Simplify coana auto fix

jdalton · jdalton · commit 7596b611e2f3 · 2025-08-04T12:46:05.000-04:00
diff --git a/src/commands/fix/cmd-fix.mts b/src/commands/fix/cmd-fix.mts
@@ -47,7 +47,7 @@ const config: CliCommandConfig = {
       description: `Provide a list of ${terminalLink(
         'GHSA IDs',
         'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids',
-      )} to compute fixes for, as either a comma separated value or as multiple flags.\n                        Use '--ghsa auto' to automatically lookup GHSA IDs and compute fixes for them.`,
+      )} to compute fixes for, as either a comma separated value or as multiple flags.\n                        Use '--ghsa all' to lookup all GHSA IDs and compute fixes for them.`,
       isMultiple: true,
       hidden: true,
     },
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
@@ -1,7 +1,6 @@
-import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
+import { debugDir } from '@socketsecurity/registry/lib/debug'
 
 import { handleApiCall } from '../../utils/api.mts'
-import { cmdFlagValueToArray } from '../../utils/cmd.mts'
 import { spawnCoana } from '../../utils/coana.mts'
 import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
 import { setupSdk } from '../../utils/sdk.mts'
@@ -64,34 +63,10 @@ export async function coanaFix(
     return lastCResult as CResult<any>
   }
 
-  const spawnOptions = { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } }
-
-  let ids = ghsas
-  if (ids.length === 1 && ids[0] === 'auto') {
-    debugFn('notice', 'resolve: GitHub security alerts.')
-    const foundIdsCResult = tarHash
-      ? await spawnCoana(
-          [
-            'compute-fixes-and-upgrade-purls',
-            cwd,
-            '--manifests-tar-hash',
-            tarHash,
-          ],
-          spawnOptions,
-        )
-      : undefined
-    if (foundIdsCResult) {
-      lastCResult = foundIdsCResult
-    }
-    if (foundIdsCResult?.ok) {
-      ids = cmdFlagValueToArray(
-        /(?<=Vulnerabilities found: )[^\n]+/.exec(
-          foundIdsCResult.data as string,
-        )?.[0],
-      )
-      debugDir('inspect', { GitHubSecurityAlerts: ids })
-    }
-  }
+  const isAuto =
+    ghsas.length === 1 && (ghsas[0] === 'all' || ghsas[0] === 'auto')
+
+  const ids = isAuto ? ['all'] : ghsas
 
   const fixCResult = ids.length
     ? await spawnCoana(
@@ -104,7 +79,7 @@ export async function coanaFix(
           ...ids,
           ...fixConfig.unknownFlags,
         ],
-        spawnOptions,
+        { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
       )
     : undefined
 
