fix(root): adds fix to capture errors

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pastoralist",
-  "version": "1.8.4",
+  "version": "1.9.0",
   "description": "A tool to watch over node module resolutions and overrides 🐑 👩🏽‍🌾",
   "main": "dist/index.cjs",
   "module": "dist/index.js",

src/cli/index.ts

@@ -1,14 +1,15 @@
 #!/usr/bin/env node
 
 import { parseArgs, showHelp } from "./parser";
-import { createSpinner, green } from "../utils";
+import { createSpinner, green, yellow } from "../utils";
 import {
   Options,
   PastoralistJSON,
   PastoralistResult,
   SecurityAlert,
   SecurityOverride,
   SecurityOverrideDetail,
+  SecurityProviderPermissionError,
 } from "../types";
 import { update } from "../core/update";
 import { logger as createLogger } from "../utils";
@@ -101,6 +102,7 @@ export const runSecurityCheck = async (
     SecurityChecker,
     determineSecurityScanPaths,
     green,
+    yellow,
   },
 ) => {
   const spinner = deps
@@ -137,6 +139,24 @@ export const runSecurityCheck = async (
 
     return { spinner, securityChecker, alerts, securityOverrides, updates };
   } catch (error) {
+    if (error instanceof SecurityProviderPermissionError) {
+      spinner.warn(`🔒 ${deps.yellow(`pastoralist`)} ${error.message}`);
+      const securityChecker = new deps.SecurityChecker({
+        provider: mergedOptions.securityProvider,
+        forceRefactor: mergedOptions.forceSecurityRefactor,
+        interactive: mergedOptions.interactive,
+        token: mergedOptions.securityProviderToken,
+        debug: isLogging,
+      });
+      return {
+        spinner,
+        securityChecker,
+        alerts: [],
+        securityOverrides: [],
+        updates: [],
+        skipped: true,
+      };
+    }
     spinner.fail(
       `🔒 ${deps.green(`pastoralist`)} security check failed: ${error instanceof Error ? error.message : String(error)}`,
     );

src/core/security/providers/github.ts

@@ -5,6 +5,7 @@ import {
   SecurityAlert,
   SecurityCheckOptions,
   GithubApiError,
+  SecurityProviderPermissionError,
 } from "../../../types";
 import { logger, retry } from "../../../utils";
 import {
@@ -225,6 +226,13 @@ export class GitHubSecurityProvider {
         factor: 2,
         minTimeout: 1000,
         onFailedAttempt: (error) => {
+          const errorMessage = String(error);
+          if (this.isPermissionError(errorMessage)) {
+            throw new SecurityProviderPermissionError(
+              "GitHub CLI",
+              errorMessage,
+            );
+          }
           this.log.debug(
             `gh CLI attempt ${error.attemptNumber} failed`,
             "fetchAlertsWithGhCli",
@@ -240,6 +248,13 @@ export class GitHubSecurityProvider {
 
       return Array.isArray(alerts) ? alerts : [];
     } catch (error) {
+      if (error instanceof SecurityProviderPermissionError) {
+        throw error;
+      }
+      const errorMessage = String(error);
+      if (this.isPermissionError(errorMessage)) {
+        throw new SecurityProviderPermissionError("GitHub CLI", errorMessage);
+      }
       this.log.error(
         "Failed to fetch alerts with gh CLI",
         "fetchAlertsWithGhCli",
@@ -249,6 +264,19 @@ export class GitHubSecurityProvider {
     }
   }
 
+  private isPermissionError(message: string): boolean {
+    const permissionPatterns = [
+      "Resource not accessible by integration",
+      "Must have admin rights",
+      "Not Found",
+      "Dependabot alerts are not enabled",
+      "vulnerability alerts are disabled",
+    ];
+    return permissionPatterns.some((pattern) =>
+      message.toLowerCase().includes(pattern.toLowerCase()),
+    );
+  }
+
   private async fetchFromGitHubAPI(): Promise<DependabotAlert[]> {
     const url = `https://api.github.com/repos/${this.owner}/${this.repo}/dependabot/alerts`;
     const controller = new AbortController();
@@ -268,9 +296,13 @@ export class GitHubSecurityProvider {
 
       if (!response.ok) {
         const error: GithubApiError = await response.json();
-        throw new Error(
-          `GitHub API error: ${error.message || response.statusText}`,
-        );
+        const errorMessage = error.message || response.statusText;
+
+        if (this.isPermissionError(errorMessage)) {
+          throw new SecurityProviderPermissionError("GitHub", errorMessage);
+        }
+
+        throw new Error(`GitHub API error: ${errorMessage}`);
       }
 
       const alerts = await response.json();
@@ -286,14 +318,22 @@ export class GitHubSecurityProvider {
         retries: 3,
         factor: 2,
         minTimeout: 1000,
-        onFailedAttempt: (error) => {
+        onFailedAttempt: (error: Error & { attemptNumber?: number }) => {
+          const isPermissionError =
+            error.name === "SecurityProviderPermissionError";
+          if (isPermissionError) {
+            throw error;
+          }
           this.log.debug(
             `GitHub API attempt ${error.attemptNumber} failed`,
             "fetchAlertsWithApi",
           );
         },
       });
     } catch (error) {
+      if (error instanceof SecurityProviderPermissionError) {
+        throw error;
+      }
       this.log.error("Failed to fetch alerts with API", "fetchAlertsWithApi", {
         error,
       });

src/core/security/types.ts

@@ -102,6 +102,18 @@ export interface GithubApiError {
   status?: number;
 }
 
+export class SecurityProviderPermissionError extends Error {
+  constructor(
+    public provider: string,
+    public originalMessage: string,
+  ) {
+    super(
+      `${provider} security check skipped: insufficient permissions. ${originalMessage}`,
+    );
+    this.name = "SecurityProviderPermissionError";
+  }
+}
+
 import type {
   GitHubSecurityProvider,
   SnykCLIProvider,

src/utils/index.ts

@@ -1,5 +1,5 @@
 export { default as createSpinner } from "./spinner";
-export { green } from "./colors";
+export { green, yellow } from "./colors";
 export type { SpinnerState, Spinner } from "./types";
 export {
   hideCursor,