patches

Author: 101arrowz

lib/commands/login/index.js

@@ -5,7 +5,7 @@ import prompts from 'prompts'
 import terminalLink from 'terminal-link'
 
 import { AuthError, InputError } from '../../utils/errors.js'
-import { setupSdk } from '../../utils/sdk.js'
+import { FREE_API_KEY, setupSdk } from '../../utils/sdk.js'
 import { getSetting, updateSetting } from '../../utils/settings.js'
 
 const description = 'Socket API login'
@@ -43,16 +43,18 @@ export const login = {
     if (!isInteractive()) {
       throw new InputError('cannot prompt for credentials in a non-interactive shell')
     }
-    const { apiKey } = await prompts({
+    const result = await prompts({
       type: 'password',
       name: 'apiKey',
       message: `Enter your ${terminalLink(
         'Socket.dev API key',
         'https://docs.socket.dev/docs/api-keys'
-      )}`,
+      )} (leave blank for a public key)`,
       onState: promptAbortHandler
     })
 
+    const apiKey = result.apiKey || FREE_API_KEY
+
     const spinner = ora('Verifying API key...').start()
 
     /** @type {import('@socketsecurity/sdk').SocketSdkReturnType<'getSettings'>['data']} */
@@ -77,35 +79,35 @@ export const login = {
         value: org.id
       }))
 
-    /** @type {string | null} */
-    let enforcedOrg = null
+    /** @type {string[]} */
+    let enforcedOrgs = []
 
     if (enforcedChoices.length > 1) {
       const { id } = await prompts({
         type: 'select',
         name: 'id',
         hint: '\n  Pick "None" if this is a personal device',
-        message: 'Which organization\'s policies should Socket globally enforce?',
+        message: 'Which organization\'s policies should Socket enforce system-wide?',
         choices: enforcedChoices.concat({
           title: 'None',
           value: null
         }),
         onState: promptAbortHandler
       })
-      enforcedOrg = id
+      if (id) enforcedOrgs = [id]
     } else if (enforcedChoices.length) {
       const { confirmOrg } = await prompts({
         type: 'confirm',
         name: 'confirmOrg',
-        message: `Should Socket globally enforce ${enforcedChoices[0]?.title}'s security policies?`,
+        message: `Should Socket enforce ${enforcedChoices[0]?.title}'s security policies system-wide?`,
         initial: true,
         onState: promptAbortHandler
       })
       if (confirmOrg) {
-        enforcedOrg = enforcedChoices[0]?.value
+        enforcedOrgs = [enforcedChoices[0]?.value]
       }
     }
-    updateSetting('enforcedOrg', enforcedOrg)
+    updateSetting('enforcedOrgs', enforcedOrgs)
     const oldKey = getSetting('apiKey')
     updateSetting('apiKey', apiKey)
     spinner.succeed(`API credentials ${oldKey ? 'updated' : 'set'}`)

lib/commands/logout/index.js

@@ -27,7 +27,7 @@ export const logout = {
     if (cli.input.length) cli.showHelp()
 
     updateSetting('apiKey', null)
-    updateSetting('enforcedOrg', null)
+    updateSetting('enforcedOrgs', null)
     ora('Successfully logged out').succeed()
   }
 }

lib/shadow/npm-injection.cjs

@@ -42,11 +42,10 @@ const apiKeySettingsPromise = sdkPromise.then(async ({ setupSdk }) => {
   return result.data
 })
 
-/** @type {Promise<{ id: string, issueRules: import('../utils/settings.js').IssueRules }[]>} */
+/** @type {Promise<{ defaultRules: import('../utils/settings.js').IssueRules, orgRules: { id: string, issueRules: import('../utils/settings.js').IssueRules }[] }>} */
 const orgSettingsPromise = settingsPromise.then(async ({ getSetting, updateSetting }) => {
-  const enforcedOrg = getSetting('enforcedOrg')
+  const enforcedOrgs = getSetting('enforcedOrgs')
   const settings = await apiKeySettingsPromise
-  const enforcedRules = enforcedOrg && settings.organizations[enforcedOrg] || {}
 
   /**
    * @param {import('../utils/settings.js').IssueRules[string]} rule
@@ -62,29 +61,54 @@ const orgSettingsPromise = settingsPromise.then(async ({ getSetting, updateSetti
     }
   }
 
-  return Object.values(settings.organizations).map(({ id, issueRules }) => {
-    const defaultedRules = { ...issueRules }
-    for (const rule in enforcedRules) {
+  /**
+   *
+   * @param {import('../utils/settings.js').IssueRules} a
+   * @param {import('../utils/settings.js').IssueRules} b
+   * @returns {import('../utils/settings.js').IssueRules}
+   */
+  const mergeRules = (a, b) => {
+    const merged = { ...a }
+    for (const rule in b) {
       if (
-        !defaultedRules[rule] ||
-        ruleStrength(enforcedRules[rule]) > ruleStrength(defaultedRules[rule])
+        !merged[rule] ||
+        ruleStrength(b[rule]) > ruleStrength(merged[rule])
       ) {
-        defaultedRules[rule] = enforcedRules[rule]
+        merged[rule] = b[rule]
       }
     }
+    return merged
+  }
+
+  const mergeDefaults = (rules) => {
+    const out = { ...rules }
     for (const rule in settings.defaultIssueRules) {
-      if (!(rule in defaultedRules) || (
-        typeof defaultedRules[rule] === 'object' &&
-        defaultedRules[rule].action === 'defer'
+      const defaultedRule = out[rule]
+      if (
+          !(rule in out) || (
+          typeof defaultedRule === 'object' &&
+          defaultedRule.action === 'defer'
       )) {
-        defaultedRules[rule] = settings.defaultIssueRules[rule]
+        out[rule] = settings.defaultIssueRules[rule]
       }
     }
-    return {
-      id,
-      issueRules: defaultedRules
-    }
-  })
+    return out
+  }
+
+  const enforcedRules = enforcedOrgs
+    .map(org => settings.organizations[org])
+    .reduce((a, b) => mergeRules(a, b))
+
+  return {
+    defaultRules: mergeDefaults(enforcedRules),
+    orgRules: Object.values(settings.organizations).map(({ id, name, issueRules }) => {
+      return {
+        id,
+        name,
+        issueRules: mergeDefaults(mergeRules(issueRules, enforcedRules))
+      }
+    })
+  }
 })
 
 // shadow `npm` and `npx` to mitigate subshells
@@ -467,13 +491,13 @@ async function packagesHaveRiskyIssues (registry, pkgs, ora = null, input, outpu
           }
         }
         if (failures.length || warns.length) {
-          failed = failures.length > 0
+          failed ||= failures.length > 0
           spinner?.stop()
           translations ??= JSON.parse(fs.readFileSync(path.join(__dirname, '/translations.json'), 'utf-8'))
           formatter ??= new ((await chalkMarkdownPromise).ChalkOrMarkdown)(false)
           const name = pkgData.pkg
           const version = pkgData.ver
-          output.write(`(socket) ${formatter.hyperlink(`${name}@${version}`, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains ${failures.length ? 'serious ' : ''}risks:\n`)
+          output.write(`(socket) ${formatter.hyperlink(`${name}@${version}`, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:\n`)
           if (translations) {
             for (const failure of failures) {
               // @ts-ignore

lib/utils/sdk.js

@@ -33,7 +33,7 @@ export async function setupSdk (apiKey = getDefaultKey()) {
     const input = await prompts({
       type: 'password',
       name: 'apiKey',
-      message: 'Enter your Socket.dev API key (not saved)',
+      message: 'Enter your Socket.dev API key (not saved, use socket login to persist)',
     })
 
     apiKey = defaultKey = input.apiKey

lib/utils/settings.js

@@ -23,7 +23,7 @@ const settingsPath = path.join(dataHome, 'socket', 'settings')
  * @typedef {import('@socketsecurity/sdk').SocketSdkReturnType<'getSettings'>['data']['organizations'][string]['issueRules']} IssueRules
  */
 
-/** @type {{apiKey?: string | null, enforcedOrg?: string | null}} */
+/** @type {{apiKey?: string | null, enforcedOrgs?: string[] | null}} */
 let settings = {}
 
 if (fs.existsSync(settingsPath)) {