@socketsecurity/cli-with-sentry 0.14.126 → 0.14.127

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/instrument-with-sentry.js +2 -2
  2. package/dist/instrument-with-sentry.js.map +1 -1
  3. package/dist/module-sync/cli.js +25 -23
  4. package/dist/module-sync/cli.js.map +1 -1
  5. package/dist/module-sync/shadow-npm-inject.js +2 -2
  6. package/dist/module-sync/shadow-npm-inject.js.map +1 -1
  7. package/dist/require/cli.js +25 -23
  8. package/dist/require/cli.js.map +1 -1
  9. package/dist/require/shadow-npm-inject.js +2 -2
  10. package/dist/require/shadow-npm-inject.js.map +1 -1
  11. package/package.json +1 -1
package/dist/instrument-with-sentry.js CHANGED
@@ -41,7 +41,7 @@ const relConstantsPath = './constants'
41
41
  Sentry.setTag(
42
42
  'version',
43
43
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
44
- '0.14.126:cbde084:1c0f934a:pub'
44
+ '0.14.127:0a19e43:d5696987:pub'
45
45
  )
46
46
  const constants = require(relConstantsPath)
47
47
  if (constants.ENV.SOCKET_CLI_DEBUG) {
@@ -56,5 +56,5 @@ const relConstantsPath = './constants'
56
56
  } = constants
57
57
  setSentry(Sentry)
58
58
  }
59
- //# debugId=da6eb23e-4af9-4f33-b5a0-7f84b13f7de
59
+ //# debugId=652a92d7-ac1c-4901-9425-20f78085015a
60
60
  //# sourceMappingURL=instrument-with-sentry.js.map
package/dist/instrument-with-sentry.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"da6eb23e-4af9-4f33-b5a0-7f84b13f7de"}
1
+ {"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"652a92d7-ac1c-4901-9425-20f78085015a"}
package/dist/module-sync/cli.js CHANGED
@@ -917,7 +917,7 @@ function emitBanner(name) {
917
917
  logger.logger.error(getAsciiHeader(name))
918
918
  }
919
919
  function getAsciiHeader(command) {
920
- const cliVersion = '0.14.126:cbde084:1c0f934a:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
920
+ const cliVersion = '0.14.127:0a19e43:d5696987:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
921
921
  const nodeVersion = process$1.version
922
922
  const apiToken = shadowNpmInject.getDefaultToken()
923
923
  const defaultOrg = shadowNpmInject.getConfigValue('defaultOrg')
@@ -4484,37 +4484,23 @@ async function pnpmFix(
4484
4484
  // Process the workspace root last since it will add an override to package.json.
4485
4485
  pkgEnvDetails.editablePkgJson.filename
4486
4486
  ]
4487
- let actualTree = await getActualTree(cwd)
4488
4487
  for (const { 0: name, 1: infos } of infoByPkg) {
4488
+ debug.debugLog(`Processing vulnerable package: ${name}`)
4489
4489
  if (registry.getManifestData(NPM$c, name)) {
4490
4490
  spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
4491
4491
  continue
4492
4492
  }
4493
- const oldVersions = arrays.arrayUnique(
4494
- shadowNpmInject
4495
- .findPackageNodes(actualTree, name)
4496
- .map(n => n.target?.version ?? n.version)
4497
- .filter(Boolean)
4498
- )
4499
- const packument =
4500
- oldVersions.length && infos.length
4501
- ? // eslint-disable-next-line no-await-in-loop
4502
- await packages.fetchPackagePackument(name)
4503
- : null
4504
- if (!packument) {
4505
- continue
4506
- }
4507
4493
  const fixedSpecs = new Set()
4508
4494
  for (const pkgJsonPath of pkgJsonPaths) {
4509
- // Re-read actualTree to avoid lockfile state issues
4495
+ debug.debugLog(`Checking workspace: ${pkgJsonPath}`)
4496
+
4510
4497
  // eslint-disable-next-line no-await-in-loop
4511
- actualTree = await getActualTree(cwd)
4512
- const pkgPath = path$1.dirname(pkgJsonPath)
4498
+ let actualTree = await getActualTree(cwd)
4513
4499
  const isWorkspaceRoot =
4514
4500
  pkgJsonPath === pkgEnvDetails.editablePkgJson.filename
4515
4501
  const workspaceName = isWorkspaceRoot
4516
4502
  ? 'root'
4517
- : path$1.relative(rootPath, pkgPath)
4503
+ : path$1.relative(rootPath, path$1.dirname(pkgJsonPath))
4518
4504
  const editablePkgJson = isWorkspaceRoot
4519
4505
  ? pkgEnvDetails.editablePkgJson
4520
4506
  : // eslint-disable-next-line no-await-in-loop
@@ -4525,6 +4511,20 @@ async function pnpmFix(
4525
4511
  // Get current overrides for revert logic
4526
4512
  const oldPnpmSection = editablePkgJson.content[PNPM$8]
4527
4513
  const oldOverrides = oldPnpmSection?.[OVERRIDES$2]
4514
+ const oldVersions = arrays.arrayUnique(
4515
+ shadowNpmInject
4516
+ .findPackageNodes(actualTree, name)
4517
+ .map(n => n.target?.version ?? n.version)
4518
+ .filter(Boolean)
4519
+ )
4520
+ const packument =
4521
+ oldVersions.length && infos.length
4522
+ ? // eslint-disable-next-line no-await-in-loop
4523
+ await packages.fetchPackagePackument(name)
4524
+ : null
4525
+ if (!packument) {
4526
+ continue
4527
+ }
4528
4528
  for (const oldVersion of oldVersions) {
4529
4529
  const oldSpec = `${name}@${oldVersion}`
4530
4530
  const oldPurl = `pkg:npm/${oldSpec}`
@@ -4689,11 +4689,13 @@ async function pnpmFix(
4689
4689
  }
4690
4690
  if (errored) {
4691
4691
  editablePkgJson.update(revertData)
4692
+
4692
4693
  // eslint-disable-next-line no-await-in-loop
4693
4694
  await Promise.all([
4694
4695
  shadowNpmInject.removeNodeModules(cwd),
4695
4696
  editablePkgJson.save()
4696
4697
  ])
4698
+
4697
4699
  // eslint-disable-next-line no-await-in-loop
4698
4700
  actualTree = await install(pkgEnvDetails, {
4699
4701
  spinner
@@ -4706,9 +4708,9 @@ async function pnpmFix(
4706
4708
  // eslint-disable-next-line no-await-in-loop
4707
4709
  await Promise.all([
4708
4710
  shadowNpmInject.removeNodeModules(cwd),
4709
- // Reset to base branch to isolate next PR
4710
4711
  gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)
4711
4712
  ])
4713
+
4712
4714
  // eslint-disable-next-line no-await-in-loop
4713
4715
  actualTree = await install(pkgEnvDetails, {
4714
4716
  spinner
@@ -12286,7 +12288,7 @@ void (async () => {
12286
12288
  await vendor.updater({
12287
12289
  name: SOCKET_CLI_BIN_NAME,
12288
12290
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
12289
- version: '0.14.126',
12291
+ version: '0.14.127',
12290
12292
  ttl: 86_400_000 /* 24 hours in milliseconds */
12291
12293
  })
12292
12294
  try {
@@ -12354,5 +12356,5 @@ void (async () => {
12354
12356
  await shadowNpmInject.captureException(e)
12355
12357
  }
12356
12358
  })()
12357
- //# debugId=54d7166c-6eaf-4ad9-8f14-e10e2ac6080e
12359
+ //# debugId=92ccfd7b-4beb-4c61-a85c-bf426e57a92a
12358
12360
  //# sourceMappingURL=cli.js.map