wip

Author: charliegerard

lib/commands/info/index.js

@@ -21,9 +21,9 @@ export const info = {
 
     const input = setupCommand(name, info.description, argv, importMeta)
     if (input) {
-      const spinnerText = input.pkgVersion === 'latest' ? `Looking up data for the latest version of ${input.pkgName}\n` : `Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`
+      const spinnerText = `Looking up data for packages: ${input.packages.join(', ')}\n`
       const spinner = ora(spinnerText).start()
-      const packageData = await fetchPackageData(input.ecosystem, input.pkgName, input.pkgVersion, input, spinner)
+      const packageData = await fetchPackageData(input.packages, input.includeAlerts, spinner)
       if (packageData) {
         formatPackageDataOutput(packageData, { name, ...input }, spinner)
       }
@@ -32,12 +32,14 @@ export const info = {
 }
 
 const infoFlags = prepareFlags({
-  license: {
-    type: 'boolean',
-    shortFlag: 'l',
-    default: false,
-    description: 'Include license - Default is false',
-  },
+  // At the moment in API v0, alerts and license do the same thing.
+  // The license parameter will be implemented later.
+  // license: {
+  //   type: 'boolean',
+  //   shortFlag: 'l',
+  //   default: false,
+  //   description: 'Include license - Default is false',
+  // },
   alerts: {
     type: 'boolean',
     shortFlag: 'a',
@@ -53,11 +55,8 @@ const infoFlags = prepareFlags({
  * @property {boolean} includeAlerts
  * @property {boolean} outputJson
  * @property {boolean} outputMarkdown
- * @property {string} pkgName
- * @property {string} pkgVersion
+ * @property {string[]} packages
  * @property {boolean} strict
- * @property {string} ecosystem
- * @property {boolean} includeLicense
  */
 
 /**
@@ -76,14 +75,14 @@ function setupCommand (name, description, argv, importMeta) {
 
   const cli = meow(`
     Usage
-      $ ${name} <ecosystem> <name>
+      $ ${name} <ecosystem>:<name>@<version>
 
     Options
       ${printFlagList(flags, 6)}
 
     Examples
-      $ ${name} npm webtorrent
-      $ ${name} npm [email protected]
+      $ ${name} npm:webtorrent
+      $ ${name} npm:[email protected]
   `, {
     argv,
     description,
@@ -93,75 +92,85 @@ function setupCommand (name, description, argv, importMeta) {
 
   const {
     alerts: includeAlerts,
-    license: includeLicense,
     json: outputJson,
     markdown: outputMarkdown,
     strict,
   } = cli.flags
 
-  const [ecosystem = '', rawPkgName = ''] = cli.input
+  const [rawPkgName = ''] = cli.input
 
-  if (!ecosystem && !rawPkgName) {
-    console.error('Please provide an ecosystem and a package name')
+  if (!rawPkgName) {
+    console.error('Please provide an ecosystem and package name')
     cli.showHelp()
     return
   }
 
-  const versionSeparator = rawPkgName.lastIndexOf('@')
+  const /** @type {string[]} */inputPkgs = []
 
-  const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator)
-  const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1)
+  cli.input.map(pkg => {
+    const ecosystem = pkg.split(':')[0]
+    if (!ecosystem) {
+      console.error(`Package name ${pkg} formatted incorrectly.`)
+      return cli.showHelp()
+    } else {
+      const versionSeparator = pkg.lastIndexOf('@')
+      const ecosystemSeparator = pkg.lastIndexOf(ecosystem)
+      const pkgName = versionSeparator < 1 ? pkg.slice(ecosystemSeparator + ecosystem.length + 1) : pkg.slice(ecosystemSeparator + ecosystem.length + 1, versionSeparator)
+      const pkgVersion = versionSeparator < 1 ? 'latest' : pkg.slice(versionSeparator + 1)
+      inputPkgs.push(`${ecosystem}/${pkgName}@${pkgVersion}`)
+    }
+    return inputPkgs
+  })
 
   return {
     includeAlerts,
-    includeLicense,
     outputJson,
     outputMarkdown,
-    pkgName,
-    pkgVersion,
+    packages: inputPkgs,
     strict,
-    ecosystem
   }
 }
 
 /**
  * @typedef PackageData
  * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'batchPackageFetch'>["data"]} data
- * @property {Record<import('../../utils/format-issues.js').SocketIssue['severity'], number> | undefined} severityCount
  */
 
 /**
- * @param {string} ecosystem
- * @param {string} pkgName
- * @param {string} pkgVersion
- * @param {Pick<CommandContext, 'includeAlerts' | 'includeLicense'>} context
+ * @param {string[]} packages
+ * @param {boolean} includeAlerts
  * @param {import('ora').Ora} spinner
  * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (ecosystem, pkgName, pkgVersion, { includeAlerts, includeLicense }, spinner) {
+async function fetchPackageData (packages, includeAlerts, spinner) {
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
+
+  const components = packages.map(pkg => {
+    return { 'purl': `pkg:${pkg}` }
+  })
+
   // @ts-ignore
   const result = await handleApiCall(socketSdk.batchPackageFetch(
-    { license: includeLicense.toString(), alerts: includeAlerts.toString() },
+    { alerts: includeAlerts.toString() },
     {
-        components:
-            [{
-                'purl': `pkg:${ecosystem}/${pkgName}@${pkgVersion}`
-            }]
+        components
     }), 'looking up package')
 
   if (!result.success) {
     return handleUnsuccessfulApiResponse('batchPackageFetch', result, spinner)
   }
 
   // @ts-ignore
-  const severityCount = result.data.alerts && getCountSeverity(result.data.alerts, includeAlerts ? undefined : 'high')
+  result.data.map(pkg => {
+    const severityCount = pkg.alerts && getCountSeverity(pkg.alerts, includeAlerts ? undefined : 'high')
+    pkg.severityCount = severityCount
+    return pkg
+  })
 
   spinner.stop()
 
   return {
-    data: result.data,
-    severityCount
+    data: result.data
   }
 }
 
@@ -171,52 +180,57 @@ async function fetchPackageData (ecosystem, pkgName, pkgVersion, { includeAlerts
  * @param {import('ora').Ora} spinner
  * @returns {void}
  */
-function formatPackageDataOutput (/** @type {{ [key: string]: any }} */ { data, severityCount }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
+function formatPackageDataOutput (/** @type {{ [key: string]: any }} */ { data }, { outputJson, outputMarkdown, strict }, spinner) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
-    console.log('\nPackage metrics:')
-
-    const scoreResult = {
-      'Supply Chain Risk': Math.floor(data.score.supplyChain * 100),
-      'Maintenance': Math.floor(data.score.maintenance * 100),
-      'Quality': Math.floor(data.score.quality * 100),
-      'Vulnerabilities': Math.floor(data.score.vulnerability * 100),
-      'License': Math.floor(data.score.license * 100),
-      'Overall': Math.floor(data.score.overall * 100)
-    }
-    Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
-
-    // Package license
-    console.log('\nPackage license:')
-    console.log(`${data.license}`)
-
-    // Package issues list
-    if (objectSome(severityCount)) {
-      const issueSummary = formatSeverityCount(severityCount)
-      console.log('\n')
-      spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
-      formatPackageIssuesDetails(data.alerts, outputMarkdown)
-    } else if (severityCount && !objectSome(severityCount)) {
-      console.log('\n')
-      spinner.succeed('Package has no issues')
-    }
+    data.map((/** @type {{[key:string]: any}} */ d) => {
+      const { score, license, name, severityCount, version } = d
+      console.log(`\nPackage metrics for ${name}:`)
+
+      const scoreResult = {
+        'Supply Chain Risk': Math.floor(score.supplyChain * 100),
+        'Maintenance': Math.floor(score.maintenance * 100),
+        'Quality': Math.floor(score.quality * 100),
+        'Vulnerabilities': Math.floor(score.vulnerability * 100),
+        'License': Math.floor(score.license * 100),
+        'Overall': Math.floor(score.overall * 100)
+      }
 
-    // Link to issues list
-    const format = new ChalkOrMarkdown(!!outputMarkdown)
-    const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
-    if (pkgVersion === 'latest') {
-      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName}`, url, { fallbackToUrl: true }))
-    } else {
-      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
-    }
-    if (!outputMarkdown) {
-      console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
-    }
-  }
+      Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
+
+      // Package license
+      console.log('\nPackage license:')
+      console.log(`${license}`)
+
+      // Package issues list
+      if (objectSome(severityCount)) {
+        const issueSummary = formatSeverityCount(severityCount)
+        console.log('\n')
+        spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+        formatPackageIssuesDetails(data.alerts, outputMarkdown)
+      } else if (severityCount && !objectSome(severityCount)) {
+        console.log('\n')
+        spinner.succeed('Package has no issues')
+      }
 
-  if (strict && objectSome(severityCount)) {
-    process.exit(1)
+      // Link to issues list
+      const format = new ChalkOrMarkdown(!!outputMarkdown)
+      const url = `https://socket.dev/npm/package/${name}/overview/${version}`
+      if (version === 'latest') {
+        console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${name}`, url, { fallbackToUrl: true }))
+      } else {
+        console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${name} v${version}`, url, { fallbackToUrl: true }))
+      }
+      if (!outputMarkdown) {
+        console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
+      }
+
+      if (strict && objectSome(severityCount)) {
+        process.exit(1)
+      }
+      return d
+    })
   }
 }