Fixing compatibility drift between CLI <> SDK surfaced by test failures

lelia · lelia · commit 53e5b2a8dce2 · 2026-03-05T19:38:19.000-05:00
Signed-off-by: lelia &lt;lelia@socket.dev&gt;
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
@@ -88,19 +88,16 @@ def get_org_id_slug(self) -> Tuple[str, str]:
             return org_id, organizations[org_id]['slug']
         return None, None
 
-    def get_sbom_data(self, full_scan_id: str) -> List[SocketArtifact]:
-        """Returns the list of SBOM artifacts for a full scan."""
+    def get_sbom_data(self, full_scan_id: str) -> Dict[str, SocketArtifact]:
+        """Returns SBOM artifacts for a full scan keyed by artifact ID."""
         response = self.sdk.fullscans.stream(self.config.org_slug, full_scan_id, use_types=True)
-        artifacts: List[SocketArtifact] = []
         if not response.success:
             log.debug(f"Failed to get SBOM data for full-scan {full_scan_id}")
             log.debug(response.message)
             return {}
         if not hasattr(response, "artifacts") or not response.artifacts:
-            return artifacts
-        for artifact_id in response.artifacts:
-            artifacts.append(response.artifacts[artifact_id])
-        return artifacts
+            return {}
+        return response.artifacts
 
     def get_sbom_data_list(self, artifacts_dict: Dict[str, SocketArtifact]) -> list[SocketArtifact]:
         """Converts artifacts dictionary to a list."""
diff --git a/socketsecurity/core/classes.py b/socketsecurity/core/classes.py
@@ -1,8 +1,15 @@
 import json
 from dataclasses import dataclass, field
-from typing import Dict, List, TypedDict, Any, Optional
+from typing import Dict, List, Optional, TypedDict
 
-from socketdev.fullscans import FullScanMetadata, SocketArtifact, SocketArtifactLink, DiffType, SocketManifestReference, SocketScore, SocketAlert
+from socketdev.fullscans import (
+    FullScanMetadata,
+    SocketAlert,
+    SocketArtifact,
+    SocketArtifactLink,
+    SocketManifestReference,
+    SocketScore,
+)
 
 __all__ = [
     "Report",
@@ -109,8 +116,8 @@ class Package():
     type: str
     name: str
     version: str
-    release: str
-    diffType: str
+    release: Optional[str] = None
+    diffType: Optional[str] = None
     id: str
     author: List[str] = field(default_factory=list)
     score: SocketScore
@@ -158,6 +165,8 @@ def from_socket_artifact(cls, data: dict) -> "Package":
             name=data["name"],
             version=data["version"],
             type=data["type"],
+            release=data.get("release"),
+            diffType=data.get("diffType"),
             score=data["score"],
             alerts=data["alerts"],
             author=data.get("author", []),
@@ -187,10 +196,36 @@ def from_diff_artifact(cls, data: dict) -> "Package":
         Raises:
             ValueError: If reference data cannot be found in DiffArtifact
         """
+        diff_type = data.get("diffType")
+        if hasattr(diff_type, "value"):
+            diff_type = diff_type.value
+
+        # Newer API responses may provide flattened diff artifacts without refs.
+        if "topLevelAncestors" in data or (not data.get("head") and not data.get("base")):
+            return cls(
+                id=data["id"],
+                name=data["name"],
+                version=data["version"],
+                type=data["type"],
+                score=data.get("score", data.get("scores", {})),
+                alerts=data.get("alerts", []),
+                author=data.get("author", []),
+                size=data.get("size"),
+                license=data.get("license"),
+                topLevelAncestors=data.get("topLevelAncestors", []),
+                direct=data.get("direct", True),
+                manifestFiles=data.get("manifestFiles", []),
+                dependencies=data.get("dependencies"),
+                artifact=data.get("artifact"),
+                namespace=data.get("namespace"),
+                release=data.get("release"),
+                diffType=diff_type,
+            )
+
         ref = None
-        if data["diffType"] in ["added", "updated", "unchanged"] and data.get("head"):
+        if diff_type in ["added", "updated", "unchanged"] and data.get("head"):
             ref = data["head"][0]
-        elif data["diffType"] in ["removed", "replaced"] and data.get("base"):
+        elif diff_type in ["removed", "replaced"] and data.get("base"):
             ref = data["base"][0]
 
         if not ref:
@@ -201,8 +236,8 @@ def from_diff_artifact(cls, data: dict) -> "Package":
             name=data["name"],
             version=data["version"],
             type=data["type"],
-            score=data["score"],
-            alerts=data["alerts"],
+            score=data.get("score", data.get("scores", {})),
+            alerts=data.get("alerts", []),
             author=data.get("author", []),
             size=data.get("size"),
             license=data.get("license"),
@@ -213,7 +248,7 @@ def from_diff_artifact(cls, data: dict) -> "Package":
             artifact=ref.get("artifact"),
             namespace=data.get('namespace', None),
             release=ref.get("release", None),
-            diffType=ref.get("diffType", None),
+            diffType=ref.get("diffType", diff_type),
         )
 
 class Issue:
