upgrading coana to version 14.12.194

.github/workflows/e2e-tests.yml

@@ -26,6 +26,9 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+
       - name: Build
         run: pnpm run build
 

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.70](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.70) - 2026-03-11
+
+### Changed
+- Updated the Coana CLI to v `14.12.194`.
+
 ## [1.1.69](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.69) - 2026-03-10
 
 ### Changed

package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.69",
+  "version": "1.1.70",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
@@ -97,7 +97,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.4",
     "@biomejs/biome": "2.2.4",
-    "@coana-tech/cli": "14.12.192",
+    "@coana-tech/cli": "14.12.194",
     "@cyclonedx/cdxgen": "11.11.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",

src/commands/ci/handle-ci.mts

@@ -57,6 +57,7 @@ export async function handleCi(autoManifest: boolean): Promise<void> {
       reachDebug: false,
       reachDetailedAnalysisLogFile: false,
       reachDisableAnalytics: false,
+      reachDisableExternalToolChecks: false,
       reachEcosystems: [],
       reachEnableAnalysisSplitting: false,
       reachExcludePaths: [],

src/commands/fix/cmd-fix.mts

@@ -154,6 +154,11 @@ Available styles:
       'Enable debug logging in the Coana-based Socket Fix CLI invocation.',
     shortFlag: 'd',
   },
+  disableExternalToolChecks: {
+    type: 'boolean',
+    default: false,
+    description: 'Disable external tool checks during fix analysis.',
+  },
   ecosystems: {
     type: 'string',
     default: [],
@@ -294,6 +299,7 @@ async function run(
     applyFixes,
     autopilot,
     debug,
+    disableExternalToolChecks,
     ecosystems,
     exclude,
     fixVersion,
@@ -317,6 +323,7 @@ async function run(
     applyFixes: boolean
     autopilot: boolean
     debug: boolean
+    disableExternalToolChecks: boolean
     ecosystems: string[]
     exclude: string[]
     fixVersion: string | undefined
@@ -426,6 +433,7 @@ async function run(
     coanaVersion: fixVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems: validatedEcosystems,
     exclude: excludePatterns,

src/commands/fix/coana-fix.mts

@@ -119,6 +119,7 @@ export async function coanaFix(
     coanaVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -266,6 +267,9 @@ export async function coanaFix(
           '--output-file',
           tmpFile,
           ...(debug ? ['--debug'] : []),
+          ...(disableExternalToolChecks
+            ? ['--disable-external-tool-checks']
+            : []),
           ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
           ...(showAffectedDirectDependencies
             ? ['--show-affected-direct-dependencies']
@@ -418,6 +422,9 @@ export async function coanaFix(
         ...(exclude.length ? ['--exclude', ...exclude] : []),
         ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []),
         ...(debug ? ['--debug'] : []),
+        ...(disableExternalToolChecks
+          ? ['--disable-external-tool-checks']
+          : []),
         ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
         ...(showAffectedDirectDependencies
           ? ['--show-affected-direct-dependencies']

src/commands/fix/handle-fix.mts

@@ -120,6 +120,7 @@ export async function handleFix({
   coanaVersion,
   cwd,
   debug,
+  disableExternalToolChecks,
   disableMajorUpdates,
   ecosystems,
   exclude,
@@ -146,6 +147,7 @@ export async function handleFix({
     coanaVersion,
     cwd,
     debug,
+    disableExternalToolChecks,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -171,6 +173,7 @@ export async function handleFix({
       coanaVersion,
       cwd,
       debug,
+      disableExternalToolChecks,
       disableMajorUpdates,
       ecosystems,
       exclude,

src/commands/fix/types.mts

@@ -9,6 +9,7 @@ export type FixConfig = {
   coanaVersion: string | undefined
   cwd: string
   debug: boolean
+  disableExternalToolChecks: boolean
   disableMajorUpdates: boolean
   ecosystems: PURL_Type[]
   exclude: string[]

src/commands/scan/cmd-scan-create.mts

@@ -244,6 +244,7 @@ async function run(
     reachDetailedAnalysisLogFile,
     reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
     reachDisableAnalytics,
+    reachDisableExternalToolChecks,
     reachEnableAnalysisSplitting,
     reachLazyMode,
     reachSkipCache,
@@ -277,6 +278,7 @@ async function run(
     reachDetailedAnalysisLogFile: boolean
     reachDisableAnalysisSplitting: boolean
     reachDisableAnalytics: boolean
+    reachDisableExternalToolChecks: boolean
     reachEnableAnalysisSplitting: boolean
     reachLazyMode: boolean
     reachSkipCache: boolean
@@ -580,6 +582,7 @@ async function run(
       reachDebug: Boolean(reachDebug),
       reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
       reachDisableAnalytics: Boolean(reachDisableAnalytics),
+      reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
       reachEcosystems,
       reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
       reachExcludePaths,

src/commands/scan/cmd-scan-reach.e2e.test.mts

@@ -394,7 +394,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: longTestTimeout },
+      { retry: 2, timeout: longTestTimeout },
     )
 
     cmdit(
@@ -491,7 +491,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
   })
 
@@ -603,7 +603,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
 
     cmdit(
@@ -681,7 +681,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
 
     cmdit(
@@ -779,7 +779,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
 
     cmdit(
@@ -836,7 +836,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
 
     cmdit(
@@ -923,7 +923,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
   })
 
@@ -1027,7 +1027,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
 
     cmdit(
@@ -1127,7 +1127,7 @@ describe('socket scan reach (E2E tests)', async () => {
           await tempFixture.cleanup()
         }
       },
-      { timeout: testTimeout },
+      { retry: 2, timeout: testTimeout },
     )
   })
 })

src/commands/scan/cmd-scan-reach.mts

@@ -128,6 +128,7 @@ async function run(
     reachDetailedAnalysisLogFile,
     reachDisableAnalysisSplitting: _reachDisableAnalysisSplitting,
     reachDisableAnalytics,
+    reachDisableExternalToolChecks,
     reachEnableAnalysisSplitting,
     reachLazyMode,
     reachSkipCache,
@@ -147,6 +148,7 @@ async function run(
     reachDetailedAnalysisLogFile: boolean
     reachDisableAnalysisSplitting: boolean
     reachDisableAnalytics: boolean
+    reachDisableExternalToolChecks: boolean
     reachEnableAnalysisSplitting: boolean
     reachLazyMode: boolean
     reachSkipCache: boolean
@@ -268,6 +270,7 @@ async function run(
       reachDebug: Boolean(reachDebug),
       reachDetailedAnalysisLogFile: Boolean(reachDetailedAnalysisLogFile),
       reachDisableAnalytics: Boolean(reachDisableAnalytics),
+      reachDisableExternalToolChecks: Boolean(reachDisableExternalToolChecks),
       reachEcosystems,
       reachEnableAnalysisSplitting: Boolean(reachEnableAnalysisSplitting),
       reachExcludePaths,

src/commands/scan/create-scan-from-github.mts

@@ -255,6 +255,7 @@ async function scanOneRepo(
       reachDebug: false,
       reachDetailedAnalysisLogFile: false,
       reachDisableAnalytics: false,
+      reachDisableExternalToolChecks: false,
       reachEcosystems: [],
       reachEnableAnalysisSplitting: false,
       reachExcludePaths: [],

src/commands/scan/perform-reachability-analysis.mts

@@ -1,5 +1,7 @@
 import path from 'node:path'
 
+import { logger } from '@socketsecurity/registry/lib/logger'
+
 import constants from '../../constants.mts'
 import { handleApiCall } from '../../utils/api.mts'
 import { extractTier1ReachabilityScanId } from '../../utils/coana.mts'
@@ -19,6 +21,7 @@ export type ReachabilityOptions = {
   reachConcurrency: number
   reachDebug: boolean
   reachDetailedAnalysisLogFile: boolean
+  reachDisableExternalToolChecks: boolean
   reachDisableAnalytics: boolean
   reachEcosystems: PURL_Type[]
   reachEnableAnalysisSplitting: boolean
@@ -179,6 +182,9 @@ export async function performReachabilityAnalysis(
     ...(reachabilityOptions.reachDisableAnalytics
       ? ['--disable-analytics-sharing']
       : []),
+    ...(reachabilityOptions.reachDisableExternalToolChecks
+      ? ['--disable-external-tool-checks']
+      : []),
     ...(reachabilityOptions.reachEnableAnalysisSplitting
       ? []
       : ['--disable-analysis-splitting']),
@@ -223,15 +229,25 @@ export async function performReachabilityAnalysis(
     spinner.start()
   }
 
-  return coanaResult.ok
-    ? {
-        ok: true,
-        data: {
-          // Use the actual output filename for the scan.
-          reachabilityReport: outputFilePath,
-          tier1ReachabilityScanId:
-            extractTier1ReachabilityScanId(outputFilePath),
-        },
-      }
-    : coanaResult
+  if (!coanaResult.ok) {
+    const coanaVersion =
+      reachabilityOptions.reachVersion ||
+      constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION
+    logger.error(
+      `Coana reachability analysis failed. Version: ${coanaVersion}, target: ${analysisTarget}, cwd: ${cwd}`,
+    )
+    if (coanaResult.message) {
+      logger.error(`Details: ${coanaResult.message}`)
+    }
+    return coanaResult
+  }
+
+  return {
+    ok: true,
+    data: {
+      // Use the actual output filename for the scan.
+      reachabilityReport: outputFilePath,
+      tier1ReachabilityScanId: extractTier1ReachabilityScanId(outputFilePath),
+    },
+  }
 }

src/commands/scan/reachability-flags.mts

@@ -25,6 +25,12 @@ export const reachabilityFlags: MeowFlags = {
     description:
       'Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.',
   },
+  reachDisableExternalToolChecks: {
+    type: 'boolean',
+    default: false,
+    description:
+      'Disable external tool checks during reachability analysis.',
+  },
   reachDebug: {
     type: 'boolean',
     default: false,