SocketDev
diff --git a/‎src/commands/cli.test.mts
Lines changed: 9 additions & 9 deletions b/‎src/commands/cli.test.mts
Lines changed: 9 additions & 9 deletions
diff --git a/‎src/commands/package/output-purls-deep-score.mts
Lines changed: 92 additions & 96 deletions b/‎src/commands/package/output-purls-deep-score.mts
Lines changed: 92 additions & 96 deletions
@@ -20,16 +20,16 @@ describe('socket root command', async () => {
 
         Main commands
 
-          socket login              Setup the Socket CLI with an API token and defaults
-          socket scan create        Create a new Scan and report
-          socket npm/[email protected]   Request the security score of a particular package
+          socket login              Setup Socket CLI with an API token and defaults
+          socket scan create        Create a new Socket scan and report
+          socket npm/[email protected]   Request the Socket score of a package
           socket ci                 Shorthand for CI; socket scan create --report --no-interactive
 
         Socket API
 
           analytics                 Look up analytics data
           audit-log                 Look up the audit log for an organization
-          organization              Manage organization account details
+          organization              Manage Socket organization account details
           package                   Look up published package details
           repository                Manage registered repositories
           scan                      Manage Socket scans
@@ -42,16 +42,16 @@ describe('socket root command', async () => {
           npm                       npm wrapper functionality
           npx                       npx wrapper functionality
           optimize                  Optimize dependencies with @socketregistry overrides
-          raw-npm                   Temporarily disable the Socket npm wrapper
-          raw-npx                   Temporarily disable the Socket npx wrapper
+          raw-npm                   Run npm without the Socket npm wrapper
+          raw-npx                   Run npx without the Socket npx wrapper
 
         CLI configuration
 
-          config                    Manage the CLI configuration directly
-          install                   Manually install CLI tab completion on your system
+          config                    Manage Socket CLI configuration directly
+          install                   Install Socket CLI tab completion on your system
           login                     Socket API login and CLI setup
           logout                    Socket API logout
-          uninstall                 Remove the CLI tab completion from your system
+          uninstall                 Remove Socket CLI tab completion from your system
           wrapper                   Enable or disable the Socket npm/npx wrapper
 
         Options       (Note: all CLI commands have these flags even when not displayed in their help)
 
@@ -11,7 +11,7 @@ export async function outputPurlsDeepScore(
   purl: string,
   result: CResult<PurlDataResponse>,
   outputKind: OutputKind,
-) {
+): Promise<void> {
   if (!result.ok) {
     process.exitCode = result.code ?? 1
   }
@@ -39,7 +39,7 @@ export async function outputPurlsDeepScore(
   logger.log('')
 }
 
-export function createMarkdownReport(data: PurlDataResponse) {
+export function createMarkdownReport(data: PurlDataResponse): string {
   const {
     self: {
       alerts: selfAlerts,
@@ -57,162 +57,158 @@ export function createMarkdownReport(data: PurlDataResponse) {
     },
   } = data
 
-  const arr: string[] = []
-
-  arr.push('# Complete Package Score')
-  arr.push('')
+  const o: string[] = ['# Complete Package Score', '']
   if (dependencyCount) {
-    arr.push(
+    o.push(
       `This is a Socket report for the package *"${purl}"* and its *${dependencyCount}* direct/transitive dependencies.`,
     )
   } else {
-    arr.push(
+    o.push(
       `This is a Socket report for the package *"${purl}"*. It has *no dependencies*.`,
     )
   }
-  arr.push('')
+  o.push('')
   if (dependencyCount) {
-    arr.push(
+    o.push(
       `It will show you the shallow score for just the package itself and a deep score for all the transitives combined. Additionally you can see which capabilities were found and the top alerts as well as a package that was responsible for it.`,
     )
   } else {
-    arr.push(
+    o.push(
       `It will show you the shallow score for the package itself, which capabilities were found, and its top alerts.`,
     )
-    arr.push('')
-    arr.push(
+    o.push('')
+    o.push(
       'Since it has no dependencies, the shallow score is also the deep score.',
     )
   }
-  arr.push('')
+  o.push('')
   if (dependencyCount) {
     // This doesn't make much sense if there are no dependencies. Better to omit it.
-    arr.push(
+    o.push(
       'The report should give you a good insight into the status of this package.',
     )
-    arr.push('')
-    arr.push('## Package itself')
-    arr.push('')
-    arr.push(
+    o.push('')
+    o.push('## Package itself')
+    o.push('')
+    o.push(
       'Here are results for the package itself (excluding data from dependencies).',
     )
   } else {
-    arr.push('## Report')
-    arr.push('')
-    arr.push(
+    o.push('## Report')
+    o.push('')
+    o.push(
       'The report should give you a good insight into the status of this package.',
     )
   }
-  arr.push('')
-  arr.push('### Shallow Score')
-  arr.push('')
-  arr.push('This score is just for the package itself:')
-  arr.push('')
-  arr.push('- Overall: ' + selfScore.overall)
-  arr.push('- Maintenance: ' + selfScore.maintenance)
-  arr.push('- Quality: ' + selfScore.quality)
-  arr.push('- Supply Chain: ' + selfScore.supplyChain)
-  arr.push('- Vulnerability: ' + selfScore.vulnerability)
-  arr.push('- License: ' + selfScore.license)
-  arr.push('')
-  arr.push('### Capabilities')
-  arr.push('')
+  o.push('')
+  o.push('### Shallow Score')
+  o.push('')
+  o.push('This score is just for the package itself:')
+  o.push('')
+  o.push(`- Overall: ${selfScore.overall}`)
+  o.push(`- Maintenance: ${selfScore.maintenance}`)
+  o.push(`- Quality: ${selfScore.quality}`)
+  o.push(`- Supply Chain: ${selfScore.supplyChain}`)
+  o.push(`- Vulnerability: ${selfScore.vulnerability}`)
+  o.push(`- License: ${selfScore.license}`)
+  o.push('')
+  o.push('### Capabilities')
+  o.push('')
   if (selfCaps.length) {
-    arr.push('These are the capabilities detected in the package itself:')
-    arr.push('')
-    selfCaps.forEach(cap => {
-      arr.push(`- ${cap}`)
-    })
+    o.push('These are the capabilities detected in the package itself:')
+    o.push('')
+    for (const cap of selfCaps) {
+      o.push(`- ${cap}`)
+    }
   } else {
-    arr.push('No capabilities were found in the package.')
+    o.push('No capabilities were found in the package.')
   }
-  arr.push('')
-  arr.push('### Alerts for this package')
-  arr.push('')
+  o.push('')
+  o.push('### Alerts for this package')
+  o.push('')
   if (selfAlerts.length) {
     if (dependencyCount) {
-      arr.push('These are the alerts found for the package itself:')
+      o.push('These are the alerts found for the package itself:')
     } else {
-      arr.push('These are the alerts found for this package:')
+      o.push('These are the alerts found for this package:')
     }
-    arr.push('')
-    arr.push(
+    o.push('')
+    o.push(
       mdTable(selfAlerts, ['severity', 'name'], ['Severity', 'Alert Name']),
     )
   } else {
-    arr.push('There are currently no alerts for this package.')
+    o.push('There are currently no alerts for this package.')
   }
-  arr.push('')
+  o.push('')
   if (dependencyCount) {
-    arr.push('## Transitive Package Results')
-    arr.push('')
-    arr.push(
+    o.push('## Transitive Package Results')
+    o.push('')
+    o.push(
       'Here are results for the package and its direct/transitive dependencies.',
     )
-    arr.push('')
-    arr.push('### Deep Score')
-    arr.push('')
-    arr.push(
+    o.push('')
+    o.push('### Deep Score')
+    o.push('')
+    o.push(
       'This score represents the package and and its direct/transitive dependencies:',
     )
-    arr.push(
+    o.push(
       `The function used to calculate the values in aggregate is: *"${func}"*`,
     )
-    arr.push('')
-    arr.push('- Overall: ' + score.overall)
-    arr.push('- Maintenance: ' + score.maintenance)
-    arr.push('- Quality: ' + score.quality)
-    arr.push('- Supply Chain: ' + score.supplyChain)
-    arr.push('- Vulnerability: ' + score.vulnerability)
-    arr.push('- License: ' + score.license)
-    arr.push('')
-    arr.push('### Capabilities')
-    arr.push('')
-    arr.push(
+    o.push('')
+    o.push(`- Overall: ${score.overall}`)
+    o.push(`- Maintenance: ${score.maintenance}`)
+    o.push(`- Quality: ${score.quality}`)
+    o.push(`- Supply Chain: ${score.supplyChain}`)
+    o.push(`- Vulnerability: ${score.vulnerability}`)
+    o.push(`- License: ${score.license}`)
+    o.push('')
+    o.push('### Capabilities')
+    o.push('')
+    o.push(
       'These are the packages with the lowest recorded score. If there is more than one with the lowest score, just one is shown here. This may help you figure out the source of low scores.',
     )
-    arr.push('')
-    arr.push('- Overall: ' + lowest.overall)
-    arr.push('- Maintenance: ' + lowest.maintenance)
-    arr.push('- Quality: ' + lowest.quality)
-    arr.push('- Supply Chain: ' + lowest.supplyChain)
-    arr.push('- Vulnerability: ' + lowest.vulnerability)
-    arr.push('- License: ' + lowest.license)
-    arr.push('')
-    arr.push('### Capabilities')
-    arr.push('')
+    o.push('')
+    o.push(`- Overall: ${lowest.overall}`)
+    o.push(`- Maintenance: ${lowest.maintenance}`)
+    o.push(`- Quality: ${lowest.quality}`)
+    o.push(`- Supply Chain: ${lowest.supplyChain}`)
+    o.push(`- Vulnerability: ${lowest.vulnerability}`)
+    o.push(`- License: ${lowest.license}`)
+    o.push('')
+    o.push('### Capabilities')
+    o.push('')
     if (capabilities.length) {
-      arr.push('These are the capabilities detected in at least one package:')
-      arr.push('')
-      capabilities.forEach(cap => {
-        arr.push(`- ${cap}`)
-      })
+      o.push('These are the capabilities detected in at least one package:')
+      o.push('')
+      for (const cap of capabilities) {
+        o.push(`- ${cap}`)
+      }
     } else {
-      arr.push(
+      o.push(
         'This package had no capabilities and neither did any of its direct/transitive dependencies.',
       )
     }
-    arr.push('')
-    arr.push('### Alerts')
-    arr.push('')
+    o.push('')
+    o.push('### Alerts')
+    o.push('')
     if (alerts.length) {
-      arr.push('These are the alerts found:')
-      arr.push('')
+      o.push('These are the alerts found:')
+      o.push('')
 
-      arr.push(
+      o.push(
         mdTable(
           alerts,
           ['severity', 'name', 'example'],
           ['Severity', 'Alert Name', 'Example package reporting it'],
         ),
       )
     } else {
-      arr.push(
+      o.push(
         'This package had no alerts and neither did any of its direct/transitive dependencies',
       )
     }
-    arr.push('')
-
-    return arr.join('\n')
+    o.push('')
   }
+  return o.join('\n')
 }