From b9adde73ce72cf3de14bc32af6459680bbee0895 Mon Sep 17 00:00:00 2001 From: jdalton Date: Fri, 17 Apr 2026 18:16:53 -0400 Subject: [PATCH] fix(scan): respect projectIgnorePaths from socket.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport of v1.x #1137 to main. `socket scan create`, `socket scan reach`, and `socket fix` (coana path) now honor the `projectIgnorePaths` list from socket.yml when collecting files. The underlying glob infrastructure (`globWithGitIgnore`) and `getPackageFilesForScan` already accepted a `config` option on main — we just weren't feeding socket.yml into it from these three callers. Changes: * `handle-create-new-scan.mts`: load socket.yml via `findSocketYmlSync` and pass through as `config` to `getPackageFilesForScan`. * `handle-scan-reach.mts`: same. * `coana-fix.mts`: same. * `test/unit/commands/fix/handle-fix-limit.test.mts`: mock for `@socketsecurity/lib/fs` now also returns `safeReadFileSync` since `findSocketYmlSync` calls it; the no-op returns `undefined` so the test treats socket.yml as absent. --- packages/cli/src/commands/fix/coana-fix.mts | 9 +++++++++ .../cli/src/commands/scan/handle-create-new-scan.mts | 9 +++++++++ packages/cli/src/commands/scan/handle-scan-reach.mts | 9 +++++++++ .../cli/test/unit/commands/fix/handle-fix-limit.test.mts | 2 ++ 4 files changed, 29 insertions(+) diff --git a/packages/cli/src/commands/fix/coana-fix.mts b/packages/cli/src/commands/fix/coana-fix.mts index 9470e0645..9779c69de 100644 --- a/packages/cli/src/commands/fix/coana-fix.mts +++ b/packages/cli/src/commands/fix/coana-fix.mts @@ -29,6 +29,7 @@ import { import { FLAG_DRY_RUN } from '../../constants/cli.mts' import { GQL_PR_STATE_OPEN } from '../../constants/github.mts' import { DOT_SOCKET_DOT_FACTS_JSON } from '../../constants/paths.mts' +import { findSocketYmlSync } from '../../utils/config.mts' import { spawnCoanaDlx } from '../../utils/dlx/spawn.mjs' import { getErrorCause } from '../../utils/error/errors.mjs' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mjs' @@ -121,7 +122,15 @@ export async function coanaFix( } const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const scanFilepaths = await getPackageFilesForScan(['.'], supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/src/commands/scan/handle-create-new-scan.mts b/packages/cli/src/commands/scan/handle-create-new-scan.mts index da7d812d2..51d7fa98b 100644 --- a/packages/cli/src/commands/scan/handle-create-new-scan.mts +++ b/packages/cli/src/commands/scan/handle-create-new-scan.mts @@ -31,6 +31,7 @@ import { runSocketBasics } from '../../utils/basics/spawn.mts' function excludeFactsJson(paths: string[]): string[] { return paths.filter(p => path.basename(p) !== DOT_SOCKET_DOT_FACTS_JSON) } +import { findSocketYmlSync } from '../../utils/config.mts' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mts' import { readOrDefaultSocketJson } from '../../utils/socket/json.mts' import { socketDocsLink } from '../../utils/terminal/link.mts' @@ -149,7 +150,15 @@ export async function handleCreateNewScan({ spinner.start('Searching for local files to include in scan...') const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const packagePaths = await getPackageFilesForScan(targets, supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/src/commands/scan/handle-scan-reach.mts b/packages/cli/src/commands/scan/handle-scan-reach.mts index 449bc8a1a..727c41ad5 100644 --- a/packages/cli/src/commands/scan/handle-scan-reach.mts +++ b/packages/cli/src/commands/scan/handle-scan-reach.mts @@ -7,6 +7,7 @@ const logger = getDefaultLogger() import { fetchSupportedScanFileNames } from './fetch-supported-scan-file-names.mts' import { outputScanReach } from './output-scan-reach.mts' import { performReachabilityAnalysis } from './perform-reachability-analysis.mts' +import { findSocketYmlSync } from '../../utils/config.mts' import { getPackageFilesForScan } from '../../utils/fs/path-resolve.mts' import { checkCommandInput } from '../../utils/validation/check-input.mts' @@ -49,7 +50,15 @@ export async function handleScanReach({ ) const supportedFiles = supportedFilesCResult.data + + // Load socket.yml so projectIgnorePaths is respected when collecting files. + const socketYmlResult = findSocketYmlSync(cwd) + const socketConfig = socketYmlResult.ok + ? socketYmlResult.data?.parsed + : undefined + const packagePaths = await getPackageFilesForScan(targets, supportedFiles, { + config: socketConfig, cwd, }) diff --git a/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts b/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts index 922708278..6729f4c01 100644 --- a/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts +++ b/packages/cli/test/unit/commands/fix/handle-fix-limit.test.mts @@ -113,6 +113,8 @@ vi.mock('../../../../src/commands/fix/pr-lifecycle-logger.mts', () => ({ vi.mock('@socketsecurity/lib/fs', () => ({ readJsonSync: mockReadJsonSync, + // Return undefined so findSocketYmlSync treats socket.yml as absent. + safeReadFileSync: vi.fn(() => undefined), })) vi.mock('node:fs', () => ({