ socket analytics --scope=org --time=30
           $ socket analytics --scope=repo --repo=test-repo --time=30"
     `
-    )
-    expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
+      )
+      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
       "
          _____         _       _        /---------------
         |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver <redacted>
         |__   | . |  _| '_| -_|  _|     | Node: <redacted>, API token set: <redacted>
         |_____|___|___|_,_|___|_|.dev   | Command: \`socket analytics\`, cwd: <redacted>"
     `)
 
-    expect(code, 'help should exit with code 2').toBe(2)
-    expect(stderr, 'header should include command (without params)').toContain(
-      '`socket analytics`'
-    )
-  })
+      expect(code, 'help should exit with code 2').toBe(2)
+      expect(stderr, 'banner includes base command').toContain(
+        '`socket analytics`'
+      )
+    }
+  )
 
   cmdit(
-    ['analytics', '--dry-run'],
+    ['analytics', '--dry-run', '--config', '{}'],
     'should require args with just dry-run',
     async cmd => {
       const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)

src/commands/analytics/cmd-analytics.test.ts

@@ -11,9 +11,9 @@ export async function fetchOrgAnalyticsData(
   spinner: Spinner,
   apiToken: string
 ): Promise<SocketSdkReturnType<'getOrgAnalytics'>['data'] | undefined> {
-  const socketSdk = await setupSdk(apiToken)
+  const sockSdk = await setupSdk(apiToken)
   const result = await handleApiCall(
-    socketSdk.getOrgAnalytics(time.toString()),
+    sockSdk.getOrgAnalytics(time.toString()),
     'fetching analytics data'
   )
 

src/commands/analytics/fetch-org-analytics.ts

@@ -12,9 +12,9 @@ export async function fetchRepoAnalyticsData(
   spinner: Spinner,
   apiToken: string
 ): Promise<SocketSdkReturnType<'getRepoAnalytics'>['data'] | undefined> {
-  const socketSdk = await setupSdk(apiToken)
+  const sockSdk = await setupSdk(apiToken)
   const result = await handleApiCall(
-    socketSdk.getRepoAnalytics(repo, time.toString()),
+    sockSdk.getRepoAnalytics(repo, time.toString()),
     'fetching analytics data'
   )
 

src/commands/analytics/fetch-repo-analytics.ts

@@ -11,10 +11,13 @@ describe('socket audit-log', async () => {
   // Lazily access constants.rootBinPath.
   const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
 
-  cmdit(['audit-log', '--help'], 'should support --help', async cmd => {
-    const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
-    expect(stdout).toMatchInlineSnapshot(
-      `
+  cmdit(
+    ['audit-log', '--help', '--config', '{}'],
+    'should support --help',
+    async cmd => {
+      const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
+      expect(stdout).toMatchInlineSnapshot(
+        `
       "Look up the audit log for an organization
 
         Usage
@@ -35,23 +38,24 @@ describe('socket audit-log', async () => {
         Examples
           $ socket audit-log FakeOrg"
     `
-    )
-    expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
+      )
+      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
       "
          _____         _       _        /---------------
         |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver <redacted>
         |__   | . |  _| '_| -_|  _|     | Node: <redacted>, API token set: <redacted>
         |_____|___|___|_,_|___|_|.dev   | Command: \`socket audit-log\`, cwd: <redacted>"
     `)
 
-    expect(code, 'help should exit with code 2').toBe(2)
-    expect(stderr, 'header should include command (without params)').toContain(
-      '`socket audit-log`'
-    )
-  })
+      expect(code, 'help should exit with code 2').toBe(2)
+      expect(stderr, 'banner includes base command').toContain(
+        '`socket audit-log`'
+      )
+    }
+  )
 
   cmdit(
-    ['audit-log', '--dry-run'],
+    ['audit-log', '--dry-run', '--config', '{}'],
     'should require args with just dry-run',
     async cmd => {
       const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
@@ -73,7 +77,7 @@ describe('socket audit-log', async () => {
   )
 
   cmdit(
-    ['audit-log', 'fakeorg', '--dry-run'],
+    ['audit-log', 'fakeorg', '--dry-run', '--config', '{}'],
     'should require args with just dry-run',
     async cmd => {
       const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)

src/commands/audit-log/cmd-audit-log.test.ts

@@ -3,9 +3,10 @@ import colors from 'yoctocolors-cjs'
 
 import { logger } from '@socketsecurity/registry/lib/logger'
 
-import { getAuditLog } from './get-audit-log'
+import { handleAuditLog } from './handle-audit-log'
 import constants from '../../constants'
 import { commonFlags, outputFlags } from '../../flags'
+import { getConfigValue } from '../../utils/config'
 import { meowOrExit } from '../../utils/meow-with-subcommands'
 import { getFlagListOutput } from '../../utils/output-formatting'
 
@@ -73,9 +74,10 @@ async function run(
   })
 
   const { json, markdown, page, perPage, type } = cli.flags
-
   const logType = String(type || '')
-  const [orgSlug = ''] = cli.input
+
+  const defaultOrgSlug = getConfigValue('defaultOrg')
+  const orgSlug = defaultOrgSlug || cli.input[0] || ''
 
   if (!orgSlug) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -96,7 +98,7 @@ async function run(
     return
   }
 
-  await getAuditLog({
+  await handleAuditLog({
     orgSlug,
     outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     page: Number(page || 0),