add --debug option to socket fix (#979)

* add `--debug` option to `socket fix`
bump coana version for better logging when `pnpm install` fails during `socket fix`

* updated descrition for `socket fix` option `--debug`

Author: jfblaa

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.47](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.47) - 2025-12-15
+
+### Added
+- Added `--debug` flag to `socket fix` to enable verbose logging in the Coana CLI.
+
+### Changed
+- Updated the Coana CLI to v `14.12.127`.
+
 ## [1.1.46](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.46) - 2025-12-12
 
 ### Changed

package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.46",
+  "version": "1.1.47",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
@@ -94,7 +94,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.4",
     "@biomejs/biome": "2.2.4",
-    "@coana-tech/cli": "14.12.126",
+    "@coana-tech/cli": "14.12.127",
     "@cyclonedx/cdxgen": "11.11.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",

pnpm-lock.yaml

@@ -1,8 +1,7 @@
-import { existsSync, promises as fs } from 'node:fs'
+import { promises as fs } from 'node:fs'
 import { tmpdir } from 'node:os'
 import path from 'node:path'
 
-import trash from 'trash'
 import { describe, expect } from 'vitest'
 
 import constants, {
@@ -167,6 +166,7 @@ describe('socket fix', async () => {
             --all               Process all discovered vulnerabilities in local mode. Cannot be used with --id.
             --autopilot         Enable auto-merge for pull requests that Socket opens.
                                 See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository.
+            --debug             Enable debug logging in the Coana-based Socket Fix CLI invocation.
             --ecosystems        Limit fix analysis to specific ecosystems. Can be provided as comma separated values or as multiple flags. Defaults to all ecosystems.
             --exclude           Exclude workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags
             --fix-version       Override the version of @coana-tech/cli used for fix analysis. Default: <coana-version>.

src/commands/fix/cmd-fix.integration.test.mts

@@ -147,6 +147,13 @@ Available styles:
     description:
       'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.',
   },
+  debug: {
+    type: 'boolean',
+    default: false,
+    description:
+      'Enable debug logging in the Coana-based Socket Fix CLI invocation.',
+    shortFlag: 'd',
+  },
   ecosystems: {
     type: 'string',
     default: [],
@@ -281,6 +288,7 @@ async function run(
     all,
     applyFixes,
     autopilot,
+    debug,
     ecosystems,
     exclude,
     fixVersion,
@@ -302,6 +310,7 @@ async function run(
     all: boolean
     applyFixes: boolean
     autopilot: boolean
+    debug: boolean
     ecosystems: string[]
     exclude: string[]
     fixVersion: string | undefined
@@ -409,6 +418,7 @@ async function run(
     autopilot,
     coanaVersion: fixVersion,
     cwd,
+    debug,
     disableMajorUpdates,
     ecosystems: validatedEcosystems,
     exclude: excludePatterns,

src/commands/fix/cmd-fix.mts

@@ -112,6 +112,7 @@ export async function coanaFix(
     autopilot,
     coanaVersion,
     cwd,
+    debug,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -246,6 +247,7 @@ export async function coanaFix(
           ...(!applyFixes ? [FLAG_DRY_RUN] : []),
           '--output-file',
           tmpFile,
+          ...(debug ? ['--debug'] : []),
           ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
           ...(showAffectedDirectDependencies
             ? ['--show-affected-direct-dependencies']
@@ -371,6 +373,7 @@ export async function coanaFix(
         ...(include.length ? ['--include', ...include] : []),
         ...(exclude.length ? ['--exclude', ...exclude] : []),
         ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []),
+        ...(debug ? ['--debug'] : []),
         ...(disableMajorUpdates ? ['--disable-major-updates'] : []),
         ...(showAffectedDirectDependencies
           ? ['--show-affected-direct-dependencies']

src/commands/fix/coana-fix.mts

@@ -102,6 +102,7 @@ export async function handleFix({
   autopilot,
   coanaVersion,
   cwd,
+  debug,
   disableMajorUpdates,
   ecosystems,
   exclude,
@@ -126,6 +127,7 @@ export async function handleFix({
     autopilot,
     coanaVersion,
     cwd,
+    debug,
     disableMajorUpdates,
     ecosystems,
     exclude,
@@ -149,6 +151,7 @@ export async function handleFix({
       autopilot,
       coanaVersion,
       cwd,
+      debug,
       disableMajorUpdates,
       ecosystems,
       exclude,

src/commands/fix/handle-fix.mts

@@ -8,6 +8,7 @@ export type FixConfig = {
   autopilot: boolean
   coanaVersion: string | undefined
   cwd: string
+  debug: boolean
   disableMajorUpdates: boolean
   ecosystems: PURL_Type[]
   exclude: string[]