Add range-style flag to fix command

Author: jdalton

.dep-stats.json

@@ -10,7 +10,7 @@
     "@socketregistry/is-interactive": "1.0.5",
     "@socketregistry/packageurl-js": "1.0.5",
     "@socketsecurity/config": "2.1.3",
-    "@socketsecurity/registry": "1.0.139",
+    "@socketsecurity/registry": "1.0.140",
     "@socketsecurity/sdk": "1.4.26",
     "browserslist": "4.24.4",
     "chalk-table": "1.0.2",

src/commands/fix/cmd-fix.test.ts

@@ -20,14 +20,22 @@ describe('socket fix', async () => {
         `
         "Fix "fixable" Socket alerts
 
-          Usage
-            $ socket fix
-
-          Options
-            --dryRun          Do input validation for a command and exit 0 when input is ok
-            --help            Print this help
-            --test            Very the fix by running unit tests
-            --testScript      The test script to run for each fix attempt"
+              Usage
+                $ socket fix
+
+              Options
+                --dryRun          Do input validation for a command and exit 0 when input is ok
+                --help            Print this help
+                --rangeStyle      Define how updated dependency versions should be written in package.json.
+          Available styles:
+            *\\x09caret - Use ^ range for compatible updates (e.g. ^1.2.3)
+            *\\x09gt - Use >= to allow any newer version (e.g. >=1.2.3)
+            *\\x09lt - Use < to allow only lower versions (e.g. <1.2.3)
+            *\\x09pin - Use the exact version (e.g. 1.2.3)
+            *\\x09preserve - Retain the existing version range as-is
+            *\\x09tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3)
+                --test            Very the fix by running unit tests
+                --testScript      The test script to run for each fix attempt"
       `
       )
       expect(`\n   ${stderr}`).toMatchInlineSnapshot(`

src/commands/fix/cmd-fix.ts

@@ -1,11 +1,17 @@
+import { stripIndent } from 'common-tags'
+
+import { joinOr } from '@socketsecurity/registry/lib/arrays'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
 import { runFix } from './run-fix'
+import { RangeStyles } from './types'
 import constants from '../../constants'
 import { commonFlags } from '../../flags'
+import { handleBadInput } from '../../utils/handle-bad-input'
 import { meowOrExit } from '../../utils/meow-with-subcommands'
 import { getFlagListOutput } from '../../utils/output-formatting'
 
+import type { RangeStyle } from './types'
 import type { CliCommandConfig } from '../../utils/meow-with-subcommands'
 
 const { DRY_RUN_BAIL_TEXT } = constants
@@ -16,6 +22,20 @@ const config: CliCommandConfig = {
   hidden: true,
   flags: {
     ...commonFlags,
+    rangeStyle: {
+      type: 'string',
+      default: 'preserve',
+      description: stripIndent`
+      Define how updated dependency versions should be written in package.json.
+      Available styles:
+        *	caret - Use ^ range for compatible updates (e.g. ^1.2.3)
+        *	gt - Use >= to allow any newer version (e.g. >=1.2.3)
+        *	lt - Use < to allow only lower versions (e.g. <1.2.3)
+        *	pin - Use the exact version (e.g. 1.2.3)
+        *	preserve - Retain the existing version range as-is
+        *	tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3)
+      `
+    },
     test: {
       type: 'boolean',
       default: true,
@@ -54,6 +74,16 @@ async function run(
     parentName
   })
 
+  const wasBadInput = handleBadInput({
+    test: RangeStyles.includes(cli.flags['rangeStyle'] as string),
+    message: `Expecting range style of ${joinOr(RangeStyles)}`,
+    pass: 'ok',
+    fail: 'missing'
+  })
+  if (wasBadInput) {
+    return
+  }
+
   if (cli.flags['dryRun']) {
     logger.log(DRY_RUN_BAIL_TEXT)
     return
@@ -64,6 +94,9 @@ async function run(
 
   await runFix({
     spinner,
+    rangeStyle: (cli.flags['rangeStyle'] ?? undefined) as
+      | RangeStyle
+      | undefined,
     test: Boolean(cli.flags['test']),
     testScript: cli.flags['testScript'] as string | undefined
   })

src/commands/fix/npm-fix.ts

@@ -23,6 +23,7 @@ import {
 } from '../../utils/arborist-helpers'
 import { getCveInfoByAlertsMap } from '../../utils/socket-package-alert'
 
+import type { RangeStyle } from './types'
 import type { SafeNode } from '../../shadow/npm/arborist/lib/node'
 import type { EnvDetails } from '../../utils/package-environment'
 import type { PackageJson } from '@socketsecurity/registry/lib/packages'
@@ -49,6 +50,7 @@ async function install(
 
 type NpmFixOptions = {
   cwd?: string | undefined
+  rangeStyle?: RangeStyle | undefined
   spinner?: Spinner | undefined
   test?: boolean | undefined
   testScript?: string | undefined

src/commands/fix/pnpm-fix.ts

@@ -25,14 +25,14 @@ import { getAlertsMapFromPnpmLockfile } from '../../utils/pnpm-lock-yaml'
 import { getCveInfoByAlertsMap } from '../../utils/socket-package-alert'
 import { runAgentInstall } from '../optimize/run-agent'
 
+import type { RangeStyle } from './types'
+import type { StringKeyValueObject } from '../../types'
 import type { EnvDetails } from '../../utils/package-environment'
 import type { PackageJson } from '@socketsecurity/registry/lib/packages'
 import type { Spinner } from '@socketsecurity/registry/lib/spinner'
 
 const { CI, NPM, OVERRIDES, PNPM } = constants
 
-type StringKeyedObject = { [key: string]: string }
-
 type InstallOptions = {
   spinner?: Spinner | undefined
 }
@@ -51,6 +51,7 @@ async function install(
 
 type PnpmFixOptions = {
   cwd?: string | undefined
+  rangeStyle?: RangeStyle | undefined
   spinner?: Spinner | undefined
   test?: boolean | undefined
   testScript?: string | undefined
@@ -136,9 +137,9 @@ export async function pnpmFix(
           ? packument.versions[targetVersion]
           : undefined
         if (targetVersion && targetPackument) {
-          const oldPnpm = pkgJson[PNPM] as StringKeyedObject | undefined
+          const oldPnpm = pkgJson[PNPM] as StringKeyValueObject | undefined
           const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
-          const oldOverrides = (oldPnpm as StringKeyedObject)?.[OVERRIDES] as
+          const oldOverrides = (oldPnpm as StringKeyValueObject)?.[OVERRIDES] as
             | Record<string, string>
             | undefined
           const overridesCount = oldOverrides

src/commands/fix/run-fix.ts

@@ -5,6 +5,7 @@ import { pnpmFix } from './pnpm-fix'
 import constants from '../../constants'
 import { detectAndValidatePackageEnvironment } from '../../utils/package-environment'
 
+import type { RangeStyle } from './types'
 import type { Spinner } from '@socketsecurity/registry/lib/spinner'
 
 const { NPM, PNPM } = constants
@@ -13,13 +14,15 @@ const CMD_NAME = 'socket fix'
 
 type RunFixOptions = {
   cwd?: string | undefined
+  rangeStyle?: RangeStyle | undefined
   spinner?: Spinner | undefined
   test?: boolean | undefined
   testScript?: string | undefined
 }
 
 export async function runFix({
   cwd = process.cwd(),
+  rangeStyle,
   spinner,
   test = false,
   testScript = 'test'
@@ -36,6 +39,7 @@ export async function runFix({
   switch (pkgEnvDetails.agent) {
     case NPM: {
       await npmFix(pkgEnvDetails, {
+        rangeStyle,
         spinner,
         test,
         testScript
@@ -44,6 +48,7 @@ export async function runFix({
     }
     case PNPM: {
       await pnpmFix(pkgEnvDetails, {
+        rangeStyle,
         spinner,
         test,
         testScript

src/commands/fix/types.ts

@@ -0,0 +1,3 @@
+export type RangeStyle = 'caret' | 'gt' | 'lt' | 'pin' | 'preserve' | 'tilde'
+
+export const RangeStyles = ['caret', 'gt', 'lt', 'pin', 'preserve', 'tilde']