Merge pull request #60 from SocketDev/warn-safe-npm

"warn" action for `socket npm`

Author: bmeck

.github/workflows/nodejs.yml

@@ -24,7 +24,8 @@ jobs:
     with:
       no-lockfile: true
       npm-test-script: 'test-ci'
-      node-versions: '14,16,18,19'
+      # Node 16 has a SegFault from C8 when using --test
+      node-versions: '18,19'
       # We currently have some issues on Windows that will have to wait to be fixed
       # os: 'ubuntu-latest,windows-latest'
       os: 'ubuntu-latest'

.prettierrc

@@ -0,0 +1 @@
+"prettier-config-x-standard"

lib/commands/login/index.js

@@ -43,6 +43,9 @@ export const login = {
     if (!isInteractive()) {
       throw new InputError('cannot prompt for credentials in a non-interactive shell')
     }
+    /**
+     * @type {{ apiKey: string }}
+     */
     const result = await prompts({
       type: 'password',
       name: 'apiKey',
@@ -91,6 +94,9 @@ export const login = {
     let enforcedOrgs = []
 
     if (enforcedChoices.length > 1) {
+      /**
+       * @type { {id: string} }
+       */
       const { id } = await prompts({
         type: 'select',
         name: 'id',
@@ -104,6 +110,9 @@ export const login = {
       })
       if (id) enforcedOrgs = [id]
     } else if (enforcedChoices.length) {
+      /**
+       * @type { {confirmOrg: boolean} }
+       */
       const { confirmOrg } = await prompts({
         type: 'confirm',
         name: 'confirmOrg',
@@ -112,7 +121,10 @@ export const login = {
         onState: promptAbortHandler
       })
       if (confirmOrg) {
-        enforcedOrgs = [enforcedChoices[0]?.value]
+        const existing = /** @type {undefined | {value: string}} */(enforcedChoices[0])
+        if (existing) {
+          enforcedOrgs = [existing.value]
+        }
       }
     }
     // MUST DO all updateSetting ON SAME TICK TO AVOID PARTIAL WRITE

lib/commands/report/create.js

@@ -118,13 +118,13 @@ async function setupCommand (name, description, argv, importMeta) {
 
     Options
       ${printFlagList({
-        '--all': 'Include all issues',
-        '--debug': 'Output debug information',
-        '--dry-run': 'Only output what will be done without actually doing it',
-        '--json': 'Output result as json',
-        '--markdown': 'Output result as markdown',
-        '--strict': 'Exits with an error code if any matching issues are found',
-        '--view': 'Will wait for and return the created report'
+        'all': 'Include all issues',
+        'debug': 'Output debug information',
+        'dry-run': 'Only output what will be done without actually doing it',
+        'json': 'Output result as json',
+        'markdown': 'Output result as markdown',
+        'strict': 'Exits with an error code if any matching issues are found',
+        'view': 'Will wait for and return the created report'
       }, 6)}
 
     Examples
@@ -185,9 +185,11 @@ async function setupCommand (name, description, argv, importMeta) {
     .then(res => {
       if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, ora())
       return res.data
-    }).catch(cause => {
-      throw new ErrorWithCause('Failed getting supported files for report', { cause })
-    })
+    }).catch(
+      /** @type {(cause: Error) => never} */
+      (cause) => {
+        throw new ErrorWithCause('Failed getting supported files for report', { cause })
+      })
 
   const packagePaths = await getPackageFiles(cwd, cli.input, config, supportedFiles, debugLog)