From db8c5d85eb34c7dab4c635f69dc5dea6f8ed5ae2 Mon Sep 17 00:00:00 2001 From: Peter van der Zee Date: Mon, 17 Mar 2025 11:45:40 +0100 Subject: [PATCH] Drop the unused action command and unused deps --- .dep-stats.json | 25 +- package-lock.json | 294 +-------- package.json | 9 - src/cli.ts | 2 - src/commands/action/cmd-action.ts | 72 --- src/commands/action/core/classes.ts | 283 --------- src/commands/action/core/github.ts | 195 ------ src/commands/action/core/index.ts | 560 ------------------ src/commands/action/core/messages.ts | 220 ------- src/commands/action/core/scm_comments.ts | 215 ------- src/commands/action/run-action.ts | 88 --- .../alert-meta-data.json} | 0 .../action/core => utils}/license_texts.json | 0 13 files changed, 10 insertions(+), 1953 deletions(-) delete mode 100644 src/commands/action/cmd-action.ts delete mode 100644 src/commands/action/core/classes.ts delete mode 100644 src/commands/action/core/github.ts delete mode 100644 src/commands/action/core/index.ts delete mode 100644 src/commands/action/core/messages.ts delete mode 100644 src/commands/action/core/scm_comments.ts delete mode 100644 src/commands/action/run-action.ts rename src/{commands/action/core/alerts.json => utils/alert-meta-data.json} (100%) rename src/{commands/action/core => utils}/license_texts.json (100%) diff --git a/.dep-stats.json b/.dep-stats.json index ca6773da2..871a2f7de 100644 --- a/.dep-stats.json +++ b/.dep-stats.json @@ -1,13 +1,11 @@ { "dependencies": { "@apideck/better-ajv-errors": "0.3.6", - "@octokit/rest": "21.1.1", "@pnpm/lockfile-file": "^9.1.3", "@pnpm/lockfile.detect-dep-types": "^1001.0.5", "@socketregistry/hyrious__bun.lockb": "1.0.16", "@socketregistry/indent-string": "1.0.12", "@socketregistry/is-interactive": "1.0.3", - "@socketregistry/is-unicode-supported": "1.0.3", "@socketregistry/packageurl-js": "1.0.4", "@socketsecurity/config": "2.1.3", "@socketsecurity/registry": "1.0.132", @@ -22,12 +20,10 @@ "ignore": "7.0.3", "meow": "13.2.0", "micromatch": "4.0.8", - "ndjson": "2.0.0", "npm-package-arg": "12.0.2", "open": "10.1.0", "pony-cause": "2.1.11", "semver": "7.7.1", - "simple-git": "3.27.0", "terminal-link": "2.1.1", "tiny-updater": "3.5.3", "tinyglobby": "0.2.12", @@ -38,17 +34,6 @@ }, "devDependencies": {}, "esm": { - "@octokit/auth-token": "^5.0.0", - "@octokit/core": "^6.1.4", - "@octokit/endpoint": "^10.1.3", - "@octokit/graphql": "^8.1.2", - "@octokit/plugin-paginate-rest": "^11.4.2", - "@octokit/plugin-request-log": "^5.3.1", - "@octokit/plugin-rest-endpoint-methods": "^13.3.0", - "@octokit/request": "^9.2.2", - "@octokit/request-error": "^6.1.7", - "@octokit/rest": "21.1.1", - "before-after-hook": "^3.0.2", "bundle-name": "^4.1.0", "default-browser": "^5.2.1", "default-browser-id": "^5.0.0", @@ -61,7 +46,6 @@ "open": "10.1.0", "run-applescript": "^7.0.0", "tiny-updater": "3.5.3", - "universal-user-agent": "^7.0.2", "when-exit": "^2.1.4" }, "external": { @@ -74,22 +58,15 @@ "chalk-table": "1.0.2", "cmd-shim": "7.0.0", "common-tags": "1.8.2", - "fast-content-type-parse": "3.0.0", - "has-flag": "4.0.0", "hpagent": "1.2.0", "ignore": "7.0.3", "micromatch": "4.0.8", - "ndjson": "2.0.0", "pony-cause": "2.1.11", - "simple-git": "3.27.0", "terminal-link": "2.1.1", "tinyglobby": "0.2.12", "which": "5.0.0", "yargs-parser": "21.1.1", "yoctocolors-cjs": "2.1.2" }, - "transitives": { - "fast-content-type-parse": "3.0.0", - "has-flag": "4.0.0" - } + "transitives": {} } diff --git a/package-lock.json b/package-lock.json index f42301726..34e05ece2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,13 +10,11 @@ "license": "MIT", "dependencies": { "@apideck/better-ajv-errors": "0.3.6", - "@octokit/rest": "21.1.1", "@pnpm/lockfile-file": "^9.1.3", "@pnpm/lockfile.detect-dep-types": "^1001.0.5", "@socketregistry/hyrious__bun.lockb": "1.0.16", "@socketregistry/indent-string": "1.0.12", "@socketregistry/is-interactive": "1.0.3", - "@socketregistry/is-unicode-supported": "1.0.3", "@socketregistry/packageurl-js": "1.0.4", "@socketsecurity/config": "2.1.3", "@socketsecurity/registry": "1.0.132", @@ -27,18 +25,14 @@ "chalk-table": "1.0.2", "cmd-shim": "7.0.0", "common-tags": "1.8.2", - "fast-content-type-parse": "3.0.0", - "has-flag": "4.0.0", "hpagent": "1.2.0", "ignore": "7.0.3", "meow": "13.2.0", "micromatch": "4.0.8", - "ndjson": "2.0.0", "npm-package-arg": "12.0.2", "open": "10.1.0", "pony-cause": "2.1.11", "semver": "7.7.1", - "simple-git": "3.27.0", "terminal-link": "2.1.1", "tiny-updater": "3.5.3", "tinyglobby": "0.2.12", @@ -74,9 +68,7 @@ "@types/cmd-shim": "^5.0.2", "@types/common-tags": "^1.8.4", "@types/micromatch": "^4.0.9", - "@types/mocha": "^10.0.10", "@types/mock-fs": "^4.13.4", - "@types/ndjson": "^2.0.4", "@types/node": "^22.13.10", "@types/npmcli__arborist": "^6.3.0", "@types/npmcli__promise-spawn": "^6.0.3", @@ -106,7 +98,6 @@ "nock": "^14.0.1", "npm-run-all2": "^7.0.2", "oxlint": "0.16.0", - "pg-hstore": "^2.3.4", "read-package-up": "^11.0.0", "rollup": "4.35.0", "rollup-plugin-ts": "^3.4.5", @@ -3344,21 +3335,6 @@ "@jridgewell/sourcemap-codec": "^1.4.14" } }, - "node_modules/@kwsites/file-exists": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/@kwsites/file-exists/-/file-exists-1.1.1.tgz", - "integrity": "sha512-m9/5YGR18lIwxSFDwfE3oA7bWuq9kdau6ugN4H2rJeyhFQZcG9AgSHkQtSD15a8WvTgfz9aikZMrKPHvbpqFiw==", - "license": "MIT", - "dependencies": { - "debug": "^4.1.1" - } - }, - "node_modules/@kwsites/promise-deferred": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/@kwsites/promise-deferred/-/promise-deferred-1.1.1.tgz", - "integrity": "sha512-GaHYm+c0O9MjZRu0ongGBRbinu8gVAMd2UZjji6jVmqKtZluZnptXGWhz1E8j8D2HJ3f/yMxKAUC0b+57wncIw==", - "license": "MIT" - }, "node_modules/@mdn/browser-compat-data": { "version": "5.7.3", "resolved": "https://registry.npmjs.org/@mdn/browser-compat-data/-/browser-compat-data-5.7.3.tgz", @@ -3884,176 +3860,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/@octokit/auth-token": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-5.1.2.tgz", - "integrity": "sha512-JcQDsBdg49Yky2w2ld20IHAlwr8d/d8N6NiOXbtuoPCqzbsiJgF633mVUw3x4mo0H5ypataQIX7SFu3yy44Mpw==", - "license": "MIT", - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/core": { - "version": "6.1.4", - "resolved": "https://registry.npmjs.org/@octokit/core/-/core-6.1.4.tgz", - "integrity": "sha512-lAS9k7d6I0MPN+gb9bKDt7X8SdxknYqAMh44S5L+lNqIN2NuV8nvv3g8rPp7MuRxcOpxpUIATWprO0C34a8Qmg==", - "license": "MIT", - "dependencies": { - "@octokit/auth-token": "^5.0.0", - "@octokit/graphql": "^8.1.2", - "@octokit/request": "^9.2.1", - "@octokit/request-error": "^6.1.7", - "@octokit/types": "^13.6.2", - "before-after-hook": "^3.0.2", - "universal-user-agent": "^7.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/endpoint": { - "version": "10.1.3", - "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.3.tgz", - "integrity": "sha512-nBRBMpKPhQUxCsQQeW+rCJ/OPSMcj3g0nfHn01zGYZXuNDvvXudF/TYY6APj5THlurerpFN4a/dQAIAaM6BYhA==", - "license": "MIT", - "dependencies": { - "@octokit/types": "^13.6.2", - "universal-user-agent": "^7.0.2" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/graphql": { - "version": "8.2.1", - "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-8.2.1.tgz", - "integrity": "sha512-n57hXtOoHrhwTWdvhVkdJHdhTv0JstjDbDRhJfwIRNfFqmSo1DaK/mD2syoNUoLCyqSjBpGAKOG0BuwF392slw==", - "license": "MIT", - "dependencies": { - "@octokit/request": "^9.2.2", - "@octokit/types": "^13.8.0", - "universal-user-agent": "^7.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/openapi-types": { - "version": "23.0.1", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz", - "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==", - "license": "MIT" - }, - "node_modules/@octokit/plugin-paginate-rest": { - "version": "11.4.3", - "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-11.4.3.tgz", - "integrity": "sha512-tBXaAbXkqVJlRoA/zQVe9mUdb8rScmivqtpv3ovsC5xhje/a+NOCivs7eUhWBwCApJVsR4G5HMeaLbq7PxqZGA==", - "license": "MIT", - "dependencies": { - "@octokit/types": "^13.7.0" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": ">=6" - } - }, - "node_modules/@octokit/plugin-request-log": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-5.3.1.tgz", - "integrity": "sha512-n/lNeCtq+9ofhC15xzmJCNKP2BWTv8Ih2TTy+jatNCCq/gQP/V7rK3fjIfuz0pDWDALO/o/4QY4hyOF6TQQFUw==", - "license": "MIT", - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": ">=6" - } - }, - "node_modules/@octokit/plugin-rest-endpoint-methods": { - "version": "13.3.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-13.3.1.tgz", - "integrity": "sha512-o8uOBdsyR+WR8MK9Cco8dCgvG13H1RlM1nWnK/W7TEACQBFux/vPREgKucxUfuDQ5yi1T3hGf4C5ZmZXAERgwQ==", - "license": "MIT", - "dependencies": { - "@octokit/types": "^13.8.0" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": ">=6" - } - }, - "node_modules/@octokit/request": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.2.tgz", - "integrity": "sha512-dZl0ZHx6gOQGcffgm1/Sf6JfEpmh34v3Af2Uci02vzUYz6qEN6zepoRtmybWXIGXFIK8K9ylE3b+duCWqhArtg==", - "license": "MIT", - "dependencies": { - "@octokit/endpoint": "^10.1.3", - "@octokit/request-error": "^6.1.7", - "@octokit/types": "^13.6.2", - "fast-content-type-parse": "^2.0.0", - "universal-user-agent": "^7.0.2" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/request-error": { - "version": "6.1.7", - "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.7.tgz", - "integrity": "sha512-69NIppAwaauwZv6aOzb+VVLwt+0havz9GT5YplkeJv7fG7a40qpLt/yZKyiDxAhgz0EtgNdNcb96Z0u+Zyuy2g==", - "license": "MIT", - "dependencies": { - "@octokit/types": "^13.6.2" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/request/node_modules/fast-content-type-parse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/fast-content-type-parse/-/fast-content-type-parse-2.0.1.tgz", - "integrity": "sha512-nGqtvLrj5w0naR6tDPfB4cUmYCqouzyQiz6C5y/LtcDllJdrcc6WaWW6iXyIIOErTa/XRybj28aasdn4LkVk6Q==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/fastify" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/fastify" - } - ], - "license": "MIT" - }, - "node_modules/@octokit/rest": { - "version": "21.1.1", - "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-21.1.1.tgz", - "integrity": "sha512-sTQV7va0IUVZcntzy1q3QqPm/r8rWtDCqpRAmb8eXXnKkjoQEtFe3Nt5GTVsHft+R6jJoHeSiVLcgcvhtue/rg==", - "license": "MIT", - "dependencies": { - "@octokit/core": "^6.1.4", - "@octokit/plugin-paginate-rest": "^11.4.2", - "@octokit/plugin-request-log": "^5.3.1", - "@octokit/plugin-rest-endpoint-methods": "^13.3.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/types": { - "version": "13.8.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz", - "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==", - "license": "MIT", - "dependencies": { - "@octokit/openapi-types": "^23.0.1" - } - }, "node_modules/@open-draft/deferred-promise": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/@open-draft/deferred-promise/-/deferred-promise-2.2.0.tgz", @@ -5869,13 +5675,6 @@ "@types/braces": "*" } }, - "node_modules/@types/mocha": { - "version": "10.0.10", - "resolved": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.10.tgz", - "integrity": "sha512-xPyYSz1cMPnJQhl0CLMH68j3gprKZaTjG3s5Vi+fDgx+uhG9NOXwbVt52eFS8ECyXhyKcjDLCBEqBExKuiZb7Q==", - "dev": true, - "license": "MIT" - }, "node_modules/@types/mock-fs": { "version": "4.13.4", "resolved": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", @@ -5894,17 +5693,6 @@ "license": "MIT", "optional": true }, - "node_modules/@types/ndjson": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/@types/ndjson/-/ndjson-2.0.4.tgz", - "integrity": "sha512-ajAl7AjhFstF6waORYNSS49GL5iBKisqJlgvXuprXFKCX9fto4ordlNU3+XMgkMddgeR0WoQQBmKUk0v0dJ4pw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*", - "@types/through": "*" - } - }, "node_modules/@types/node": { "version": "22.13.10", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz", @@ -6054,16 +5842,6 @@ "@types/node": "*" } }, - "node_modules/@types/through": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/@types/through/-/through-0.0.33.tgz", - "integrity": "sha512-HsJ+z3QuETzP3cswwtzt2vEIiHBk/dCcHGhbmG5X3ecnwFD/lPrMpliGXxSCg03L9AhrdwA4Oz/qfspkDW+xGQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/treeify": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@types/treeify/-/treeify-1.0.3.tgz", @@ -7439,12 +7217,6 @@ "license": "MIT", "optional": true }, - "node_modules/before-after-hook": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-3.0.2.tgz", - "integrity": "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A==", - "license": "Apache-2.0" - }, "node_modules/bin-links": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/bin-links/-/bin-links-5.0.0.tgz", @@ -10504,22 +10276,6 @@ "integrity": "sha512-8QxYTVXUkuy7fIIoitQkPwGonB8F3Zj8eEO8Sqg9Zv/bkI7RJAzowee4gr81Hak/dUTpA2Z7VfQgoijjPNlUZA==", "license": "Apache-2.0" }, - "node_modules/fast-content-type-parse": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/fast-content-type-parse/-/fast-content-type-parse-3.0.0.tgz", - "integrity": "sha512-ZvLdcY8P+N8mGQJahJV5G4U88CSvT1rP8ApL6uETe88MBXrBHAkZlSEySdUlyztF7ccb+Znos3TFqaepHxdhBg==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/fastify" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/fastify" - } - ], - "license": "MIT" - }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -13557,6 +13313,7 @@ "resolved": "https://registry.npmjs.org/ndjson/-/ndjson-2.0.0.tgz", "integrity": "sha512-nGl7LRGrzugTtaFcJMhLbpzJM6XdivmbkdlaGcrk/LXg2KL/YBC6z1g70xh0/al+oFuVFP8N8kiWRucmeEH/qQ==", "license": "BSD-3-Clause", + "peer": true, "dependencies": { "json-stringify-safe": "^5.0.1", "minimist": "^1.2.5", @@ -13576,6 +13333,7 @@ "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", "license": "MIT", + "peer": true, "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -13590,6 +13348,7 @@ "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", "license": "MIT", + "peer": true, "dependencies": { "safe-buffer": "~5.2.0" } @@ -14682,19 +14441,6 @@ "license": "MIT", "optional": true }, - "node_modules/pg-hstore": { - "version": "2.3.4", - "resolved": "https://registry.npmjs.org/pg-hstore/-/pg-hstore-2.3.4.tgz", - "integrity": "sha512-N3SGs/Rf+xA1M2/n0JBiXFDVMzdekwLZLAO0g7mpDY9ouX+fDI7jS6kTq3JujmYbtNSJ53TJ0q4G98KVZSM4EA==", - "dev": true, - "license": "MIT", - "dependencies": { - "underscore": "^1.13.1" - }, - "engines": { - "node": ">= 0.8.x" - } - }, "node_modules/picocolors": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", @@ -16267,21 +16013,6 @@ "simple-concat": "^1.0.0" } }, - "node_modules/simple-git": { - "version": "3.27.0", - "resolved": "https://registry.npmjs.org/simple-git/-/simple-git-3.27.0.tgz", - "integrity": "sha512-ivHoFS9Yi9GY49ogc6/YAi3Fl9ROnF4VyubNylgCkA+RVqLaKWnDSzXOVzya8csELIaWaYNutsEuAhZrtOjozA==", - "license": "MIT", - "dependencies": { - "@kwsites/file-exists": "^1.1.1", - "@kwsites/promise-deferred": "^1.1.1", - "debug": "^4.3.5" - }, - "funding": { - "type": "github", - "url": "https://github.com/steveukx/git-js?sponsor=1" - } - }, "node_modules/slash": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", @@ -16488,6 +16219,7 @@ "resolved": "https://registry.npmjs.org/split2/-/split2-3.2.2.tgz", "integrity": "sha512-9NThjpgZnifTkJpzTZ7Eue85S49QwpNhZTq6GRJwObb6jnLFNGB7Qm73V5HewTROPyxD0C29xqmaI68bQtV+hg==", "license": "ISC", + "peer": true, "dependencies": { "readable-stream": "^3.0.0" } @@ -16497,6 +16229,7 @@ "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", "license": "MIT", + "peer": true, "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -16511,6 +16244,7 @@ "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", "license": "MIT", + "peer": true, "dependencies": { "safe-buffer": "~5.2.0" } @@ -17580,6 +17314,7 @@ "resolved": "https://registry.npmjs.org/through2/-/through2-4.0.2.tgz", "integrity": "sha512-iOqSav00cVxEEICeD7TjLB1sueEL+81Wpzp2bY17uZjZN0pWZPuo4suZ/61VujxmqSGFfgOcNuTZ85QJwNZQpw==", "license": "MIT", + "peer": true, "dependencies": { "readable-stream": "3" } @@ -17589,6 +17324,7 @@ "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", "license": "MIT", + "peer": true, "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -17603,6 +17339,7 @@ "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", "license": "MIT", + "peer": true, "dependencies": { "safe-buffer": "~5.2.0" } @@ -18025,13 +17762,6 @@ "dev": true, "license": "MIT" }, - "node_modules/underscore": { - "version": "1.13.7", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz", - "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==", - "dev": true, - "license": "MIT" - }, "node_modules/undici": { "version": "6.21.2", "resolved": "https://registry.npmjs.org/undici/-/undici-6.21.2.tgz", @@ -18129,12 +17859,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/universal-user-agent": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.2.tgz", - "integrity": "sha512-0JCqzSKnStlRRQfCdowvqy3cy0Dvtlb8xecj/H8JFZuCze4rwjPZQOgvFvn0Ws/usCHQFGpyr+pB9adaGwXn4Q==", - "license": "ISC" - }, "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", diff --git a/package.json b/package.json index 38f7e37ca..65de421e8 100644 --- a/package.json +++ b/package.json @@ -72,13 +72,11 @@ }, "dependencies": { "@apideck/better-ajv-errors": "0.3.6", - "@octokit/rest": "21.1.1", "@pnpm/lockfile-file": "^9.1.3", "@pnpm/lockfile.detect-dep-types": "^1001.0.5", "@socketregistry/hyrious__bun.lockb": "1.0.16", "@socketregistry/indent-string": "1.0.12", "@socketregistry/is-interactive": "1.0.3", - "@socketregistry/is-unicode-supported": "1.0.3", "@socketregistry/packageurl-js": "1.0.4", "@socketsecurity/config": "2.1.3", "@socketsecurity/registry": "1.0.132", @@ -89,18 +87,14 @@ "chalk-table": "1.0.2", "cmd-shim": "7.0.0", "common-tags": "1.8.2", - "fast-content-type-parse": "3.0.0", - "has-flag": "4.0.0", "hpagent": "1.2.0", "ignore": "7.0.3", "meow": "13.2.0", "micromatch": "4.0.8", - "ndjson": "2.0.0", "npm-package-arg": "12.0.2", "open": "10.1.0", "pony-cause": "2.1.11", "semver": "7.7.1", - "simple-git": "3.27.0", "terminal-link": "2.1.1", "tiny-updater": "3.5.3", "tinyglobby": "0.2.12", @@ -131,9 +125,7 @@ "@types/cmd-shim": "^5.0.2", "@types/common-tags": "^1.8.4", "@types/micromatch": "^4.0.9", - "@types/mocha": "^10.0.10", "@types/mock-fs": "^4.13.4", - "@types/ndjson": "^2.0.4", "@types/node": "^22.13.10", "@types/npmcli__arborist": "^6.3.0", "@types/npmcli__promise-spawn": "^6.0.3", @@ -163,7 +155,6 @@ "nock": "^14.0.1", "npm-run-all2": "^7.0.2", "oxlint": "0.16.0", - "pg-hstore": "^2.3.4", "read-package-up": "^11.0.0", "rollup": "4.35.0", "rollup-plugin-ts": "^3.4.5", diff --git a/src/cli.ts b/src/cli.ts index b1fe4b2f1..aed0ed2af 100755 --- a/src/cli.ts +++ b/src/cli.ts @@ -9,7 +9,6 @@ import colors from 'yoctocolors-cjs' import { logger } from '@socketsecurity/registry/lib/logger' -import { cmdAction } from './commands/action/cmd-action' import { cmdAnalytics } from './commands/analytics/cmd-analytics' import { cmdAuditLog } from './commands/audit-log/cmd-audit-log' import { cmdCdxgen } from './commands/cdxgen/cmd-cdxgen' @@ -50,7 +49,6 @@ void (async () => { try { await meowWithSubcommands( { - action: cmdAction, cdxgen: cmdCdxgen, fix: cmdFix, info: cmdInfo, diff --git a/src/commands/action/cmd-action.ts b/src/commands/action/cmd-action.ts deleted file mode 100644 index 55f9f7467..000000000 --- a/src/commands/action/cmd-action.ts +++ /dev/null @@ -1,72 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py - -import { logger } from '@socketsecurity/registry/lib/logger' - -import { runAction } from './run-action' -import constants from '../../constants' -import { meowOrExit } from '../../utils/meow-with-subcommands' -import { getFlagListOutput } from '../../utils/output-formatting' - -import type { CliCommandConfig } from '../../utils/meow-with-subcommands' - -const { DRY_RUN_BAIL_TEXT } = constants - -const config: CliCommandConfig = { - commandName: 'action', - description: 'Socket action command', // GitHub Action ? - hidden: true, - flags: { - // This flag is unused - // socketSecurityApiKey: { // deprecate this asap. - // type: 'string', - // default: 'env var SOCKET_SECURITY_API_KEY', - // description: 'Socket API token' - // }, - githubEventBefore: { - type: 'string', - default: '', - description: 'Before marker' - }, - githubEventAfter: { - type: 'string', - default: '', - description: 'After marker' - } - }, - help: (command, { flags }) => ` - Usage - $ ${command} [options] - - Options - ${getFlagListOutput(flags, 6)} - ` -} - -export const cmdAction = { - description: config.description, - hidden: config.hidden, - run: run -} - -async function run( - argv: string[] | readonly string[], - importMeta: ImportMeta, - { parentName }: { parentName: string } -): Promise { - const cli = meowOrExit({ - argv, - config, - importMeta, - parentName - }) - - const githubEventBefore = String(cli.flags['githubEventBefore'] || '') - const githubEventAfter = String(cli.flags['githubEventAfter'] || '') - - if (cli.flags['dryRun']) { - logger.log(DRY_RUN_BAIL_TEXT) - return - } - - await runAction(githubEventBefore, githubEventAfter) -} diff --git a/src/commands/action/core/classes.ts b/src/commands/action/core/classes.ts deleted file mode 100644 index f7721314d..000000000 --- a/src/commands/action/core/classes.ts +++ /dev/null @@ -1,283 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/classes.py -import { components } from '@socketsecurity/sdk/types/api' - -type IntroducedBy = Array<[string, string]> - -export class Alert { - key = '' - type = '' - severity = '' - category = '' - props = {} - - constructor(arg: Partial = {}) { - this.key = arg.key ?? this.key - this.type = arg.type ?? this.type - this.severity = arg.severity ?? this.severity - this.category = arg.category ?? this.category - this.props = arg.props ?? this.props - } -} - -export class Comment { - id = 0 - body = '' - body_list: string[] = [] - - constructor(arg: Comment) { - this.id = arg.id ?? this.id - this.body = arg.body ?? this.body - this.body_list = arg.body_list ?? this.body_list - } -} - -export class Diff { - newPackages: Purl[] = [] - newCapabilities: Record = {} - removedPackages: Purl[] = [] - newAlerts: Issue[] = [] - id = '' - sbom = '' - packages: Record = {} - reportUrl = '' - diffUrl = '' -} - -export class FullScan { - id = '' - created_at = '' - updated_at = '' - organizationId = '' - repositoryId = '' - branch = '' - commit_message = '' - commit_hash = '' - pull_request = 0 - sbom_artifacts: Array = [] - packages = {} - - constructor(obj: Partial = {}) { - this.id = obj.id ?? this.id - this.created_at = obj.created_at ?? this.created_at - this.updated_at = obj.updated_at ?? this.updated_at - this.organizationId = obj.organizationId ?? this.organizationId - this.repositoryId = obj.repositoryId ?? this.repositoryId - this.branch = obj.branch ?? this.branch - this.commit_message = obj.commit_message ?? this.commit_message - this.commit_hash = obj.commit_hash ?? this.commit_hash - this.pull_request = obj.pull_request ?? this.pull_request - this.sbom_artifacts = obj.sbom_artifacts ?? this.sbom_artifacts - this.packages = obj.packages ?? this.packages - } -} - -export class Issue { - pkg_type = '' - pkg_name = '' - pkg_version = '' - category = '' - type = '' - severity = '' - pkg_id = '' - props = {} - key = '' - error = false - warn = false - ignore = false - monitor = false - description = '' - title = '' - emoji = '' - next_step_title = '' - suggestion = '' - introduced_by: IntroducedBy = [] - manifests = '' - url = '' - purl = '' - - constructor(arg: { - pkg_type: string | undefined - pkg_name: string | undefined - pkg_version: string | undefined - type: string | undefined - severity: string | undefined - pkg_id: string | undefined - props: Record | undefined - key: string | undefined - error: boolean | undefined - warn: boolean | undefined - ignore: boolean | undefined - monitor: boolean | undefined - description: string | undefined - title: string | undefined - next_step_title: string | undefined - suggestion: string | undefined - introduced_by: IntroducedBy | undefined - url: string | undefined - purl: string | undefined - }) { - this.pkg_type = arg.pkg_type ?? this.pkg_type - this.pkg_name = arg.pkg_name ?? this.pkg_name - this.pkg_version = arg.pkg_version ?? this.pkg_version - this.type = arg.type ?? this.type - this.severity = arg.severity ?? this.severity - this.pkg_id = arg.pkg_id ?? this.pkg_id - this.props = arg.props ?? this.props - this.key = arg.key ?? this.key - this.error = arg.error ?? this.error - this.warn = arg.warn ?? this.warn - this.ignore = arg.ignore ?? this.ignore - this.monitor = arg.monitor ?? this.monitor - this.description = arg.description ?? this.description - this.title = arg.title ?? this.title - this.next_step_title = arg.next_step_title ?? this.next_step_title - this.suggestion = arg.suggestion ?? this.suggestion - - if (arg.introduced_by) { - const arr = [] - for (const item of arg.introduced_by) { - const [, manifest] = item - arr.push(manifest) - } - this.manifests = arr.join(';') - } - } -} - -export class Package { - type = '' - name = '' - version = '' - release = '' - id = '' - direct = false - manifestFiles: Array<{ file: string }> = [] - author: string[] = [] - size = 0 - score: Score - scores = {} - alerts: NonNullable = [] - alert_counts = {} - topLevelAncestors: string[] = [] - url = '' - transitives = 0 - license = 'NoLicenseFound' - license_text = '' - purl = '' - - constructor(arg: { - type: string | undefined - name: string | undefined - version: string | undefined - release: string | undefined - id: string | undefined - direct: boolean | undefined - manifestFiles: Array<{ file: string }> | undefined - author: string[] | undefined - size: number | undefined - score: Score | undefined - alerts: components['schemas']['SocketArtifact']['alerts'] | undefined - topLevelAncestors: string[] | undefined - license: string | undefined - }) { - this.type = arg.type ?? this.type - this.name = arg.name ?? this.name - this.version = arg.version ?? this.version - this.release = arg.release ?? this.release - this.id = arg.id ?? this.id - this.manifestFiles = arg.manifestFiles ?? this.manifestFiles - this.author = arg.author ?? this.author - this.size = arg.size ?? this.size - this.alerts = arg.alerts ?? this.alerts - this.topLevelAncestors = arg.topLevelAncestors ?? this.topLevelAncestors - this.license = arg.license ?? this.license - - this.url = `https://socket.dev/${this.type}/package/${this.name}/overview/${this.version}` - this.score = new Score( - arg.score ?? { - supplyChain: 0, - quality: 0, - license: 0, - overall: 0, - vulnerability: 0 - } - ) - this.alert_counts = { - critical: 0, - high: 0, - middle: 0, - low: 0 - } - this.purl = `${this.type}/${this.name}@${this.version}` - } -} - -export class Purl { - id = '' - name = '' - version = '' - ecosystem = '' - direct = false - author: string[] = [] - size = 0 - transitives = 0 - introduced_by: IntroducedBy = [] - capabilities: string[] = [] - // is_new = false - author_url = '' - url = '' - purl = '' - - constructor(arg: { - id: string | undefined - name: string | undefined - version: string | undefined - ecosystem: string | undefined - direct: boolean | undefined - introduced_by: IntroducedBy | undefined - author: string[] | undefined - size: number | undefined - transitives: number | undefined - url: string | undefined - purl: string | undefined - }) { - this.id = arg.id ?? this.id - this.name = arg.name ?? this.name - this.version = arg.version ?? this.version - this.ecosystem = arg.ecosystem ?? this.ecosystem - this.direct = arg.direct ?? this.direct - this.author = arg.author ?? this.author - this.size = arg.size ?? this.size - this.transitives = arg.transitives ?? this.transitives - this.introduced_by = arg.introduced_by ?? this.introduced_by - this.url = arg.url ?? this.url - this.purl = arg.purl ?? this.purl - - this.author_url = this.generateAuthorData(this.author, this.ecosystem) - } - - private generateAuthorData(authors: string[], ecosystem: string): string { - const arr = [] - for (const author of authors) { - const url = `https://socket.dev/${ecosystem}/user/${author}` - arr.push(`[${author}](${url})`) - } - return arr.join(',') - } -} - -export class Score { - supplyChain = 0 - quality = 0 - license = 0 - overall = 0 - vulnerability = 0 - - constructor(arg: Score) { - this.supplyChain = (arg.supplyChain ?? 0) * 100 - this.quality = (arg.quality ?? 0) * 100 - this.license = (arg.license ?? 0) * 100 - this.overall = (arg.overall ?? 0) * 100 - this.vulnerability = (arg.vulnerability ?? 0) * 100 - } -} diff --git a/src/commands/action/core/github.ts b/src/commands/action/core/github.ts deleted file mode 100644 index 1502d8877..000000000 --- a/src/commands/action/core/github.ts +++ /dev/null @@ -1,195 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/github.py -/* eslint-disable no-await-in-loop */ -import { Octokit } from '@octokit/rest' - -import { logger } from '@socketsecurity/registry/lib/logger' - -import { Comment } from './classes' -import * as SCMComments from './scm_comments' - -export class GitHub { - octokit: Octokit = new Octokit() - owner: string - repo: string - prNumber: number - - constructor() { - const [owner = '', repo = ''] = ( - process.env['GITHUB_REPOSITORY'] ?? '' - ).split('/') - // https://github.com/actions/checkout/issues/58#issuecomment-2264361099 - const prNumber = parseInt( - process.env['GITHUB_REF']?.match(/refs\/pull\/(\d+)\/merge/)?.at(1) ?? '' - ) - this.owner = owner - this.repo = repo - this.prNumber = prNumber - } - - checkEventType(): 'main' | 'diff' | 'comment' | 'unsupported' { - switch (process.env['GITHUB_EVENT_NAME']) { - case 'issue_comment': - return 'comment' - case 'push': - return this.prNumber ? 'diff' : 'main' - case 'pull_request': { - // This env variable needs to be set in the GitHub action. - // Add this code below to GitHub action: - // - steps: - // - name: Get PR State - // if: github.event_name == 'pull_request' - // run: echo "EVENT_ACTION=${{ github.event.action }}" >> $GITHUB_ENV - const eventAction = process.env['EVENT_ACTION'] - if (eventAction === 'opened' || eventAction === 'synchronize') { - return 'diff' - } - if (!eventAction) { - throw new Error('Missing event action') - } - logger.log(`Pull request action: ${eventAction} is not supported`) - process.exit() - } - // eslint-disable-next-line no-fallthrough - default: - throw new Error( - `Unknown event type: ${process.env['GITHUB_EVENT_NAME']}` - ) - } - } - - async getCommentsForPR(): Promise { - const { data: githubComments } = - await this.octokit.rest.issues.listComments({ - owner: this.owner, - repo: this.repo, - issue_number: this.prNumber - }) - const comments: Record = {} - for (const githubComment of githubComments) { - comments[githubComment.id] = new Comment({ - id: githubComment.id, - body: githubComment.body ?? '', - body_list: (githubComment.body ?? '').split('\n') - }) - } - return SCMComments.checkForSocketComments({ comments }) - } - - async commentReactionExists({ - commentId - }: { - commentId: number - }): Promise { - const { data } = await this.octokit.reactions.listForIssueComment({ - owner: this.owner, - repo: this.repo, - comment_id: commentId - }) - return data.some(reaction => reaction.content === '+1') - } - - async postReaction({ commentId }: { commentId: number }) { - await this.octokit.reactions.createForIssueComment({ - owner: this.owner, - repo: this.repo, - comment_id: commentId, - content: '+1' - }) - } - - async handleIgnoreReactons({ - comments - }: { - comments: SCMComments.SocketComments - }) { - for (const ignoreComment of comments.ignore) { - if ( - ignoreComment.body?.includes('SocketSecurity ignore') && - !(await this.commentReactionExists({ - commentId: ignoreComment.id - })) - ) { - await this.postReaction({ commentId: ignoreComment.id }) - } - } - } - - async updateComment({ body, id }: { id: number; body: string }) { - await this.octokit.issues.updateComment({ - owner: this.owner, - repo: this.repo, - comment_id: id, - body - }) - } - - async removeCommentAlerts({ - comments - }: { - comments: SCMComments.SocketComments - }) { - const securityAlert = comments.security - if (securityAlert !== undefined) { - const newBody = SCMComments.processSecurityComment({ - security: comments.security, - ignore: comments.ignore - }) - await this.handleIgnoreReactons({ comments }) - await this.updateComment({ id: securityAlert.id, body: newBody }) - } - } - - async postComment({ body }: { body: string }) { - await this.octokit.issues.createComment({ - owner: this.owner, - repo: this.repo, - issue_number: this.prNumber, - body - }) - } - - async addSocketComments({ - comments, - newOverviewComment, - newSecurityComment, - overviewComment, - securityComment - }: { - securityComment: string - overviewComment: string - comments: SCMComments.SocketComments - newSecurityComment: boolean - newOverviewComment: boolean - }): Promise { - const { - overview: existingOverviewComment, - security: existingSecurityComment - } = comments - if (newOverviewComment) { - logger.log('New Dependency Overview comment') - if (existingOverviewComment !== undefined) { - logger.log('Previous version of Dependency Overview, updating') - await this.updateComment({ - body: overviewComment, - id: existingOverviewComment.id - }) - } else { - logger.log('No previous version of Dependency Overview, posting') - await this.postComment({ body: overviewComment }) - } - } - if (newSecurityComment) { - logger.log('New Security Issue Comment') - if (existingSecurityComment !== undefined) { - logger.log('Previous version of Security Issue comment, updating') - await this.updateComment({ - body: securityComment, - id: existingSecurityComment.id - }) - } else { - logger.log('No Previous version of Security Issue comment, posting') - await this.postComment({ body: securityComment }) - } - } - } -} diff --git a/src/commands/action/core/index.ts b/src/commands/action/core/index.ts deleted file mode 100644 index fb202e63c..000000000 --- a/src/commands/action/core/index.ts +++ /dev/null @@ -1,560 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/__init__.py -import { once } from 'node:events' -import fs from 'node:fs' -import path from 'node:path' - -import ndjson from 'ndjson' - -import { logger } from '@socketsecurity/registry/lib/logger' -import { SocketSdk } from '@socketsecurity/sdk' - -import { Diff, FullScan, Issue, Package, Purl } from './classes' - -import type { components, operations } from '@socketsecurity/sdk/types/api.d' - -export class Core { - socket: SocketSdk - owner: string - repo: string - files: string[] - securityPolicy: Record< - string, - { action: 'error' | 'ignore' | 'warn' | 'monitor' } - > = {} - - constructor({ - owner, - repo, - socket - }: Pick) { - this.socket = socket - this.owner = owner - this.repo = repo - this.files = [] - } - - async getSbomData({ - fullScanId - }: { - fullScanId: string - }): Promise> { - const orgFullScanResponse = await this.socket.getOrgFullScan( - this.owner, - fullScanId, - undefined - ) - if (!orgFullScanResponse.success) { - return [] - } - - const { data: readStream }: { data: any } = orgFullScanResponse - const sbomArtifacts: any = [] - - readStream - .pipe(ndjson.parse()) - .on('data', (sbomArtifact: any) => sbomArtifacts.push(sbomArtifact)) - - await once(readStream, 'end') - - return sbomArtifacts - } - - async createFullScan({ - params - }: { - params: Omit - }): Promise { - const orgFullScanResponse = await this.socket.createOrgFullScan( - this.owner, - // Ignoring because pull_request is of type number but URLSearchParams will convert it to a string - // @ts-ignore - new URLSearchParams({ repo: this.repo, ...params }), - this.files - ) - - if (!orgFullScanResponse.success) { - return new FullScan() - } - - const { id: fullScanId } = orgFullScanResponse.data - const fullScan = new FullScan(orgFullScanResponse.data) - if (fullScanId !== undefined) { - fullScan.sbom_artifacts = await this.getSbomData({ fullScanId }) - } - return fullScan - } - - getSourceData({ - packages, - pkg - }: { - pkg: Package - packages: Record - }): Array<[string, string]> { - const introducedBy: Array<[string, string]> = [] - - if (pkg.direct) { - const manifests = pkg.manifestFiles.map(({ file }) => file).join(';') - - introducedBy.push(['direct', manifests]) - } else { - for (const topId of pkg.topLevelAncestors) { - const topPackage = packages[topId] - - if (!topPackage) { - continue - } - - const topPurl = `${topPackage.type}/${topPackage.name}@${topPackage.version}` - const manifests = topPackage.manifestFiles - .map(({ file }) => file) - .join(';') - - introducedBy.push([topPurl, manifests]) - } - } - - return introducedBy - } - - createPurl({ - packageId, - packages - }: { - packageId: string - packages: Record - }): { purl: Purl; pkg: Package } { - const pkg = packages[packageId]! - const introducedBy = this.getSourceData({ pkg, packages }) - const purl = new Purl({ - id: pkg.id, - name: pkg.name, - version: pkg.version, - ecosystem: pkg.type, - direct: pkg.direct, - introduced_by: introducedBy, - author: pkg.author, - size: pkg.size, - transitives: pkg.transitives, - url: pkg.url, - purl: pkg.purl - }) - return { purl, pkg } - } - - async createIssueAlerts({ - alerts, - packages, - pkg - }: { - pkg: Package - alerts: Record - packages: Record - }): Promise> { - const issues = JSON.parse( - fs.readFileSync(path.join(import.meta.dirname, 'issues.json'), 'utf8') - ) as Record> - - for (const alert of pkg.alerts) { - const issue = issues[alert.type] - - let description = '' - let title = '' - let suggestion = '' - let nextStepTitle = '' - - if (issue !== undefined) { - description = issue['description'] ?? '' - title = issue['title'] ?? '' - suggestion = issue['suggestion'] ?? '' - nextStepTitle = issue['nextStepTitle'] ?? '' - } - - const introducedBy = this.getSourceData({ pkg, packages }) - - const issueAlert = new Issue({ - pkg_type: pkg.type, - pkg_name: pkg.name, - pkg_version: pkg.version, - pkg_id: pkg.id, - type: alert.type, - severity: alert.severity, - key: alert.key, - props: alert.props, - description, - title, - suggestion, - next_step_title: nextStepTitle, - introduced_by: introducedBy, - purl: pkg.purl, - url: pkg.url, - error: false, - ignore: false, - warn: false, - monitor: false - }) - - if (alert.type in this.securityPolicy) { - const action = this.securityPolicy[alert.type]?.action - if (action !== undefined) { - issueAlert[action] = true - } - } - - if (issueAlert.type !== 'licenseSpdxDisj') { - if (!(issueAlert.key in alerts)) { - alerts[issueAlert.key] = [issueAlert] - } else { - alerts[issueAlert.key]!.push(issueAlert) - } - } - } - - return alerts - } - - compareIssueAlerts({ - alerts, - headScanAlerts, - newScanAlerts - }: { - newScanAlerts: Record - headScanAlerts: Record - alerts: Issue[] - }) { - const consolidatedAlerts = new Set() - - for (const alertKey in newScanAlerts) { - if (!(alertKey in headScanAlerts)) { - const newAlerts = newScanAlerts[alertKey]! - - for (const alert of newAlerts) { - const alertStr = `${alert.purl},${alert.manifests},${alert.type}` - - if (alert.error || alert.warn) { - if (!consolidatedAlerts.has(alertStr)) { - alerts.push(alert) - consolidatedAlerts.add(alertStr) - } - } - } - } else { - const newAlerts = newScanAlerts[alertKey]! - const headAlerts = headScanAlerts[alertKey]! - - for (const alert of newAlerts) { - const alertStr = `${alert.purl},${alert.manifests},${alert.type}` - if ( - !headAlerts.includes(alert) && - !consolidatedAlerts.has(alertStr) - ) { - if (alert.error || alert.warn) { - alerts.push(alert) - consolidatedAlerts.add(alertStr) - } - } - } - } - } - - return alerts - } - - checkAlertCapabilities({ - capabilities, - headPackage, - packageId, - pkg - }: { - pkg: Package - capabilities: Record - packageId: string - headPackage?: Package | undefined - }): Record { - const alertTypes = { - envVars: 'Environment', - networkAccess: 'Network', - filesystemAccess: 'File System', - shellAccess: 'Shell' - } - - for (const alert of pkg.alerts) { - let newAlert = true - if (headPackage !== undefined && headPackage.alerts.includes(alert)) { - newAlert = false - } - if (alert.type in alertTypes && newAlert) { - const value = alertTypes[alert.type as keyof typeof alertTypes] - if (!(packageId in capabilities)) { - capabilities[packageId] = [value] - } else { - if (!capabilities[packageId]!.includes(value)) { - capabilities[packageId]!.push(value) - } - } - } - } - - return capabilities - } - - compareCapabilities({ - headPackages, - newPackages - }: { - newPackages: Record - headPackages: Record - }) { - let capabilities: Record = {} - - for (const packageId in newPackages) { - const pkg = newPackages[packageId]! - - if (packageId in headPackages) { - const headPackage = headPackages[packageId]! - for (const alert of pkg.alerts) { - if (!headPackage.alerts.includes(alert)) { - capabilities = this.checkAlertCapabilities({ - pkg, - capabilities, - packageId, - headPackage - }) - } - } - } else { - capabilities = this.checkAlertCapabilities({ - pkg, - capabilities, - packageId - }) - } - } - - return capabilities - } - - addCapabilitiesToPurl(diff: Diff): Diff { - const newPackages: Purl[] = [] - - for (const purl of diff.newPackages) { - if (purl.id in diff.newCapabilities) { - const capabilities = - diff.newCapabilities[purl.id as keyof typeof diff.newCapabilities]! - if (capabilities.length > 0) { - purl.capabilities = capabilities - newPackages.push(purl) - } - } else { - newPackages.push(purl) - } - } - diff.newPackages = newPackages - - return diff - } - - async compareSBOMs({ - headScan, - newScan - }: { - newScan: Awaited> - headScan: Awaited> - }): Promise { - let diff = new Diff() - const newPackages = this.createSbomDict(newScan) - const headPackages = this.createSbomDict(headScan) - - let newScanAlerts: Record = {} - let headScanAlerts: Record = {} - const consolidated = new Set() - - for (const packageId in newPackages) { - const { pkg, purl } = this.createPurl({ - packageId, - packages: newPackages - }) - const basePurl = `${purl.ecosystem}/${purl.name}@${purl.version}` - - if ( - !(packageId in headPackages) && - pkg.direct && - !consolidated.has(basePurl) - ) { - diff.newPackages.push(purl) - consolidated.add(basePurl) - } - // eslint-disable-next-line no-await-in-loop - newScanAlerts = await this.createIssueAlerts({ - pkg, - alerts: newScanAlerts, - packages: newPackages - }) - } - - for (const packageId in headPackages) { - const { pkg, purl } = this.createPurl({ - packageId, - packages: headPackages - }) - - if (!(packageId in newPackages) && pkg.direct) { - diff.removedPackages.push(purl) - } - // eslint-disable-next-line no-await-in-loop - headScanAlerts = await this.createIssueAlerts({ - pkg, - alerts: headScanAlerts, - packages: headPackages - }) - } - - diff.newAlerts = this.compareIssueAlerts({ - newScanAlerts, - headScanAlerts, - alerts: diff.newAlerts - }) - diff.newCapabilities = this.compareCapabilities({ - newPackages, - headPackages - }) - diff = this.addCapabilitiesToPurl(diff) - - return diff - } - - createPackageFromSbomArtifact( - sbomArtifact: Array - ): Package[] { - return sbomArtifact.map( - sbomArtifact => - new Package({ - type: sbomArtifact.type, - name: sbomArtifact.name, - version: sbomArtifact.version, - release: sbomArtifact.release, - id: sbomArtifact.id, - direct: sbomArtifact.direct, - manifestFiles: sbomArtifact.manifestFiles, - author: sbomArtifact.author, - size: sbomArtifact.size, - score: sbomArtifact.score, - alerts: sbomArtifact.alerts, - topLevelAncestors: sbomArtifact.topLevelAncestors, - license: sbomArtifact.license - }) - ) - } - - getLicenseDetails({ package: pkg }: { package: Package }): Package { - const licenseText = JSON.parse( - fs.readFileSync( - path.join(import.meta.dirname, 'license_texts.json'), - 'utf8' - ) - ) as Record - const licenseStr = licenseText[pkg.license] - if (licenseStr !== undefined) { - pkg.license_text = licenseStr - } - return pkg - } - - createSbomDict( - sbomArtifacts: Awaited> - ): Record { - const packages: Record = {} - const topLevelCount: Record = {} - - for (const sbomArtifact of sbomArtifacts) { - let pkg = new Package({ - type: sbomArtifact.type, - name: sbomArtifact.name, - version: sbomArtifact.version, - release: sbomArtifact.release, - id: sbomArtifact.id, - direct: sbomArtifact.direct, - manifestFiles: sbomArtifact.manifestFiles, - author: sbomArtifact.author, - size: sbomArtifact.size, - score: sbomArtifact.score, - alerts: sbomArtifact.alerts, - topLevelAncestors: sbomArtifact.topLevelAncestors, - license: sbomArtifact.license - }) - - if (pkg.id in packages) { - logger.log('Duplicate package?') - } else { - pkg = this.getLicenseDetails({ package: pkg }) - packages[pkg.id] = pkg - - for (const topId in sbomArtifact.topLevelAncestors ?? []) { - if (!(topId in topLevelCount)) { - topLevelCount[topId] = 1 - } else { - topLevelCount[topId]! += 1 - } - } - } - } - - if (Object.keys(topLevelCount).length > 0) { - for (const packageId in topLevelCount) { - const pkg = packages[packageId] - if (pkg) { - pkg.transitives = topLevelCount[packageId] ?? 0 - } - } - } - - return packages - } - - async createNewDiff({ - params = {} - }: { - params?: Omit< - operations['CreateOrgFullScan']['parameters']['query'], - 'repo' - > - }): Promise { - let headFullScanId: string = '' - let headFullScan: Awaited> = [] - - try { - const orgRepoResponse = await this.socket.getOrgRepo( - this.owner, - this.repo - ) - if (orgRepoResponse.success) { - headFullScanId = orgRepoResponse.data.head_full_scan_id ?? '' - if (headFullScanId !== '') { - headFullScan = await this.getSbomData({ fullScanId: headFullScanId }) - } - } - } catch (e) { - logger.error(e) - } - - const newFullScan = await this.createFullScan({ params }) - newFullScan.packages = this.createSbomDict(newFullScan.sbom_artifacts) - - const diffReport = await this.compareSBOMs({ - newScan: newFullScan.sbom_artifacts, - headScan: headFullScan - }) - diffReport.packages = newFullScan.packages - - const baseSocket = 'https://socket.dev/dashboard/org' - diffReport.id = newFullScan.id - diffReport.reportUrl = `${baseSocket}/${this.owner}/sbom/${diffReport.id}` - if (headFullScanId !== '') { - diffReport.diffUrl = `${baseSocket}/${this.owner}/diff/${diffReport.id}/${headFullScanId}` - } else { - diffReport.diffUrl = diffReport.reportUrl - } - - return diffReport - } -} diff --git a/src/commands/action/core/messages.ts b/src/commands/action/core/messages.ts deleted file mode 100644 index f0aa3d2a3..000000000 --- a/src/commands/action/core/messages.ts +++ /dev/null @@ -1,220 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/messages.py -import { Diff, Issue, Purl } from './classes' - -export function createSecurityCommentJSON({ diff }: { diff: Diff }) { - const scanFailed = false - - // Not porting this code because it's unreachable - // https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/messages.py#L13-L18 - - const output: { - scanFailed: boolean - newAlerts: Issue[] - fullScanId: string - } = { - scanFailed, - newAlerts: [], - fullScanId: diff.id - } - for (const alert of diff.newAlerts) { - output.newAlerts.push(alert) - } - - return output -} - -export function createPurlLink(purl: Purl): string { - const packageUrl = `[${purl.purl}](${purl.url})` - return packageUrl -} - -export function createAddedTable(diff: Diff): string { - const overviewTable = [ - 'Package', - 'Direct', - 'Capabilities', - 'Transitives', - 'Size', - 'Author' - ] - const rows = [] - for (const added of diff.newPackages) { - const packageUrl = createPurlLink(added) - const capabilities = added.capabilities.join(', ') - const row = [ - packageUrl, - added.direct, - capabilities, - added.transitives, - `${added.size} KB`, - added.author_url - ] - rows.push(row) - } - - let md = '' - md += `|${overviewTable.join('|')}|\n` - md += '|---|---|---|---|---|---|\n' - for (const row of rows) { - md += `|${row.join('|')}|\n` - } - - return md -} - -export function createRemoveLine(diff: Diff): string { - const removedLine = ['Removed packages:'] - for (const removed of diff.removedPackages) { - const packageUrl = createPurlLink(removed) - removedLine.push(packageUrl) - } - return removedLine.join(', ') -} - -export function dependencyOverviewTemplate(diff: Diff): string { - let md = '' - md += '\n' - md += '# Socket Security: Dependency Overview\n' - md += - 'New and removed dependencies detected. Learn more about [socket.dev](https://socket.dev)\n\n' - md += createAddedTable(diff) - if (diff.removedPackages.length > 0) { - md += createRemoveLine(diff) - } - return md -} - -export function createSources(alert: Issue): [string, string] { - const sources: string[] = [] - const manifests: string[] = [] - for (const [source, manifest] of alert.introduced_by) { - const addStr = `
  • ${manifest}
    • ` - const sourceStr = `
  • ${source}
    • ` - if (!sources.includes(sourceStr)) { - sources.push(sourceStr) - } - if (!manifests.includes(addStr)) { - manifests.push(addStr) - } - } - const manifestList = manifests.join('') - const sourceList = sources.join('') - const manifestStr = `
      ${manifestList}
    ` - const sourcesStr = `
      ${sourceList}
    ` - return [manifestStr, sourcesStr] -} - -export function createSecurityAlertTable(diff: Diff): { - ignoreCommands: string[] - nextSteps: Record - mdTable: string -} { - const alertTable = [ - 'Alert', - 'Package', - 'Introduced by', - 'Manifest File', - 'CI' - ] - const nextSteps: Record = {} - const ignoreCommands: string[] = [] - - const rows: string[][] = [] - for (const alert of diff.newAlerts) { - if (!(alert.next_step_title in nextSteps)) { - nextSteps[alert.next_step_title] = [alert.description, alert.suggestion] - } - const ignore = `\`SocketSecurity ignore ${alert.purl}\`` - if (!ignoreCommands.includes(ignore)) { - ignoreCommands.push(ignore) - } - const [manifestStr, sourceStr] = createSources(alert) - const purlUrl = `[${alert.purl}](${alert.url})` - if (alert.error) { - alert.emoji = ':no_entry_sign:' - } else { - alert.emoji = ':warning:' - } - const row = [alert.title, purlUrl, sourceStr, manifestStr, alert.emoji] - if (!rows.some(r => r.join() === row.join())) { - rows.push(row) - } - } - - let md = '' - md += `|${alertTable.join('|')}|\n` - md += '|---|---|---|---|---|\n' - for (const row of rows) { - md += `|${row.join('|')}|\n` - } - - return { ignoreCommands, nextSteps, mdTable: md } -} - -export function createNextSteps(nextSteps: Record): string { - let md = '' - for (const step in nextSteps) { - const detail = nextSteps[step]! - md += '
    \n' - md += `${step}\n` - for (const line of detail) { - md += `${line}\n` - } - md += '
    \n' - } - return md -} - -export function createDeeperLook(): string { - let md = '' - md += '
    \n' - md += 'Take a deeper look at the dependency\n' - md += - "Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.\n" - md += '
    \n' - return md -} - -export function createRemovePackage(): string { - let md = '' - md += '
    \n' - md += 'Remove the package\n' - md += - 'If you happen to install a dependency that Socket reports as [https://socket.dev/npm/issue/malware](Known Malware) you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.\n' - md += '
    \n' - return md -} - -export function createAcceptableRisk(ignoreCommands: string[]): string { - let md = '' - md += '
    \n' - md += 'Mark a package as acceptable risk\n' - md += - 'To ignore an alert, reply with a comment starting with `SocketSecurity ignore` followed by a space separated list of `ecosystem/package-name@version` specifiers. e.g. `SocketSecurity ignore npm/foo@1.0.0` or ignore all packages with `SocketSecurity ignore-all`\n' - md += '
      \n' - for (const ignore of ignoreCommands) { - md += `
    • ${ignore}
      • \n` - } - md += '
    \n' - md += '
    \n' - return md -} - -export function securityCommentTemplate(diff: Diff): string { - let md = '' - md += '\n' - md += '# Socket Security: Issues Report\n' - md += - 'Potential security issues detected. Learn more about [socket.dev](https://socket.dev)\n' - md += - 'To accept the risk, merge this PR and you will not be notified again.\n\n' - md += '\n' - const { ignoreCommands, mdTable, nextSteps } = createSecurityAlertTable(diff) - md += mdTable - md += '\n\n' - md += createNextSteps(nextSteps) - md += createDeeperLook() - md += createRemovePackage() - md += createAcceptableRisk(ignoreCommands) - return md.trim() -} diff --git a/src/commands/action/core/scm_comments.ts b/src/commands/action/core/scm_comments.ts deleted file mode 100644 index d0b888dff..000000000 --- a/src/commands/action/core/scm_comments.ts +++ /dev/null @@ -1,215 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/scm_comments.py -import { logger } from '@socketsecurity/registry/lib/logger' - -import { Comment, Issue } from './classes' - -export type SocketComments = { - security: Comment | undefined - overview: Comment | undefined - ignore: Comment[] -} - -export function checkForSocketComments({ - comments -}: { - comments: Record -}): SocketComments { - const socketComments: { - security: Comment | undefined - overview: Comment | undefined - ignore: Comment[] - } = { - security: undefined, - overview: undefined, - ignore: [] - } - - for (const commentId in comments) { - const comment = comments[commentId]! - - if (comment.body.includes('socket-security-comment-actions')) { - socketComments.security = comment - } else if (comment.body.includes('socket-overview-comment-actions')) { - socketComments.overview = comment - } else if ( - // Based on: - // To ignore an alert, reply with a comment starting with @SocketSecurity ignore - // followed by a space separated list of ecosystem/package-name@version specifiers. - // e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all - comment.body - .split('\n') - .at(0) - ?.includes('SocketSecurity ignore') - ) { - socketComments.ignore.push(comment) - } - } - - return socketComments -} - -// Parses the ignore command -// @SocketSecurity ignore pkg1 pkg2 ... -// @SocketSecurity ignore ignore-all -export function parseIgnoreCommand(line: string) { - const result = { packages: [] as string[], ignoreAll: false } - const words = line.trim().replace(/\s+/g, ' ').split(' ') - if (words.at(1) === 'ignore-all') { - result.ignoreAll = true - return result - } - if (words.at(1) === 'ignore') { - for (let i = 2; i < words.length; i++) { - const pkg = words[i] as string - result.packages.push(pkg) - } - return result - } - return result -} - -// Ref: https://github.com/socketdev-demo/javascript-threats/pull/89#issuecomment-2456015512 -export function processSecurityComment({ - ignore: ignoreComments, - security: securityComment -}: Pick): string { - const result: string[] = [] - let start = false - - let ignoreAll = false - const ignoredPackages = [] - for (const ignoreComment of ignoreComments) { - const parsed = parseIgnoreCommand( - ignoreComment.body?.split('\n').at(0) ?? '' - ) - if (parsed.ignoreAll) { - ignoreAll = true - break - } - ignoredPackages.push(parsed.packages) - } - - // Split the comment body into lines and update them - // to generate a new comment body - for (let line of securityComment?.body?.split('\n') ?? []) { - line = line.trim() - - if (line.includes('start-socket-alerts-table')) { - start = true - result.push(line) - } else if ( - start && - !line.includes('end-socket-alerts-table') && - // is not heading line? - !( - line === '|Alert|Package|Introduced by|Manifest File|CI|' || - line.includes(':---') - ) && - line !== '' - ) { - // Parsing Markdown data colunms - const [_, _title, packageLink, _introducedBy, _manifest, _ci] = - line.split('|') as [string, string, string, string, string, string] - - // Parsing package link [npm/pkg](url) - const [_ecosystem, pkg] = packageLink - .slice(1, packageLink.indexOf(']')) - .split('/', 2) as [string, string] - const [pkgName, pkgVersion] = pkg.split('@') - - // Checking if this package should be ignored - let ignore = false - if (ignoreAll) { - ignore = true - } else { - for (const [ignoredPkgName, ignorePkgVersion] of ignoredPackages) { - if ( - pkgName === ignoredPkgName && - (ignorePkgVersion === '*' || pkgVersion === ignorePkgVersion) - ) { - ignore = true - break - } - } - } - - if (ignore) { - break - } - result.push(line) - } else if (line.includes('end-socket-alerts-table')) { - start = false - result.push(line) - } else { - result.push(line) - } - } - - return result.join('\n') -} - -export function getIgnoreOptions({ comments }: { comments: SocketComments }) { - const ignoreCommands: string[] = [] - let ignoreAll = false - - for (const comment of comments.ignore) { - let firstLine = comment.body_list[0]! - if (!ignoreAll && firstLine.includes('SocketSecurity ignore')) { - try { - firstLine = firstLine.replace(/@/, '') - let [, command] = firstLine.split('SocketSecurity ') - command = command!.trim() - if (command === 'ignore-all') { - ignoreAll = true - } else { - command = command.replace(/ignore/, '').trim() - const [name, version] = command.split('@') - const data = `${name}/${version}` - ignoreCommands.push(data) - } - } catch (e) { - logger.fail(`Unable to process ignore command for ${comment}`) - logger.error(e) - } - } - } - return { ignoreAll, ignoreCommands } -} - -export function removeAlerts({ - comments, - newAlerts -}: { - comments: SocketComments - newAlerts: Issue[] -}) { - const alerts: Issue[] = [] - - if (comments.ignore.length === 0) { - return newAlerts - } - - const { ignoreAll, ignoreCommands } = getIgnoreOptions({ - comments - }) - - for (const alert of newAlerts) { - if (ignoreAll) { - break - } else { - const fullName = `${alert.pkg_type}/${alert.pkg_name}` - const purl = `${fullName}/${alert.pkg_version}` - const purlStar = `${fullName}/*` - if (ignoreCommands.includes(purl) || ignoreCommands.includes(purlStar)) { - logger.log(`Alerts for ${alert.pkg_name}@${alert.pkg_version} ignored`) - } else { - logger.log( - `Adding alert ${alert.type} for ${alert.pkg_name}@${alert.pkg_version}` - ) - alerts.push(alert) - } - } - } - - return alerts -} diff --git a/src/commands/action/run-action.ts b/src/commands/action/run-action.ts deleted file mode 100644 index 0241079a5..000000000 --- a/src/commands/action/run-action.ts +++ /dev/null @@ -1,88 +0,0 @@ -// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py - -import micromatch from 'micromatch' -import { simpleGit } from 'simple-git' - -import { logger } from '@socketsecurity/registry/lib/logger' -import { SocketSdk } from '@socketsecurity/sdk' - -import { Core } from './core' -import { GitHub } from './core/github' -import * as Messages from './core/messages' -import * as SCMComments from './core/scm_comments' -import { getDefaultToken } from '../../utils/sdk' - -// TODO: is this a github action handler? -export async function runAction( - githubEventBefore: string, - githubEventAfter: string -) { - //TODO - const socket = new SocketSdk(getDefaultToken()!) - - const git = simpleGit() - const changedFiles = ( - await git.diff( - process.env['GITHUB_EVENT_NAME'] === 'pull_request' - ? ['--name-only', 'HEAD^1', 'HEAD'] - : ['--name-only', githubEventBefore, githubEventAfter] - ) - ).split('\n') - - logger.log({ changedFiles }) - // supportedFiles have 3-level deep globs - const patterns = Object.values(await socket.getReportSupportedFiles()) - .flatMap((i: Record) => Object.values(i)) - .flatMap((i: Record) => Object.values(i)) - .flatMap((i: Record) => Object.values(i)) - - const files = micromatch(changedFiles, patterns) - - const scm = new GitHub() - - if (scm.checkEventType() === 'comment') { - logger.log('Comment initiated flow') - const comments = await scm.getCommentsForPR() - await scm.removeCommentAlerts({ comments }) - } else if (scm.checkEventType() === 'diff') { - logger.log('Push initiated flow') - const core = new Core({ owner: scm.owner, repo: scm.repo, files, socket }) - const diff = await core.createNewDiff({}) - const comments = await scm.getCommentsForPR() - diff.newAlerts = SCMComments.removeAlerts({ - comments, - newAlerts: diff.newAlerts - }) - const overviewComment = Messages.dependencyOverviewTemplate(diff) - const securityComment = Messages.securityCommentTemplate(diff) - let newSecurityComment = true - let newOverviewComment = true - const updateOldSecurityComment = comments.security !== undefined - const updateOldOverviewComment = comments.overview !== undefined - if (diff.newAlerts.length === 0) { - if (!updateOldSecurityComment) { - newSecurityComment = false - logger.log('No new alerts or security issue comment disabled') - } else { - logger.log('Updated security comment with no new alerts') - } - } - if (diff.newPackages.length === 0 && diff.removedPackages.length === 0) { - if (!updateOldOverviewComment) { - newOverviewComment = false - logger.log( - 'No new/removed packages or Dependency Overview comment disabled' - ) - } else { - logger.log('Updated overview comment with no dependencies') - } - } - await scm.addSocketComments({ - securityComment, - overviewComment, - comments, - newSecurityComment, - newOverviewComment - }) - } -} diff --git a/src/commands/action/core/alerts.json b/src/utils/alert-meta-data.json similarity index 100% rename from src/commands/action/core/alerts.json rename to src/utils/alert-meta-data.json diff --git a/src/commands/action/core/license_texts.json b/src/utils/license_texts.json similarity index 100% rename from src/commands/action/core/license_texts.json rename to src/utils/license_texts.json