npm - @socketsecurity/cli-with-sentry - Versions diffs - 0.14.114 → 0.14.116 - Mend

@socketsecurity/cli-with-sentry 0.14.114 → 0.14.116

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/instrument-with-sentry.js +2 -2
package/dist/instrument-with-sentry.js.map +1 -1
package/dist/module-sync/cli.js +25 -34
package/dist/module-sync/cli.js.map +1 -1
package/dist/module-sync/fs.d.ts +63 -0
package/dist/module-sync/shadow-npm-inject.js +270 -16
package/dist/module-sync/shadow-npm-inject.js.map +1 -1
package/dist/module-sync/shadow-npm-paths.d.ts +0 -23
package/dist/module-sync/shadow-npm-paths.js +4 -227
package/dist/module-sync/shadow-npm-paths.js.map +1 -1
package/dist/module-sync/vendor.js +20283 -20282
package/dist/module-sync/vendor.js.map +1 -1
package/dist/require/cli.js +25 -34
package/dist/require/cli.js.map +1 -1
package/dist/require/shadow-npm-inject.js +270 -16
package/dist/require/shadow-npm-inject.js.map +1 -1
package/dist/require/shadow-npm-paths.d.ts +0 -23
package/dist/require/shadow-npm-paths.js +4 -227
package/dist/require/shadow-npm-paths.js.map +1 -1
package/package.json +5 -5

package/dist/instrument-with-sentry.js CHANGED Viewed

@@ -41,7 +41,7 @@ const relConstantsPath = './constants'
   Sentry.setTag(
     'version',
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    '0.14.114:6709538:d8784340:pub'
+    '0.14.116:0dae31b:5f34e003:pub'
   )
   const constants = require(relConstantsPath)
   if (constants.ENV.SOCKET_CLI_DEBUG) {
@@ -56,5 +56,5 @@ const relConstantsPath = './constants'
   } = constants
   setSentry(Sentry)
 }
-//# debugId=e2a7e44f-121f-464d-9f46-d3200dfb95e9
+//# debugId=5faf840a-2ab6-4ffd-9f14-7c1948cda203
 //# sourceMappingURL=instrument-with-sentry.js.map

package/dist/instrument-with-sentry.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"~~e2a7e44f~~-~~121f~~-~~464d~~-~~9f46~~-~~d3200dfb95e9~~"}
1	+ {"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"5faf840a-2ab6-4ffd-9f14-7c1948cda203"}

package/dist/module-sync/cli.js CHANGED Viewed

@@ -917,7 +917,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.114:6709538:d8784340:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.116:0dae31b:5f34e003:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const defaultOrg = shadowNpmInject.getConfigValue('defaultOrg')
@@ -3831,11 +3831,6 @@ async function gitCreateAndPushBranchIfNeeded(
       basename === 'pnpm-lock.yaml'
     )
   })
-  debug.debugLog('branch', branch)
-  debug.debugLog(
-    'gitCreateAndPushBranchIfNeeded > moddedFilepaths',
-    moddedFilepaths
-  )
   if (moddedFilepaths.length) {
     await spawn.spawn('git', ['add', ...moddedFilepaths], {
       cwd
@@ -3905,7 +3900,6 @@ async function doesPullRequestExistForBranch(owner, repo, branch) {
       head: `${owner}:${branch}`,
       state: 'open'
     })
-    debug.debugLog('doesPullRequestExistForBranch > prs', prs)
     return prs.length > 0
   } catch {}
   return false
@@ -4030,9 +4024,10 @@ async function npmFix(
   pkgEnvDetails,
   { autoMerge, cwd, purls, rangeStyle, spinner, test, testScript }
 ) {
+  const { pkgPath: rootPath } = pkgEnvDetails
   spinner?.start()
   const arb = new shadowNpmInject.SafeArborist({
-    path: pkgEnvDetails.pkgPath,
+    path: rootPath,
     ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
   })
   // Calling arb.reify() creates the arb.diff object and nulls-out arb.idealTree.
@@ -4057,14 +4052,14 @@ async function npmFix(
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI$1]
-  const { pkgPath: rootPath } = pkgEnvDetails
   const { 0: isRepo, 1: workspacePkgJsonPaths } = await Promise.all([
     isInGitRepo(cwd),
-    shadowNpmPaths.globWorkspace(pkgEnvDetails)
+    shadowNpmInject.globWorkspace(pkgEnvDetails.agent, rootPath)
   ])
   const pkgJsonPaths = [
-    pkgEnvDetails.editablePkgJson.filename,
-    ...workspacePkgJsonPaths
+    ...workspacePkgJsonPaths,
+    // Process the workspace root last since it will add an override to package.json.
+    pkgEnvDetails.editablePkgJson.filename
   ]
   await arb.buildIdealTree()
   for (const { 0: name, 1: infos } of infoByPkg) {
@@ -4253,6 +4248,8 @@ async function npmFix(
                 spinner?.error(`Reverting ${newSpec}${workspaceDetails}`, error)
               }
             }
+            // eslint-disable-next-line no-await-in-loop
+            await shadowNpmInject.removeNodeModules(cwd)
             if (isRepo) {
               // eslint-disable-next-line no-await-in-loop
               await gitHardReset(cwd)
@@ -4439,12 +4436,10 @@ async function pnpmFix(
   pkgEnvDetails,
   { autoMerge, cwd, purls, rangeStyle, spinner, test, testScript }
 ) {
-  const lockfile = await vendor.libExports$3.readWantedLockfile(
-    pkgEnvDetails.pkgPath,
-    {
-      ignoreIncompatible: false
-    }
-  )
+  const { pkgPath: rootPath } = pkgEnvDetails
+  const lockfile = await vendor.libExports$3.readWantedLockfile(rootPath, {
+    ignoreIncompatible: false
+  })
   if (!lockfile) {
     return
   }
@@ -4471,21 +4466,20 @@ async function pnpmFix(
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI]
-  const { pkgPath: rootPath } = pkgEnvDetails
   const {
     0: isRepo,
     1: workspacePkgJsonPaths,
     2: initialTree
   } = await Promise.all([
     isInGitRepo(cwd),
-    shadowNpmPaths.globWorkspace(pkgEnvDetails),
+    shadowNpmInject.globWorkspace(pkgEnvDetails.agent, rootPath),
     getActualTree(cwd)
   ])
   const pkgJsonPaths = [
-    pkgEnvDetails.editablePkgJson.filename,
-    ...workspacePkgJsonPaths
+    ...workspacePkgJsonPaths,
+    // Process the workspace root last since it will add an override to package.json.
+    pkgEnvDetails.editablePkgJson.filename
   ]
-  debug.debugLog('workspacePkgJsonPaths', workspacePkgJsonPaths)
   let actualTree = initialTree
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
@@ -4517,9 +4511,6 @@ async function pnpmFix(
           firstPatchedVersionIdentifier,
           vulnerableVersionRange
         } of infos) {
-          debug.debugLog('name', name)
-          debug.debugLog('oldVersion', oldVersion)
-          debug.debugLog('pkgJsonPath', pkgJsonPath)
           const node = shadowNpmInject.findPackageNode(
             actualTree,
             name,
@@ -4645,7 +4636,6 @@ async function pnpmFix(
             rangeStyle
           )
           debug.debugLog('updatePackageJsonFromNode', modded)
-          debug.debugLog(branch, editablePkgJson.filename)
           let error
           let errored = false
           let installed = false
@@ -4687,17 +4677,13 @@ async function pnpmFix(
             error = e
             errored = true
           }
-          debug.debugLog('check "shouldOpenPr":', shouldOpenPr)
-          debug.debugLog('check "errored":', errored)
           if (!errored && shouldOpenPr) {
-            debug.debugLog('1: gitCreateAndPushBranchIfNeeded')
             // eslint-disable-next-line no-await-in-loop
             await gitCreateAndPushBranchIfNeeded(
               branch,
               getSocketCommitMessage(oldPurl, newVersion, workspaceName),
               cwd
             )
-            debug.debugLog('2: openGitHubPullRequest')
             // eslint-disable-next-line no-await-in-loop
             const prResponse = await openGitHubPullRequest(
               owner,
@@ -4724,6 +4710,8 @@ async function pnpmFix(
               }
             }
             editablePkgJson.update(revertData)
+            // eslint-disable-next-line no-await-in-loop
+            await shadowNpmInject.removeNodeModules(cwd)
             if (isRepo) {
               // eslint-disable-next-line no-await-in-loop
               await gitHardReset(cwd)
@@ -7522,7 +7510,10 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
       updated: new Set(),
       updatedInWorkspaces: new Set(),
       warnedPnpmWorkspaceRequiresNpm: false,
-      workspacePkgJsonPaths: await shadowNpmPaths.globWorkspace(pkgEnvDetails)
+      workspacePkgJsonPaths: await shadowNpmInject.globWorkspace(
+        agent,
+        rootPath
+      )
     }
   } = {
     __proto__: null,
@@ -12315,7 +12306,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.114',
+    version: '0.14.116',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -12383,5 +12374,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=79766fe4-6a25-4f10-93af-69276e4074ab
+//# debugId=4ecd13c9-8788-41d3-b85a-e5558ed25ddf
 //# sourceMappingURL=cli.js.map