@socketsecurity/cli-with-sentry 0.14.44

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Socket Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,121 @@
+# Socket CLI
+
+[![Socket Badge](https://socket.dev/api/badge/npm/package/socket)](https://socket.dev/npm/package/socket)
+[![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
+
+> CLI tool for [Socket.dev](https://socket.dev/)
+
+## Usage
+
+```bash
+npm install -g socket
+socket --help
+```
+
+## Commands
+
+- `socket npm [args...]` and `socket npx [args...]` - Wraps `npm` and `npx` to
+  integrate Socket and preempt installation of alerted packages using the
+  builtin resolution of `npm` to precisely determine package installations.
+
+- `socket optimize` - Optimize dependencies with
+  [`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides!
+  _(👀 [our blog post](https://socket.dev/blog/introducing-socket-optimize))_
+
+  - `--pin` - Pin overrides to their latest version.
+  - `--prod` - Add overrides for only production dependencies.
+
+- `socket cdxgen [command]` - Call out to
+  [cdxgen](https://cyclonedx.github.io/cdxgen/#/?id=getting-started). See
+  [their documentation](https://cyclonedx.github.io/cdxgen/#/CLI?id=getting-help)
+  for commands.
+
+## Aliases
+
+All aliases support the flags and arguments of the commands they alias.
+
+- `socket ci` - alias for `socket report create --view --strict` which creates a
+  report and quits with an exit code if the result is unhealthy. Use like eg.
+  `socket ci .` for a report for the current folder
+
+## Flags
+
+### Command specific flags
+
+- `--view` - when set on `socket report create` the command will immediately do
+  a `socket report view` style view of the created report, waiting for the
+  server to complete it
+
+### Output flags
+
+- `--json` - outputs result as json which you can then pipe into
+  [`jq`](https://stedolan.github.io/jq/) and other tools
+- `--markdown` - outputs result as markdown which you can then copy into an
+  issue, PR or even chat
+
+## Strictness flags
+
+- `--all` - by default only `high` and `critical` issues are included, by
+  setting this flag all issues will be included
+- `--strict` - when set, exits with an error code if report result is deemed
+  unhealthy
+
+### Other flags
+
+- `--dry-run` - like all CLI tools that perform an action should have, we have a
+  dry run flag. Eg. `socket report create` supports running the command without
+  actually uploading anything
+- `--debug` - outputs additional debug output. Great for debugging, geeks and us
+  who develop. Hopefully you will never _need_ it, but it can still be fun,
+  right?
+- `--help` - prints the help for the current command. All CLI tools should have
+  this flag
+- `--version` - prints the version of the tool. All CLI tools should have this
+  flag
+
+## Configuration files
+
+The CLI reads and uses data from a
+[`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you
+run it in. It supports the version 2 of the `socket.yml` file format and makes
+use of the `projectIgnorePaths` to excludes files when creating a report.
+
+## Environment variables
+
+- `SOCKET_SECURITY_API_TOKEN` - if set, this will be used as the API-key
+
+## Contributing
+
+### Setup
+
+To run dev locally you can run these steps
+
+```
+npm install
+npm run build:dist
+npm exec socket
+```
+
+That should invoke it from local sources. If you make changes you run
+`build:dist` again.
+
+### Environment variables for development
+
+- `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all
+  API-calls. Defaults to `https://api.socket.dev/v0/`
+- `SOCKET_SECURITY_API_PROXY` - if set to something like
+  [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries),
+  then all request will be proxied through that proxy
+
+## Similar projects
+
+- [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK
+  used in this CLI
+
+## See also
+
+- [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
+- [Socket API Reference](https://docs.socket.dev/reference) - the API used in
+  this CLI
+- [Socket GitHub App](https://github.com/apps/socket-security) - the
+  plug-and-play GitHub App

package/bin/cli.js

@@ -0,0 +1,57 @@
+#!/usr/bin/env node
+'use strict'
+
+const process = require('node:process')
+
+const constants = require('../dist/constants')
+
+const { CLI, DIST_TYPE, SOCKET_CLI_SENTRY_BUILD } = constants
+
+if (
+  DIST_TYPE === 'require' &&
+  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
+  !constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+) {
+  // Lazily access constants.distPath.
+  require(`${constants.distPath}/${CLI}.js`)
+} else {
+  const path = require('node:path')
+  const spawn = require('@npmcli/promise-spawn')
+  const { abortSignal } = constants
+
+  process.exitCode = 1
+  const spawnPromise = spawn(
+    // Lazily access constants.execPath.
+    constants.execPath,
+    [
+      // Lazily access constants.nodeNoWarningsFlags.
+      ...constants.nodeNoWarningsFlags,
+      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
+      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+        ? [
+            '--require',
+            // Lazily access constants.instrumentWithSentryPath.
+            constants.instrumentWithSentryPath
+          ]
+        : []),
+      // Lazily access constants.distPath.
+      path.join(constants.distPath, `${CLI}.js`),
+      ...process.argv.slice(2)
+    ],
+    {
+      signal: abortSignal,
+      stdio: 'inherit'
+    }
+  )
+  // See https://nodejs.org/api/all.html#all_child_process_event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    if (abortSignal.aborted) {
+      return
+    }
+    if (signalName) {
+      process.kill(process.pid, signalName)
+    } else if (code !== null) {
+      process.exit(code)
+    }
+  })
+}

package/bin/npm-cli.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+'use strict'
+
+const constants = require('../dist/constants')
+const shadowBin = require(`${constants.distPath}/${constants.SHADOW_BIN}.js`)
+shadowBin(constants.NPM)

package/bin/npx-cli.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+'use strict'
+
+const constants = require('../dist/constants')
+const shadowBin = require(`${constants.distPath}/${constants.SHADOW_BIN}.js`)
+shadowBin(constants.NPX)

package/dist/constants.d.ts

@@ -0,0 +1,162 @@
+/// <reference types="node" />
+import registryConstants from '@socketsecurity/registry/lib/constants';
+import { Remap } from '@socketsecurity/registry/lib/objects';
+type RegistryEnv = typeof registryConstants.ENV;
+type RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)'];
+type Sentry = any;
+type Internals = Remap<Omit<RegistryInternals, 'getIPC'> & Readonly<{
+    getIPC: {
+        (): Promise<IPC>;
+        <K extends keyof IPC | undefined>(key?: K): Promise<K extends keyof IPC ? IPC[K] : IPC>;
+    };
+    getSentry: () => Sentry;
+    setSentry(Sentry: Sentry): boolean;
+}>>;
+type ENV = Remap<RegistryEnv & Readonly<{
+    SOCKET_CLI_DEBUG: boolean;
+    SOCKET_CLI_LEGACY_BUILD: boolean;
+    SOCKET_CLI_PUBLISHED_BUILD: boolean;
+    SOCKET_CLI_SENTRY_BUILD: boolean;
+    SOCKET_CLI_VERSION_HASH: string;
+}>>;
+type IPC = Readonly<{
+    SOCKET_CLI_FIX?: string;
+    SOCKET_CLI_OPTIMIZE?: boolean;
+    SOCKET_CLI_SAFE_WRAPPER?: boolean;
+}>;
+declare const constants: {
+    readonly [kInternalsSymbol]: registryConstants.Internals;
+    readonly NODE_MODULES: "node_modules";
+    readonly PACKAGE_JSON: "package.json";
+    readonly TAP: "TAP";
+    readonly kInternalsSymbol: unique symbol;
+    readonly CI: "CI";
+    readonly NODE_AUTH_TOKEN: "NODE_AUTH_TOKEN";
+    readonly NODE_ENV: "NODE_ENV";
+    readonly PRE_COMMIT: "PRE_COMMIT";
+    readonly VITEST: "VITEST";
+    readonly AT_LATEST: "@latest";
+    readonly BIOME_JSON: "biome.json";
+    readonly COLUMN_LIMIT: 80;
+    readonly EMPTY_FILE: "/* empty */\n";
+    readonly ESLINT_CONFIG_JS: "eslint.config.js";
+    readonly ESNEXT: "esnext";
+    readonly EXTENSIONS: "extensions";
+    readonly EXTENSIONS_JSON: "extensions.json";
+    readonly GIT_IGNORE: ".gitignore";
+    readonly LATEST: "latest";
+    readonly LICENSE: "LICENSE";
+    readonly LICENSE_GLOB: "LICEN[CS]E{[.-]*,}";
+    readonly LICENSE_GLOB_RECURSIVE: "**/LICEN[CS]E{[.-]*,}";
+    readonly LICENSE_ORIGINAL: "LICENSE.original";
+    readonly LICENSE_ORIGINAL_GLOB: "*.original{.*,}";
+    readonly LICENSE_ORIGINAL_GLOB_RECURSIVE: "**/*.original{.*,}";
+    readonly LOOP_SENTINEL: 1000000;
+    readonly MANIFEST_JSON: "manifest.json";
+    readonly MIT: "MIT";
+    readonly NODE_MODULES_GLOB_RECURSIVE: "**/node_modules";
+    readonly NODE_WORKSPACES: "node_workspaces";
+    readonly NODE_VERSION: string;
+    readonly NPM: "npm";
+    readonly NPM_ORG: "socketregistry";
+    readonly OVERRIDES: "overrides";
+    readonly PACKAGE_DEFAULT_SOCKET_CATEGORIES: readonly ["cleanup"];
+    readonly PACKAGE_DEFAULT_NODE_RANGE: string;
+    readonly PACKAGE_DEFAULT_VERSION: "1.0.0";
+    readonly PACKAGE_LOCK: "package-lock.json";
+    readonly PACKAGE_SCOPE: "@socketregistry";
+    readonly README_GLOB: "README{.*,}";
+    readonly README_GLOB_RECURSIVE: "**/README{.*,}";
+    readonly README_MD: "README.md";
+    readonly REGISTRY: "registry";
+    readonly REGISTRY_SCOPE_DELIMITER: "__";
+    readonly RESOLUTIONS: "resolutions";
+    readonly SOCKET_IPC_HANDSHAKE: "SOCKET_IPC_HANDSHAKE";
+    readonly SOCKET_PUBLIC_API_KEY: string;
+    readonly SOCKET_PUBLIC_API_TOKEN: string;
+    readonly SOCKET_REPO_ORG: "SocketDev";
+    readonly SOCKET_REGISTRY_REPO_NAME: "socket-registry";
+    readonly SUPPORTS_NODE_DISABLE_WARNING_FLAG: boolean;
+    readonly SUPPORTS_NODE_REQUIRE_MODULE: boolean;
+    readonly SUPPORTS_NODE_RUN: boolean;
+    readonly SUPPORTS_PROCESS_SEND: boolean;
+    readonly TEMPLATE_CJS: "cjs";
+    readonly TEMPLATE_CJS_BROWSER: "cjs-browser";
+    readonly TEMPLATE_CJS_ESM: "cjs-esm";
+    readonly TEMPLATE_ES_SHIM_CONSTRUCTOR: "es-shim-constructor";
+    readonly TEMPLATE_ES_SHIM_PROTOTYPE_METHOD: "es-shim-prototype-method";
+    readonly TEMPLATE_ES_SHIM_STATIC_METHOD: "es-shim-static-method";
+    readonly TSCONFIG_JSON: "tsconfig.json";
+    readonly UNDEFINED_TOKEN: {};
+    readonly UNLICENCED: "UNLICENCED";
+    readonly UNLICENSED: "UNLICENSED";
+    readonly WIN32: boolean;
+    readonly abortController: AbortController;
+    readonly abortSignal: AbortSignal;
+    readonly copyLeftLicenses: ReadonlySet<string>;
+    readonly execPath: string;
+    readonly ignoreGlobs: readonly ["**/.git", "**/.npmrc", "**/bun.lockb?", "**/node_modules", "**/package-lock.json", "**/pnpm-lock.ya?ml", "**/yarn.lock", "**/.DS_Store", "**/.gitignore", "**/.hg", "**/.lock-wscript", "**/.npmignore", "**/.svn", "**/.wafpickle-*", "**/.*.swp", "**/._*/**", "**/archived-packages/**", "**/build/config.gypi", "**/CVS", "**/npm-debug.log", "**/*.orig", "**/.env", "**/.eslintcache", "**/.nvm", "**/.tap", "**/.tapci.yaml", "**/.vscode", "**/*.tsbuildinfo", "**/Thumbs.db"];
+    readonly lifecycleScriptNames: ReadonlySet<string>;
+    readonly maintainedNodeVersions: registryConstants.MaintainedNodeVersions;
+    readonly nodeNoWarningsFlags: readonly string[];
+    readonly npmExecPath: string;
+    readonly packageExtensions: readonly [string, object][];
+    readonly packumentCache: Map<unknown, unknown>;
+    readonly pacoteCachePath: string;
+    readonly parseArgsConfig: registryConstants.ParseArgsConfig;
+    readonly skipTestsByEcosystem: Readonly<Record<string, ReadonlySet<string>>>;
+    readonly tsLibsAvailable: ReadonlySet<string>;
+    readonly tsTypesAvailable: ReadonlySet<string>;
+    readonly win32EnsureTestsByEcosystem: Readonly<Record<string, ReadonlySet<string>>>;
+    readonly 'Symbol(kInternalsSymbol)': Internals;
+    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE';
+    readonly ALERT_TYPE_CVE: 'cve';
+    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE';
+    readonly ALERT_TYPE_MILD_CVE: 'mildCVE';
+    readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable';
+    readonly API_V0_URL: 'https://api.socket.dev/v0';
+    readonly BABEL_RUNTIME: '@babel/runtime';
+    readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true';
+    readonly BINARY_LOCK_EXT: '.lockb';
+    readonly BUN: 'bun';
+    readonly CLI: 'cli';
+    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier';
+    readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange';
+    readonly ENV: ENV;
+    readonly DIST_TYPE: 'module-sync' | 'require';
+    readonly IPC: IPC;
+    readonly LOCK_EXT: '.lock';
+    readonly MODULE_SYNC: 'module-sync';
+    readonly NPM_INJECTION: 'npm-injection';
+    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
+    readonly NPX: 'npx';
+    readonly PNPM: 'pnpm';
+    readonly REQUIRE: 'require';
+    readonly SHADOW_BIN: 'shadow-bin';
+    readonly SOCKET: 'socket';
+    readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG';
+    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX';
+    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
+    readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD';
+    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE';
+    readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD';
+    readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER';
+    readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD';
+    readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH';
+    readonly VLT: 'vlt';
+    readonly YARN: 'yarn';
+    readonly YARN_BERRY: 'yarn/berry';
+    readonly YARN_CLASSIC: 'yarn/classic';
+    readonly cdxgenBinPath: string;
+    readonly distPath: string;
+    readonly instrumentWithSentryPath: string;
+    readonly nmBinPath: string;
+    readonly npmInjectionPath: string;
+    readonly rootBinPath: string;
+    readonly rootDistPath: string;
+    readonly rootPath: string;
+    readonly rootPkgJsonPath: string;
+    readonly shadowBinPath: string;
+    readonly synpBinPath: string;
+};
+export { constants as default };

package/dist/constants.js

@@ -0,0 +1,8 @@
+'use strict';
+var constants = require('./constants2.js');
+
+
+
+module.exports = constants.constants;
+//# debugId=415faf35-61fa-4973-8b4c-040eacb52c54
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;","debugId":"415faf35-61fa-4973-8b4c-040eacb52c54"}

package/dist/init.gradle

@@ -0,0 +1,250 @@
+// This is a Gradle initialization script that generates Maven POM files for projects
+// A POM file describes a project's dependencies and other metadata in XML format
+
+// This script:
+// - Generates Maven POM files for Java/Kotlin/Android projects
+// - Handles different types of dependencies (direct, project, version catalog)
+// - Supports different project types (Java, Android, root project)
+// - Can be invoked with `./gradlew --init-script /path/to/this/script pom` to generate POM files
+// - Copies the generated POM to a target location (default: pom.xml)
+
+initscript {
+    repositories {
+        // We need these repositories for Gradle's plugin resolution system
+        // TODO: it's not clear if we actually need them.
+        gradlePluginPortal()
+        mavenCentral()
+        google()
+    }
+
+    dependencies {
+        // No external dependencies needed as we only use Gradle's built-in maven-publish plugin
+    }
+}
+
+// Apply these configurations to all projects in the build
+gradle.allprojects { project ->
+    // Create a unique name for the Maven publication
+    // Example: project ':foo:bar' becomes 'maven-foo-bar'
+    def publicationName = "maven-${project.path.replace(':', '-')}"
+    if (publicationName.startsWith('maven--')) {
+        publicationName = 'maven-root'  // Special case for root project
+    }
+
+    // Apply the Maven Publish plugin if not already applied
+    if (!project.plugins.hasPlugin('maven-publish')) {
+        project.plugins.apply('maven-publish')
+    }
+
+    // Register a new task called 'pom' that will generate the POM file.
+    // This is what allows us to do `gradlew pom`. We could rename it to
+    // something like socket-generate-pom instead. It should be invisible
+    // to the user because this script is not part of their repo.
+    project.tasks.register('pom') {
+        group = 'publishing'  // Group tasks are shown together in ./gradlew tasks (irrelevant)
+        description = 'Generates a POM file'
+        // Force task to run every time. Otherwise caching would cause
+        // subsequent runs without changes to do anything.
+        // There may be room for improvement; I think this may cause
+        // everything to run which is theorietically not necessary.
+        outputs.upToDateWhen { false }
+
+        // Define where POM files will be generated and copied
+        def defaultPomFile = project.file("build/publications/${publicationName}/pom-default.xml")
+        def targetPomFile = project.hasProperty('pomPath') ?
+            project.file(project.property('pomPath')) :  // Custom location if specified. You can use `./gradlew pom -PpomPath=path/to/pom.xml` to specify a custom location.
+            project.file('pom.xml')                      // Default location
+
+        // Declare task inputs and outputs for Gradle's incremental build system
+        inputs.file(defaultPomFile)
+        outputs.file(targetPomFile)
+
+        // The actual work of copying the POM file happens here
+        doLast {
+            if (defaultPomFile.exists()) {
+                // Print the generated POM for inspection
+                println "\nGenerated POM file for ${publicationName}:"
+//                 println "=================================="
+//                 println defaultPomFile.text
+//                 println "=================================="
+
+                // Copy the POM file to its target location
+                targetPomFile.parentFile.mkdirs()
+                targetPomFile.text = defaultPomFile.text
+                println "\nPOM file copied to: ${targetPomFile.absolutePath}"
+            } else {
+                println "No POM file generated at ${defaultPomFile.absolutePath}"
+            }
+        }
+    }
+
+    // Wait for project evaluation to complete before configuring publication
+    project.afterEvaluate { p ->
+        p.plugins.withId('maven-publish') {
+            // Gather project information
+            def projectPath = p.path
+            def projectName = p.name
+            def projectDesc = p.description ?: p.name
+            def isRootProject = p.path == ':' && !p.subprojects.isEmpty()
+            def isAndroidProject = p.plugins?.hasPlugin('com.android.library') ||
+                                 p.plugins?.hasPlugin('com.android.application')
+            def hasJavaComponent = p.extensions?.findByName('components')?.findByName('java') != null
+
+            // Store all dependencies we find here
+            def projectDependencies = []
+
+            // Find all relevant dependency configurations
+            // We care about implementation, api, compile, and runtime configurations
+            // TODO: anything we're missing here? tests maybe?
+            def relevantConfigs = p.configurations.findAll { config ->
+                !config.name.toLowerCase().contains('test') &&
+                (config.name.endsWith('Implementation') ||
+                 config.name.endsWith('Api') ||
+                 config.name == 'implementation' ||
+                 config.name == 'api' ||
+                 config.name == 'compile' ||
+                 config.name == 'runtime')
+            }
+
+            // Process each configuration to find dependencies
+            relevantConfigs.each { config ->
+                config.dependencies.each { dep ->
+                    if (dep instanceof ProjectDependency) {
+                        // Handle project dependencies (e.g., implementation(project(":other-module")))
+                        def depProjectPath = dep.dependencyProject.path
+                        def depProjectName = depProjectPath.substring(depProjectPath.lastIndexOf(':') + 1)
+                        projectDependencies << [
+                            group: p.group ?: p.rootProject.name,
+                            name: depProjectName,
+                            version: p.version ?: 'unspecified',
+                            scope: config.name.contains('api') ? 'compile' : 'runtime'
+                        ]
+                    } else {
+                        // Handle all other types of dependencies
+                        try {
+                            def group = dep.group
+                            def name = dep.name
+                            def version = dep.version
+
+                            // Handle version catalog dependencies (e.g., implementation(libs.some.library))
+                            if (!group && p.findProperty('libs')) {
+                                def depString = dep.toString()
+
+                                // Skip bundles and file dependencies as they need special handling
+                                if (!depString.contains('Bundle') && !dep.toString().contains('DefaultFileCollectionDependency')) {
+                                    try {
+                                        // Extract library name from version catalog reference
+                                        def libName = depString.contains('libs.') ?
+                                            depString.substring(depString.indexOf('libs.') + 5) :
+                                            depString
+                                        def libProvider = p.libs.findLibrary(libName)
+                                        if (libProvider.present) {
+                                            def dependency = libProvider.get()
+                                            projectDependencies << [
+                                                group: dependency.get().module.group,
+                                                name: dependency.get().module.name,
+                                                version: dependency.versionConstraint.requiredVersion,
+                                                scope: config.name.contains('api') ? 'compile' : 'runtime'
+                                            ]
+                                        }
+                                    } catch (Exception e) {
+                                        println "  - Skipping non-catalog dependency: ${dep}"
+                                    }
+                                }
+                            } else if (group && name) {
+                                // Handle regular dependencies (e.g., implementation("group:name:version"))
+                                projectDependencies << [
+                                    group: group,
+                                    name: name,
+                                    version: version ?: 'unspecified',
+                                    scope: config.name.contains('api') ? 'compile' : 'runtime'
+                                ]
+                            }
+                        } catch (Exception e) {
+                            println "  - Failed to process dependency: ${e.message}"
+                        }
+                    }
+                }
+            }
+
+            // Configure the Maven publication
+            p.publishing {
+                publications {
+                    if (!publications.findByName(publicationName)) {
+                        create(publicationName, MavenPublication) {
+                            // Handle different project types
+                            if (isAndroidProject) {
+                                // For Android libraries, we need to wait for the Android plugin to set up
+                                afterEvaluate {
+                                    def android = p.extensions.findByName('android')
+                                    if (android) {
+                                        // Try to get the release variant component
+                                        def components = p.components
+                                        def componentNames = components.names
+
+                                        // Look for specific variant components
+                                        // Prefer release over debug
+                                        if (components.findByName("release")) {
+                                            from components.release
+                                        } else if (components.findByName("debug")) {
+                                            from components.debug
+                                        } else {
+                                            println "Warning: No release or debug component found for Android project ${p.name}"
+                                            // Skip the component for now, will still generate POM
+                                        }
+                                    } else {
+                                        println "Warning: Android extension not found for project ${p.name}"
+                                    }
+                                }
+                            } else if (!isRootProject && hasJavaComponent) {
+                                // For Java libraries, use the java component
+                                from components.java
+                            }
+                            // Root project doesn't need a 'from' clause as it's just a POM
+
+                            // Configure the POM file content
+                            pom {
+                                // Set packaging type based on project type (why is this necessary?)
+                                packaging = isRootProject ? 'pom' : (isAndroidProject ? 'aar' : 'jar')
+                                name = projectName
+                                description = projectDesc
+
+                                // Customize the POM XML
+                                withXml { xml ->
+                                    def root = xml.asNode()
+                                    def dependencies = root.appendNode('dependencies')
+
+                                    // Add all collected dependencies to the POM
+                                    projectDependencies.each { dep ->
+                                        def dependency = dependencies.appendNode('dependency')
+                                        // Ensure all values are strings
+                                        dependency.appendNode('groupId', String.valueOf(dep.group))
+                                        dependency.appendNode('artifactId', String.valueOf(dep.name))
+                                        dependency.appendNode('version', String.valueOf(dep.version ?: 'unspecified'))
+                                        dependency.appendNode('scope', String.valueOf(dep.scope))
+                                    }
+
+                                    // Add standard properties for root project
+                                    if (isRootProject) {
+                                        def properties = root.appendNode('properties')
+                                        properties.appendNode('kotlin.version', String.valueOf('1.9.0'))
+                                        properties.appendNode('java.version', String.valueOf('11'))
+                                        properties.appendNode('project.build.sourceEncoding', String.valueOf('UTF-8'))
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            // Make our pom task depend on the actual POM generation task
+            project.tasks.named('pom') {
+                def pomTask = "generatePomFileFor${publicationName.capitalize()}Publication"
+                if (project.tasks?.findByName(pomTask)) {
+                    dependsOn(pomTask)
+                }
+            }
+        }
+    }
+}

package/dist/instrument-with-sentry.d.ts

@@ -0,0 +1 @@
+export {};