SocketDev
diff --git a/‎README.md
Lines changed: 5 additions & 0 deletions b/‎README.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎lib/commands/info/index.js
Lines changed: 66 additions & 26 deletions b/‎lib/commands/info/index.js
Lines changed: 66 additions & 26 deletions
diff --git a/‎lib/commands/report/create.js
Lines changed: 35 additions & 6 deletions b/‎lib/commands/report/create.js
Lines changed: 35 additions & 6 deletions
@@ -36,6 +36,11 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 * `--json` - outputs result as json which you can then pipe into [`jq`](https://stedolan.github.io/jq/) and other tools
 * `--markdown` - outputs result as markdown which you can then copy into an issue, PR or even chat
 
+## Strictness flags
+
+* `--all` - by default only `high` and `critical` issues are included, by setting this flag all issues will be included
+* `--strict` - when set, exits with an error code if any issues were found
+
 ### Other flags
 
 * `--dry-run` - like all CLI tools that perform an action should have, we have a dry run flag. Eg. `socket report create` supports running the command without actually uploading anything
 
@@ -7,8 +7,9 @@ import ora from 'ora'
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
 import { InputError } from '../../utils/errors.js'
-import { getSeveritySummary } from '../../utils/format-issues.js'
+import { getSeverityCount, formatSeverityCount } from '../../utils/format-issues.js'
 import { printFlagList } from '../../utils/formatting.js'
+import { objectSome } from '../../utils/misc.js'
 import { setupSdk } from '../../utils/sdk.js'
 
 /** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
@@ -18,32 +19,44 @@ export const info = {
     const name = parentName + ' info'
 
     const input = setupCommand(name, info.description, argv, importMeta)
-    const result = input && await fetchPackageData(input.pkgName, input.pkgVersion)
+    const packageData = input && await fetchPackageData(input.pkgName, input.pkgVersion, input)
 
-    if (result) {
-      formatPackageDataOutput(result.data, { name, ...input })
+    if (packageData) {
+      formatPackageDataOutput(packageData, { name, ...input })
     }
   }
 }
 
 // Internal functions
 
+/**
+ * @typedef CommandContext
+ * @property {boolean} includeAllIssues
+ * @property {boolean} outputJson
+ * @property {boolean} outputMarkdown
+ * @property {string} pkgName
+ * @property {string} pkgVersion
+ * @property {boolean} strict
+ */
+
 /**
  * @param {string} name
  * @param {string} description
  * @param {readonly string[]} argv
  * @param {ImportMeta} importMeta
- * @returns {void|{ outputJson: boolean, outputMarkdown: boolean, pkgName: string, pkgVersion: string }}
+ * @returns {void|CommandContext}
  */
- function setupCommand (name, description, argv, importMeta) {
+function setupCommand (name, description, argv, importMeta) {
   const cli = meow(`
     Usage
       $ ${name} <name>
 
     Options
       ${printFlagList({
+        '--all': 'Include all issues',
         '--json': 'Output result as json',
         '--markdown': 'Output result as markdown',
+        '--strict': 'Exits with an error code if any matching issues are found',
       }, 6)}
 
     Examples
@@ -54,6 +67,10 @@ export const info = {
     description,
     importMeta,
     flags: {
+      all: {
+        type: 'boolean',
+        default: false,
+      },
       json: {
         type: 'boolean',
         alias: 'j',
@@ -64,12 +81,18 @@ export const info = {
         alias: 'm',
         default: false,
       },
+      strict: {
+        type: 'boolean',
+        default: false,
+      },
     }
   })
 
   const {
+    all: includeAllIssues,
     json: outputJson,
     markdown: outputMarkdown,
+    strict,
   } = cli.flags
 
   if (cli.input.length > 1) {
@@ -97,19 +120,28 @@ export const info = {
   }
 
   return {
+    includeAllIssues,
     outputJson,
     outputMarkdown,
     pkgName,
-    pkgVersion
+    pkgVersion,
+    strict,
   }
 }
 
+/**
+ * @typedef PackageData
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
+ * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
+ */
+
 /**
  * @param {string} pkgName
  * @param {string} pkgVersion
- * @returns {Promise<void|import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>>}
+ * @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
+ * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (pkgName, pkgVersion) {
+async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
   const socketSdk = await setupSdk()
   const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), spinner, 'looking up package')
@@ -120,32 +152,40 @@ async function fetchPackageData (pkgName, pkgVersion) {
 
   // Conclude the status of the API call
 
-  const issueSummary = getSeveritySummary(result.data)
-  spinner.succeed(`Found ${issueSummary || 'no'} issues for version ${pkgVersion} of ${pkgName}`)
+  const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
+
+  if (objectSome(severityCount)) {
+    const issueSummary = formatSeverityCount(severityCount)
+    spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+  } else {
+    spinner.succeed('Package has no issues')
+  }
 
-  return result
+  return {
+    data: result.data,
+    severityCount,
+  }
 }
 
 /**
- * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
- * @param {{ name: string, outputJson: boolean, outputMarkdown: boolean, pkgName: string, pkgVersion: string }} context
+ * @param {PackageData} packageData
+ * @param {{ name: string } & CommandContext} context
  * @returns {void}
  */
- function formatPackageDataOutput (data, { name, outputJson, outputMarkdown, pkgName, pkgVersion }) {
-  // If JSON, output and return...
-
+ function formatPackageDataOutput ({ data, severityCount }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
-    return
-  }
-
-  // ...else do the CLI / Markdown output dance
+  } else {
+    const format = new ChalkOrMarkdown(!!outputMarkdown)
+    const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
 
-  const format = new ChalkOrMarkdown(!!outputMarkdown)
-  const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
+    console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
+    if (!outputMarkdown) {
+      console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
+    }
+  }
 
-  console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
-  if (!outputMarkdown) {
-    console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
+  if (strict && objectSome(severityCount)) {
+    process.exit(1)
   }
 }
@@ -29,20 +29,22 @@ export const create = {
         cwd,
         debugLog,
         dryRun,
+        includeAllIssues,
         outputJson,
         outputMarkdown,
         packagePaths,
+        strict,
         view,
       } = input
 
       const result = input && await createReport(packagePaths, { cwd, debugLog, dryRun })
 
       if (result && view) {
         const reportId = result.data.id
-        const reportResult = input && await fetchReportData(reportId)
+        const reportData = input && await fetchReportData(reportId, { includeAllIssues, strict })
 
-        if (reportResult) {
-          formatReportDataOutput(reportResult.data, { name, outputJson, outputMarkdown, reportId })
+        if (reportData) {
+          formatReportDataOutput(reportData, { includeAllIssues, name, outputJson, outputMarkdown, reportId, strict })
         }
       } else if (result) {
         formatReportCreationOutput(result.data, { outputJson, outputMarkdown })
@@ -53,12 +55,25 @@ export const create = {
 
 // Internal functions
 
+/**
+ * @typedef CommandContext
+ * @property {string} cwd
+ * @property {typeof console.error} debugLog
+ * @property {boolean} dryRun
+ * @property {boolean} includeAllIssues
+ * @property {boolean} outputJson
+ * @property {boolean} outputMarkdown
+ * @property {string[]} packagePaths
+ * @property {boolean} strict
+ * @property {boolean} view
+ */
+
 /**
  * @param {string} name
  * @param {string} description
  * @param {readonly string[]} argv
  * @param {ImportMeta} importMeta
- * @returns {Promise<void|{ cwd: string, debugLog: typeof console.error, dryRun: boolean, outputJson: boolean, outputMarkdown: boolean, packagePaths: string[], view: boolean }>}
+ * @returns {Promise<void|CommandContext>}
  */
 async function setupCommand (name, description, argv, importMeta) {
   const cli = meow(`
@@ -67,10 +82,12 @@ async function setupCommand (name, description, argv, importMeta) {
 
     Options
       ${printFlagList({
+        '--all': 'Include all issues',
         '--debug': 'Output debug information',
         '--dry-run': 'Only output what will be done without actually doing it',
         '--json': 'Output result as json',
         '--markdown': 'Output result as markdown',
+        '--strict': 'Exits with an error code if any matching issues are found',
         '--view': 'Will wait for and return the created report'
       }, 6)}
 
@@ -84,6 +101,10 @@ async function setupCommand (name, description, argv, importMeta) {
     description,
     importMeta,
     flags: {
+      all: {
+        type: 'boolean',
+        default: false,
+      },
       debug: {
         type: 'boolean',
         alias: 'd',
@@ -103,6 +124,10 @@ async function setupCommand (name, description, argv, importMeta) {
         alias: 'm',
         default: false,
       },
+      strict: {
+        type: 'boolean',
+        default: false,
+      },
       view: {
         type: 'boolean',
         alias: 'v',
@@ -112,9 +137,11 @@ async function setupCommand (name, description, argv, importMeta) {
   })
 
   const {
+    all: includeAllIssues,
     dryRun,
     json: outputJson,
     markdown: outputMarkdown,
+    strict,
     view,
   } = cli.flags
 
@@ -132,16 +159,18 @@ async function setupCommand (name, description, argv, importMeta) {
     cwd,
     debugLog,
     dryRun,
+    includeAllIssues,
     outputJson,
     outputMarkdown,
     packagePaths,
+    strict,
     view,
   }
 }
 
 /**
  * @param {string[]} packagePaths
- * @param {{ cwd: string, debugLog: typeof console.error, dryRun: boolean }} context
+ * @param {Pick<CommandContext, 'cwd' | 'debugLog' | 'dryRun'>} context
  * @returns {Promise<void|import('@socketsecurity/sdk').SocketSdkReturnType<'createReport'>>}
  */
 async function createReport (packagePaths, { cwd, debugLog, dryRun }) {
@@ -168,7 +197,7 @@ async function createReport (packagePaths, { cwd, debugLog, dryRun }) {
 
 /**
  * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'createReport'>["data"]} data
- * @param {{ outputJson: boolean, outputMarkdown: boolean }} context
+ * @param {Pick<CommandContext, 'outputJson' | 'outputMarkdown'>} context
  * @returns {void}
  */
 function formatReportCreationOutput (data, { outputJson, outputMarkdown }) {