include PR link and number in JSON output for socket fix. Also remove… (#1063)

mtorp · web-flow · commit b981da5f3d96 · 2026-01-28T09:04:08.000-05:00
* include PR link and number in JSON output for socket fix. Also removes the nested data layer

* update json output to use an array
diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
@@ -111,7 +111,7 @@ async function discoverGhsaIds(
 
 export async function coanaFix(
   fixConfig: FixConfig,
-): Promise<CResult<{ data?: unknown; fixed: boolean }>> {
+): Promise<CResult<{ fixedAll: boolean; ghsaDetails: unknown[] }>> {
   const {
     all,
     applyFixes,
@@ -237,7 +237,7 @@ export async function coanaFix(
       if (!silence) {
         spinner?.stop()
       }
-      return { ok: true, data: { fixed: false } }
+      return { ok: true, data: { fixedAll: false, ghsaDetails: [] } }
     }
 
     // Create a temporary file for the output.
@@ -290,7 +290,10 @@ export async function coanaFix(
       }
 
       // Read the temporary file to get the actual fixes result.
-      const fixesResultJson = readJsonSync(tmpFile, { throws: false })
+      const fixesResultJson = readJsonSync(tmpFile, { throws: false }) as
+        | { fixes?: Record<string, unknown> }
+        | null
+        | undefined
 
       // Copy to outputFile if provided.
       if (outputFile) {
@@ -301,7 +304,13 @@ export async function coanaFix(
         await fs.writeFile(outputFile, tmpContent, 'utf8')
       }
 
-      return { ok: true, data: { data: fixesResultJson, fixed: true } }
+      return {
+        ok: true,
+        data: {
+          fixedAll: true,
+          ghsaDetails: fixesResultJson ? [fixesResultJson] : [],
+        },
+      }
     } finally {
       // Clean up the temporary file.
       try {
@@ -366,7 +375,7 @@ export async function coanaFix(
     if (!silence) {
       spinner?.stop()
     }
-    return { ok: true, data: { fixed: false } }
+    return { ok: true, data: { fixedAll: false, ghsaDetails: [] } }
   }
 
   debugFn('notice', `fetch: ${ids.length} GHSA details for ${joinAnd(ids)}`)
@@ -378,12 +387,17 @@ export async function coanaFix(
 
   let count = 0
   let overallFixed = false
+  const ghsaFixResults: unknown[] = []
 
   // Process each GHSA ID individually.
   ghsaLoop: for (let i = 0, { length } = ids; i < length; i += 1) {
     const ghsaId = ids[i]!
     debugFn('notice', `check: ${ghsaId}`)
 
+    // Create a temporary file for Coana output.
+    const tmpDir = os.tmpdir()
+    const tmpFile = path.join(tmpDir, `socket-fix-${ghsaId}-${Date.now()}.json`)
+
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
     const fixCResult = await spawnCoanaDlx(
@@ -408,6 +422,8 @@ export async function coanaFix(
         ...(showAffectedDirectDependencies
           ? ['--show-affected-direct-dependencies']
           : []),
+        '--output-file',
+        tmpFile,
         ...fixConfig.unknownFlags,
       ],
       fixConfig.orgSlug,
@@ -425,6 +441,13 @@ export async function coanaFix(
           `Update failed for ${ghsaId}: ${getErrorCause(fixCResult)}`,
         )
       }
+      // Clean up temp file on failure.
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        await fs.unlink(tmpFile)
+      } catch {
+        // Ignore cleanup errors.
+      }
       continue ghsaLoop
     }
 
@@ -439,6 +462,13 @@ export async function coanaFix(
 
     if (!modifiedFiles.length) {
       debugFn('notice', `skip: no changes for ${ghsaId}`)
+      // Clean up temp file before continuing.
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        await fs.unlink(tmpFile)
+      } catch {
+        // Ignore cleanup errors.
+      }
       continue ghsaLoop
     }
 
@@ -553,6 +583,16 @@ export async function coanaFix(
         const { data } = prResult.pr
         const prRef = `PR #${data.number}`
 
+        // Read the fix result JSON and merge with PR data.
+        const fixResultJson = readJsonSync(tmpFile, { throws: false })
+        if (fixResultJson && typeof fixResultJson === 'object') {
+          ghsaFixResults.push({
+            ...(fixResultJson as object),
+            pullRequestLink: data.html_url,
+            pullRequestNumber: data.number,
+          })
+        }
+
         if (!silence) {
           logger.success(`Opened ${prRef} for ${ghsaId}.`)
         }
@@ -646,6 +686,14 @@ export async function coanaFix(
       await gitResetAndClean(fixEnv.baseBranch, cwd)
       // eslint-disable-next-line no-await-in-loop
       await gitCheckoutBranch(fixEnv.baseBranch, cwd)
+    } finally {
+      // Clean up temp file.
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        await fs.unlink(tmpFile)
+      } catch {
+        // Ignore cleanup errors.
+      }
     }
 
     count += 1
@@ -664,6 +712,6 @@ export async function coanaFix(
 
   return {
     ok: true,
-    data: { fixed: overallFixed },
+    data: { fixedAll: overallFixed, ghsaDetails: ghsaFixResults },
   }
 }
