Merge branch 'main' into scan_suggestion_flow

jdalton · web-flow · commit b55e5fc4a93b · 2025-02-28T11:23:46.000-05:00
diff --git a/package.json b/package.json
@@ -62,7 +62,7 @@
     "test:unit": "vitest --run",
     "test:unit:coverage": "vitest run --coverage",
     "test-ci": "run-s test:*",
-    "testu": "npm run build:dist; VITEST=1 npm run build:test-dist ; npm run test:unit -- -u",
+    "testu": "cross-env SOCKET_CLI_NO_API_TOKEN=1 run-s test:prepare test:unit -- --update",
     "update": "run-p --aggregate-output update:**",
     "update:deps": "npx --yes npm-check-updates"
   },
diff --git a/src/constants.ts b/src/constants.ts
@@ -42,6 +42,7 @@ type ENV = Remap<
     Readonly<{
       SOCKET_CLI_DEBUG: boolean
       SOCKET_CLI_LEGACY_BUILD: boolean
+      SOCKET_CLI_NO_API_TOKEN: boolean
       SOCKET_CLI_PUBLISHED_BUILD: boolean
       SOCKET_CLI_SENTRY_BUILD: boolean
       SOCKET_CLI_SHOW_BANNER: boolean
@@ -87,6 +88,7 @@ type Constants = Remap<
     readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'
     readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'
     readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'
+    readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'
     readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'
     readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'
     readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'
@@ -140,6 +142,7 @@ const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'
 const SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'
 const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'
 const SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'
+const SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'
 const SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'
 const SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'
 const SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'
@@ -175,6 +178,8 @@ const LAZY_ENV = () => {
     // Inlined flag set to determine if this is the Legacy build.
     // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_LEGACY_BUILD]".
     [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],
+    // Flag set to make the default API token `undefined`.
+    [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN]),
     // Inlined flag set to determine if this is a published build.
     // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_PUBLISHED_BUILD]".
     [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],
@@ -278,6 +283,7 @@ const constants = <Constants>createConstantsObject(
     SOCKET_CLI_FIX,
     SOCKET_CLI_ISSUES_URL,
     SOCKET_CLI_LEGACY_BUILD,
+    SOCKET_CLI_NO_API_TOKEN,
     SOCKET_CLI_OPTIMIZE,
     SOCKET_CLI_PUBLISHED_BUILD,
     SOCKET_CLI_SAFE_WRAPPER,
diff --git a/src/utils/sdk.ts b/src/utils/sdk.ts
@@ -12,6 +12,8 @@ import { AuthError } from './errors'
 import { getSetting } from './settings'
 import constants from '../constants'
 
+const { SOCKET_CLI_NO_API_TOKEN } = constants
+
 // The API server that should be used for operations.
 function getDefaultApiBaseUrl(): string | undefined {
   const baseUrl =
@@ -29,14 +31,19 @@ function getDefaultHttpProxy(): string | undefined {
 // This API key should be stored globally for the duration of the CLI execution.
 let _defaultToken: string | undefined
 export function getDefaultToken(): string | undefined {
-  const key =
-    process.env['SOCKET_SECURITY_API_TOKEN'] ||
-    // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.
-    // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.
-    process.env['SOCKET_SECURITY_API_KEY'] ||
-    getSetting('apiToken') ||
-    _defaultToken
-  _defaultToken = isNonEmptyString(key) ? key : undefined
+  // Lazily access constants.ENV[SOCKET_CLI_NO_API_TOKEN].
+  if (constants.ENV[SOCKET_CLI_NO_API_TOKEN]) {
+    _defaultToken = undefined
+  } else {
+    const key =
+      process.env['SOCKET_SECURITY_API_TOKEN'] ||
+      // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.
+      // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.
+      process.env['SOCKET_SECURITY_API_KEY'] ||
+      getSetting('apiToken') ||
+      _defaultToken
+    _defaultToken = isNonEmptyString(key) ? key : undefined
+  }
   return _defaultToken
 }
 
