Add --yes to cdxgen

Author: jdalton

src/commands/cdxgen/cmd-cdxgen.ts

@@ -66,7 +66,8 @@ const yargsConfig = {
     recurse: ['r'],
     'resolve-class': ['c'],
     type: ['t'],
-    version: ['v']
+    version: ['v'],
+    yes: ['y']
   },
   array: [
     { key: 'author', type: 'string' },
@@ -90,7 +91,10 @@ const yargsConfig = {
     'required-only',
     'server',
     'validate',
-    'version'
+    'version',
+    // The --yes flag and -y alias map to the corresponding flag and alias of npx.
+    // https://docs.npmjs.com/cli/v7/commands/npx#compatibility-with-older-npx-versions
+    'yes'
   ],
   string: [
     'api-key',

src/commands/cdxgen/run-cyclonedx.ts

@@ -10,7 +10,7 @@ import { logger } from '@socketsecurity/registry/lib/logger'
 import constants from '../../constants'
 import shadowBin from '../../shadow/npm/bin'
 
-const { NPM, NPX, PNPM } = constants
+const { NPM, NPX, PACKAGE_LOCK, PNPM, YARN } = constants
 
 const nodejsPlatformTypes = new Set([
   'javascript',
@@ -25,18 +25,20 @@ const nodejsPlatformTypes = new Set([
 
 export async function runCycloneDX(yargv: any) {
   let cleanupPackageLock = false
+  const yesArgs = yargv.yes ? ['--yes'] : []
   if (
-    yargv.type !== 'yarn' &&
+    yargv.type !== YARN &&
     nodejsPlatformTypes.has(yargv.type) &&
     existsSync('./yarn.lock')
   ) {
-    if (existsSync('./package-lock.json')) {
+    if (existsSync(`./${PACKAGE_LOCK}`)) {
       yargv.type = NPM
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
         await shadowBin(NPX, [
+          ...yesArgs,
           '[email protected]',
           '--',
           '--source-file',
@@ -48,13 +50,14 @@ export async function runCycloneDX(yargv: any) {
     }
   }
   await shadowBin(NPX, [
+    ...yesArgs,
     '@cyclonedx/[email protected]',
     '--',
     ...argvToArray(yargv)
   ])
   if (cleanupPackageLock) {
     try {
-      await fs.rm('./package-lock.json')
+      await fs.rm(`./${PACKAGE_LOCK}`)
     } catch {}
   }
   const fullOutputPath = path.join(process.cwd(), yargv.output)

test/socket-cdxgen.test.ts

@@ -20,105 +20,91 @@ const spawnOpts: PromiseSpawnOptions = {
   cwd: npmFixturesPath
 }
 
-describe(
-  'Socket cdxgen command',
-  {
-    // Skip until we think of how to handle the output test.
-    skip: true
-  },
-  async () => {
-    // Lazily access constants.rootBinPath.
-    const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
+describe('Socket cdxgen command', async () => {
+  // Lazily access constants.rootBinPath.
+  const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
 
-    it(
-      'should forwards known commands to cdxgen',
-      {
-        // Takes ~10s in CI
-        timeout: 20_000
-      },
-      async () => {
-        for (const command of ['-h', '--help']) {
-          // eslint-disable-next-line no-await-in-loop
-          const ret = await spawn(
-            // Lazily access constants.execPath.
-            constants.execPath,
-            [entryPath, 'cdxgen', command],
-            spawnOpts
-          )
-          expect(
-            ret.stdout.includes('cdxgen'),
-            'forwards commands to cdxgen'
-          ).toBe(true)
-        }
+  it(
+    'should forwards known commands to cdxgen',
+    {
+      // Takes ~10s in CI
+      timeout: 20_000
+    },
+    async () => {
+      for (const command of ['-h', '--help']) {
+        // eslint-disable-next-line no-await-in-loop
+        const ret = await spawn(
+          // Lazily access constants.execPath.
+          constants.execPath,
+          [entryPath, 'cdxgen', '--yes', command],
+          spawnOpts
+        )
+        expect(
+          ret.stdout.includes('cdxgen'),
+          'forwards commands to cdxgen'
+        ).toBe(true)
       }
-    )
+    }
+  )
 
-    describe(
-      'command forwarding',
-      {
-        // Skip until we think of how to handle the output test.
-        skip: true
-      },
-      async () => {
-        expect.extend({
-          toHaveStderrStartWith(received, expected) {
-            const { isNot } = this
-            return {
-              // do not alter your "pass" based on isNot. Vitest does it for you
-              pass: received?.stderr?.startsWith?.(expected) ?? false,
-              message: () =>
-                `spawn.stderr did${isNot ? ' not' : ''} start with \`${expected}\`: ${received?.stderr}`
-            }
-          }
-        })
+  describe('command forwarding', async () => {
+    expect.extend({
+      toHaveStderrInclude(received, expected) {
+        const { isNot } = this
+        return {
+          // do not alter your "pass" based on isNot. Vitest does it for you
+          pass: received?.stderr?.includes?.(expected) ?? false,
+          message: () =>
+            `spawn.stderr ${isNot ? 'does NOT include' : 'includes'} \`${expected}\`: ${received?.stderr}`
+        }
+      }
+    })
 
-        it('should not forward -u to cdxgen', async () => {
-          const command = '-u'
-          await expect(
-            () =>
-              spawn(
-                // Lazily access constants.execPath.
-                constants.execPath,
-                [entryPath, 'cdxgen', command],
-                spawnOpts
-              )
-            // @ts-ignore -- toHaveStderrStartWith is defined above
-          ).rejects.toHaveStderrStartWith(
-            `${LOG_SYMBOLS.fail} Unknown argument: ${command}`
+    it('should not forward -u to cdxgen', async () => {
+      const command = '-u'
+      await expect(
+        () =>
+          spawn(
+            // Lazily access constants.execPath.
+            constants.execPath,
+            [entryPath, 'cdxgen', '-y', command],
+            spawnOpts
           )
-        })
+        // @ts-ignore -- toHaveStderrInclude is defined above
+      ).rejects.toHaveStderrInclude(
+        `${LOG_SYMBOLS.fail} Unknown argument: ${command}`
+      )
+    })
 
-        it('should not forward --unknown to cdxgen', async () => {
-          const command = '--unknown'
-          await expect(
-            () =>
-              spawn(
-                // Lazily access constants.execPath.
-                constants.execPath,
-                [entryPath, 'cdxgen', command],
-                spawnOpts
-              )
-            // @ts-ignore -- toHaveStderrStartWith is defined above
-          ).rejects.toHaveStderrStartWith(
-            `${LOG_SYMBOLS.fail} Unknown argument: ${command}`
+    it('should not forward --unknown to cdxgen', async () => {
+      const command = '--unknown'
+      await expect(
+        () =>
+          spawn(
+            // Lazily access constants.execPath.
+            constants.execPath,
+            [entryPath, 'cdxgen', '--yes', command],
+            spawnOpts
           )
-        })
+        // @ts-ignore -- toHaveStderrInclude is defined above
+      ).rejects.toHaveStderrInclude(
+        `${LOG_SYMBOLS.fail} Unknown argument: ${command}`
+      )
+    })
 
-        it('should not forward multiple unknown commands to cdxgen', async () => {
-          await expect(
-            () =>
-              spawn(
-                // Lazily access constants.execPath.
-                constants.execPath,
-                [entryPath, 'cdxgen', '-u', '-h', '--unknown'],
-                spawnOpts
-              )
-            // @ts-ignore -- toHaveStderrStartWith is defined above
-          ).rejects.toHaveStderrStartWith(
-            `${LOG_SYMBOLS.fail} Unknown arguments: -u, --unknown`
+    it('should not forward multiple unknown commands to cdxgen', async () => {
+      await expect(
+        () =>
+          spawn(
+            // Lazily access constants.execPath.
+            constants.execPath,
+            [entryPath, 'cdxgen', '-y', '-u', '-h', '--unknown'],
+            spawnOpts
           )
-        })
-      }
-    )
-  }
-)
+        // @ts-ignore -- toHaveStderrInclude is defined above
+      ).rejects.toHaveStderrInclude(
+        `${LOG_SYMBOLS.fail} Unknown arguments: -u, --unknown`
+      )
+    })
+  })
+})