add --silence flag to socket fix (#1008)

* add --silence flag to suppress non-output stdout/stderr when running socket fix

* fix silence bug. debug output to e2e reachability tests

* upgrade coana. fix formatting

Author: mtorp

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.52](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.52) - 2026-01-02
+
+### Added
+- Added `--silence` flag to `socket fix` to suppress intermediate output and show only the final result.
+
+### Changed
+- Updated the Coana CLI to v `14.12.139`.
+
 ## [1.1.51](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.51) - 2025-12-23
 
 ### Added

package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.51",
+  "version": "1.1.52",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
@@ -94,7 +94,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.4",
     "@biomejs/biome": "2.2.4",
-    "@coana-tech/cli": "14.12.138",
+    "@coana-tech/cli": "14.12.139",
     "@cyclonedx/cdxgen": "11.11.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",

pnpm-lock.yaml

@@ -7,7 +7,9 @@ import { fetchOrganization } from '../organization/fetch-organization-list.mts'
 import type { CResult } from '../../types.mts'
 
 // Use the config defaultOrg when set, otherwise discover from remote.
-export async function getDefaultOrgSlug(): Promise<CResult<string>> {
+export async function getDefaultOrgSlug(
+  silence?: boolean,
+): Promise<CResult<string>> {
   const defaultOrgResult = getConfigValueOrUndef('defaultOrg')
   if (defaultOrgResult) {
     debugFn(
@@ -28,7 +30,7 @@ export async function getDefaultOrgSlug(): Promise<CResult<string>> {
     return { ok: true, data: envOrgSlug }
   }
 
-  const orgsCResult = await fetchOrganization()
+  const orgsCResult = await fetchOrganization({ silence })
   if (!orgsCResult.ok) {
     return orgsCResult
   }

src/commands/ci/fetch-default-org-slug.mts

@@ -402,6 +402,72 @@ describe('socket fix (E2E tests)', async () => {
       },
       { timeout: testTimeout },
     )
+
+    cmdit(
+      ['fix', '--silence', '--json', '.'],
+      'should output only parseable JSON when --silence and --json flags are used',
+      async cmd => {
+        const tempFixture = await createTempFixtureCopy('e2e-test-js')
+        let stdout = ''
+        let stderr = ''
+        let code = -1
+
+        try {
+          const result = await spawnSocketCli(binCliPath, cmd, {
+            cwd: tempFixture.path,
+            env: getTestEnv(apiToken),
+          })
+          stdout = result.stdout
+          stderr = result.stderr
+          code = result.code
+
+          if (code !== 0) {
+            logCommandOutput(code, stdout, stderr)
+          }
+
+          expect(code, 'should exit with code 0').toBe(0)
+
+          // Verify stdout is valid JSON and nothing else.
+          const trimmedStdout = stdout.trim()
+          expect(
+            trimmedStdout.length,
+            'stdout should not be empty',
+          ).toBeGreaterThan(0)
+
+          let parsedJson: unknown
+          try {
+            parsedJson = JSON.parse(trimmedStdout)
+          } catch {
+            // Log the actual output to help debug what extra content was included.
+            logger.error('stdout is not valid JSON:', trimmedStdout)
+            throw new Error(
+              `Expected stdout to be valid JSON, but got: ${trimmedStdout.slice(0, 200)}...`,
+            )
+          }
+
+          expect(parsedJson).toBeDefined()
+          expect(typeof parsedJson).toBe('object')
+
+          // Verify stderr is empty (no extra logging output).
+          expect(
+            stderr.trim(),
+            'stderr should be empty when --silence is used',
+          ).toBe('')
+
+          logger.info(
+            '\nSuccessfully verified --silence --json outputs only JSON',
+          )
+        } catch (e) {
+          if (code !== 0) {
+            logCommandOutput(code, stdout, stderr)
+          }
+          throw e
+        } finally {
+          await tempFixture.cleanup()
+        }
+      },
+      { timeout: testTimeout },
+    )
   })
 
   describe('Python projects', () => {

src/commands/fix/cmd-fix.e2e.test.mts

@@ -172,7 +172,7 @@ describe('socket fix', async () => {
             --fix-version       Override the version of @coana-tech/cli used for fix analysis. Default: <coana-version>.
             --id                Provide a list of vulnerability identifiers to compute fixes for:
                                     - GHSA IDs (https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids) (e.g., GHSA-xxxx-xxxx-xxxx)
-                                    - CVE IDs (https://cve.mitre.org/cve/identifiers/) (e.g., CVE-2025-1234) - automatically converted to GHSA
+                                    - CVE IDs (https://cve.mitre.org/cve/identifiers/) (e.g., CVE-2026-1234) - automatically converted to GHSA
                                     - PURLs (https://github.com/package-url/purl-spec) (e.g., pkg:npm/package@1.0.0) - automatically converted to GHSA
                                     Can be provided as comma separated values or as multiple flags. Cannot be used with --all.
             --include           Include workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags
@@ -188,6 +188,7 @@ describe('socket fix', async () => {
                                   * pin - Use the exact version (e.g. 1.2.3)
                                   * preserve - Retain the existing version range style as-is
             --show-affected-direct-dependencies  List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities
+            --silence           Silence all output except the final result
 
           Environment Variables (for CI/PR mode)
             CI                          Set to enable CI mode

src/commands/fix/cmd-fix.integration.test.mts

@@ -167,6 +167,11 @@ Available styles:
     description:
       'List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities',
   },
+  silence: {
+    type: 'boolean',
+    default: false,
+    description: 'Silence all output except the final result',
+  },
 }
 
 const hiddenFlags: MeowFlags = {
@@ -303,6 +308,7 @@ async function run(
     prLimit,
     rangeStyle,
     showAffectedDirectDependencies,
+    silence,
     // We patched in this feature with `npx custompatch meow` at
     // socket-cli/patches/meow#13.2.0.patch.
     unknownFlags = [],
@@ -326,6 +332,7 @@ async function run(
     prLimit: number
     rangeStyle: RangeStyle
     showAffectedDirectDependencies: boolean
+    silence: boolean
     unknownFlags?: string[]
   }
 
@@ -391,7 +398,7 @@ async function run(
     return
   }
 
-  const orgSlugCResult = await getDefaultOrgSlug()
+  const orgSlugCResult = await getDefaultOrgSlug(silence)
   if (!orgSlugCResult.ok) {
     process.exitCode = orgSlugCResult.code ?? 1
     logger.fail(
@@ -433,6 +440,7 @@ async function run(
     prLimit,
     rangeStyle,
     showAffectedDirectDependencies,
+    silence,
     spinner,
     unknownFlags,
   })