Use @socketsecurity/config + improve errors

cli.js

@@ -37,6 +37,7 @@ try {
   } else if (err instanceof InputError) {
     errorTitle = 'Invalid input'
     errorMessage = err.message
+    errorBody = err.body
   } else if (err instanceof Error) {
     errorTitle = 'Unexpected error'
     errorMessage = messageWithCauses(err)

lib/commands/report/create.js

@@ -2,16 +2,19 @@
 
 import path from 'node:path'
 
+import { betterAjvErrors } from '@apideck/better-ajv-errors'
+import { readSocketConfig, SocketValidationError } from '@socketsecurity/config'
 import meow from 'meow'
 import ora from 'ora'
+import { ErrorWithCause } from 'pony-cause'
 
 import { handleApiCall, handleUnsuccessfulApiResponse } from '../../utils/api-helpers.js'
 import { ChalkOrMarkdown, logSymbols } from '../../utils/chalk-markdown.js'
+import { InputError } from '../../utils/errors.js'
 import { printFlagList } from '../../utils/formatting.js'
 import { createDebugLogger } from '../../utils/misc.js'
 import { getPackageFiles } from '../../utils/path-resolve.js'
 import { setupSdk } from '../../utils/sdk.js'
-import { readSocketConfig } from '../../utils/socket-config.js'
 import { fetchReportData, formatReportDataOutput } from './view.js'
 
 /** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
@@ -166,6 +169,25 @@ async function setupCommand (name, description, argv, importMeta) {
   const absoluteConfigPath = path.join(cwd, 'socket.yml')
 
   const config = await readSocketConfig(absoluteConfigPath)
+    .catch(/** @param {unknown} cause */ cause => {
+      if (cause && typeof cause === 'object' && cause instanceof SocketValidationError) {
+        // Inspired by workbox-build: https://github.com/GoogleChrome/workbox/blob/95f97a207fd51efb3f8a653f6e3e58224183a778/packages/workbox-build/src/lib/validate-options.ts#L68-L71
+        const betterErrors = betterAjvErrors({
+          basePath: 'config',
+          data: cause.data,
+          errors: cause.validationErrors,
+          // @ts-ignore
+          schema: cause.schema,
+        })
+        throw new InputError(
+          'The socket.yml config is not valid',
+          betterErrors.map((err) => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n')
+        )
+      } else {
+        throw new ErrorWithCause('Failed to read socket.yml config', { cause })
+      }
+    })
+
   const packagePaths = await getPackageFiles(cwd, cli.input, config, debugLog)
 
   return {

lib/utils/errors.js

@@ -1,2 +1,14 @@
 export class AuthError extends Error {}
-export class InputError extends Error {}
+
+export class InputError extends Error {
+  /**
+   * @param {string} message
+   * @param {string} [body]
+   */
+  constructor (message, body) {
+    super(message)
+
+    /** @type {string|undefined} */
+    this.body = body
+  }
+}

lib/utils/path-resolve.js

@@ -33,7 +33,7 @@ const GLOB_IGNORE = [
  *
  * @param {string} cwd The working directory to use when resolving paths
  * @param {string[]} inputPaths A list of paths to folders, package.json files and/or recognized lockfiles. Supports globs.
- * @param {import('./socket-config.js').SocketYml|undefined} config
+ * @param {import('@socketsecurity/config').SocketYml|undefined} config
  * @param {typeof console.error} debugLog
  * @returns {Promise<string[]>}
  * @throws {InputError}

package.json

@@ -74,8 +74,9 @@
     "typescript": "~4.9.3"
   },
   "dependencies": {
+    "@apideck/better-ajv-errors": "^0.3.6",
+    "@socketsecurity/config": "^1.1.0",
     "@socketsecurity/sdk": "^0.4.0",
-    "ajv": "^8.11.2",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",
@@ -88,7 +89,6 @@
     "pony-cause": "^2.1.8",
     "prompts": "^2.4.2",
     "terminal-link": "^3.0.0",
-    "update-notifier": "^6.0.2",
-    "yaml": "^2.1.3"
+    "update-notifier": "^6.0.2"
   }
 }