fix: --limit flag not working in local mode#925
Merged
Conversation
- Fixed bug where --limit flag was ignored in local mode (line 159) - Was passing full ghsas array instead of limited ids array - Now correctly passes only the first N GHSAs as specified by --limit - Add discoverGhsaIds helper to DRY vulnerability discovery logic - Consolidates duplicate code between local and PR modes - Accepts orgSlug, tarHash, fixConfig, and optional options - Supports optional cwd (defaults to process.cwd()), limit, and spinner - Add comprehensive unit tests for --limit and --id behavior - 9 unit tests with mocks/spies verify actual business logic - Tests verify correct number of GHSAs passed to coana CLI - Tests cover local mode, PR mode, limit adjustment, and edge cases - Add CLI parsing tests for --limit and --id flags - 18 CLI tests verify flag acceptance and combinations - Tests verify --limit 0, --limit 1, --limit 100, defaults - Tests verify --id with GHSA, CVE, and PURL formats - Tests verify --limit and --id work together with other flags Fixes issue reported by users where 'socket fix --limit 1' would process all vulnerabilities instead of limiting to 1.
- Rename cmd-fix.test.mts → cmd-fix.integration.test.mts - File contains integration tests that spawn CLI process - Rename cmd-fix-e2e.test.mts → cmd-fix.e2e.test.mts - Use dot notation for consistency with .integration pattern - Update vitest.e2e.config.mts include pattern to match *.e2e.test.mts - Update vitest.config.mts exclude pattern to match *.e2e.test.mts
jdalton
force-pushed
the
jdalton/test-fix-limit-id
branch
from
16122e1 to
0af9e17
Compare
billxinli
approved these changes
Nov 20, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes bug where
socket fix --limit Nprocessed all vulnerabilities instead of limiting to N.(Renamed test files to match naming convention)
Note
Enforces --limit in local/PR modes by discovering/applying a capped set of GHSA IDs and adds thorough unit/integration tests for --limit and --id flags.
coana-fix.mts):discoverGhsaIdsto fetch GHSA IDs via Coana without applying fixes.--limitcorrectly in local and PR modes, includingisAllflows; early-exit onlimit < 1or no IDs.idsfor--apply-fixes-to; reuse discovery for PR flow; minor cleanup of temp-file unlink catch.src/commands/fix/handle-fix-limit.test.mtscovering local vs PR mode, discovery, PR-count-based limit adjustment, and--idfiltering with limits.--limit,--id, and their combinations (dry-run and non-dry-run).Written by Cursor Bugbot for commit 5ae586c. Configure here.