From ef7fb1f9276c57d9994fa6ccb4c90d605745bc70 Mon Sep 17 00:00:00 2001 From: jdalton Date: Mon, 29 Dec 2025 09:13:28 -0500 Subject: [PATCH 1/3] fix(glob): add dot:true to match dotfiles and dot directories Ensures fastGlob matches files and directories starting with a dot in gitIgnoreStream and globWorkspace functions. --- src/utils/glob.mts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/utils/glob.mts b/src/utils/glob.mts index 0a4473975..dc94d3d3a 100644 --- a/src/utils/glob.mts +++ b/src/utils/glob.mts @@ -208,6 +208,7 @@ export async function globWithGitIgnore( const gitIgnoreStream = fastGlob.globStream(['**/.gitignore'], { absolute: true, cwd, + dot: true, ignore: DEFAULT_IGNORE_FOR_GIT_IGNORE, }) for await (const ignorePatterns of transform( @@ -274,6 +275,7 @@ export async function globWorkspace( ? await fastGlob.glob(workspaceGlobs, { absolute: true, cwd, + dot: true, ignore: defaultIgnore, }) : [] From c3d354ea266a09bbfc59353c3e42d40f125be885 Mon Sep 17 00:00:00 2001 From: jdalton Date: Mon, 29 Dec 2025 10:20:13 -0500 Subject: [PATCH 2/3] fix(glob): add dot:true to micromatch for dot directory matching Adds { dot: true } option to micromatch.some() calls in filterBySupportedScanFiles() and isReportSupportedFile() to ensure patterns like **/poetry.lock match files in dot directories such as .mcp-servers/neo4j/poetry.lock. --- src/utils/glob.mts | 4 +-- test/glob.test.mts | 83 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 test/glob.test.mts diff --git a/src/utils/glob.mts b/src/utils/glob.mts index dc94d3d3a..787a55442 100644 --- a/src/utils/glob.mts +++ b/src/utils/glob.mts @@ -161,7 +161,7 @@ export function filterBySupportedScanFiles( supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'], ): string[] { const patterns = getSupportedFilePatterns(supportedFiles) - return filepaths.filter(p => micromatch.some(p, patterns)) + return filepaths.filter(p => micromatch.some(p, patterns, { dot: true })) } export function getSupportedFilePatterns( @@ -286,7 +286,7 @@ export function isReportSupportedFile( supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'], ) { const patterns = getSupportedFilePatterns(supportedFiles) - return micromatch.some(filepath, patterns) + return micromatch.some(filepath, patterns, { dot: true }) } export function pathsToGlobPatterns( diff --git a/test/glob.test.mts b/test/glob.test.mts new file mode 100644 index 000000000..610caea67 --- /dev/null +++ b/test/glob.test.mts @@ -0,0 +1,83 @@ +import { describe, expect, it } from 'vitest' + +import { + filterBySupportedScanFiles, + isReportSupportedFile, +} from '../src/utils/glob.mts' + +import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' + +describe('glob', () => { + const mockSupportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'] = + { + npm: { + 'package.json': { pattern: 'package.json' }, + 'poetry.lock': { pattern: 'poetry.lock' }, + }, + } + + describe('filterBySupportedScanFiles', () => { + it('should match files in dot directories', () => { + const filepaths = [ + '.mcp-servers/neo4j/poetry.lock', + '.hidden/package.json', + 'regular/poetry.lock', + 'node_modules/package.json', + ] + + const result = filterBySupportedScanFiles(filepaths, mockSupportedFiles) + + expect(result).toEqual([ + '.mcp-servers/neo4j/poetry.lock', + '.hidden/package.json', + 'regular/poetry.lock', + 'node_modules/package.json', + ]) + }) + + it('should filter out non-matching files', () => { + const filepaths = [ + '.mcp-servers/neo4j/poetry.lock', + '.hidden/random.txt', + 'package.json', + 'src/index.ts', + ] + + const result = filterBySupportedScanFiles(filepaths, mockSupportedFiles) + + expect(result).toEqual(['.mcp-servers/neo4j/poetry.lock', 'package.json']) + }) + }) + + describe('isReportSupportedFile', () => { + it('should return true for files in dot directories', () => { + expect( + isReportSupportedFile( + '.mcp-servers/neo4j/poetry.lock', + mockSupportedFiles, + ), + ).toBe(true) + expect( + isReportSupportedFile('.hidden/package.json', mockSupportedFiles), + ).toBe(true) + }) + + it('should return true for regular files', () => { + expect( + isReportSupportedFile('regular/poetry.lock', mockSupportedFiles), + ).toBe(true) + expect(isReportSupportedFile('package.json', mockSupportedFiles)).toBe( + true, + ) + }) + + it('should return false for non-matching files', () => { + expect( + isReportSupportedFile('.hidden/random.txt', mockSupportedFiles), + ).toBe(false) + expect(isReportSupportedFile('src/index.ts', mockSupportedFiles)).toBe( + false, + ) + }) + }) +}) From 264c9270bef06743aa0362d38575d35846c275de Mon Sep 17 00:00:00 2001 From: jdalton Date: Mon, 29 Dec 2025 10:22:35 -0500 Subject: [PATCH 3/3] style: fix linting issues --- src/commands/patch/cmd-patch.mts | 3 ++- src/utils/package-environment.mts | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/commands/patch/cmd-patch.mts b/src/commands/patch/cmd-patch.mts index 2b889c66f..42583470c 100644 --- a/src/commands/patch/cmd-patch.mts +++ b/src/commands/patch/cmd-patch.mts @@ -1,6 +1,7 @@ -import constants from '../../constants.mts' import { runPatch } from '@socketsecurity/socket-patch/run' +import constants from '../../constants.mts' + import type { CliCommandContext } from '../../utils/meow-with-subcommands.mts' export const CMD_NAME = 'patch' diff --git a/src/utils/package-environment.mts b/src/utils/package-environment.mts index a0d9643ea..deb078053 100644 --- a/src/utils/package-environment.mts +++ b/src/utils/package-environment.mts @@ -244,7 +244,7 @@ function preferWindowsCmdShim(binPath: string, binName: string): string { if (!constants.WIN32) { return binPath } - + // Relative paths might be shell commands or aliases, not file paths with potential shims if (!path.isAbsolute(binPath)) { return binPath @@ -327,7 +327,10 @@ async function getAgentVersion( shouldRunWithNode = resolved } } catch (e) { - debugFn('warn', `Failed to resolve bin path for ${agentExecPath}, falling back to direct spawn.`) + debugFn( + 'warn', + `Failed to resolve bin path for ${agentExecPath}, falling back to direct spawn.`, + ) debugDir('error', e) } }