From 4a80415608b72bf8f0faec864426d138675a3a37 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Thu, 28 May 2026 08:27:54 +0200 Subject: [PATCH 1/2] fix(scan): suppress auto-manifest hint when .socket.facts.json exists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "Detected N manifest targets we could try to generate" hint in `socket scan create` nudges users to pass --auto-manifest. Skip it when a `.socket.facts.json` is already present at cwd — that file is the output of `socket manifest auto` (or the per-ecosystem `--facts` mode), the scan already picks it up via handle-create-new-scan, and the suggestion is misleading in that state. --- src/commands/scan/cmd-scan-create.mts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts index 502559346..6a6afd1ec 100644 --- a/src/commands/scan/cmd-scan-create.mts +++ b/src/commands/scan/cmd-scan-create.mts @@ -1,3 +1,4 @@ +import { existsSync } from 'node:fs' import path from 'node:path' import { joinAnd } from '@socketsecurity/registry/lib/arrays' @@ -443,7 +444,15 @@ async function run( } const detected = await detectManifestActions(sockJson, cwd) - if (detected.count > 0 && !autoManifest) { + // Suppress the --auto-manifest suggestion when a `.socket.facts.json` is + // already present at cwd. That file is the output of `socket manifest auto` + // (and `--facts` mode of the per-ecosystem manifest commands), so suggesting + // to regenerate it would be misleading — the manifest data is already there + // and will be picked up by the scan. + const hasFactsFile = existsSync( + path.join(cwd, constants.DOT_SOCKET_DOT_FACTS_JSON), + ) + if (detected.count > 0 && !autoManifest && !hasFactsFile) { logger.info( `Detected ${detected.count} manifest targets we could try to generate. Please set the --auto-manifest flag if you want to include languages covered by \`socket manifest auto\` in the Scan.`, ) From dc256170d5230588a16843c69364c78c85313d87 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Thu, 28 May 2026 08:35:24 +0200 Subject: [PATCH 2/2] style: swap em-dash for semicolon in auto-manifest hint comment --- src/commands/scan/cmd-scan-create.mts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts index 6a6afd1ec..db404f4a9 100644 --- a/src/commands/scan/cmd-scan-create.mts +++ b/src/commands/scan/cmd-scan-create.mts @@ -447,7 +447,7 @@ async function run( // Suppress the --auto-manifest suggestion when a `.socket.facts.json` is // already present at cwd. That file is the output of `socket manifest auto` // (and `--facts` mode of the per-ecosystem manifest commands), so suggesting - // to regenerate it would be misleading — the manifest data is already there + // to regenerate it would be misleading; the manifest data is already there // and will be picked up by the scan. const hasFactsFile = existsSync( path.join(cwd, constants.DOT_SOCKET_DOT_FACTS_JSON),