upgrading coana to version 14.12.194 and adding --disable-external-tool-checks flag

mtorp · mtorp · commit 6c585e4a611e · 2026-03-11T10:47:31.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.69](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.69) - 2026-03-11
+
+### Changed
+- Updated the Coana CLI to v `14.12.194`.
+
 ## [1.1.68](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.68) - 2026-03-09
 
 ### Changed
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.68",
+  "version": "1.1.69",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
@@ -97,7 +97,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.4",
     "@biomejs/biome": "2.2.4",
-    "@coana-tech/cli": "14.12.191",
+    "@coana-tech/cli": "14.12.194",
     "@cyclonedx/cdxgen": "11.11.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/commands/ci/handle-ci.mts b/src/commands/ci/handle-ci.mts
@@ -57,6 +57,7 @@ export async function handleCi(autoManifest: boolean): Promise<void> {
       reachDebug: false,
       reachDetailedAnalysisLogFile: false,
       reachDisableAnalytics: false,
+      reachDisableExternalToolChecks: false,
       reachEcosystems: [],
       reachEnableAnalysisSplitting: false,
       reachExcludePaths: [],
diff --git a/src/commands/fix/cmd-fix.mts b/src/commands/fix/cmd-fix.mts
@@ -154,6 +154,11 @@ Available styles:
       'Enable debug logging in the Coana-based Socket Fix CLI invocation.',
     shortFlag: 'd',
   },
+  disableExternalToolChecks: {
+    type: 'boolean',
+    default: false,
+    description: 'Disable external tool checks during fix analysis.',
+  },
   ecosystems: {
     type: 'string',
     default: [],
@@ -294,6 +299,7 @@ async function run(
     applyFixes,
     autopilot,
     debug,
+    disableExternalToolChecks,
     ecosystems,
     exclude,
     fixVersion,
@@ -317,6 +323,7 @@ async function run(
     applyFixes: boolean
     autopilot: boolean
     debug: boolean
+    disableExternalToolChecks: boolean
     ecosystems: string[]
     exclude: string[]
     fixVersion: string | undefined
@@ -426,6 +433,7 @@ async function run(
     coanaVersion: fixVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems: validatedEcosystems,
     exclude: excludePatterns,
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
@@ -119,6 +119,7 @@ export async function coanaFix(
     coanaVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -266,6 +267,9 @@ export async function coanaFix(
           '--output-file',
           tmpFile,
           ...(debug ? ['--debug'] : []),
+          ...(disableExternalToolChecks
+            ? ['--disable-external-tool-checks']
+            : []),
           ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
           ...(showAffectedDirectDependencies
             ? ['--show-affected-direct-dependencies']
@@ -418,6 +422,9 @@ export async function coanaFix(
         ...(exclude.length ? ['--exclude', ...exclude] : []),
         ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []),
         ...(debug ? ['--debug'] : []),
+        ...(disableExternalToolChecks
+          ? ['--disable-external-tool-checks']
+          : []),
         ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
         ...(showAffectedDirectDependencies
           ? ['--show-affected-direct-dependencies']
diff --git a/src/commands/fix/handle-fix.mts b/src/commands/fix/handle-fix.mts
@@ -120,6 +120,7 @@ export async function handleFix({
   coanaVersion,
   cwd,
   debug,
+  disableExternalToolChecks,
   disableMajorUpdates,
   ecosystems,
   exclude,
@@ -146,6 +147,7 @@ export async function handleFix({
     coanaVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -171,6 +173,7 @@ export async function handleFix({
       coanaVersion,
       cwd,
       debug,
+      disableExternalToolChecks,
       disableMajorUpdates,
       ecosystems,
       exclude,
diff --git a/src/commands/fix/types.mts b/src/commands/fix/types.mts
@@ -9,6 +9,7 @@ export type FixConfig = {
   coanaVersion: string | undefined
   cwd: string
   debug: boolean
+  disableExternalToolChecks: boolean
   disableMajorUpdates: boolean
   ecosystems: PURL_Type[]
   exclude: string[]
diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts
@@ -244,6 +244,7 @@ async function run(
     reachDetailedAnalysisLogFile,
     reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
     reachDisableAnalytics,
+    reachDisableExternalToolChecks,
     reachEnableAnalysisSplitting,
     reachLazyMode,
     reachSkipCache,
@@ -277,6 +278,7 @@ async function run(
     reachDetailedAnalysisLogFile: boolean
     reachDisableAnalysisSplitting: boolean
     reachDisableAnalytics: boolean
+    reachDisableExternalToolChecks: boolean
     reachEnableAnalysisSplitting: boolean
     reachLazyMode: boolean
     reachSkipCache: boolean
@@ -580,6 +582,7 @@ async function run(
       reachDebug: Boolean(reachDebug),
       reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
       reachDisableAnalytics: Boolean(reachDisableAnalytics),
+      reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
       reachEcosystems,
       reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
       reachExcludePaths,
diff --git a/src/commands/scan/cmd-scan-reach.mts b/src/commands/scan/cmd-scan-reach.mts
@@ -128,6 +128,7 @@ async function run(
     reachDetailedAnalysisLogFile,
     reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
     reachDisableAnalytics,
+    reachDisableExternalToolChecks,
     reachEnableAnalysisSplitting,
     reachLazyMode,
     reachSkipCache,
@@ -147,6 +148,7 @@ async function run(
     reachDetailedAnalysisLogFile: boolean
     reachDisableAnalysisSplitting: boolean
     reachDisableAnalytics: boolean
+    reachDisableExternalToolChecks: boolean
     reachEnableAnalysisSplitting: boolean
     reachLazyMode: boolean
     reachSkipCache: boolean
@@ -268,6 +270,7 @@ async function run(
       reachDebug: Boolean(reachDebug),
       reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
       reachDisableAnalytics: Boolean(reachDisableAnalytics),
+      reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
       reachEcosystems,
       reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
       reachExcludePaths,
diff --git a/src/commands/scan/create-scan-from-github.mts b/src/commands/scan/create-scan-from-github.mts
@@ -255,6 +255,7 @@ async function scanOneRepo(
       reachDebug: false,
       reachDetailedAnalysisLogFile: false,
       reachDisableAnalytics: false,
+      reachDisableExternalToolChecks: false,
       reachEcosystems: [],
       reachEnableAnalysisSplitting: false,
       reachExcludePaths: [],
diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
@@ -19,6 +19,7 @@ export type ReachabilityOptions = {
   reachConcurrency: number
   reachDebug: boolean
   reachDetailedAnalysisLogFile: boolean
+  reachDisableExternalToolChecks: boolean
   reachDisableAnalytics: boolean
   reachEcosystems: PURL_Type[]
   reachEnableAnalysisSplitting: boolean
@@ -179,6 +180,9 @@ export async function performReachabilityAnalysis(
     ...(reachabilityOptions.reachDisableAnalytics
       ? ['--disable-analytics-sharing']
       : []),
+    ...(reachabilityOptions.reachDisableExternalToolChecks
+      ? ['--disable-external-tool-checks']
+      : []),
     ...(reachabilityOptions.reachEnableAnalysisSplitting
       ? []
       : ['--disable-analysis-splitting']),
diff --git a/src/commands/scan/reachability-flags.mts b/src/commands/scan/reachability-flags.mts
@@ -25,6 +25,12 @@ export const reachabilityFlags: MeowFlags = {
     description:
       'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.',
   },
+  reachDisableExternalToolChecks: {
+    type: 'boolean',
+    default: false,
+    description:
+      'Disable external tool checks during reachability analysis.',
+  },
   reachDebug: {
     type: 'boolean',
     default: false,
