Merge pull request #93 from SocketDev/cg/renderIssuesSocketInfo

charliegerard · web-flow · commit d0626a9f4025 · 2023-11-14T06:21:24.000+11:00
Render issues when running `socket info`
diff --git a/lib/commands/info/index.js b/lib/commands/info/index.js
@@ -20,10 +20,12 @@ export const info = {
     const name = parentName + ' info'
 
     const input = setupCommand(name, info.description, argv, importMeta)
-    const packageData = input && await fetchPackageData(input.pkgName, input.pkgVersion, input)
-
-    if (packageData) {
-      formatPackageDataOutput(packageData, { name, ...input })
+    if (input) {
+      const spinner = ora(`Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`).start()
+      const packageData = await fetchPackageData(input.pkgName, input.pkgVersion, input, spinner)
+      if (packageData) {
+        formatPackageDataOutput(packageData, { name, ...input }, spinner)
+      }
     }
   }
 }
@@ -121,12 +123,12 @@ function setupCommand (name, description, argv, importMeta) {
 /**
  * @param {string} pkgName
  * @param {string} pkgVersion
- * @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
+ * @param {Pick<CommandContext, 'includeAllIssues'>} context
+ * @param {import('ora').Ora} spinner
  * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
+async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues }, spinner) {
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
-  const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')
 
@@ -139,16 +141,8 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   }
 
   // Conclude the status of the API call
-
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
 
-  if (objectSome(severityCount)) {
-    const issueSummary = formatSeverityCount(severityCount)
-    spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
-  } else {
-    spinner.succeed('Package has no issues')
-  }
-
   return {
     data: result.data,
     severityCount,
@@ -159,14 +153,14 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
 /**
  * @param {PackageData} packageData
  * @param {{ name: string } & CommandContext} context
+ * @param {import('ora').Ora} spinner
  * @returns {void}
  */
- function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
+ function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
-    console.log('\nPackage report card:\n')
-
+    console.log('\nPackage report card:')
     const scoreResult = {
       'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
       'Maintenance': Math.floor(score.maintenance.score * 100),
@@ -176,9 +170,20 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
     }
     Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
 
+    // Package issues list
+    if (objectSome(severityCount)) {
+      const issueSummary = formatSeverityCount(severityCount)
+      console.log('\n')
+      spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+      formatPackageIssuesDetails(data)
+    } else {
+      console.log('\n')
+      spinner.succeed('Package has no issues')
+    }
+
+    // Link to issues list
     const format = new ChalkOrMarkdown(!!outputMarkdown)
     const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
-
     console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
     if (!outputMarkdown) {
       console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
@@ -190,6 +195,31 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
   }
 }
 
+/**
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} packageData
+ * @returns {void[]}
+ */
+function formatPackageIssuesDetails (packageData) {
+  const issueDetails = packageData.filter(d => d.value?.severity === 'high' || d.value?.severity === 'critical')
+  const uniqueIssues = issueDetails.reduce((/** @type {{ [key: string]: number }} */ acc, issue) => {
+  const { type } = issue
+    if (type) {
+      if (!acc[type]) {
+        acc[type] = 1
+      } else {
+        acc[type]++
+      }
+    }
+    return acc
+  }, {})
+  return Object.keys(uniqueIssues).map(issue => {
+    if (uniqueIssues[issue] === 1) {
+      return console.log(`- ${issue}`)
+    }
+    return console.log(`- ${issue}: ${uniqueIssues[issue]}`)
+  })
+}
+
 /**
  * @param {number} score
  * @returns {string}
