Skip to content

fix(fix): fail when .socket.facts.json is present in manifest files #1268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Martin Torp (mtorp) merged 1 commit into from
Apr 24, 2026
+23 −6
Merged

fix(fix): fail when .socket.facts.json is present in manifest files #1268

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).

## [1.1.86](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.86) - 2026-04-24

### Changed
- `socket fix` now fails with a clear error when a `.socket.facts.json` analysis artifact is present alongside manifest files, prompting you to delete it before re-running

## [1.1.85](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.85) - 2026-04-20

### Changed
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "socket",
"version": "1.1.85",
"version": "1.1.86",
"description": "CLI for Socket.dev",
"homepage": "https://github.com/SocketDev/socket-cli",
"license": "MIT AND OFL-1.1",
Expand Down
22 changes: 17 additions & 5 deletions src/commands/fix/coana-fix.mts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
fetchGhsaDetails,
setGitRemoteGithubRepoUrl,
} from '../../utils/github.mts'
import { findSocketYmlSync } from '../../utils/config.mts'

Check warning on line 47 in src/commands/fix/coana-fix.mts

View workflow job for this annotation

GitHub Actions / 🧹 Lint Check 

`../../utils/config.mts` import should occur before import of `../../utils/dlx.mts`
import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
import { setupSdk } from '../../utils/sdk.mts'
import { fetchSupportedScanFileNames } from '../scan/fetch-supported-scan-file-names.mts'
Expand Down Expand Up @@ -169,13 +169,25 @@
config: socketConfig,
cwd,
})
// Exclude any .socket.facts.json files that happen to be in the scan
// folder before the analysis was run.
const filepathsToUpload = scanFilepaths.filter(
p => path.basename(p).toLowerCase() !== DOT_SOCKET_DOT_FACTS_JSON,
// Fail if any .socket.facts.json files are present in the scan folder.
// These are analysis artifacts and must be removed before re-running fix.
const factsFiles = scanFilepaths.filter(
p => path.basename(p).toLowerCase() === DOT_SOCKET_DOT_FACTS_JSON,
)
if (factsFiles.length) {
if (!silence) {
spinner?.stop()
}
return {
ok: false,
message: `Found ${DOT_SOCKET_DOT_FACTS_JSON} in manifest files`,
cause:
`Delete the following ${pluralize('file', factsFiles.length)} before running socket fix again:\n` +
factsFiles.map(p => ` - ${p}`).join('\n'),
}
}
const uploadCResult = await handleApiCall(
sockSdk.uploadManifestFiles(orgSlug, filepathsToUpload, cwd),
sockSdk.uploadManifestFiles(orgSlug, scanFilepaths, cwd),
{
description: 'upload manifests',
spinner,
Expand Down
Loading