@socketsecurity/cli-with-sentry 0.14.44

package/dist/module-sync/constants.js

@@ -0,0 +1,3 @@
+'use strict'
+
+module.exports = require('../constants.js')

package/dist/module-sync/constants2.js

@@ -0,0 +1,231 @@
+'use strict';
+
+var fs = require('node:fs');
+var path = require('node:path');
+var process = require('node:process');
+var registryConstants = require('@socketsecurity/registry/lib/constants');
+var env = require('@socketsecurity/registry/lib/env');
+
+const {
+  NODE_MODULES,
+  PACKAGE_JSON,
+  TAP,
+  kInternalsSymbol,
+  [kInternalsSymbol]: {
+    createConstantsObject
+  }
+} = registryConstants;
+const ALERT_TYPE_CRITICAL_CVE = 'criticalCVE';
+const ALERT_TYPE_CVE = 'cve';
+const ALERT_TYPE_MEDIUM_CVE = 'mediumCVE';
+const ALERT_TYPE_MILD_CVE = 'mildCVE';
+const ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable';
+const API_V0_URL = 'https://api.socket.dev/v0';
+const BABEL_RUNTIME = '@babel/runtime';
+const BINARY_LOCK_EXT = '.lockb';
+const BUN = 'bun';
+const CLI = 'cli';
+const CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER = 'firstPatchedVersionIdentifier';
+const CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange';
+const LOCK_EXT = '.lock';
+const MODULE_SYNC = 'module-sync';
+const NPM_INJECTION = 'npm-injection';
+const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+const NPX = 'npx';
+const PNPM = 'pnpm';
+const REQUIRE = 'require';
+const SHADOW_BIN = 'shadow-bin';
+const SOCKET = 'socket';
+const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
+const SOCKET_CLI_FIX = 'SOCKET_CLI_FIX';
+const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
+const SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD';
+const SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE';
+const SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD';
+const SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER';
+const SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD';
+const SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH';
+const VLT = 'vlt';
+const YARN = 'yarn';
+const YARN_BERRY = `${YARN}/berry`;
+const YARN_CLASSIC = `${YARN}/classic`;
+let _Sentry;
+const LAZY_BATCH_PURL_ENDPOINT = () => {
+  const query = new URLSearchParams();
+  query.append('alerts', 'true');
+  query.append('compact', 'true');
+  return `${API_V0_URL}/purl?${query}`;
+};
+const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE;
+const LAZY_ENV = () => Object.freeze({
+  // Lazily access registryConstants.ENV.
+  ...registryConstants.ENV,
+  // Flag set to help debug Socket CLI.
+  [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG]),
+  // Inline the following environment values so that they CANNOT be influenced
+  // by user provided environment variables.
+  //
+  // Flag set to determine if this is the Legacy build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_LEGACY_BUILD]".
+  [SOCKET_CLI_LEGACY_BUILD]: false,
+  // Flag set to determine if this is a published build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_PUBLISHED_BUILD]".
+  [SOCKET_CLI_PUBLISHED_BUILD]: true,
+  // Flag set to determine if this is the Sentry build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_SENTRY_BUILD]".
+  [SOCKET_CLI_SENTRY_BUILD]: true,
+  // Flag set to determine the version hash of the build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_VERSION_HASH]".
+  [SOCKET_CLI_VERSION_HASH]: "0.14.44:d759761:ba5ca849:pub"
+});
+const lazyCdxgenBinPath = () =>
+// Lazily access constants.nmBinPath.
+path.join(constants.nmBinPath, 'cdxgen');
+const lazyDistPath = () =>
+// Lazily access constants.rootDistPath and constants.DIST_TYPE.
+path.join(constants.rootDistPath, constants.DIST_TYPE);
+const lazyInstrumentWithSentryPath = () =>
+// Lazily access constants.rootDistPath.
+path.join(constants.rootDistPath, 'instrument-with-sentry.js');
+const lazyNmBinPath = () =>
+// Lazily access constants.rootPath.
+path.join(constants.rootPath, `${NODE_MODULES}/.bin`);
+const lazyNpmInjectionPath = () =>
+// Lazily access constants.distPath.
+path.join(constants.distPath, `${NPM_INJECTION}.js`);
+const lazyRootBinPath = () =>
+// Lazily access constants.rootPath.
+path.join(constants.rootPath, 'bin');
+const lazyRootDistPath = () =>
+// Lazily access constants.rootPath.
+path.join(constants.rootPath, 'dist');
+const lazyRootPath = () =>
+// The '@rollup/plugin-replace' will replace "process.env.[TAP]".
+path.resolve(fs.realpathSync.native(__dirname), '..');
+const lazyRootPkgJsonPath = () =>
+// Lazily access constants.rootPath.
+path.join(constants.rootPath, PACKAGE_JSON);
+const lazyShadowBinPath = () =>
+// Lazily access constants.rootPath.
+path.join(constants.rootPath, SHADOW_BIN);
+const lazySynpBinPath = () =>
+// Lazily access constants.nmBinPath.
+path.join(constants.nmBinPath, 'synp');
+const constants = createConstantsObject({
+  ALERT_TYPE_CRITICAL_CVE,
+  ALERT_TYPE_CVE,
+  ALERT_TYPE_MEDIUM_CVE,
+  ALERT_TYPE_MILD_CVE,
+  ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,
+  API_V0_URL,
+  BABEL_RUNTIME,
+  // Lazily defined values are initialized as `undefined` to keep their key order.
+  BATCH_PURL_ENDPOINT: undefined,
+  BINARY_LOCK_EXT,
+  BUN,
+  CLI,
+  CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,
+  CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,
+  DIST_TYPE: undefined,
+  ENV: undefined,
+  LOCK_EXT,
+  MODULE_SYNC,
+  NPM_INJECTION,
+  NPM_REGISTRY_URL,
+  NPX,
+  PNPM,
+  REQUIRE,
+  SHADOW_BIN,
+  SOCKET,
+  SOCKET_CLI_DEBUG,
+  SOCKET_CLI_FIX,
+  SOCKET_CLI_ISSUES_URL,
+  SOCKET_CLI_LEGACY_BUILD,
+  SOCKET_CLI_OPTIMIZE,
+  SOCKET_CLI_PUBLISHED_BUILD,
+  SOCKET_CLI_SAFE_WRAPPER,
+  SOCKET_CLI_SENTRY_BUILD,
+  SOCKET_CLI_VERSION_HASH,
+  VLT,
+  YARN,
+  YARN_BERRY,
+  YARN_CLASSIC,
+  cdxgenBinPath: undefined,
+  distPath: undefined,
+  instrumentWithSentryPath: undefined,
+  nmBinPath: undefined,
+  npmInjectionPath: undefined,
+  rootBinPath: undefined,
+  rootDistPath: undefined,
+  rootPath: undefined,
+  rootPkgJsonPath: undefined,
+  shadowBinPath: undefined,
+  synpBinPath: undefined
+}, {
+  getters: {
+    BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,
+    DIST_TYPE: LAZY_DIST_TYPE,
+    ENV: LAZY_ENV,
+    distPath: lazyDistPath,
+    cdxgenBinPath: lazyCdxgenBinPath,
+    instrumentWithSentryPath: lazyInstrumentWithSentryPath,
+    nmBinPath: lazyNmBinPath,
+    npmInjectionPath: lazyNpmInjectionPath,
+    rootBinPath: lazyRootBinPath,
+    rootDistPath: lazyRootDistPath,
+    rootPath: lazyRootPath,
+    rootPkgJsonPath: lazyRootPkgJsonPath,
+    shadowBinPath: lazyShadowBinPath,
+    synpBinPath: lazySynpBinPath
+  },
+  internals: {
+    getSentry() {
+      return _Sentry;
+    },
+    setSentry(Sentry) {
+      if (_Sentry === undefined) {
+        _Sentry = Sentry;
+        return true;
+      }
+      return false;
+    }
+  },
+  mixin: registryConstants
+});
+
+var constants$1 = {
+  __proto__: null,
+  default: constants
+};
+
+function getAugmentedNamespace(n) {
+  if (n.__esModule) return n;
+  var f = n.default;
+	if (typeof f == "function") {
+		var a = function a () {
+			if (this instanceof a) {
+        return Reflect.construct(f, arguments, this.constructor);
+			}
+			return f.apply(this, arguments);
+		};
+		a.prototype = f.prototype;
+  } else a = {};
+  Object.defineProperty(a, '__esModule', {value: true});
+	Object.keys(n).forEach(function (k) {
+		var d = Object.getOwnPropertyDescriptor(n, k);
+		Object.defineProperty(a, k, d.get ? d : {
+			enumerable: true,
+			get: function () {
+				return n[k];
+			}
+		});
+	});
+	return a;
+}
+
+var require$$1 = /*@__PURE__*/getAugmentedNamespace(constants$1);
+
+exports.constants = constants;
+exports.require$$1 = require$$1;
+//# debugId=435f32a3-529f-42d3-a920-3fda62a829e2
+//# sourceMappingURL=constants2.js.map

package/dist/module-sync/constants2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants2.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n  NODE_MODULES,\n  PACKAGE_JSON,\n  TAP,\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    createConstantsObject\n  }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIPC'> &\n    Readonly<{\n      getIPC: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_LEGACY_BUILD: boolean\n      SOCKET_CLI_PUBLISHED_BUILD: boolean\n      SOCKET_CLI_SENTRY_BUILD: boolean\n      SOCKET_CLI_VERSION_HASH: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string\n  SOCKET_CLI_OPTIMIZE?: boolean\n  SOCKET_CLI_SAFE_WRAPPER?: boolean\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n    readonly API_V0_URL: 'https://api.socket.dev/v0'\n    readonly BABEL_RUNTIME: '@babel/runtime'\n    readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly CLI: 'cli'\n    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n    readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n    readonly ENV: ENV\n    readonly DIST_TYPE: 'module-sync' | 'require'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly MODULE_SYNC: 'module-sync'\n    readonly NPM_INJECTION: 'npm-injection'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly NPX: 'npx'\n    readonly PNPM: 'pnpm'\n    readonly REQUIRE: 'require'\n    readonly SHADOW_BIN: 'shadow-bin'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n    readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n    readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n    readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n    readonly VLT: 'vlt'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly cdxgenBinPath: string\n    readonly distPath: string\n    readonly instrumentWithSentryPath: string\n    readonly nmBinPath: string\n    readonly npmInjectionPath: string\n    readonly rootBinPath: string\n    readonly rootDistPath: string\n    readonly rootPath: string\n    readonly rootPkgJsonPath: string\n    readonly shadowBinPath: string\n    readonly synpBinPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BABEL_RUNTIME = '@babel/runtime'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n  'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_INJECTION = 'npm-injection'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst NPX = 'npx'\nconst PNPM = 'pnpm'\nconst REQUIRE = 'require'\nconst SHADOW_BIN = 'shadow-bin'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n  const query = new URLSearchParams()\n  query.append('alerts', 'true')\n  query.append('compact', 'true')\n  return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n  registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () =>\n  Object.freeze({\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag set to help debug Socket CLI.\n    [SOCKET_CLI_DEBUG]: envAsBoolean(process.env[SOCKET_CLI_DEBUG]),\n    // Inline the following environment values so that they CANNOT be influenced\n    // by user provided environment variables.\n    //\n    // Flag set to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n    [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n    // Flag set to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n    [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n    // Flag set to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n    [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n    // Flag set to determine the version hash of the build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n    [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n  })\n\nconst lazyCdxgenBinPath = () =>\n  // Lazily access constants.nmBinPath.\n  path.join(constants.nmBinPath, 'cdxgen')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n  path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.rootDistPath.\n  path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyNpmInjectionPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${NPM_INJECTION}.js`)\n\nconst lazyRootBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n  // The '@rollup/plugin-replace' will replace \"process.env.[TAP]\".\n  path.resolve(\n    realpathSync.native(__dirname),\n    process.env[TAP] ? '../..' : '..'\n  )\n\nconst lazyRootPkgJsonPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazySynpBinPath = () =>\n  // Lazily access constants.nmBinPath.\n  path.join(constants.nmBinPath, 'synp')\n\nconst constants = <Constants>createConstantsObject(\n  {\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n    API_V0_URL,\n    BABEL_RUNTIME,\n    // Lazily defined values are initialized as `undefined` to keep their key order.\n    BATCH_PURL_ENDPOINT: undefined,\n    BINARY_LOCK_EXT,\n    BUN,\n    CLI,\n    CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n    CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n    DIST_TYPE: undefined,\n    ENV: undefined,\n    LOCK_EXT,\n    MODULE_SYNC,\n    NPM_INJECTION,\n    NPM_REGISTRY_URL,\n    NPX,\n    PNPM,\n    REQUIRE,\n    SHADOW_BIN,\n    SOCKET,\n    SOCKET_CLI_DEBUG,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_LEGACY_BUILD,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PUBLISHED_BUILD,\n    SOCKET_CLI_SAFE_WRAPPER,\n    SOCKET_CLI_SENTRY_BUILD,\n    SOCKET_CLI_VERSION_HASH,\n    VLT,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    cdxgenBinPath: undefined,\n    distPath: undefined,\n    instrumentWithSentryPath: undefined,\n    nmBinPath: undefined,\n    npmInjectionPath: undefined,\n    rootBinPath: undefined,\n    rootDistPath: undefined,\n    rootPath: undefined,\n    rootPkgJsonPath: undefined,\n    shadowBinPath: undefined,\n    synpBinPath: undefined\n  },\n  {\n    getters: {\n      BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n      DIST_TYPE: LAZY_DIST_TYPE,\n      ENV: LAZY_ENV,\n      distPath: lazyDistPath,\n      cdxgenBinPath: lazyCdxgenBinPath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      nmBinPath: lazyNmBinPath,\n      npmInjectionPath: lazyNpmInjectionPath,\n      rootBinPath: lazyRootBinPath,\n      rootDistPath: lazyRootDistPath,\n      rootPath: lazyRootPath,\n      rootPkgJsonPath: lazyRootPkgJsonPath,\n      shadowBinPath: lazyShadowBinPath,\n      synpBinPath: lazySynpBinPath\n    },\n    internals: {\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      }\n    },\n    mixin: registryConstants\n  }\n)\n\nexport default constants\n"],"names":["createConstantsObject","query","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","cdxgenBinPath","distPath","instrumentWithSentryPath","nmBinPath","npmInjectionPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","synpBinPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;AASA;;;;;AAKE;AACEA;AACF;AACF;AA8FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;AAEI;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF;AAEF;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;;AASF;AACAC;;;;;;AAMAC;AACAC;;;;;;;;;;;;;;;;;;;;;;;AAuBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEd;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","debugId":"435f32a3-529f-42d3-a920-3fda62a829e2"}

package/dist/module-sync/debug.d.ts

@@ -0,0 +1,3 @@
+declare function isDebug(): boolean;
+declare function debugLog(...args: any[]): void;
+export { isDebug, debugLog };

package/dist/module-sync/edge.d.ts

@@ -0,0 +1,66 @@
+/// <reference types="npmcli__arborist" />
+import { SafeNode } from "./node.js";
+import { SafeOverrideSet } from "./index.js";
+import { DependencyProblem } from '@npmcli/arborist';
+import { Edge as BaseEdge } from "@npmcli/arborist";
+type EdgeClass = Omit<BaseEdge, 'accept' | 'detach' | 'optional' | 'overrides' | 'peer' | 'peerConflicted' | 'rawSpec' | 'reload' | 'satisfiedBy' | 'spec' | 'to'> & {
+    optional: boolean;
+    overrides: SafeOverrideSet | undefined;
+    peer: boolean;
+    peerConflicted: boolean;
+    rawSpec: string;
+    get accept(): string | undefined;
+    get spec(): string;
+    get to(): SafeNode | null;
+    new (...args: any): EdgeClass;
+    detach(): void;
+    reload(hard?: boolean): void;
+    satisfiedBy(node: SafeNode): boolean;
+};
+type EdgeOptions = {
+    type: string;
+    name: string;
+    spec: string;
+    from: SafeNode;
+    accept?: string | undefined;
+    overrides?: SafeOverrideSet | undefined;
+    to?: SafeNode;
+};
+type ErrorStatus = DependencyProblem | 'OK';
+type Explanation = {
+    type: string;
+    name: string;
+    spec: string;
+    bundled: boolean;
+    overridden: boolean;
+    error: ErrorStatus | undefined;
+    rawSpec: string | undefined;
+    from: object | undefined;
+} | null;
+declare const Edge: EdgeClass;
+declare class SafeEdge extends Edge {
+    #private;
+    constructor(options: EdgeOptions);
+    get accept(): string | undefined;
+    get bundled(): boolean;
+    get error(): "DETACHED" | "MISSING" | "PEER LOCAL" | "INVALID" | null;
+    get from(): SafeNode | null;
+    get spec(): string;
+    get to(): SafeNode | null;
+    detach(): void;
+    // Return the edge data, and an explanation of how that edge came to be here.
+    // @ts-ignore: Edge#explain is defined with an unused `seen = []` param.
+    explain(): {
+        type: string;
+        name: string;
+        spec: string;
+        bundled: boolean;
+        overridden: boolean;
+        error: ErrorStatus | undefined;
+        rawSpec: string | undefined;
+        from: object | undefined;
+    };
+    reload(hard?: boolean): void;
+    satisfiedBy(node: SafeNode): boolean;
+}
+export { EdgeOptions, ErrorStatus, Explanation, Edge, SafeEdge };

package/dist/module-sync/errors.d.ts

@@ -0,0 +1,14 @@
+/// <reference types="node" />
+type EventHintOrCaptureContext = {
+    [key: string]: any;
+} | Function;
+declare class AuthError extends Error {
+}
+declare class InputError extends Error {
+    body: string | undefined;
+    constructor(message: string, body?: string);
+}
+declare function captureException(exception: unknown, hint?: EventHintOrCaptureContext | undefined): Promise<string>;
+declare function captureExceptionSync(exception: unknown, hint?: EventHintOrCaptureContext | undefined): string;
+declare function isErrnoException(value: unknown): value is NodeJS.ErrnoException;
+export { AuthError, InputError, captureException, captureExceptionSync, isErrnoException };

package/dist/module-sync/index.d.ts

@@ -0,0 +1,192 @@
+/// <reference types="node" />
+import { SafeEdge } from "./edge.js";
+import { SafeNode } from "./node.js";
+import indentString from "@socketregistry/indent-string/index.cjs";
+import { LogSymbols } from "./logging.js";
+import { SocketSdkResultType } from "@socketsecurity/sdk";
+import { Diff, ArboristClass } from "./types.js";
+import { ObjectEncodingOptions, OpenMode, PathLike } from "node:fs";
+import { promises as fs } from "node:fs";
+import { readFileSync as fsReadFileSync } from "node:fs";
+import { Abortable } from "node:events";
+import { FileHandle } from "node:fs/promises";
+import { kRiskyReify } from "./reify.js";
+interface OverrideSetClass {
+    children: Map<string, SafeOverrideSet>;
+    key: string | undefined;
+    keySpec: string | undefined;
+    name: string | undefined;
+    parent: SafeOverrideSet | undefined;
+    value: string | undefined;
+    version: string | undefined;
+    // eslint-disable-next-line @typescript-eslint/no-misused-new
+    new (...args: any[]): OverrideSetClass;
+    get isRoot(): boolean;
+    get ruleset(): Map<string, SafeOverrideSet>;
+    ancestry(): Generator<SafeOverrideSet>;
+    childrenAreEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
+    getEdgeRule(edge: SafeEdge): SafeOverrideSet;
+    getNodeRule(node: SafeNode): SafeOverrideSet;
+    getMatchingRule(node: SafeNode): SafeOverrideSet | null;
+    isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
+}
+declare const OverrideSet: OverrideSetClass;
+// Implementation code not related to patch https://github.com/npm/cli/pull/7025
+// is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/override-set.js:
+declare class SafeOverrideSet extends OverrideSet {
+    // Patch adding doOverrideSetsConflict is based on
+    // https://github.com/npm/cli/pull/7025.
+    static doOverrideSetsConflict(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): boolean;
+    // Patch adding findSpecificOverrideSet is based on
+    // https://github.com/npm/cli/pull/7025.
+    static findSpecificOverrideSet(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): SafeOverrideSet | undefined;
+    // Patch adding childrenAreEqual is based on
+    // https://github.com/npm/cli/pull/7025.
+    childrenAreEqual(otherOverrideSet: SafeOverrideSet): boolean;
+    getEdgeRule(edge: SafeEdge): SafeOverrideSet;
+    // Patch adding isEqual is based on
+    // https://github.com/npm/cli/pull/7025.
+    isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
+}
+declare const depValid: (child: SafeNode, requested: string, accept: string | undefined, requester: SafeNode) => boolean;
+declare function getSocketDevAlertUrl(alertType: string): string;
+declare function getSocketDevPackageOverviewUrl(eco: string, name: string, version?: string): string;
+declare class ColorOrMarkdown {
+    useMarkdown: boolean;
+    constructor(useMarkdown: boolean);
+    bold(text: string): string;
+    header(text: string, level?: number): string;
+    hyperlink(text: string, url: string | undefined, { fallback, fallbackToUrl }?: {
+        fallback?: boolean;
+        fallbackToUrl?: boolean;
+    }): string;
+    indent(...args: Parameters<typeof indentString>): ReturnType<typeof indentString>;
+    italic(text: string): string;
+    json(value: any): string;
+    list(items: string[]): string;
+    get logSymbols(): LogSymbols;
+}
+type AlertUxLookup = ReturnType<typeof createAlertUXLookup>;
+type AlertUxLookupSettings = Parameters<AlertUxLookup>[0];
+type AlertUxLookupResult = ReturnType<AlertUxLookup>;
+type RuleActionUX = {
+    block: boolean;
+    display: boolean;
+};
+type SettingsType = (SocketSdkResultType<"postSettings"> & {
+    success: true;
+})["data"];
+declare function createAlertUXLookup(settings: SettingsType): (context: {
+    package: {
+        name: string;
+        version: string;
+    };
+    alert: {
+        type: string;
+    };
+}) => RuleActionUX;
+declare function uxLookup(settings: AlertUxLookupSettings): Promise<AlertUxLookupResult>;
+type CveAlertType = "cve" | "mediumCVE" | "mildCVE" | "criticalCVE";
+type ArtifactAlertCveFixable = Omit<SocketArtifactAlert, "props" | "title"> & {
+    type: CveAlertType;
+    props: {
+        firstPatchedVersionIdentifier: string;
+        vulnerableVersionRange: string;
+        [key: string]: any;
+    };
+};
+type ArtifactAlertFixable = ArtifactAlertCveFixable & {
+    type: CveAlertType | "socketUpgradeAvailable";
+};
+type SocketArtifactAlert = {
+    key: string;
+    type: string;
+    severity: string;
+    category: string;
+    action?: string;
+    actionPolicyIndex?: number;
+    file?: string;
+    props?: any;
+    start?: number;
+    end?: number;
+};
+type SocketArtifact = {
+    type: string;
+    name: string;
+    namespace?: string;
+    version?: string;
+    subpath?: string;
+    release?: string;
+    id?: string;
+    author?: string[];
+    license?: string;
+    licenseDetails?: {
+        spdxDisj: string;
+        provenance: string;
+        filepath: string;
+        match_strength: number;
+    }[];
+    licenseAttrib?: {
+        attribText: string;
+        attribData: {
+            purl: string;
+            foundInFilepath: string;
+            spdxExpr: string;
+            foundAuthors: string[];
+        }[];
+    }[];
+    score?: {
+        supplyChain: number;
+        quality: number;
+        maintenance: number;
+        vulnerability: number;
+        license: number;
+        overall: number;
+    };
+    alerts?: SocketArtifactAlert[];
+    size?: number;
+    batchIndex?: number;
+};
+declare function batchScan(pkgIds: string[], concurrencyLimit?: number): AsyncGenerator<SocketArtifact>;
+declare function isArtifactAlertCveFixable(alert: SocketArtifactAlert): alert is ArtifactAlertCveFixable;
+declare function isArtifactAlertUpgradeFixable(alert: SocketArtifactAlert): alert is ArtifactAlertFixable;
+declare function isArtifactAlertFixable(alert: SocketArtifactAlert): alert is ArtifactAlertFixable;
+type PackageDetail = {
+    node: SafeNode;
+    existing?: SafeNode | undefined;
+};
+type GetPackagesToQueryFromDiffOptions = {
+    includeUnchanged?: boolean;
+    includeUnknownOrigin?: boolean;
+};
+declare function getPackagesToQueryFromDiff(diff_: Diff | null, options?: GetPackagesToQueryFromDiffOptions): PackageDetail[];
+declare function findUp(name: string | string[], { cwd }: {
+    cwd: string;
+}): Promise<string | undefined>;
+type ReadFileOptions = ObjectEncodingOptions & Abortable & {
+    flag?: OpenMode | undefined;
+};
+declare function readFileBinary(filepath: PathLike | FileHandle, options?: ReadFileOptions): Promise<Buffer>;
+declare function readFileUtf8(filepath: PathLike | FileHandle, options?: ReadFileOptions): Promise<string>;
+declare function safeReadFile(...args: Parameters<typeof fs.readFile>): ReturnType<typeof fs.readFile> | undefined;
+declare function safeReadFileSync(...args: Parameters<typeof fsReadFileSync>): ReturnType<typeof fsReadFileSync> | undefined;
+declare const Arborist: ArboristClass;
+declare const kCtorArgs: unique symbol;
+declare const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES: {
+    __proto__: null;
+    audit: boolean;
+    dryRun: boolean;
+    fund: boolean;
+    ignoreScripts: boolean;
+    progress: boolean;
+    save: boolean;
+    saveBundle: boolean;
+    silent: boolean;
+};
+declare class SafeArborist extends Arborist {
+    constructor(...ctorArgs: ConstructorParameters<ArboristClass>);
+    [kRiskyReify](...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
+    // @ts-ignore Incorrectly typed.
+    reify(this: SafeArborist, ...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
+}
+export { SafeOverrideSet, depValid, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl, ColorOrMarkdown, createAlertUXLookup, uxLookup, CveAlertType, ArtifactAlertCveFixable, ArtifactAlertFixable, SocketArtifactAlert, SocketArtifact, batchScan, isArtifactAlertCveFixable, isArtifactAlertUpgradeFixable, isArtifactAlertFixable, PackageDetail, getPackagesToQueryFromDiff, findUp, ReadFileOptions, readFileBinary, readFileUtf8, safeReadFile, safeReadFileSync, Arborist, kCtorArgs, SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES, SafeArborist };