Use requirements.json to add perms and quotas

Author: jdalton

package.json

@@ -24,6 +24,7 @@
     "./bin/npm-cli.js": "./dist/npm-cli.js",
     "./bin/npx-cli.js": "./dist/npx-cli.js",
     "./package.json": "./package.json",
+    "./requirements.json": "./requirements.json",
     "./translations.json": "./translations.json"
   },
   "scripts": {
@@ -218,6 +219,7 @@
     "dist/**",
     "external/**",
     "shadow-bin/**",
+    "requirements.json",
     "translations.json"
   ],
   "lint-staged": {

requirements.json

@@ -0,0 +1,116 @@
+{
+  "api": {
+    "analytics": {
+      "quota": 1,
+      "permissions": ["report:write"]
+    },
+    "audit-log": {
+      "quota": 1,
+      "permissions": ["audit-log:list"]
+    },
+    "fix": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "login": {
+      "quota": 1,
+      "permissions": []
+    },
+    "npm": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "npx": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "organization:dependencies": {
+      "quota": 1,
+      "permissions": []
+    },
+    "organization:list": {
+      "quota": 1,
+      "permissions": []
+    },
+    "organization:policy:license": {
+      "quota": 1,
+      "permissions": ["license-policy:read"]
+    },
+    "organization:policy:security": {
+      "quota": 1,
+      "permissions": ["security-policy:read"]
+    },
+    "package:score": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "package:shallow": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "repository:create": {
+      "quota": 1,
+      "permissions": ["repo:create"]
+    },
+    "repository:del": {
+      "quota": 1,
+      "permissions": ["repo:delete"]
+    },
+    "repository:list": {
+      "quota": 1,
+      "permissions": ["repo:list"]
+    },
+    "repository:update": {
+      "quota": 1,
+      "permissions": ["repo:update"]
+    },
+    "repository:view": {
+      "quota": 1,
+      "permissions": ["repo:list"]
+    },
+    "scan:create": {
+      "quota": 1,
+      "permissions": ["full-scans:create"]
+    },
+    "scan:delete": {
+      "quota": 1,
+      "permissions": ["full-scans:delete"]
+    },
+    "scan:diff": {
+      "quota": 1,
+      "permissions": ["full-scans:list"]
+    },
+    "scan:list": {
+      "quota": 1,
+      "permissions": ["full-scans:list"]
+    },
+    "scan:github": {
+      "quota": 1,
+      "permissions": ["full-scans:create"]
+    },
+    "scan:metadata": {
+      "quota": 1,
+      "permissions": ["full-scans:list"]
+    },
+    "scan:reach": {
+      "quota": 1,
+      "permissions": ["full-scans:create"]
+    },
+    "scan:report": {
+      "quota": 2,
+      "permissions": ["full-scans:list", "security-policy:read"]
+    },
+    "scan:view": {
+      "quota": 1,
+      "permissions": ["full-scans:list"]
+    },
+    "shallow": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "threat-feed": {
+      "quota": 1,
+      "permissions": ["threat-feed:list"]
+    }
+  }
+}

src/commands.mts

@@ -34,7 +34,7 @@ export const rootCommands = {
   ci: cmdCI,
   cdxgen: cmdManifestCdxgen,
   config: cmdConfig,
-  deps: cmdOrganizationDependencies,
+  dependencies: cmdOrganizationDependencies,
   fix: cmdFix,
   install: cmdInstall,
   json: cmdJson,
@@ -79,6 +79,11 @@ export const rootAliases = {
     hidden: true,
     argv: ['audit-log'],
   },
+  deps: {
+    description: cmdOrganizationDependencies.description,
+    hidden: true,
+    argv: ['dependencies'],
+  },
   feed: {
     description: cmdThreatFeed.description,
     hidden: true,

src/commands/analytics/cmd-analytics.mts

@@ -6,33 +6,52 @@ import { commonFlags, outputFlags } from '../../flags.mts'
 import { checkCommandInput } from '../../utils/check-input.mts'
 import { getOutputKind } from '../../utils/get-output-kind.mts'
 import { meowOrExit } from '../../utils/meow-with-subcommands.mts'
-import { getFlagListOutput } from '../../utils/output-formatting.mts'
+import {
+  getFlagApiRequirementsOutput,
+  getFlagListOutput,
+} from '../../utils/output-formatting.mts'
 import { hasDefaultToken } from '../../utils/sdk.mts'
 
 import type { CliCommandConfig } from '../../utils/meow-with-subcommands.mts'
 
 const { DRY_RUN_BAILING_NOW } = constants
 
-const config: CliCommandConfig = {
-  commandName: 'analytics',
-  description: 'Look up analytics data',
-  hidden: false,
-  flags: {
-    ...commonFlags,
-    ...outputFlags,
-    file: {
-      type: 'string',
-      description: 'Path to store result, only valid with --json/--markdown',
+export const CMD_NAME = 'analytics'
+
+const description = 'Look up analytics data'
+
+const hidden = false
+
+export const cmdAnalytics = {
+  description,
+  hidden,
+  run: run,
+}
+
+async function run(
+  argv: string[] | readonly string[],
+  importMeta: ImportMeta,
+  { parentName }: { parentName: string },
+): Promise<void> {
+  const config: CliCommandConfig = {
+    commandName: CMD_NAME,
+    description,
+    hidden,
+    flags: {
+      ...commonFlags,
+      ...outputFlags,
+      file: {
+        type: 'string',
+        description: 'Path to store result, only valid with --json/--markdown',
+      },
     },
-  },
-  help: (command, { flags }) =>
-    `
+    help: (command, { flags }) =>
+      `
     Usage
       $ ${command} [options] [ "org" | "repo" <reponame>] [TIME]
 
     API Token Requirements
-      - Quota: 1 unit
-      - Permissions: report:write
+      ${getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME}`)}
 
     The scope is either org or repo level, defaults to org.
 
@@ -48,19 +67,8 @@ const config: CliCommandConfig = {
       $ ${command} repo test-repo 30
       $ ${command} 90
   `,
-}
-
-export const cmdAnalytics = {
-  description: config.description,
-  hidden: config.hidden,
-  run: run,
-}
+  }
 
-async function run(
-  argv: string[] | readonly string[],
-  importMeta: ImportMeta,
-  { parentName }: { parentName: string },
-): Promise<void> {
   const cli = meowOrExit({
     argv,
     config,

src/commands/audit-log/cmd-audit-log.mts

@@ -7,48 +7,67 @@ import { checkCommandInput } from '../../utils/check-input.mts'
 import { determineOrgSlug } from '../../utils/determine-org-slug.mts'
 import { getOutputKind } from '../../utils/get-output-kind.mts'
 import { meowOrExit } from '../../utils/meow-with-subcommands.mts'
-import { getFlagListOutput } from '../../utils/output-formatting.mts'
+import {
+  getFlagApiRequirementsOutput,
+  getFlagListOutput,
+} from '../../utils/output-formatting.mts'
 import { hasDefaultToken } from '../../utils/sdk.mts'
 
 import type { CliCommandConfig } from '../../utils/meow-with-subcommands.mts'
 
 const { DRY_RUN_BAILING_NOW, SOCKET_WEBSITE_URL } = constants
 
-const config: CliCommandConfig = {
-  commandName: 'audit-log',
-  description: 'Look up the audit log for an organization',
-  hidden: false,
-  flags: {
-    ...commonFlags,
-    ...outputFlags,
-    interactive: {
-      type: 'boolean',
-      default: true,
-      description:
-        'Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.',
-    },
-    org: {
-      type: 'string',
-      description:
-        'Force override the organization slug, overrides the default org from config',
-    },
-    page: {
-      type: 'number',
-      description: 'Result page to fetch',
-    },
-    perPage: {
-      type: 'number',
-      default: 30,
-      description: 'Results per page - default is 30',
+const CMD_NAME = 'audit-log'
+
+const description = 'Look up the audit log for an organization'
+
+const hidden = false
+
+export const cmdAuditLog = {
+  description,
+  hidden,
+  run,
+}
+
+async function run(
+  argv: string[] | readonly string[],
+  importMeta: ImportMeta,
+  { parentName }: { parentName: string },
+): Promise<void> {
+  const config: CliCommandConfig = {
+    commandName: CMD_NAME,
+    description,
+    hidden,
+    flags: {
+      ...commonFlags,
+      ...outputFlags,
+      interactive: {
+        type: 'boolean',
+        default: true,
+        description:
+          'Allow for interactive elements, asking for input.\nUse --no-interactive to prevent any input questions, defaulting them to cancel/no.',
+      },
+      org: {
+        type: 'string',
+        description:
+          'Force override the organization slug, overrides the default org from config',
+      },
+      page: {
+        type: 'number',
+        description: 'Result page to fetch',
+      },
+      perPage: {
+        type: 'number',
+        default: 30,
+        description: 'Results per page - default is 30',
+      },
     },
-  },
-  help: (command, config) => `
+    help: (command, config) => `
     Usage
       $ ${command} [options] [FILTER]
 
     API Token Requirements
-      - Quota: 1 unit
-      - Permissions: audit-log:list
+      ${getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME}`)}
 
     This feature requires an Enterprise Plan. To learn more about getting access
     to this feature and many more, please visit ${SOCKET_WEBSITE_URL}/pricing
@@ -72,19 +91,8 @@ const config: CliCommandConfig = {
       $ ${command}
       $ ${command} deleteReport --page 2 --perPage 10
   `,
-}
-
-export const cmdAuditLog = {
-  description: config.description,
-  hidden: config.hidden,
-  run,
-}
+  }
 
-async function run(
-  argv: string[] | readonly string[],
-  importMeta: ImportMeta,
-  { parentName }: { parentName: string },
-): Promise<void> {
   const cli = meowOrExit({
     argv,
     config,

src/commands/audit-log/cmd-audit-log.test.mts

@@ -39,7 +39,8 @@ describe('socket audit-log', async () => {
           The page arg should be a positive integer, offset 1. Defaults to 1.
 
           Options
-            --interactive       Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.
+            --interactive       Allow for interactive elements, asking for input.
+                                Use --no-interactive to prevent any input questions, defaulting them to cancel/no.
             --json              Output result as json
             --markdown          Output result as markdown
             --org               Force override the organization slug, overrides the default org from config

src/commands/cli.test.mts

@@ -32,7 +32,7 @@ describe('socket root command', async () => {
           package                     Look up published package details
           repository                  Manage registered repositories
           scan                        Manage Socket scans
-          threat-feed                 [Beta] View the threat feed
+          threat-feed                 [Beta] View the threat-feed
 
         Local tools
           fix                         Update dependencies with "fixable" Socket alerts

src/commands/config/cmd-config-auto.mts

@@ -19,6 +19,7 @@ const { DRY_RUN_BAILING_NOW } = constants
 
 const description =
   'Automatically discover and set the correct value config item'
+
 const hidden = false
 
 export const cmdConfigAuto = {

src/commands/config/cmd-config-set.mts

@@ -18,6 +18,7 @@ import type { CliCommandConfig } from '../../utils/meow-with-subcommands.mts'
 const { DRY_RUN_BAILING_NOW } = constants
 
 const description = 'Update the value of a local CLI config item'
+
 const hidden = false
 
 export const cmdConfigSet = {