feat(manifest): add socket manifest maven (1.1.124, Coana 15.5.5)#1373
feat(manifest): add socket manifest maven (1.1.124, Coana 15.5.5)#1373Jeppe Fredsgaard Blaabjerg (jfblaa) wants to merge 2 commits into
socket manifest maven (1.1.124, Coana 15.5.5)#1373Conversation
Add a `socket manifest maven` command that generates a Socket facts file (`.socket.facts.json`) from a Maven `pom.xml` project by delegating to the Coana CLI's `manifest maven` command, mirroring the existing gradle/sbt facts flows. Includes pom.xml auto-detection, `socket manifest auto` wiring, the `socket manifest setup` configurator, socket.json defaults, and `--maven-opts` / `--bin` pass-through. Bump Coana CLI to 15.5.5, which adds the `manifest maven` command this delegates to.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Martin Torp (mtorp)
left a comment
Martin Torp (mtorp)
left a comment
There was a problem hiding this comment.
Approving — clean, low-risk addition that faithfully mirrors the existing Gradle/sbt facts delegation: type-safe flag/socket.json plumbing, an argv-based (no-shell) spawn path, and good rationale comments. CI is green across the board.
Two non-blocking notes inline:
- CHANGELOG version label — the new section is the
1.1.125release (perpackage.json) but is labeled1.1.124; suggestion attached. Worth reconciling with the PR title/body too (they say 1.1.124). --maven-optsspace-splitting — a pre-existing, consistent limitation shared with--gradle-opts/--sbt-opts; flagged only because the Maven help text advertises the spaced-path case.
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). | ||
|
|
||
| ## [1.1.124](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.124) - 2026-06-19 | ||
| ## [1.1.124](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.125) - 2026-06-19 |
There was a problem hiding this comment.
Version label mismatch. package.json bumps to 1.1.125, so this section is the 1.1.125 release — but the heading reads [1.1.124] and the link text (1.1.124) disagrees with its target tag (v1.1.125). It also leaves two ## [1.1.124] … - 2026-06-19 headings in the file (this one + the pre-existing one below). The PR title/body also say 1.1.124, so worth aligning all of package.json / changelog / title on one version.
| ## [1.1.124](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.125) - 2026-06-19 | |
| ## [1.1.125](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.125) - 2026-06-19 |
| } | ||
|
|
||
| const parsedMavenOpts = String(mavenOpts || '') | ||
| .split(' ') |
There was a problem hiding this comment.
--maven-opts is split on every space, so a value with a spaced path — e.g. --maven-opts="-s my settings.xml" — becomes three separate tokens (-s, my, settings.xml). This matches the existing --gradle-opts/--sbt-opts parsing, so it's consistent and not a regression — flagging only because the Maven help text and changelog advertise exactly this -s settings.xml case. Non-blocking; if you want it to work, best fixed across gradle/sbt/maven together with a shell-style tokenizer.
2 participants
Summary
Adds a new
socket manifest mavencommand that generates a Socket facts file (.socket.facts.json) from a Mavenpom.xmlproject, mirroring the existinggradle/scala (sbt)facts flows. socket-cli delegates to the Coana CLI'smanifest mavencommand (which owns the Maven extension that resolves the dependency graph); socket-cli only constructs the args and verifies the emitted facts file.This is the 1.1.124 release: the feature plus the Coana bump it depends on.
What's included
cmd-manifest-maven.mts— facts-only (Maven is already pom-native, so there is no--pompath). Flags:--bin(defaults tomvnon PATH; point at./mvnwto use a wrapper),--maven-opts(e.g.-P <profile> -s <settings.xml>),--include-configs/--exclude-configs(Maven scopes),--ignore-unresolved,--verbose. Reads defaults fromsocket.jsonlike the other JVM tools.convert-maven-to-facts.mts— thin delegate to the sharedrunCoanaManifestFacts(widened to acceptecosystem: 'maven'/--maven-opts).pom.xml→ maven indetect-manifest-actions.mts, wired intosocket manifest auto(generate_auto_manifest.mts).setupMavenin thesocket manifest setupconfigurator.mavenentry insocket.jsonmanifest defaults.@coana-tech/cli15.5.0 → 15.5.5, which adds themanifest mavencommand this delegates to.Verification
pnpm build:dist:src,pnpm check:tsc,pnpm check:lint,biome formatall clean.cmd-manifest-maven.test.mts(help + dry-run); updatedcmd-manifest.test.mtssnapshot; setup/auto/detect/generate-auto suites pass.tool: "maven"metadata).Note
Low Risk
Additive beta manifest feature following existing Coana delegation; main dependency is the Coana 15.5.5 bump for Maven support.
Overview
Release 1.1.124 adds Maven to the manifest toolchain and bumps @coana-tech/cli to 15.5.5 so Coana can run
manifest maven.socket manifest maven[beta] writes.socket.facts.jsonfrom apom.xmlproject by delegating to Coana (same pattern as Gradle/sbt facts). Flags cover--bin(defaultmvn, or./mvnw),--maven-opts, scope filters via--include-configs/--exclude-configs, and--ignore-unresolved; defaults can live insocket.json.Wiring:
pom.xmlis auto-detected forsocket manifest auto, the setup wizard gets a Maven path (setupMaven), andrunCoanaManifestFactsnow acceptsecosystem: 'maven'with--maven-opts. Docs, changelog, help snapshots, and CLI tests were updated accordingly.Reviewed by Cursor Bugbot for commit dec47bf. Configure here.