socket-cli/src/commands/cli.test.mts at d15aa535b4d5826ffeb35c8e65c539a3803e903f · SocketDev/socket-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
import { describe, expect } from 'vitest'

import { cmdit, spawnSocketCli } from '../../test/utils.mts'
import constants, {
  API_V0_URL,
  FLAG_CONFIG,
  FLAG_DRY_RUN,
  FLAG_HELP,
  FLAG_VERSION,
} from '../constants.mts'

describe('socket root command', async () => {
  const { binCliPath } = constants

  cmdit(
    [FLAG_HELP, FLAG_CONFIG, '{}'],
    `should support ${FLAG_HELP}`,
    async cmd => {
      const { code, stderr, stdout } = await spawnSocketCli(binCliPath, cmd)
      expect(stdout).toMatchInlineSnapshot(`
        "CLI for Socket.dev

          Usage
            $ socket <command>
            $ socket scan create --json
            $ socket package score npm lodash --markdown

          Note: All commands have their own --help

          Main commands
            socket login                Setup Socket CLI with an API token and defaults
            socket scan create          Create a new Socket scan and report
            socket npm/lodash@4.17.21   Request the Socket score of a package
            socket fix                  Fix CVEs in dependencies
            socket optimize             Optimize dependencies with @socketregistry overrides
            socket cdxgen               Run cdxgen for SBOM generation
            socket ci                   Alias for \`socket scan create --report\` (creates report and exits with error if unhealthy)

          Socket API
            analytics                   Look up analytics data
            audit-log                   Look up the audit log for an organization
            organization                Manage Socket organization account details
            package                     Look up published package details
            repository                  Manage registered repositories
            scan                        Manage Socket scans
            threat-feed                 [Beta] View the threat-feed

          Local tools
            manifest                    Generate a dependency manifest for certain ecosystems
            npm                         Wraps npm with Socket security scanning
            npx                         Wraps npx with Socket security scanning
            patch                       Apply, manage, and rollback Socket security patches for vulnerable dependencies
            raw-npm                     Run npm without the Socket wrapper
            raw-npx                     Run npx without the Socket wrapper

          CLI configuration
            config                      Manage Socket CLI configuration
            install                     Install Socket CLI tab completion
            login                       Socket API login and CLI setup
            logout                      Socket API logout
            uninstall                   Uninstall Socket CLI tab completion
            wrapper                     Enable or disable the Socket npm/npx wrapper

          Options
            Note: All commands have these flags even when not displayed in their help

            --compact-header            Use compact single-line header format (auto-enabled in CI)
            --config                    Override the local config with this JSON
            --dry-run                   Run without uploading
            --help                      Show help
            --help-full                 Show full help including environment variables
            --no-banner                 Hide the Socket banner
            --no-spinner                Hide the console spinner
            --version                   Print the app version

          Environment variables [more...]
            Use --help-full to view all environment variables"
      `)
      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
        "
           _____         _       _        /---------------
          |   __|___ ___| |_ ___| |_      | CLI: <redacted>
          |__   | * |  _| '_| -_|  _|     | token: <redacted>, org: <redacted>
          |_____|___|___|_,_|___|_|.dev   | Command: \`socket\`, cwd: <redacted>"
      `)

      expect(code, 'explicit help should exit with code 0').toBe(0)
      expect(stderr, 'banner includes base command').toContain('`socket`')
    },
  )

  cmdit(
    [FLAG_VERSION, FLAG_CONFIG, '{}'],
    `should support ${FLAG_VERSION}`,
    async cmd => {
      const { code, stdout } = await spawnSocketCli(binCliPath, cmd)
      // Version output should be a semver string.
      expect(stdout).toMatch(/^\d+\.\d+\.\d+/)
      expect(code, 'version should exit with code 0').toBe(0)
    },
  )

  cmdit(
    ['mootools', FLAG_DRY_RUN, FLAG_CONFIG, '{"apiToken":"fakeToken"}'],
    'should require args with just dry-run',
    async cmd => {
      const { code, stderr, stdout } = await spawnSocketCli(binCliPath, cmd)
      expect(stdout).toMatchInlineSnapshot(
        `"[DryRun]: No-op, call a sub-command; ok"`,
      )
      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
        "
           _____         _       _        /---------------
          |   __|___ ___| |_ ___| |_      | CLI: <redacted>
          |__   | * |  _| '_| -_|  _|     | token: <redacted>, org: <redacted>
          |_____|___|___|_,_|___|_|.dev   | Command: \`socket\`, cwd: <redacted>"
      `)

      expect(code, 'dry-run should exit with code 0 if input ok').toBe(0)
    },
  )
})