From 572fbcc9fef4617d85f1b14cd0c69961fa44f439 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Thu, 19 Mar 2026 10:11:12 +0100 Subject: [PATCH 1/2] fix: default to cwd when --reach is used without explicit target When `socket scan create --reach` is run without an explicit target path, the CLI previously relied on an interactive prompt to ask the user to confirm the current directory. In non-TTY environments (e.g. Jenkins CI), the select() prompt silently fails because wrapPrompt swallows non-TypeError errors, causing suggestTarget() to return [] and all reach validations to fail with confusing "Input error: At least one TARGET (missing)" errors. Now defaults to '.' (cwd) when --reach is used without a target, which is consistent with --reach requiring exactly one directory target. Also bumps @coana-tech/cli to 14.12.200 and CLI version to 1.1.74. Co-Authored-By: Claude Opus 4.6 (1M context) --- CHANGELOG.md | 8 ++++++++ package.json | 4 ++-- pnpm-lock.yaml | 10 +++++----- src/commands/scan/cmd-scan-create.mts | 14 +++++++++++--- 4 files changed, 26 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c0ce9efc..10db764f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). +## [1.1.74](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.74) - 2026-03-19 + +### Fixed +- Fixed `socket scan create --reach` failing with input validation errors when no explicit target is passed. In non-TTY environments (e.g. Jenkins CI), the interactive prompt to confirm the current directory would silently fail, causing all reach validations to error. Now defaults to `.` (cwd) when `--reach` is used without a target. + +### Changed +- Updated the Coana CLI to v `14.12.200`. + ## [1.1.73](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.73) - 2026-03-13 ### Changed diff --git a/package.json b/package.json index daedeb34d..63013558f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket", - "version": "1.1.73", + "version": "1.1.74", "description": "CLI for Socket.dev", "homepage": "https://github.com/SocketDev/socket-cli", "license": "MIT AND OFL-1.1", @@ -97,7 +97,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.4", "@biomejs/biome": "2.2.4", - "@coana-tech/cli": "14.12.197", + "@coana-tech/cli": "14.12.200", "@cyclonedx/cdxgen": "12.1.2", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e237a6482..a408d202a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -128,8 +128,8 @@ importers: specifier: 2.2.4 version: 2.2.4 '@coana-tech/cli': - specifier: 14.12.197 - version: 14.12.197 + specifier: 14.12.200 + version: 14.12.200 '@cyclonedx/cdxgen': specifier: 12.1.2 version: 12.1.2 @@ -740,8 +740,8 @@ packages: resolution: {integrity: sha512-hAs5PPKPCQ3/Nha+1fo4A4/gL85fIfxZwHPehsjCJ+BhQH2/yw6/xReuaPA/RfNQr6iz1PcD7BZcE3ctyyl3EA==} cpu: [x64] - '@coana-tech/cli@14.12.197': - resolution: {integrity: sha512-8dZWXf/GiUs7hUtZCDSXKXZhvD2YjvLjTxdAMpF6fZV+hpzT0g7BCC2fhZsHZM7mAEDAnVxn1eIHsJkKsqGnrw==} + '@coana-tech/cli@14.12.200': + resolution: {integrity: sha512-wLynNO4OhnfaqAi/XcmDEifmp0AjyN5wsLJZscDRTgscHSJ0XmYsNXQA118SNM+KtQo7JdVjX9ZWCIlm56FDxA==} hasBin: true '@colors/colors@1.5.0': @@ -5345,7 +5345,7 @@ snapshots: '@cdxgen/cdxgen-plugins-bin@2.0.2': optional: true - '@coana-tech/cli@14.12.197': {} + '@coana-tech/cli@14.12.200': {} '@colors/colors@1.5.0': optional: true diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts index e48380864..99c4eb281 100644 --- a/src/commands/scan/cmd-scan-create.mts +++ b/src/commands/scan/cmd-scan-create.mts @@ -381,9 +381,17 @@ async function run( let updatedInput = false // Accept zero or more paths. Default to cwd() if none given. - let targets = cli.input || [cwd] - - if (!targets.length && !dryRun && interactive) { + // Note: cli.input is always an array (even if empty), so || [cwd] never + // fires because [] is truthy. Use .length check instead. + let targets = cli.input.length ? cli.input : [] + + if (!targets.length && reach) { + // --reach requires exactly one directory target; default to cwd rather + // than relying on an interactive prompt that fails in non-TTY environments + // such as Jenkins CI (the select() prompt silently returns undefined when + // stdin is not a TTY, causing all downstream validations to fail). + targets = ['.'] + } else if (!targets.length && !dryRun && interactive) { targets = await suggestTarget() updatedInput = true } From 35a901c5aef1fc69323ae41c320a0c927d76d371 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Thu, 19 Mar 2026 10:14:10 +0100 Subject: [PATCH 2/2] fix: default to cwd when --reach is used without explicit target When `socket scan create --reach` is run without an explicit target path, the CLI previously relied on an interactive prompt to ask the user to confirm the current directory. In non-TTY environments (e.g. Jenkins CI), the select() prompt silently fails because wrapPrompt swallows non-TypeError errors, causing suggestTarget() to return [] and all reach validations to fail with confusing "Input error: At least one TARGET (missing)" errors. Now falls back to '.' (cwd) when the prompt returns empty, preserving the interactive prompt for TTY users while gracefully handling non-TTY environments. Also bumps @coana-tech/cli to 14.12.200 and CLI version to 1.1.74. Co-Authored-By: Claude Opus 4.6 (1M context) --- src/commands/scan/cmd-scan-create.mts | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts index 99c4eb281..ef02af35c 100644 --- a/src/commands/scan/cmd-scan-create.mts +++ b/src/commands/scan/cmd-scan-create.mts @@ -381,21 +381,22 @@ async function run( let updatedInput = false // Accept zero or more paths. Default to cwd() if none given. - // Note: cli.input is always an array (even if empty), so || [cwd] never - // fires because [] is truthy. Use .length check instead. let targets = cli.input.length ? cli.input : [] - if (!targets.length && reach) { - // --reach requires exactly one directory target; default to cwd rather - // than relying on an interactive prompt that fails in non-TTY environments - // such as Jenkins CI (the select() prompt silently returns undefined when - // stdin is not a TTY, causing all downstream validations to fail). - targets = ['.'] - } else if (!targets.length && !dryRun && interactive) { + if (!targets.length && !dryRun && interactive) { targets = await suggestTarget() updatedInput = true } + // Fallback: if targets is still empty after the interactive prompt (e.g. the + // select() prompt silently fails in non-TTY environments like Jenkins CI + // because wrapPrompt swallows non-TypeError errors and returns undefined), + // default to '.' so that downstream validations don't fail with confusing + // "At least one TARGET (missing)" errors. + if (!targets.length && !dryRun) { + targets = ['.'] + } + // We're going to need an api token to suggest data because those suggestions // must come from data we already know. Don't error on missing api token yet. // If the api-token is not set, ignore it for the sake of suggestions.