SocketDev · dacoburn · Apr 1, 2025 · Apr 1, 2025
@@ -1,6 +1,6 @@
 # Socket Security CLI
 
-The Socket Security CLI was created to enable integrations with other tools like Github Actions, Gitlab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code.
+The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, Gitlab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code.
 
 ## Usage
 
@@ -18,62 +18,63 @@ If you don't want to provide the Socket API Token every time then you can use th
 ### Parameters
 
 #### Authentication
-| Parameter     | Required | Default | Description                                                                           |
-|:-------------|:---------|:--------|:--------------------------------------------------------------------------------------|
-| --api-token  | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var)       |
+| Parameter   | Required | Default | Description                                                                     |
+|:------------|:---------|:--------|:--------------------------------------------------------------------------------|
+| --api-token | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) |
 
 #### Repository
-| Parameter    | Required | Default | Description                                                              |
-|:-------------|:---------|:--------|:-------------------------------------------------------------------------|
-| --repo       | False    |         | Repository name in owner/repo format                                     |
-| --integration| False    | api     | Integration type (api, github, gitlab)                                   |
-| --owner      | False    |         | Name of the integration owner, defaults to the socket organization slug  |
-| --branch     | False    | ""      | Branch name                                                             |
-| --committers | False    |         | Committer(s) to filter by                                               |
+| Parameter     | Required | Default | Description                                                             |
+|:--------------|:---------|:--------|:------------------------------------------------------------------------|
+| --repo        | False    |         | Repository name in owner/repo format                                    |
+| --integration | False    | api     | Integration type (api, github, gitlab)                                  |
+| --owner       | False    |         | Name of the integration owner, defaults to the socket organization slug |
+| --branch      | False    | ""      | Branch name                                                             |
+| --committers  | False    |         | Committer(s) to filter by                                               |
 
 #### Pull Request and Commit
-| Parameter       | Required | Default | Description        |
-|:----------------|:---------|:--------|:-------------------|
-| --pr-number     | False    | "0"     | Pull request number|
-| --commit-message| False    |         | Commit message     |
-| --commit-sha    | False    | ""      | Commit SHA         |
+| Parameter        | Required | Default | Description         |
+|:-----------------|:---------|:--------|:--------------------|
+| --pr-number      | False    | "0"     | Pull request number |
+| --commit-message | False    |         | Commit message      |
+| --commit-sha     | False    | ""      | Commit SHA          |
 
 #### Path and File
-| Parameter    | Required | Default | Description                                |
-|:-------------|:---------|:--------|:-------------------------------------------|
-| --target-path| False    | ./      | Target path for analysis                   |
-| --sbom-file  | False    |         | SBOM file path                            |
-| --files      | False    | []      | Files to analyze (JSON array string)       |
+| Parameter     | Required | Default | Description                          |
+|:--------------|:---------|:--------|:-------------------------------------|
+| --target-path | False    | ./      | Target path for analysis             |
+| --sbom-file   | False    |         | SBOM file path                       |
+| --files       | False    | []      | Files to analyze (JSON array string) |
 
 #### Branch and Scan Configuration
-| Parameter      | Required | Default | Description                                               |
-|:---------------|:---------|:--------|:----------------------------------------------------------|
-| --default-branch| False    | False   | Make this branch the default branch                       |
-| --pending-head | False    | False   | If true, the new scan will be set as the branch's head scan|
+| Parameter        | Required | Default | Description                                                 |
+|:-----------------|:---------|:--------|:------------------------------------------------------------|
+| --default-branch | False    | False   | Make this branch the default branch                         |
+| --pending-head   | False    | False   | If true, the new scan will be set as the branch's head scan |
 
 #### Output Configuration
-| Parameter              | Required | Default | Description                                                    |
-|:----------------------|:---------|:--------|:---------------------------------------------------------------|
-| --generate-license    | False    | False   | Generate license information                                   |
-| --enable-debug       | False    | False   | Enable debug logging                                          |
-| --enable-json        | False    | False   | Output in JSON format                                         |
-| --enable-sarif       | False    | False   | Enable SARIF output of results instead of table or JSON format|
-| --disable-overview   | False    | False   | Disable overview output                                       |
+| Parameter                 | Required | Default | Description                                                                       |
+|:--------------------------|:---------|:--------|:----------------------------------------------------------------------------------|
+| --generate-license        | False    | False   | Generate license information                                                      |
+| --enable-debug            | False    | False   | Enable debug logging                                                              |
+| --enable-json             | False    | False   | Output in JSON format                                                             |
+| --enable-sarif            | False    | False   | Enable SARIF output of results instead of table or JSON format                    |
+| --disable-overview        | False    | False   | Disable overview output                                                           |
 | --exclude-license-details | False    | False   | Exclude license details from the diff report (boosts performance for large repos) |
 
 #### Security Configuration
-| Parameter               | Required | Default | Description                    |
-|:-----------------------|:---------|:--------|:-------------------------------|
-| --allow-unverified     | False    | False   | Allow unverified packages     |
-| --disable-security-issue| False    | False   | Disable security issue checks |
+| Parameter                | Required | Default | Description                   |
+|:-------------------------|:---------|:--------|:------------------------------|
+| --allow-unverified       | False    | False   | Allow unverified packages     |
+| --disable-security-issue | False    | False   | Disable security issue checks |
 
 #### Advanced Configuration
-| Parameter           | Required | Default | Description                                    |
-|:-------------------|:---------|:--------|:-----------------------------------------------|
-| --ignore-commit-files| False    | False   | Ignore commit files                           |
-| --disable-blocking  | False    | False   | Disable blocking mode                         |
-| --scm              | False    | api     | Source control management type                |
-| --timeout          | False    |         | Timeout in seconds for API requests           |
+| Parameter                | Required | Default | Description                                                           |
+|:-------------------------|:---------|:--------|:----------------------------------------------------------------------|
+| --ignore-commit-files    | False    | False   | Ignore commit files                                                   |
+| --disable-blocking       | False    | False   | Disable blocking mode                                                 |
+| --scm                    | False    | api     | Source control management type                                        |
+| --timeout                | False    |         | Timeout in seconds for API requests                                   |
+| --include-module-folders | False    | False   | If enabled will include manifest files from folders like node_modules |
 
 ## File Selection Behavior
 

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.0.32"
+version = "2.0.33"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.0.32'
+__version__ = '2.0.33'
 
@@ -34,6 +34,7 @@ class CliConfig:
     pending_head: bool = False
     timeout: Optional[int] = 1200
     exclude_license_details: bool = False
+    include_module_folders: bool = False
     @classmethod
     def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
         parser = create_argument_parser()
@@ -73,6 +74,7 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
             'pending_head': args.pending_head,
             'timeout': args.timeout,
             'exclude_license_details': args.exclude_license_details,
+            'include_module_folders': args.include_module_folders,
         }
 
         if args.owner:
@@ -234,7 +236,6 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help=argparse.SUPPRESS
     )
-
     # Output Configuration
     output_group = parser.add_argument_group('Output Configuration')
     output_group.add_argument(
@@ -351,5 +352,12 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help="Timeout in seconds for API requests",
         required=False
     )
+    config_group.add_argument(
+        "--include-module-folders",
+        dest="include_module_folders",
+        action="store_true",
+        default=False,
+        help="Enabling including module folders like node_modules"
+    )
 
     return parser
@@ -146,6 +146,14 @@ def expand_brace_pattern(pattern: str) -> List[str]:
 
         return expanded_patterns
 
+    @staticmethod
+    def is_excluded(file_path: str, excluded_dirs: Set[str]) -> bool:
+        parts = os.path.normpath(file_path).split(os.sep)
+        for part in parts:
+            if part in excluded_dirs:
+                return True
+        return False
+
     def find_files(self, path: str) -> List[str]:
         """
         Finds supported manifest files in the given path.
@@ -186,7 +194,7 @@ def find_files(self, path: str) -> List[str]:
                     glob_files = glob(file_path, recursive=True)
 
                     for glob_file in glob_files:
-                        if os.path.isfile(glob_file):
+                        if os.path.isfile(glob_file) and not Core.is_excluded(glob_file, self.config.excluded_dirs):
                             files.add(glob_file)
 
                     glob_end = time.time()

@@ -1,11 +1,19 @@
-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from typing import Dict, Optional
 from urllib.parse import urlparse
+from typing import Set
 import os
 
 from socketsecurity.core.issues import AllIssues
 
 
+default_exclude_dirs = {
+    "node_modules", "bower_components", "jspm_packages",   # JS/TS
+    "__pycache__", ".venv", "venv", "build", "dist",       # Python
+    ".tox", ".mypy_cache", ".pytest_cache", "*.egg-info",
+    "vendor"
+}
+
 @dataclass
 class SocketConfig:
     api_key: str
@@ -18,6 +26,7 @@ class SocketConfig:
     repository_path: Optional[str] = None
     security_policy: Dict = None
     all_issues: Optional['AllIssues'] = None
+    excluded_dirs: Set[str] = field(default_factory=lambda: default_exclude_dirs)
 
     def __post_init__(self):
         """Validate configuration after initialization"""
@@ -45,7 +54,7 @@ def _validate_api_url(url: str) -> None:
             parsed = urlparse(url)
             if not all([parsed.scheme, parsed.netloc]):
                 raise ValueError("Invalid URL format")
-            if parsed.scheme != "https":
+            if parsed.scheme != "https" and os.getenv("RUN_ENVIRONMENT", 'prod') != "dev":
                 raise ValueError("API URL must use HTTPS")
         except Exception as e:
             raise ValueError(f"Invalid API URL: {str(e)}")