Tags: SocketDev/socket-cli
Tags
feat(ci): add sfw-enterprise support and publish-without-sfw escape h… …atch (#1181) * feat(ci): add sfw-enterprise support and publish-without-sfw escape hatch When SOCKET_API_KEY is set, downloads sfw-enterprise from SocketDev/firewall-release instead of sfw-free. Enterprise shims include additional ecosystems (gem, bundler, nuget, go on Linux). SSL workaround only applies to sfw-free. Adds publish-without-sfw input to provenance workflow to bypass firewall shims during publishing. * fix(ci): suppress pre-existing zizmor secrets-outside-env warnings * fix(ci): add job names, restrict workflow permissions, document id-token * fix(ci): use file rename instead of PATH override to strip sfw shims Writing PATH to GITHUB_ENV doesn't work because GITHUB_PATH entries are always prepended by the runner after GITHUB_ENV is applied (actions/toolkit#655). Rename shim files to .disabled instead so real binaries resolve from PATH naturally.
fix: respect projectIgnorePaths from socket.yml in scan create (#1137) * fix: respect projectIgnorePaths from socket.yml in scan create The scan create command had all the downstream infrastructure to honor projectIgnorePaths from socket.yml but never actually loaded the config. Read socket.yml via findSocketYmlSync and pass the parsed config to getPackageFilesForScan so globWithGitIgnore applies the ignore patterns. * fix: respect projectIgnorePaths from socket.yml in scan reach * v1.1.78 * fix: respect projectIgnorePaths from socket.yml in socket fix * docs: update changelog to include socket fix
fix: improve error message for revoked API tokens with --reach (#1145) * fix: improve error message for revoked API tokens with --reach When using `socket scan create --reach` with an invalid or revoked API token, the CLI now shows a clear "Authentication failed" message instead of the misleading "Unable to verify plan permissions" error. Also splits 401/403 handling in the API layer so unauthorized tokens get a distinct message from insufficient permissions. Bumps @coana-tech/cli from 14.12.200 to 14.12.201 and Socket CLI to v1.1.77. * fix: respect silence parameter in fetchOrganization error logging The logger.fail call was running unconditionally, causing unwanted output for callers that pass silence: true (e.g. getDefaultOrgSlug) and double error messages in the 401 reachability flow.
fix: set YARN_NODE_LINKER=node-modules for yarn dlx commands (#1128) * fix: set YARN_NODE_LINKER=node-modules for yarn dlx commands Yarn PnP mode fails when packages have undeclared dependencies (e.g. @coana-tech/cli accessing @babel/types). Setting the YARN_NODE_LINKER env var to node-modules forces traditional node_modules resolution, avoiding PnP strict dependency errors. * chore: bump version to 1.1.76
fix: make --version exit with code 0 instead of 2 (#1125) * fix: make --version exit with code 0 instead of 2 The --version flag was defined and parsed but never explicitly handled at the root command level, causing it to fall through to showHelp with exit code 2. This broke automation (e.g. Ansible) that checks the exit code of `socket --version`. * fix: add patch command to public commands set The patch command was registered and unhidden but missing from the hardcoded public commands validation set, causing a spurious "Received an unknown command: patch" error on every CLI invocation. Also removes the workaround in test utils that stripped this error. --------- Co-authored-by: John-David Dalton <jdalton@users.noreply.github.com>
fix: default to cwd when --reach is used without explicit target (#1121) * fix: default to cwd when --reach is used without explicit target When `socket scan create --reach` is run without an explicit target path, the CLI previously relied on an interactive prompt to ask the user to confirm the current directory. In non-TTY environments (e.g. Jenkins CI), the select() prompt silently fails because wrapPrompt swallows non-TypeError errors, causing suggestTarget() to return [] and all reach validations to fail with confusing "Input error: At least one TARGET (missing)" errors. Now defaults to '.' (cwd) when --reach is used without a target, which is consistent with --reach requiring exactly one directory target. Also bumps @coana-tech/cli to 14.12.200 and CLI version to 1.1.74. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: default to cwd when --reach is used without explicit target When `socket scan create --reach` is run without an explicit target path, the CLI previously relied on an interactive prompt to ask the user to confirm the current directory. In non-TTY environments (e.g. Jenkins CI), the select() prompt silently fails because wrapPrompt swallows non-TypeError errors, causing suggestTarget() to return [] and all reach validations to fail with confusing "Input error: At least one TARGET (missing)" errors. Now falls back to '.' (cwd) when the prompt returns empty, preserving the interactive prompt for TTY users while gracefully handling non-TTY environments. Also bumps @coana-tech/cli to 14.12.200 and CLI version to 1.1.74. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PreviousNext