Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 20 additions & 5 deletions src/cli/validate.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,17 @@ import type { ParsedOptions } from "../types.js";

export function validateOptions(options: ParsedOptions): void {
if ((options.offline || options.offlineDb) && options.osvUrl) {
throw new Error("--offline/--offline-db cannot be used with --osv-url");
throw new Error(
"--offline/--offline-db cannot be used with --osv-url. " +
"Choose offline mode (local DB) or online mode (custom OSV endpoint), not both."
);
}

if (options.noCache && (options.offline || options.offlineDb)) {
throw new Error("--no-cache cannot be used with --offline or --offline-db");
throw new Error(
"--no-cache cannot be used with --offline or --offline-db. " +
"In offline mode the local advisory DB is used directly; --no-cache only applies to online scans."
);
}

if (options.osvUrl) {
Expand All @@ -19,23 +25,32 @@ export function validateOptions(options: ParsedOptions): void {
}

if (options.fix && options.json) {
throw new Error("--fix cannot be used with --json");
throw new Error(
"--fix cannot be used with --json. " +
"Use --fix to apply fixes interactively, or --json to output scan results as JSON — not both at once."

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two things on this line. interactively isn't accurate for --fix - the flag applies validated direct fixes and rescans without any prompting. Worth updating to match the help text: "Use --fix to apply validated fixes and rescan..."

Also there's an em dash before "not both at once" - project style uses hyphens throughout, so that should be a hyphen or just "pick one."

);
}

if (options.createPr && !options.fix) {
throw new Error("--create-pr requires --fix");
}

if (options.createPr && options.json) {
throw new Error("--create-pr cannot be used with --json");
throw new Error(
"--create-pr cannot be used with --json. " +
"Use --create-pr to open a pull request with fixes, or --json to output results — not both."
);
}

if (options.prBase && !options.createPr) {
throw new Error("--base can only be used with --create-pr");
}

if (options.report && options.json) {
throw new Error("--report cannot be used with --json");
throw new Error(
"--report cannot be used with --json. " +
"Use --report to generate an HTML report, or --json for machine-readable output — pick one."
);
}

if (options.caCert) {
Expand Down