@socketsecurity/cli-with-sentry 0.14.132 → 0.14.134

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +3 -3
  2. package/dist/cli.js.map +1 -1
  3. package/dist/instrument-with-sentry.js +2 -2
  4. package/dist/instrument-with-sentry.js.map +1 -1
  5. package/dist/shadow-npm-inject.js +23 -13
  6. package/dist/shadow-npm-inject.js.map +1 -1
  7. package/package.json +1 -1
package/dist/instrument-with-sentry.js CHANGED
@@ -30,7 +30,7 @@ const relConstantsPath = './constants'
30
30
  Sentry.setTag(
31
31
  'version',
32
32
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
33
- '0.14.132:afe2c00:74378e05:pub'
33
+ '0.14.134:c664da6:7e80f505:pub'
34
34
  )
35
35
  const constants = require(relConstantsPath)
36
36
  if (constants.ENV.SOCKET_CLI_DEBUG) {
@@ -45,5 +45,5 @@ const relConstantsPath = './constants'
45
45
  } = constants
46
46
  setSentry(Sentry)
47
47
  }
48
- //# debugId=a898c611-a022-4466-b8ae-81aed294b05d
48
+ //# debugId=f4ea1bb5-ee15-4115-b62f-342021fa364a
49
49
  //# sourceMappingURL=instrument-with-sentry.js.map
package/dist/instrument-with-sentry.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"instrument-with-sentry.js","sources":["../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"a898c611-a022-4466-b8ae-81aed294b05d"}
1
+ {"version":3,"file":"instrument-with-sentry.js","sources":["../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"f4ea1bb5-ee15-4115-b62f-342021fa364a"}
package/dist/shadow-npm-inject.js CHANGED
@@ -662,7 +662,7 @@ async function setupSdk(
662
662
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
663
663
  name: '@socketsecurity/cli',
664
664
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
665
- version: '0.14.132',
665
+ version: '0.14.134',
666
666
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
667
667
  homepage: 'https://github.com/SocketDev/socket-cli'
668
668
  })
@@ -2091,7 +2091,6 @@ async function addArtifactToAlertsMap(artifact, alertsByPkgId, options) {
2091
2091
  return alertsByPkgId
2092
2092
  }
2093
2093
  function getCveInfoByAlertsMap(alertsMap, options) {
2094
- debug.debugLog('getCveInfoByAlertsMap')
2095
2094
  const exclude = {
2096
2095
  upgradable: true,
2097
2096
  ...{
@@ -2123,16 +2122,22 @@ function getCveInfoByAlertsMap(alertsMap, options) {
2123
2122
  }
2124
2123
  const { firstPatchedVersionIdentifier, vulnerableVersionRange } =
2125
2124
  alert.props
2126
- debug.debugLog({
2127
- firstPatchedVersionIdentifier,
2128
- vulnerableVersionRange
2129
- })
2130
- infos.push({
2131
- firstPatchedVersionIdentifier,
2132
- vulnerableVersionRange: new vendor.semverExports.Range(
2125
+ try {
2126
+ infos.push({
2127
+ firstPatchedVersionIdentifier,
2128
+ vulnerableVersionRange: new vendor.semverExports.Range(
2129
+ // Replace ', ' in a range like '>= 1.0.0, < 1.8.2' with ' ' so that
2130
+ // semver.Range will parse it without erroring.
2131
+ vulnerableVersionRange.replace(/, +/g, ' ')
2132
+ ).format()
2133
+ })
2134
+ } catch (e) {
2135
+ debug.debugLog('getCveInfoByAlertsMap', {
2136
+ firstPatchedVersionIdentifier,
2133
2137
  vulnerableVersionRange
2134
- ).format()
2135
- })
2138
+ })
2139
+ debug.debugLog(e)
2140
+ }
2136
2141
  }
2137
2142
  }
2138
2143
  return infoByPkg
@@ -2359,7 +2364,12 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
2359
2364
  ...options_
2360
2365
  }
2361
2366
  const depTypes = vendor.libExports$1.detectDepTypes(lockfile)
2362
- const purls = Object.keys(depTypes).map(id => `pkg:npm/${id}`)
2367
+ const purls = Object.keys(depTypes).map(id => {
2368
+ const lastAtSignIndex = id.lastIndexOf('@')
2369
+ const name = id.slice(0, lastAtSignIndex)
2370
+ const version = id.slice(lastAtSignIndex + 1)
2371
+ return `pkg:npm/${name}@${vendor.semverExports.coerce(version)}`
2372
+ })
2363
2373
  return await getAlertsMapFromPurls(purls, {
2364
2374
  overrides: lockfile.overrides,
2365
2375
  ...options
@@ -2636,5 +2646,5 @@ exports.supportedConfigKeys = supportedConfigKeys
2636
2646
  exports.updateConfigValue = updateConfigValue
2637
2647
  exports.updateNode = updateNode
2638
2648
  exports.updatePackageJsonFromNode = updatePackageJsonFromNode
2639
- //# debugId=c6745dd0-bfed-47bc-ba6b-ba7854e60f2a
2649
+ //# debugId=e0148269-7fb3-4bfb-96b4-79b980d11acd
2640
2650
  //# sourceMappingURL=shadow-npm-inject.js.map