From b0c00befcee58b5fd591ea4765301dca43c80e54 Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Thu, 5 Feb 2026 13:47:10 -0800
Subject: [PATCH 1/3] e2e tests for full scans

---
 .github/workflows/e2e-test.yml             | 48 ++++++++++++++++++++++
 pyproject.toml                             |  2 +-
 socketsecurity/__init__.py                 |  2 +-
 tests/e2e/fixtures/simple-npm/index.js     | 13 ++++++
 tests/e2e/fixtures/simple-npm/package.json | 15 +++++++
 5 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/e2e-test.yml
 create mode 100644 tests/e2e/fixtures/simple-npm/index.js
 create mode 100644 tests/e2e/fixtures/simple-npm/package.json

diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
new file mode 100644
index 0000000..b7ced9a
--- /dev/null
+++ b/.github/workflows/e2e-test.yml
@@ -0,0 +1,48 @@
+name: E2E Test
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  e2e-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
+        with:
+          python-version: '3.12'
+
+      - name: Install CLI from local repo
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+
+      - name: Run Socket CLI scan
+        env:
+          SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_CLI_API_TOKEN }}
+        run: |
+          set -o pipefail
+          socketcli \
+            --target-path tests/e2e/fixtures/simple-npm \
+            --disable-blocking \
+            --enable-debug \
+            2>&1 | tee /tmp/scan-output.log
+
+      - name: Verify scan produced a report
+        run: |
+          if grep -q "Full scan report URL: https://socket.dev/" /tmp/scan-output.log; then
+            echo "PASS: Full scan report URL found"
+            grep "Full scan report URL:" /tmp/scan-output.log
+          elif grep -q "Diff Url: https://socket.dev/" /tmp/scan-output.log; then
+            echo "PASS: Diff URL found"
+            grep "Diff Url:" /tmp/scan-output.log
+          else
+            echo "FAIL: No report URL found in scan output"
+            cat /tmp/scan-output.log
+            exit 1
+          fi
diff --git a/pyproject.toml b/pyproject.toml
index 124646f..ce3bb6c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.71"
+version = "2.2.72"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
index 03e8a4a..7dd23bc 100644
--- a/socketsecurity/__init__.py
+++ b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.71'
+__version__ = '2.2.72'
 USER_AGENT = f'SocketPythonCLI/{__version__}'
diff --git a/tests/e2e/fixtures/simple-npm/index.js b/tests/e2e/fixtures/simple-npm/index.js
new file mode 100644
index 0000000..8057d28
--- /dev/null
+++ b/tests/e2e/fixtures/simple-npm/index.js
@@ -0,0 +1,13 @@
+const express = require('express')
+const lodash = require('lodash')
+
+const app = express()
+
+app.get('/', (req, res) => {
+  const data = lodash.pick(req.query, ['name', 'age'])
+  res.json(data)
+})
+
+app.listen(3000, () => {
+  console.log(`Test fixture ${__filename} running on port 3000`)
+})
diff --git a/tests/e2e/fixtures/simple-npm/package.json b/tests/e2e/fixtures/simple-npm/package.json
new file mode 100644
index 0000000..49c2304
--- /dev/null
+++ b/tests/e2e/fixtures/simple-npm/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "reach-test-fixture",
+  "version": "1.0.0",
+  "description": "Test fixture for reachability analysis",
+  "main": "index.js",
+  "dependencies": {
+    "lodash": "4.17.21",
+    "express": "4.18.2",
+    "axios": "1.4.0"
+  },
+  "devDependencies": {
+    "typescript": "5.0.4",
+    "jest": "29.5.0"
+  }
+}

From d02113796658c6e80645d641c335aea72dacf1d8 Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Thu, 5 Feb 2026 13:57:51 -0800
Subject: [PATCH 2/3] e2e test for the reachability analysis

---
 .github/workflows/e2e-test.yml | 61 ++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
index b7ced9a..cc986cb 100644
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -46,3 +46,64 @@ jobs:
             cat /tmp/scan-output.log
             exit 1
           fi
+
+  e2e-reachability:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
+        with:
+          python-version: '3.12'
+
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        with:
+          node-version: '20'
+
+      - name: Install CLI from local repo
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+
+      - name: Install uv
+        run: pip install uv
+
+      - name: Run Socket CLI with reachability
+        env:
+          SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_CLI_API_TOKEN }}
+        run: |
+          set -o pipefail
+          socketcli \
+            --target-path tests/e2e/fixtures/simple-npm \
+            --reach \
+            --disable-blocking \
+            --enable-debug \
+            2>&1 | tee /tmp/reach-output.log
+
+      - name: Verify reachability analysis completed
+        run: |
+          if grep -q "Reachability analysis completed successfully" /tmp/reach-output.log; then
+            echo "PASS: Reachability analysis completed"
+            grep "Reachability analysis completed successfully" /tmp/reach-output.log
+            grep "Results written to:" /tmp/reach-output.log || true
+          else
+            echo "FAIL: Reachability analysis did not complete successfully"
+            cat /tmp/reach-output.log
+            exit 1
+          fi
+
+      - name: Verify scan produced a report
+        run: |
+          if grep -q "Full scan report URL: https://socket.dev/" /tmp/reach-output.log; then
+            echo "PASS: Full scan report URL found"
+            grep "Full scan report URL:" /tmp/reach-output.log
+          elif grep -q "Diff Url: https://socket.dev/" /tmp/reach-output.log; then
+            echo "PASS: Diff URL found"
+            grep "Diff Url:" /tmp/reach-output.log
+          else
+            echo "FAIL: No report URL found in scan output"
+            cat /tmp/reach-output.log
+            exit 1
+          fi

From 4f2be5c9893ec57616b0d5a52de88c4a310ea99d Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Thu, 5 Feb 2026 14:15:29 -0800
Subject: [PATCH 3/3] add socket.yml to exclude fixtures

---
 socket.yml | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 socket.yml

diff --git a/socket.yml b/socket.yml
new file mode 100644
index 0000000..a8bca7f
--- /dev/null
+++ b/socket.yml
@@ -0,0 +1,4 @@
+version: 2
+
+projectIgnorePaths:
+  - "tests/e2e/fixtures/"