Skip to content

feat: migrate patch command to @socketsecurity/[email protected] #1042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jdalton merged 11 commits into from
Jan 13, 2026
Merged

feat: migrate patch command to @socketsecurity/[email protected] #1042

jdalton merged 11 commits into from
Jan 13, 2026

Conversation

@jdalton
Copy link
Contributor

@jdalton jdalton commented Jan 12, 2026
edited
Loading

Migrate patch command to use external [email protected] package.

Note

Shifts patch functionality to the external Socket Patch CLI and wires up version/env plumbing.

  • socket patch now forwards all args to @socketsecurity/[email protected] via spawnSocketPatch (DLX or local override)
  • Adds socket-patch to external-tools.json and inlined build metadata INLINED_SOCKET_CLI_SOCKET_PATCH_VERSION
  • New env helpers: getSocketPatchVersion, SOCKET_CLI_SOCKET_PATCH_LOCAL_PATH; exports integrated in constants/env.mts
  • New spawn util utils/socket-patch/spawn.mts passes org slug, API token, and proxy to the external CLI
  • Tightens env getters for Coana/SFW to throw if versions are missing
  • Changelog updated under Unreleased to reflect the migration

Written by Cursor Bugbot for commit 69011b8. Configure here.

cursor[bot]
cursor bot reviewed Jan 12, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment @cursor review or bugbot run to trigger another review on this PR

@jdalton jdalton force-pushed the feat/migrate-to-socket-patch branch 7 times, most recently from ba8a337 to aee59b7 Compare January 12, 2026 20:19
@jdalton jdalton force-pushed the feat/migrate-to-socket-patch branch 2 times, most recently from 453e76a to 174fe73 Compare January 12, 2026 20:59
@jdalton jdalton force-pushed the feat/migrate-to-socket-patch branch from 174fe73 to 92f1cca Compare January 12, 2026 21:11
@jdalton
fix: update patch command tests for socket-patch v1.2.0 subcommands
133968d 
- Replace 'info' test (removed command) with 'scan' (renamed from discover)
- Replace 'discover' test with 'scan' (renamed)
- Replace 'download' test with 'get' (download is alias)
- Replace 'cleanup' test with 'repair' (renamed)
- Replace 'rm' test with 'remove' (renamed)

These changes align tests with socket-patch v1.2.0 command structure.
@jdalton
Revert "fix: add 1-hour TTL cache for GitHub API requests to avoid ra…
7fb6023 
…te limiting"

This reverts commit 92f1cca.
@jdalton
Reapply "fix: add 1-hour TTL cache for GitHub API requests to avoid r…
3f6a7a6 
…ate limiting"

This reverts commit 7fb6023.
@jdalton
chore: merge main into feat/migrate-to-socket-patch
4be635a 
Resolved conflict in CHANGELOG.md by keeping all changes:
- Changed: Updated to @socketsecurity/[email protected]
- Changed: Updated Coana CLI to v14.12.148
- Fixed: Heap overflow prevention in large monorepo scans
@jdalton
fix: remove VITEST bypass from version getters
ba3742e 
Version getters should fail if environment variables aren't set,
even in test mode, because values should be properly defined in
external-tools.json.
@jdalton
test: remove obsolete patch command tests and rename rm to remove
d28da05 
Removed tests for commands not in socket-patch v1.2.0:
- cleanup (obsolete, repair is the actual command)
- discover (obsolete, scan is the actual command)
- info (obsolete, merged into get command)
- download (obsolete, alias of get command)

Renamed:
- cmd-patch-rm.test.mts → cmd-patch-remove.test.mts

socket-patch v1.2.0 actual commands: get, apply, rollback, remove, list, scan, setup, repair
@jdalton
fix: add external tool versions to .env.test
85db681 
Added INLINED_SOCKET_CLI_COANA_VERSION, INLINED_SOCKET_CLI_SFW_VERSION,
and INLINED_SOCKET_CLI_SOCKET_PATCH_VERSION to .env.test so unit tests
can access these values without going through the build process.
@jdalton jdalton force-pushed the feat/migrate-to-socket-patch branch from 0d338b4 to 85db681 Compare January 13, 2026 01:30
@jdalton
Merge remote-tracking branch 'origin/main' into feat/migrate-to-socke…
286279d 
…t-patch
@jdalton
refactor: use detectExecutableType from @socketsecurity/lib and remov…
f3942d4 
…e duplicates

- Replace manual file extension checks with detectExecutableType() for binary vs package detection
- Use detectExecutableType in spawnCoanaDlx, spawnCdxgenDlx, spawnSfwDlx, and spawnSocketPatchDlx
- Remove duplicate binary.mts (now in @socketsecurity/lib/dlx/binary)
- Remove duplicate detection.mts (now in @socketsecurity/lib/shadow and temporary-executor)
- Update imports to use @socketsecurity/lib versions
- Remove spawnNode usage in favor of direct spawn calls
- Remove dynamic spawn import
- Update test mocks to reference @socketsecurity/lib paths

This eliminates ~900 lines of duplicate code and provides more robust detection
using package.json, file extensions, and executable permissions.
@jdalton jdalton merged commit 511c56d into main Jan 13, 2026
14 checks passed
@jdalton jdalton deleted the feat/migrate-to-socket-patch branch January 13, 2026 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jdalton