Add workspace support for full scans

.config/isolated-tests.json

@@ -0,0 +1,17 @@
+{
+  "_comment": "Tests that require isolated module execution due to vi.mock(), vi.doMock(), or vi.resetModules() usage. These tests manipulate module state and need to run in isolation to avoid cross-test contamination.",
+  "tests": [
+    "packages/cli/src/flags.test.mts",
+    "packages/cli/src/npm-cli.test.mts",
+    "packages/cli/src/npx-cli.test.mts",
+    "packages/cli/src/pnpm-cli.test.mts",
+    "packages/cli/src/utils/alert/translations.test.mts",
+    "packages/cli/src/utils/dlx/detection.test.mts",
+    "packages/cli/src/utils/git/github.test.mts",
+    "packages/cli/src/utils/npm/paths.test.mts",
+    "packages/cli/src/utils/pnpm/paths.test.mts",
+    "packages/cli/src/utils/yarn/paths.test.mts",
+    "packages/cli/src/utils/yarn/version.test.mts",
+    "packages/cli/src/yarn-cli.test.mts"
+  ]
+}

.config/tsconfig.base.json

@@ -0,0 +1,38 @@
+{
+  "compilerOptions": {
+    // The following options are not supported by @typescript/native-preview.
+    // They are either ignored or throw an unknown option error:
+    //"importsNotUsedAsValues": "remove",
+    "allowImportingTsExtensions": false,
+    "allowJs": false,
+    "composite": false,
+    "declaration": false,
+    "declarationMap": false,
+    "erasableSyntaxOnly": true,
+    "esModuleInterop": true,
+    "exactOptionalPropertyTypes": true,
+    "forceConsistentCasingInFileNames": true,
+    "incremental": false,
+    "isolatedModules": true,
+    "jsx": "react-jsx",
+    "lib": ["ES2024"],
+    "module": "nodenext",
+    "noEmit": true,
+    "noEmitOnError": true,
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitOverride": true,
+    "noPropertyAccessFromIndexSignature": true,
+    "noUncheckedIndexedAccess": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "resolveJsonModule": true,
+    "rewriteRelativeImportExtensions": true,
+    "skipLibCheck": true,
+    "sourceMap": true,
+    "strict": true,
+    "strictNullChecks": true,
+    "target": "ES2024",
+    "useUnknownInCatchVariables": true,
+    "verbatimModuleSyntax": true
+  }
+}

.config/tsconfig.build.json

@@ -0,0 +1,9 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "declaration": true,
+    "declarationMap": true,
+    "composite": true,
+    "incremental": true
+  }
+}

.config/tsconfig.check.json

@@ -0,0 +1,22 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "typeRoots": ["../node_modules/@types"]
+  },
+  "include": [
+    "../packages/cli/src/**/*.mts",
+    "../packages/cli/*.config.mts",
+    "../packages/cli/.config/*.mts"
+  ],
+  "exclude": [
+    "../packages/cli/**/*.tsx",
+    "../packages/cli/**/*.d.mts",
+    "../packages/cli/src/commands/analytics/output-analytics.mts",
+    "../packages/cli/src/commands/audit-log/output-audit-log.mts",
+    "../packages/cli/src/commands/threat-feed/output-threat-feed.mts",
+    "../packages/cli/**/*.test.mts",
+    "../packages/cli/src/test/**/*.mts",
+    "../packages/cli/src/utils/test-mocks.mts",
+    "../packages/cli/test/**/*.mts"
+  ]
+}

.config/tsconfig.external-aliases.json

@@ -0,0 +1,13 @@
+{
+  "extends": "./tsconfig.check.json",
+  "compilerOptions": {
+    "paths": {
+      "@socketsecurity/lib": ["../socket-lib/dist/index.d.ts"],
+      "@socketsecurity/lib/*": ["../socket-lib/dist/*"],
+      "@socketsecurity/registry": [
+        "../socket-registry/registry/dist/index.d.ts"
+      ],
+      "@socketsecurity/registry/*": ["../socket-registry/registry/dist/*"]
+    }
+  }
+}

.config/tsconfig.test.json

@@ -0,0 +1,7 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "noUnusedLocals": false,
+    "noUnusedParameters": false
+  }
+}

.config/vitest.config.base.mts

@@ -0,0 +1,106 @@
+import path from 'node:path'
+import { defineConfig } from 'vitest/config'
+
+/**
+ * Base Vitest configuration for socket-cli monorepo packages.
+ *
+ * Packages should extend this configuration and override as needed:
+ *
+ * ```typescript
+ * import { defineConfig, mergeConfig } from 'vitest/config'
+ * import baseConfig from '../../.config/vitest.config.base.mts'
+ *
+ * export default mergeConfig(
+ *   baseConfig,
+ *   defineConfig({
+ *     test: {
+ *       include: ['test/**\/*.test.{mts,ts}'],
+ *     },
+ *   })
+ * )
+ * ```
+ */
+
+const isCoverageEnabled =
+  process.env.npm_lifecycle_event === 'cover' ||
+  process.argv.includes('--coverage')
+
+const projectRoot = path.resolve(import.meta.dirname, '..')
+
+export default defineConfig({
+  cacheDir: path.resolve(projectRoot, '.cache/vitest'), // Explicit cache directory for consistent behavior.
+  test: {
+    globals: false,
+    environment: 'node',
+    exclude: [
+      '**/node_modules/**',
+      '**/dist/**',
+      '**/.{idea,git,cache,output,temp}/**',
+      '**/{karma,rollup,webpack,vite,vitest,jest,ava,babel,nyc,cypress,tsup,build,eslint,prettier}.config.*',
+      // Exclude E2E tests from regular test runs.
+      '**/*-e2e.test.mts',
+    ],
+    reporters: ['default'],
+    // Use threads for better performance
+    pool: 'threads',
+    poolOptions: {
+      threads: {
+        singleThread: false,
+        maxThreads: isCoverageEnabled ? 1 : 16,
+        minThreads: isCoverageEnabled ? 1 : 4,
+        // IMPORTANT: isolate: false for performance and test compatibility
+        //
+        // Tradeoff Analysis:
+        // - isolate: true  = Full isolation, slower, breaks nock/module mocking
+        // - isolate: false = Shared worker context, faster, mocking works
+        //
+        // We choose isolate: false because:
+        // 1. Significant performance improvement (faster test runs)
+        // 2. Nock HTTP mocking works correctly across all test files
+        // 3. Vi.mock() module mocking functions properly
+        // 4. Test state pollution is prevented through proper beforeEach/afterEach
+        // 5. Our tests are designed to clean up after themselves
+        //
+        // Tests requiring true isolation should use pool: 'forks' or be marked
+        // with { pool: 'forks' } in the test file itself.
+        isolate: false,
+        // Use worker threads for better performance
+        useAtomics: true,
+      },
+    },
+    testTimeout: 30_000,
+    hookTimeout: 30_000,
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html', 'lcov', 'clover'],
+      exclude: [
+        '**/*.config.*',
+        '**/node_modules/**',
+        '**/[.]**',
+        '**/*.d.mts',
+        '**/*.d.ts',
+        '**/virtual:*',
+        'bin/**',
+        'coverage/**',
+        'dist/**',
+        'external/**',
+        'pnpmfile.*',
+        'scripts/**',
+        'src/**/types.mts',
+        'test/**',
+        'perf/**',
+      ],
+      include: ['src/**/*.mts', 'src/**/*.ts'],
+      all: true,
+      clean: true,
+      skipFull: false,
+      ignoreClassMethods: ['constructor'],
+      thresholds: {
+        lines: 0,
+        functions: 0,
+        branches: 0,
+        statements: 0,
+      },
+    },
+  },
+})

.config/vitest.config.isolated.mts

@@ -0,0 +1,74 @@
+/**
+ * @fileoverview Vitest configuration for tests requiring full isolation.
+ * Used for tests that need vi.doMock() or other module-level mocking that
+ * requires true module isolation. Use this config when tests need to mock
+ * modules differently in the same file or when isolate: false causes issues.
+ */
+import { defineConfig } from 'vitest/config'
+
+// Check if coverage is enabled via CLI flags or environment.
+const isCoverageEnabled =
+  process.env.COVERAGE === 'true' ||
+  process.env.npm_lifecycle_event?.includes('coverage') ||
+  process.argv.some(arg => arg.includes('coverage'))
+
+export default defineConfig({
+  test: {
+    globals: false,
+    environment: 'node',
+    exclude: [
+      '**/node_modules/**',
+      '**/dist/**',
+      '**/.{idea,git,cache,output,temp}/**',
+      '**/{karma,rollup,webpack,vite,vitest,jest,ava,babel,nyc,cypress,tsup,build,eslint,prettier}.config.*',
+      // Exclude E2E tests from regular test runs.
+      '**/*-e2e.test.mts',
+    ],
+    reporters: ['default'],
+    // Use forks for full isolation.
+    pool: 'forks',
+    poolOptions: {
+      forks: {
+        // True isolation for vi.doMock() and module-level mocking.
+        isolate: true,
+        singleFork: isCoverageEnabled,
+        maxForks: isCoverageEnabled ? 4 : 16,
+        minForks: isCoverageEnabled ? 1 : 2,
+      },
+    },
+    testTimeout: 30_000,
+    hookTimeout: 10_000,
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html', 'lcov', 'clover'],
+      exclude: [
+        '**/*.config.*',
+        '**/node_modules/**',
+        '**/[.]**',
+        '**/*.d.mts',
+        '**/*.d.ts',
+        '**/virtual:*',
+        'bin/**',
+        'coverage/**',
+        'dist/**',
+        'external/**',
+        'pnpmfile.*',
+        'scripts/**',
+        'src/**/types.mts',
+        'test/**',
+        'perf/**',
+      ],
+      include: ['src/**/*.mts', 'src/**/*.ts'],
+      all: true,
+      clean: true,
+      skipFull: false,
+      ignoreClassMethods: ['constructor'],
+      thresholds: {
+        lines: 35,
+        functions: 60,
+        branches: 35,
+        statements: 35,
+      },
+    },
+  },
+})

.dockerignore

@@ -0,0 +1,60 @@
+# Version control
+.git/
+.github/
+.gitignore
+.gitattributes
+
+# Dependencies
+node_modules/
+packages/*/node_modules/
+
+# Build artifacts
+dist/
+build/
+*.log
+*.tgz
+*.tar.gz
+
+# Testing
+coverage/
+.nyc_output/
+test-results/
+
+# Caches
+.cache/
+.eslintcache
+.tsbuildinfo
+.rollup.cache/
+pnpm-store/
+
+# IDEs and editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# Documentation
+*.md
+!README.md
+docs/
+
+# CI/CD
+.circleci/
+.travis.yml
+azure-pipelines.yml
+appveyor.yml
+
+# Temporary files
+tmp/
+temp/
+*.tmp
+
+# OS files
+Thumbs.db

.env.example

@@ -0,0 +1,11 @@
+# Socket CLI Environment Configuration Example
+# Copy this file to .env.local and customize for your local environment.
+
+# Node.js Configuration (optional overrides).
+NODE_COMPILE_CACHE="./.cache"
+NODE_OPTIONS="--max-old-space-size=8192 --max-semi-space-size=1024"
+
+# Socket API Configuration (for e2e testing).
+# Get your API key from https://socket.dev/dashboard/settings
+SOCKET_SECURITY_API_KEY=your_api_key_here
+SOCKET_CLI_ORG_SLUG=your_org_slug_here

.env.precommit

@@ -0,0 +1,12 @@
+# Socket CLI Pre-commit Test Environment
+# This file is loaded by dotenvx during pre-commit hooks.
+
+# Disable API token requirement for unit tests.
+SOCKET_CLI_NO_API_TOKEN=1
+
+# Indicate tests are running in Vitest.
+VITEST=1
+
+# Node.js optimization for test performance.
+NODE_COMPILE_CACHE="./.cache"
+NODE_OPTIONS="--max-old-space-size=8192"