diff --git a/packages/cli/src/commands/fix/coana-fix.mts b/packages/cli/src/commands/fix/coana-fix.mts index 9470e0645..9779c69de 100644 --- a/packages/cli/src/commands/fix/coana-fix.mts +++ b/packages/cli/src/commands/fix/coana-fix.mts @@ -29,6 +29,7 @@ import { import { FLAG_DRY_RUN } from '../../constants/cli.mts' import { GQL_PR_STATE_OPEN } from '../../constants/github.mts' import { DOT_SOCKET_DOT_FACTS_JSON } from '../../constants/paths.mts' +import { findSocketYmlSync } from '../../utils/config.mts' import { spawnCoanaDlx } from '../../utils/dlx/spawn.mjs' import { getErrorCause } from '../../utils/error/errors.mjs' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mjs' @@ -121,7 +122,15 @@ export async function coanaFix( } const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const scanFilepaths = await getPackageFilesForScan(['.'], supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/src/commands/scan/handle-create-new-scan.mts b/packages/cli/src/commands/scan/handle-create-new-scan.mts index da7d812d2..51d7fa98b 100644 --- a/packages/cli/src/commands/scan/handle-create-new-scan.mts +++ b/packages/cli/src/commands/scan/handle-create-new-scan.mts @@ -31,6 +31,7 @@ import { runSocketBasics } from '../../utils/basics/spawn.mts' function excludeFactsJson(paths: string[]): string[] { return paths.filter(p => path.basename(p) !== DOT_SOCKET_DOT_FACTS_JSON) } +import { findSocketYmlSync } from '../../utils/config.mts' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mts' import { readOrDefaultSocketJson } from '../../utils/socket/json.mts' import { socketDocsLink } from '../../utils/terminal/link.mts' @@ -149,7 +150,15 @@ export async function handleCreateNewScan({ spinner.start('Searching for local files to include in scan...') const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const packagePaths = await getPackageFilesForScan(targets, supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/src/commands/scan/handle-scan-reach.mts b/packages/cli/src/commands/scan/handle-scan-reach.mts index 449bc8a1a..727c41ad5 100644 --- a/packages/cli/src/commands/scan/handle-scan-reach.mts +++ b/packages/cli/src/commands/scan/handle-scan-reach.mts @@ -7,6 +7,7 @@ const logger = getDefaultLogger() import { fetchSupportedScanFileNames } from './fetch-supported-scan-file-names.mts' import { outputScanReach } from './output-scan-reach.mts' import { performReachabilityAnalysis } from './perform-reachability-analysis.mts' +import { findSocketYmlSync } from '../../utils/config.mts' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mts' import { checkCommandInput } from '../../utils/validation/check-input.mts' @@ -49,7 +50,15 @@ export async function handleScanReach({ ) const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const packagePaths = await getPackageFilesForScan(targets, supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts b/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts index 922708278..6729f4c01 100644 --- a/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts +++ b/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts @@ -113,6 +113,8 @@ vi.mock('../../../../src/commands/fix/pr-lifecycle-logger.mts', () => ({ vi.mock('@socketsecurity/lib/fs', () => ({ readJsonSync: mockReadJsonSync, + // Return undefined so findSocketYmlSync treats socket.yml as absent. + safeReadFileSync: vi.fn(() => undefined), })) vi.mock('node:fs', () => ({