Avoid extra yml parsing and add onlyFixable option to batch purl processing

Author: jdalton

src/commands/fix/shared.mts

@@ -14,11 +14,10 @@ export function getFixAlertsMapOptions(
     __proto__: null,
     consolidate: true,
     nothrow: true,
+    onlyFixable: true,
     ...options,
     filter: toFilterConfig({
       existing: true,
-      fixable: true,
-      upgradable: false,
       ...getOwn(options, 'filter'),
     }),
   } as Remap<

src/shadow/npm/arborist/lib/arborist/index.mts

@@ -129,6 +129,7 @@ export class SafeArborist extends Arborist {
               existing: true,
             }
           : {
+              // actions: ['error', 'monitor', 'warn'],
               existing: isSafeNpx,
             },
     })

src/utils/alerts-map.mts

@@ -4,6 +4,7 @@ import { logger } from '@socketsecurity/registry/lib/logger'
 import { getOwn } from '@socketsecurity/registry/lib/objects'
 import { isNonEmptyString } from '@socketsecurity/registry/lib/strings'
 
+import { findSocketYmlSync } from './config.mts'
 import { toFilterConfig } from './filter-config.mts'
 import { extractPurlsFromPnpmLockfile } from './pnpm.mts'
 import { getPublicApiToken, setupSdk } from './sdk.mts'
@@ -36,6 +37,7 @@ export async function getAlertsMapFromPnpmLockfile(
 export type GetAlertsMapFromPurlsOptions = {
   consolidate?: boolean | undefined
   filter?: AlertFilter | undefined
+  onlyFixable?: boolean | undefined
   overrides?: { [key: string]: string } | undefined
   nothrow?: boolean | undefined
   spinner?: Spinner | undefined
@@ -45,14 +47,6 @@ export async function getAlertsMapFromPurls(
   purls: string[] | readonly string[],
   options?: GetAlertsMapFromPurlsOptions | undefined,
 ): Promise<AlertsByPurl> {
-  const opts = {
-    __proto__: null,
-    consolidate: false,
-    nothrow: false,
-    ...options,
-    filter: toFilterConfig(getOwn(options, 'filter')),
-  } as GetAlertsMapFromPurlsOptions & { filter: AlertFilter }
-
   const uniqPurls = arrayUnique(purls)
   debugDir('silly', { purls: uniqPurls })
 
@@ -63,6 +57,18 @@ export async function getAlertsMapFromPurls(
     return alertsByPurl
   }
 
+  const opts = {
+    __proto__: null,
+    consolidate: false,
+    nothrow: false,
+    ...options,
+    filter: toFilterConfig(getOwn(options, 'filter')),
+  } as GetAlertsMapFromPurlsOptions & { filter: AlertFilter }
+
+  if (opts.onlyFixable) {
+    opts.filter.fixable = true
+  }
+
   const { spinner } = opts
   const getText = () => `Looking up data for ${remaining} packages`
 
@@ -71,14 +77,16 @@ export async function getAlertsMapFromPurls(
   const sockSdkCResult = await setupSdk({ apiToken: getPublicApiToken() })
   if (!sockSdkCResult.ok) {
     spinner?.stop()
-    throw new Error('Auth error: Try to run `socket login` first')
+    throw new Error('Auth error: Run `socket login` first')
   }
   const sockSdk = sockSdkCResult.data
+  const socketYml = findSocketYmlSync()?.parsed
 
   const alertsMapOptions = {
     overrides: opts.overrides,
     consolidate: opts.consolidate,
     filter: opts.filter,
+    socketYml,
     spinner,
   }
 
@@ -90,18 +98,16 @@ export async function getAlertsMapFromPurls(
       queryParams: {
         alerts: 'true',
         compact: 'true',
+        ...(opts.onlyFixable ? { fixable: 'true ' } : {}),
         ...(Array.isArray(opts.filter.actions)
           ? { actions: opts.filter.actions.join(',') }
           : {}),
       },
     },
   )) {
     if (batchResult.success) {
-      await addArtifactToAlertsMap(
-        batchResult.data as CompactSocketArtifact,
-        alertsByPurl,
-        alertsMapOptions,
-      )
+      const artifact = batchResult.data as CompactSocketArtifact
+      await addArtifactToAlertsMap(artifact, alertsByPurl, alertsMapOptions)
     } else if (!opts.nothrow) {
       spinner?.stop()
       if (isNonEmptyString(batchResult.error)) {

src/utils/config.mts

@@ -2,14 +2,15 @@ import { mkdirSync, writeFileSync } from 'node:fs'
 import path from 'node:path'
 
 import config from '@socketsecurity/config'
-import { debugFn } from '@socketsecurity/registry/lib/debug'
+import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
 import { safeReadFileSync } from '@socketsecurity/registry/lib/fs'
 import { logger } from '@socketsecurity/registry/lib/logger'
 import { naturalCompare } from '@socketsecurity/registry/lib/sorts'
 
 import constants from '../constants.mts'
 
 import type { CResult } from '../types.mts'
+import type { SocketYml } from '@socketsecurity/config'
 
 export interface LocalConfig {
   apiBaseUrl?: string | null | undefined
@@ -104,7 +105,14 @@ function normalizeConfigKey(
   return { ok: true, data: normalizedKey }
 }
 
-export function findSocketYmlSync(dir = process.cwd()) {
+export type FoundSocketYml = {
+  path: string
+  parsed: SocketYml
+}
+
+export function findSocketYmlSync(
+  dir = process.cwd(),
+): FoundSocketYml | undefined {
   let prevDir = null
   while (dir !== prevDir) {
     let ymlPath = path.join(dir, 'socket.yml')
@@ -119,14 +127,15 @@ export function findSocketYmlSync(dir = process.cwd()) {
           path: ymlPath,
           parsed: config.parseSocketConfig(yml),
         }
-      } catch {
+      } catch (e) {
+        debugDir('inspect', { error: e })
         throw new Error(`Found file but was unable to parse ${ymlPath}`)
       }
     }
     prevDir = dir
     dir = path.join(dir, '..')
   }
-  return null
+  return undefined
 }
 
 export function getConfigValue<Key extends keyof LocalConfig>(

src/utils/socket-package-alert.mts

@@ -12,7 +12,6 @@ import { isArtifactAlertCve } from './alert/artifact.mts'
 import { ALERT_FIX_TYPE } from './alert/fix.mts'
 import { ALERT_SEVERITY } from './alert/severity.mts'
 import { ColorOrMarkdown } from './color-or-markdown.mts'
-import { findSocketYmlSync } from './config.mts'
 import { toFilterConfig } from './filter-config.mts'
 import { createEnum } from './objects.mts'
 import { getPurlObject } from './purl.mts'
@@ -28,6 +27,7 @@ import type {
   CveProps,
 } from './alert/artifact.mts'
 import type { PURL_Type } from './ecosystem.mts'
+import type { SocketYml } from '@socketsecurity/config'
 import type { Spinner } from '@socketsecurity/registry/lib/spinner'
 
 export const ALERT_SEVERITY_COLOR = createEnum({
@@ -130,6 +130,7 @@ export type AddArtifactToAlertsMapOptions = {
   consolidate?: boolean | undefined
   filter?: AlertFilter | undefined
   overrides?: { [key: string]: string } | undefined
+  socketYml?: SocketYml | undefined
   spinner?: Spinner | undefined
 }
 
@@ -145,7 +146,11 @@ export async function addArtifactToAlertsMap<T extends AlertsByPurl>(
 
   const { type: ecosystem, version } = artifact
 
-  const { consolidate = false, overrides } = {
+  const {
+    consolidate = false,
+    overrides,
+    socketYml,
+  } = {
     __proto__: null,
     ...options,
   } as AddArtifactToAlertsMapOptions
@@ -164,11 +169,9 @@ export async function addArtifactToAlertsMap<T extends AlertsByPurl>(
     ...getOwn(options, 'filter'),
   }) as AlertFilter
 
-  const socketYml = findSocketYmlSync()
-
   const enabledState = {
     __proto__: null,
-    ...socketYml?.parsed.issueRules,
+    ...socketYml?.issueRules,
   } as Partial<Record<ALERT_TYPE, boolean>>
 
   let sockPkgAlerts: SocketPackageAlert[] = []