Skip to content

feat(scan): expose --reach-continue-on-* flags in help #1293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Martin Torp (mtorp) merged 2 commits into from
May 1, 2026
Merged

feat(scan): expose --reach-continue-on-* flags in help #1293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a6dcd78
feat(scan): expose --reach-continue-on-* flags in help
mtorp May 1, 2026
6c775c8
Merge branch 'v1.x' into feat/reach-continue-on-flags-visible
mtorp May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).

## [1.1.91](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.91) - 2026-05-01

### Added
- New `socket scan create` and `socket scan reach` flags let you keep reachability analysis going when it would otherwise halt: `--reach-continue-on-analysis-errors`, `--reach-continue-on-install-errors`, `--reach-continue-on-missing-lock-files`, and `--reach-continue-on-no-source-files`. Each falls back to precomputed (Tier 2) results so you still get a scan when individual workspaces hit timeouts, install failures, missing lock files, or empty source trees.

## [1.1.90](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.90) - 2026-04-30

### Added
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "socket",
"version": "1.1.90",
"version": "1.1.91",
"description": "CLI for Socket.dev",
"homepage": "https://github.com/SocketDev/socket-cli",
"license": "MIT AND OFL-1.1",
Expand Down
4 changes: 4 additions & 0 deletions src/commands/scan/cmd-scan-create.test.mts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ describe('socket scan create', async () => {
--reach-analysis-memory-limit The maximum memory in MB to use for the reachability analysis. The default is 8192MB.
--reach-analysis-timeout Set timeout for the reachability analysis. Split analysis runs may cause the total scan time to exceed this timeout significantly.
--reach-concurrency Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.
--reach-continue-on-analysis-errors Continue reachability analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) results. By default, the CLI halts on analysis errors.
--reach-continue-on-install-errors Continue reachability analysis when package installation fails, falling back to precomputed (Tier 2) results. By default, the CLI halts on installation errors.
--reach-continue-on-missing-lock-files Continue reachability analysis when a Gradle or SBT project is missing its lock file (or version catalog / pre-generated SBOM). By default, the CLI halts.
--reach-continue-on-no-source-files Continue reachability analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts.
--reach-debug Enable debug mode for reachability analysis. Provides verbose logging from the reachability CLI.
--reach-detailed-analysis-log-file A log file with detailed analysis logs is written to root of each analyzed workspace.
--reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations.
Expand Down
4 changes: 4 additions & 0 deletions src/commands/scan/cmd-scan-reach.test.mts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ describe('socket scan reach', async () => {
--reach-analysis-memory-limit The maximum memory in MB to use for the reachability analysis. The default is 8192MB.
--reach-analysis-timeout Set timeout for the reachability analysis. Split analysis runs may cause the total scan time to exceed this timeout significantly.
--reach-concurrency Set the maximum number of concurrent reachability analysis runs. It is recommended to choose a concurrency level that ensures each analysis run has at least the --reach-analysis-memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.
--reach-continue-on-analysis-errors Continue reachability analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) results. By default, the CLI halts on analysis errors.
--reach-continue-on-install-errors Continue reachability analysis when package installation fails, falling back to precomputed (Tier 2) results. By default, the CLI halts on installation errors.
--reach-continue-on-missing-lock-files Continue reachability analysis when a Gradle or SBT project is missing its lock file (or version catalog / pre-generated SBOM). By default, the CLI halts.
--reach-continue-on-no-source-files Continue reachability analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts.
--reach-debug Enable debug mode for reachability analysis. Provides verbose logging from the reachability CLI.
--reach-detailed-analysis-log-file A log file with detailed analysis logs is written to root of each analyzed workspace.
--reach-disable-analytics Disable reachability analytics sharing with Socket. Also disables caching-based optimizations.
Expand Down
4 changes: 0 additions & 4 deletions src/commands/scan/reachability-flags.mts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,28 +28,24 @@ export const reachabilityFlags: MeowFlags = {
reachContinueOnAnalysisErrors: {
type: 'boolean',
default: false,
hidden: true,
description:
'Continue reachability analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) results. By default, the CLI halts on analysis errors.',
},
reachContinueOnInstallErrors: {
type: 'boolean',
default: false,
hidden: true,
description:
'Continue reachability analysis when package installation fails, falling back to precomputed (Tier 2) results. By default, the CLI halts on installation errors.',
},
reachContinueOnMissingLockFiles: {
type: 'boolean',
default: false,
hidden: true,
description:
'Continue reachability analysis when a Gradle or SBT project is missing its lock file (or version catalog / pre-generated SBOM). By default, the CLI halts.',
},
reachContinueOnNoSourceFiles: {
type: 'boolean',
default: false,
hidden: true,
description:
'Continue reachability analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts.',
},
Expand Down
Loading