Flatten spawnCoana into spanCoanaDlx

Author: jdalton

src/commands/fix/coana-fix.mts

@@ -11,7 +11,7 @@ import { getSocketFixPrs, openSocketFixPr } from './pull-request.mts'
 import { GQL_PR_STATE_OPEN, UNKNOWN_ERROR } from '../../constants.mts'
 import { handleApiCall } from '../../utils/api.mts'
 import { cmdFlagValueToArray } from '../../utils/cmd.mts'
-import { spawnCoana } from '../../utils/coana.mts'
+import { spawnCoanaDlx } from '../../utils/dlx.mts'
 import {
   gitCheckoutBranch,
   gitCommit,
@@ -106,7 +106,7 @@ export async function coanaFix(
       return { ok: true, data: { fixed: false } }
     }
 
-    const fixCResult = await spawnCoana(
+    const fixCResult = await spawnCoanaDlx(
       [
         'compute-fixes-and-upgrade-purls',
         cwd,
@@ -160,7 +160,7 @@ export async function coanaFix(
   let ids: string[] | undefined
 
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await spawnCoana(
+    const foundCResult = await spawnCoanaDlx(
       [
         'compute-fixes-and-upgrade-purls',
         cwd,
@@ -215,7 +215,7 @@ export async function coanaFix(
 
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await spawnCoana(
+    const fixCResult = await spawnCoanaDlx(
       [
         'compute-fixes-and-upgrade-purls',
         cwd,

src/commands/scan/perform-reachability-analysis.mts

@@ -4,10 +4,8 @@ import terminalLink from 'terminal-link'
 
 import constants, { SOCKET_WEBSITE_URL } from '../../constants.mts'
 import { handleApiCall } from '../../utils/api.mts'
-import {
-  extractTier1ReachabilityScanId,
-  spawnCoana,
-} from '../../utils/coana.mts'
+import { extractTier1ReachabilityScanId } from '../../utils/coana.mts'
+import { spawnCoanaDlx } from '../../utils/dlx.mts'
 import { hasEnterpriseOrgPlan } from '../../utils/organization.mts'
 import { setupSdk } from '../../utils/sdk.mts'
 import { fetchOrganization } from '../organization/fetch-organization-list.mts'
@@ -177,7 +175,7 @@ export async function performReachabilityAnalysis(
   }
 
   // Run Coana with the manifests tar hash.
-  const coanaResult = await spawnCoana(coanaArgs, orgSlug, {
+  const coanaResult = await spawnCoanaDlx(coanaArgs, orgSlug, {
     cwd,
     env: coanaEnv,
     spinner,

src/utils/coana.mts

@@ -1,14 +1,5 @@
 import { readJsonSync } from '@socketsecurity/registry/lib/fs'
 
-import { getDefaultOrgSlug } from '../commands/ci/fetch-default-org-slug.mts'
-import constants, { UNKNOWN_ERROR } from '../constants.mts'
-import { spawnCoanaDlx } from './dlx.mts'
-import { getDefaultApiToken, getDefaultProxyUrl } from './sdk.mts'
-
-import type { ShadowBinOptions } from '../shadow/npm/bin.mts'
-import type { CResult } from '../types.mts'
-import type { SpawnExtra } from '@socketsecurity/registry/lib/spawn'
-
 export function extractTier1ReachabilityScanId(
   socketFactsFile: string,
 ): string | undefined {
@@ -20,75 +11,3 @@ export function extractTier1ReachabilityScanId(
     ? tier1ReachabilityScanId
     : undefined
 }
-
-export async function spawnCoana(
-  args: string[] | readonly string[],
-  orgSlug?: string,
-  options?: ShadowBinOptions | undefined,
-  extra?: SpawnExtra | undefined,
-): Promise<CResult<string>> {
-  const {
-    env: spawnEnv,
-    ipc,
-    ...spawnOpts
-  } = {
-    __proto__: null,
-    ...options,
-  } as ShadowBinOptions
-
-  const mixinsEnv: Record<string, string> = {
-    SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION,
-  }
-  const defaultApiToken = getDefaultApiToken()
-  if (defaultApiToken) {
-    mixinsEnv['SOCKET_CLI_API_TOKEN'] = defaultApiToken
-  }
-
-  if (orgSlug) {
-    mixinsEnv['SOCKET_ORG_SLUG'] = orgSlug
-  } else {
-    const orgSlugCResult = await getDefaultOrgSlug()
-    if (orgSlugCResult.ok) {
-      mixinsEnv['SOCKET_ORG_SLUG'] = orgSlugCResult.data
-    }
-  }
-
-  const proxyUrl = getDefaultProxyUrl()
-  if (proxyUrl) {
-    mixinsEnv['SOCKET_CLI_API_PROXY'] = proxyUrl
-  }
-
-  try {
-    const { spawnPromise } = await spawnCoanaDlx(
-      args,
-      {
-        ...spawnOpts,
-        env: {
-          ...process.env,
-          ...constants.processEnv,
-          ...mixinsEnv,
-          ...spawnEnv,
-        },
-        ipc: {
-          [constants.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
-          [constants.SOCKET_CLI_SHADOW_API_TOKEN]:
-            constants.SOCKET_PUBLIC_API_TOKEN,
-          [constants.SOCKET_CLI_SHADOW_SILENT]: true,
-          ...ipc,
-        },
-      },
-      extra,
-    )
-    const output = await spawnPromise
-    return { ok: true, data: output.stdout }
-  } catch (e) {
-    const stderr = (e as any)?.stderr
-    const cause = (e as Error)?.message || UNKNOWN_ERROR
-    const message = stderr ? stderr : cause
-    return {
-      ok: false,
-      data: e,
-      message,
-    }
-  }
-}

src/utils/dlx.mts

@@ -2,12 +2,15 @@ import { createRequire } from 'node:module'
 
 import { getOwn } from '@socketsecurity/registry/lib/objects'
 
-import constants, { NPM, PNPM, YARN } from '../constants.mts'
+import { getDefaultOrgSlug } from '../commands/ci/fetch-default-org-slug.mts'
+import constants, { NPM, PNPM, UNKNOWN_ERROR, YARN } from '../constants.mts'
 import { findUp } from './fs.mts'
+import { getDefaultApiToken, getDefaultProxyUrl } from './sdk.mts'
 import { isYarnBerry } from './yarn-version.mts'
 import shadowBin from '../shadow/npm/bin.mts'
 
 import type { ShadowBinOptions, ShadowBinResult } from '../shadow/npm/bin.mts'
+import type { CResult } from '../types.mts'
 import type { SpawnExtra } from '@socketsecurity/registry/lib/spawn'
 
 const require = createRequire(import.meta.url)
@@ -150,21 +153,84 @@ export async function spawnDlx(
 /**
  * Helper to spawn coana with dlx.
  * Automatically uses force and silent when version is not pinned exactly.
+ * Returns a CResult with stdout extraction for backward compatibility.
  */
 export async function spawnCoanaDlx(
   args: string[] | readonly string[],
+  orgSlug?: string,
   options?: DlxOptions | undefined,
   spawnExtra?: SpawnExtra | undefined,
-): Promise<ShadowBinResult> {
-  return await spawnDlx(
-    {
-      name: '@coana-tech/cli',
-      version: `~${constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`,
-    },
-    args,
-    { force: true, silent: true, ...options },
-    spawnExtra,
-  )
+): Promise<CResult<string>> {
+  const {
+    env: spawnEnv,
+    ipc,
+    ...dlxOptions
+  } = {
+    __proto__: null,
+    ...options,
+  } as DlxOptions
+
+  const mixinsEnv: Record<string, string> = {
+    SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION,
+  }
+  const defaultApiToken = getDefaultApiToken()
+  if (defaultApiToken) {
+    mixinsEnv['SOCKET_CLI_API_TOKEN'] = defaultApiToken
+  }
+
+  if (orgSlug) {
+    mixinsEnv['SOCKET_ORG_SLUG'] = orgSlug
+  } else {
+    const orgSlugCResult = await getDefaultOrgSlug()
+    if (orgSlugCResult.ok) {
+      mixinsEnv['SOCKET_ORG_SLUG'] = orgSlugCResult.data
+    }
+  }
+
+  const proxyUrl = getDefaultProxyUrl()
+  if (proxyUrl) {
+    mixinsEnv['SOCKET_CLI_API_PROXY'] = proxyUrl
+  }
+
+  try {
+    const result = await spawnDlx(
+      {
+        name: '@coana-tech/cli',
+        version: `~${constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`,
+      },
+      args,
+      {
+        force: true,
+        silent: true,
+        ...dlxOptions,
+        env: {
+          ...process.env,
+          ...constants.processEnv,
+          ...mixinsEnv,
+          ...spawnEnv,
+        },
+        ipc: {
+          [constants.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
+          [constants.SOCKET_CLI_SHADOW_API_TOKEN]:
+            constants.SOCKET_PUBLIC_API_TOKEN,
+          [constants.SOCKET_CLI_SHADOW_SILENT]: true,
+          ...ipc,
+        },
+      },
+      spawnExtra,
+    )
+    const output = await result.spawnPromise
+    return { ok: true, data: output.stdout }
+  } catch (e) {
+    const stderr = (e as any)?.stderr
+    const cause = (e as Error)?.message || UNKNOWN_ERROR
+    const message = stderr ? stderr : cause
+    return {
+      ok: false,
+      data: e,
+      message,
+    }
+  }
 }
 
 /**