Change include/exclude to a filterConfig

Author: jdalton

src/commands/fix/agent-fix.mts

@@ -145,7 +145,7 @@ export async function agentFix(
   let count = 0
 
   const infoByPartialPurl = getCveInfoFromAlertsMap(alertsMap, {
-    exclude: { upgradable: true },
+    filter: { upgradable: false },
   })
   if (!infoByPartialPurl) {
     spinner?.stop()

src/commands/fix/shared.mts

@@ -1,3 +1,7 @@
+import { getOwn } from '@socketsecurity/registry/lib/objects'
+
+import { toFilterConfig } from '../../utils/filter-config.mts'
+
 import type { GetAlertsMapFromPurlsOptions } from '../../utils/alerts-map.mts'
 import type { Remap } from '@socketsecurity/registry/lib/objects'
 
@@ -11,16 +15,15 @@ export function getFixAlertsMapOptions(
     consolidate: true,
     nothrow: true,
     ...options,
-    include: {
-      __proto__: null,
+    filter: toFilterConfig({
       existing: true,
-      unfixable: false,
+      fixable: true,
       upgradable: false,
-      ...options?.include,
-    },
+      ...getOwn(options, 'filter'),
+    }),
   } as Remap<
     Omit<GetAlertsMapFromPurlsOptions, 'include' | 'overrides' | 'spinner'> & {
-      include: Exclude<GetAlertsMapFromPurlsOptions['include'], undefined>
+      filter: Exclude<GetAlertsMapFromPurlsOptions['filter'], undefined>
     }
   >
 }

src/shadow/npm/arborist-helpers.mts

@@ -3,13 +3,14 @@ import semver from 'semver'
 import { PackageURL } from '@socketregistry/packageurl-js'
 import { getManifestData } from '@socketsecurity/registry'
 import { debugFn } from '@socketsecurity/registry/lib/debug'
-import { hasOwn } from '@socketsecurity/registry/lib/objects'
+import { getOwn, hasOwn } from '@socketsecurity/registry/lib/objects'
 import { fetchPackagePackument } from '@socketsecurity/registry/lib/packages'
 
 import constants from '../../constants.mts'
 import { Edge } from './arborist/index.mts'
 import { DiffAction } from './arborist/types.mts'
 import { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'
+import { toFilterConfig } from '../../utils/filter-config.mts'
 import { npa } from '../../utils/npm-package-arg.mts'
 import { applyRange, getMajor, getMinVersion } from '../../utils/semver.mts'
 import { idToNpmPurl } from '../../utils/spec.mts'
@@ -24,7 +25,7 @@ import type {
 import type { AliasResult } from '../../utils/npm-package-arg.mts'
 import type { RangeStyle } from '../../utils/semver.mts'
 import type {
-  AlertIncludeFilter,
+  AlertFilter,
   AlertsByPurl,
 } from '../../utils/socket-package-alert.mts'
 import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
@@ -173,7 +174,7 @@ export function findPackageNodes(
 
 export type GetAlertsMapFromArboristOptions = {
   consolidate?: boolean | undefined
-  include?: AlertIncludeFilter | undefined
+  filter?: AlertFilter | undefined
   nothrow?: boolean | undefined
   spinner?: Spinner | undefined
 }
@@ -185,28 +186,25 @@ export async function getAlertsMapFromArborist(
   const opts = {
     __proto__: null,
     consolidate: false,
-    include: undefined,
     nothrow: false,
     ...options,
-  } as GetAlertsMapFromArboristOptions
-
-  opts.include = {
-    __proto__: null,
-    // Leave 'actions' unassigned so it can be given a default value in
-    // subsequent functions where `options` is passed.
-    // actions: undefined,
-    blocked: true,
-    critical: true,
-    cve: true,
-    existing: false,
-    unfixable: true,
-    upgradable: false,
-    ...opts.include,
-  } as AlertIncludeFilter
+    filter: toFilterConfig({
+      // Leave 'actions' unassigned so it can be given a default value in
+      // subsequent functions where `options` is passed.
+      // actions: undefined,
+      blocked: true,
+      critical: true,
+      cve: true,
+      existing: false,
+      fixable: false,
+      upgradable: false,
+      ...getOwn(options, 'filter'),
+    }),
+  } as GetAlertsMapFromArboristOptions & { filter: AlertFilter }
 
   const needInfoOn = getDetailsFromDiff(arb.diff, {
-    include: {
-      unchanged: opts.include.existing,
+    filter: {
+      existing: opts.filter.existing,
     },
   })
 
@@ -228,17 +226,17 @@ export async function getAlertsMapFromArborist(
 
   return await getAlertsMapFromPurls(purls, {
     overrides,
-    ...options,
+    ...opts,
   })
 }
 
-export type DiffQueryIncludeFilter = {
-  unchanged?: boolean | undefined
+export type DiffQueryFilter = {
+  existing?: boolean | undefined
   unknownOrigin?: boolean | undefined
 }
 
 export type DiffQueryOptions = {
-  include?: DiffQueryIncludeFilter | undefined
+  filter?: DiffQueryFilter | undefined
 }
 
 export type PackageDetail = {
@@ -257,12 +255,11 @@ export function getDetailsFromDiff(
     return details
   }
 
-  const include = {
-    __proto__: null,
-    unchanged: false,
+  const filterConfig = toFilterConfig({
+    existing: false,
     unknownOrigin: true,
-    ...({ __proto__: null, ...options } as DiffQueryOptions).include,
-  } as DiffQueryIncludeFilter
+    ...getOwn(options, 'filter'),
+  }) as DiffQueryFilter
 
   const queue: Diff[] = [...diff.children]
   let pos = 0
@@ -296,7 +293,7 @@ export function getDetailsFromDiff(
       }
       if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {
         if (
-          include.unknownOrigin ||
+          filterConfig.unknownOrigin ||
           getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL
         ) {
           details.push({
@@ -310,12 +307,12 @@ export function getDetailsFromDiff(
       queue[queueLength++] = child
     }
   }
-  if (include.unchanged) {
+  if (filterConfig.existing) {
     const { unchanged } = diff
     for (let i = 0, { length } = unchanged; i < length; i += 1) {
       const pkgNode = unchanged[i]!
       if (
-        include.unknownOrigin ||
+        filterConfig.unknownOrigin ||
         getUrlOrigin(pkgNode.resolved!) === NPM_REGISTRY_URL
       ) {
         details.push({

src/shadow/npm/arborist/lib/arborist/index.mts

@@ -123,19 +123,19 @@ export class SafeArborist extends Arborist {
     const isSafeNpx = binName === NPX
     const alertsMap = await getAlertsMapFromArborist(this, {
       spinner,
-      include:
+      filter:
         acceptRisks || options.dryRun || options['yes']
           ? {
               actions: ['error'],
               blocked: true,
               critical: false,
               cve: false,
               existing: true,
-              unfixable: false,
+              fixable: false,
             }
           : {
               existing: isSafeNpx,
-              unfixable: isSafeNpm,
+              fixable: !isSafeNpm,
             },
     })
     if (alertsMap.size) {

src/utils/alerts-map.mts

@@ -1,22 +1,21 @@
 import { arrayUnique } from '@socketsecurity/registry/lib/arrays'
 import { debugDir } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
+import { getOwn } from '@socketsecurity/registry/lib/objects'
 
+import { toFilterConfig } from './filter-config.mts'
 import { extractPurlsFromPnpmLockfile } from './pnpm.mts'
-import { getPublicToken, setupSdk } from './sdk.mts'
+import { getPublicApiToken, setupSdk } from './sdk.mts'
 import { addArtifactToAlertsMap } from './socket-package-alert.mts'
 
 import type { CompactSocketArtifact } from './alert/artifact.mts'
-import type {
-  AlertIncludeFilter,
-  AlertsByPurl,
-} from './socket-package-alert.mts'
+import type { AlertFilter, AlertsByPurl } from './socket-package-alert.mts'
 import type { LockfileObject } from '@pnpm/lockfile.fs'
 import type { Spinner } from '@socketsecurity/registry/lib/spinner'
 
 export type GetAlertsMapFromPnpmLockfileOptions = {
   consolidate?: boolean | undefined
-  include?: AlertIncludeFilter | undefined
+  include?: AlertFilter | undefined
   overrides?: { [key: string]: string } | undefined
   nothrow?: boolean | undefined
   spinner?: Spinner | undefined
@@ -35,7 +34,7 @@ export async function getAlertsMapFromPnpmLockfile(
 
 export type GetAlertsMapFromPurlsOptions = {
   consolidate?: boolean | undefined
-  include?: AlertIncludeFilter | undefined
+  filter?: AlertFilter | undefined
   overrides?: { [key: string]: string } | undefined
   nothrow?: boolean | undefined
   spinner?: Spinner | undefined
@@ -48,24 +47,21 @@ export async function getAlertsMapFromPurls(
   const opts = {
     __proto__: null,
     consolidate: false,
-    include: undefined,
     nothrow: false,
     ...options,
-  } as GetAlertsMapFromPurlsOptions
-
-  opts.include = {
-    __proto__: null,
-    // Leave 'actions' unassigned so it can be given a default value in
-    // subsequent functions where `options` is passed.
-    // actions: undefined,
-    blocked: true,
-    critical: true,
-    cve: true,
-    existing: false,
-    unfixable: true,
-    upgradable: false,
-    ...opts.include,
-  } as AlertIncludeFilter
+    filter: toFilterConfig({
+      // Leave 'actions' unassigned so it can be given a default value in
+      // subsequent functions where `options` is passed.
+      // actions: undefined,
+      blocked: true,
+      critical: true,
+      cve: true,
+      existing: false,
+      fixable: false,
+      upgradable: false,
+      ...getOwn(options, 'filter'),
+    }),
+  } as GetAlertsMapFromPurlsOptions & { filter: AlertFilter }
 
   const uniqPurls = arrayUnique(purls)
   debugDir('silly', { purls: uniqPurls })
@@ -82,7 +78,7 @@ export async function getAlertsMapFromPurls(
 
   spinner?.start(getText())
 
-  const sockSdkCResult = await setupSdk({ apiToken: getPublicToken() })
+  const sockSdkCResult = await setupSdk({ apiToken: getPublicApiToken() })
   if (!sockSdkCResult.ok) {
     spinner?.stop()
     throw new Error('Auth error: Try to run `socket login` first')
@@ -92,7 +88,7 @@ export async function getAlertsMapFromPurls(
   const alertsMapOptions = {
     overrides: opts.overrides,
     consolidate: opts.consolidate,
-    include: opts.include,
+    filter: opts.filter,
     spinner,
   }
 
@@ -104,10 +100,10 @@ export async function getAlertsMapFromPurls(
       queryParams: {
         alerts: 'true',
         compact: 'true',
-        ...(opts.include.actions
-          ? { actions: opts.include.actions.join(',') }
+        //...(opts.filter.fixable ? { fixable: 'true' } : {}),
+        ...(Array.isArray(opts.filter.actions)
+          ? { actions: opts.filter.actions.join(',') }
           : {}),
-        ...(opts.include.unfixable ? {} : { fixable: 'true' }),
       },
     },
   )) {

src/utils/filter-config.mts

@@ -0,0 +1,17 @@
+import { isObject } from '@socketsecurity/registry/lib/objects'
+
+export type FilterConfig = {
+  [key: string]: boolean | string[]
+}
+
+export function toFilterConfig(obj: any): FilterConfig {
+  const normalized = { __proto__: null } as unknown as FilterConfig
+  const keys = isObject(obj) ? Object.keys(obj) : []
+  for (const key of keys) {
+    const value = obj[key]
+    if (typeof value === 'boolean' || Array.isArray(value)) {
+      normalized[key] = value
+    }
+  }
+  return normalized
+}