@socketsecurity/cli-with-sentry 0.14.44

package/dist/module-sync/npm-paths.js

@@ -0,0 +1,423 @@
+'use strict';
+
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c && k !== '__esModule') break
+  }
+  return c ? e.default : e
+}
+
+var fs = require('node:fs');
+var Module = require('node:module');
+var path = require('node:path');
+var process = require('node:process');
+var path$1 = require('@socketsecurity/registry/lib/path');
+var constants = require('./constants2.js');
+var ignore = _socketInterop(require('ignore'));
+var micromatch = _socketInterop(require('micromatch'));
+var tinyglobby = _socketInterop(require('tinyglobby'));
+var which = _socketInterop(require('which'));
+var colors = _socketInterop(require('yoctocolors-cjs'));
+var isUnicodeSupported = require('@socketregistry/is-unicode-supported/index.cjs');
+var spinner = require('@socketsecurity/registry/lib/spinner');
+
+let _logSymbols;
+function getLogSymbols() {
+  if (_logSymbols === undefined) {
+    _logSymbols = isUnicodeSupported() ? {
+      __proto__: null,
+      info: colors.blue('ℹ'),
+      success: colors.green('✔'),
+      warning: colors.yellow('⚠'),
+      error: colors.red('✖️')
+    } : {
+      __proto__: null,
+      info: colors.blue('i'),
+      success: colors.green('√'),
+      warning: colors.yellow('‼'),
+      error: colors.red('×')
+    };
+  }
+  return _logSymbols;
+}
+class Logger {
+  #spinnerLogger;
+  constructor() {
+    this.#spinnerLogger = new spinner.Spinner();
+  }
+  error(text) {
+    this.#spinnerLogger.error(text);
+  }
+  info(text) {
+    this.#spinnerLogger.info(text);
+  }
+  warn(text) {
+    this.#spinnerLogger.warning(text);
+  }
+}
+const logger = new Logger();
+
+function isDebug() {
+  // Lazily access constants.ENV.
+  return constants.constants.ENV.SOCKET_CLI_DEBUG;
+}
+function debugLog(...args) {
+  if (isDebug()) {
+    console.error(getLogSymbols().info, ...args);
+  }
+}
+
+const ignoredDirs = [
+// Taken from ignore-by-default:
+// https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
+'.git',
+// Git repository files, see <https://git-scm.com/>
+'.log',
+// Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>
+'.nyc_output',
+// Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>
+'.sass-cache',
+// Cache folder for node-sass, see <https://github.com/sass/node-sass>
+'.yarn',
+// Where node modules are installed when using Yarn, see <https://yarnpkg.com/>
+'bower_components',
+// Where Bower packages are installed, see <http://bower.io/>
+'coverage',
+// Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>
+'node_modules',
+// Where Node modules are installed, see <https://nodejs.org/>
+// Taken from globby:
+// https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16
+'flow-typed'];
+const ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`);
+function directoryPatterns() {
+  return [...ignoredDirPatterns];
+}
+
+const {
+  NODE_MODULES: NODE_MODULES$1,
+  NPM: NPM$1,
+  shadowBinPath
+} = constants.constants;
+async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
+  const patterns = ['golang', NPM$1, 'maven', 'pypi'].reduce((r, n) => {
+    const supported = supportedFiles[n];
+    r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
+    return r;
+  }, []);
+  return entries.filter(p => micromatch.some(p, patterns));
+}
+async function globWithGitIgnore(patterns, options) {
+  const {
+    cwd = process.cwd(),
+    socketConfig,
+    ...additionalOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
+  const ignoreFiles = await tinyglobby.glob(['**/.gitignore'], {
+    absolute: true,
+    cwd,
+    expandDirectories: true
+  });
+  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
+  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
+  const globOptions = {
+    absolute: true,
+    cwd,
+    expandDirectories: false,
+    ignore: hasNegatedPattern ? [] : ignores,
+    ...additionalOptions
+  };
+  const result = await tinyglobby.glob(patterns, globOptions);
+  if (!hasNegatedPattern) {
+    return result;
+  }
+  const {
+    absolute
+  } = globOptions;
+
+  // Note: the input files must be INSIDE the cwd. If you get strange looking
+  // relative path errors here, most likely your path is outside the given cwd.
+  const filtered = ignore().add(ignores).filter(absolute ? result.map(p => path.relative(cwd, p)) : result);
+  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered;
+}
+function ignoreFileLinesToGlobPatterns(lines, filepath, cwd) {
+  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\/g, '/');
+  const patterns = [];
+  for (let i = 0, {
+      length
+    } = lines; i < length; i += 1) {
+    const pattern = lines[i].trim();
+    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {
+      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${path.posix.join(base, pattern.slice(1))}` : path.posix.join(base, pattern)));
+    }
+  }
+  return patterns;
+}
+function ignoreFileToGlobPatterns(content, filepath, cwd) {
+  return ignoreFileLinesToGlobPatterns(content.split(/\r?\n/), filepath, cwd);
+}
+
+// Based on `@eslint/compat` convertIgnorePatternToMinimatch.
+// Apache v2.0 licensed
+// Copyright Nicholas C. Zakas
+// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28
+function ignorePatternToMinimatch(pattern) {
+  const isNegated = pattern.startsWith('!');
+  const negatedPrefix = isNegated ? '!' : '';
+  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd();
+  // Special cases.
+  if (patternToTest === '' || patternToTest === '**' || patternToTest === '/**' || patternToTest === '**') {
+    return `${negatedPrefix}${patternToTest}`;
+  }
+  const firstIndexOfSlash = patternToTest.indexOf('/');
+  const matchEverywherePrefix = firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1 ? '**/' : '';
+  const patternWithoutLeadingSlash = firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest;
+  // Escape `{` and `(` because in gitignore patterns they are just
+  // literal characters without any specific syntactic meaning,
+  // while in minimatch patterns they can form brace expansion or extglob syntax.
+  //
+  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.
+  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.
+  // Minimatch pattern `src/\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.
+  const escapedPatternWithoutLeadingSlash = patternWithoutLeadingSlash.replaceAll(/(?=((?:\\.|[^{(])*))\1([{(])/guy, '$1\\$2');
+  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : '';
+  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`;
+}
+function pathsToPatterns(paths) {
+  // TODO: Does not support `~/` paths.
+  return paths.map(p => p === '.' ? '**/*' : p);
+}
+function findBinPathDetailsSync(binName) {
+  let shadowIndex = -1;
+  const bins = which.sync(binName, {
+    all: true,
+    nothrow: true
+  }) ?? [];
+  let binPath;
+  for (let i = 0, {
+      length
+    } = bins; i < length; i += 1) {
+    const bin = fs.realpathSync.native(bins[i]);
+    // Skip our bin directory if it's in the front.
+    if (path.dirname(bin) === shadowBinPath) {
+      shadowIndex = i;
+    } else {
+      binPath = bin;
+      break;
+    }
+  }
+  return {
+    name: binName,
+    path: binPath,
+    shadowed: shadowIndex !== -1
+  };
+}
+function findNpmPathSync(npmBinPath) {
+  let thePath = npmBinPath;
+  while (true) {
+    const nmPath = path.join(thePath, NODE_MODULES$1);
+    if (
+    // npm bin paths may look like:
+    // /usr/local/share/npm/bin/npm
+    // /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm
+    // C:\Users\SomeUsername\AppData\Roaming\npm\bin\npm.cmd
+    // OR
+    // C:\Program Files\nodejs\npm.cmd
+    //
+    // In all cases the npm path contains a node_modules folder:
+    // /usr/local/share/npm/bin/npm/node_modules
+    // C:\Program Files\nodejs\node_modules
+    //
+    // Use existsSync here because statsSync, even with { throwIfNoEntry: false },
+    // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.
+    // See https://github.com/nodejs/node/issues/56993.
+    fs.existsSync(nmPath) && fs.statSync(nmPath, {
+      throwIfNoEntry: false
+    })?.isDirectory() && (
+    // Optimistically look for the default location.
+    path.basename(thePath) === NPM$1 ||
+    // Chocolatey installs npm bins in the same directory as node bins.
+    // Lazily access constants.WIN32.
+    constants.constants.WIN32 && fs.existsSync(path.join(thePath, `${NPM$1}.cmd`)))) {
+      return thePath;
+    }
+    const parent = path.dirname(thePath);
+    if (parent === thePath) {
+      return undefined;
+    }
+    thePath = parent;
+  }
+}
+async function getPackageFiles(cwd, inputPaths, config, supportedFiles) {
+  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
+  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
+    cwd,
+    socketConfig: config
+  });
+  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
+  const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
+  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
+  return packageFiles;
+}
+async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLog = () => {}) {
+  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
+  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
+    cwd
+  });
+  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
+  const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
+  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
+  return packageFiles;
+}
+
+const {
+  NODE_MODULES,
+  NPM,
+  NPX,
+  SOCKET_CLI_ISSUES_URL
+} = constants.constants;
+function exitWithBinPathError(binName) {
+  console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
+  // The exit code 127 indicates that the command or binary being executed
+  // could not be found.
+  process.exit(127);
+}
+let _npmBinPathDetails;
+function getNpmBinPathDetails() {
+  if (_npmBinPathDetails === undefined) {
+    _npmBinPathDetails = findBinPathDetailsSync(NPM);
+  }
+  return _npmBinPathDetails;
+}
+let _npxBinPathDetails;
+function getNpxBinPathDetails() {
+  if (_npxBinPathDetails === undefined) {
+    _npxBinPathDetails = findBinPathDetailsSync(NPX);
+  }
+  return _npxBinPathDetails;
+}
+let _npmBinPath;
+function getNpmBinPath() {
+  if (_npmBinPath === undefined) {
+    _npmBinPath = getNpmBinPathDetails().path;
+    if (!_npmBinPath) {
+      exitWithBinPathError(NPM);
+    }
+  }
+  return _npmBinPath;
+}
+function isNpmBinPathShadowed() {
+  return getNpmBinPathDetails().shadowed;
+}
+let _npxBinPath;
+function getNpxBinPath() {
+  if (_npxBinPath === undefined) {
+    _npxBinPath = getNpxBinPathDetails().path;
+    if (!_npxBinPath) {
+      exitWithBinPathError(NPX);
+    }
+  }
+  return _npxBinPath;
+}
+function isNpxBinPathShadowed() {
+  return getNpxBinPathDetails().shadowed;
+}
+let _npmPath;
+function getNpmPath() {
+  if (_npmPath === undefined) {
+    const npmBinPath = getNpmBinPath();
+    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined;
+    if (!_npmPath) {
+      let message = 'Unable to find npm CLI install directory.';
+      if (npmBinPath) {
+        message += `\nSearched parent directories of ${path.dirname(npmBinPath)}.`;
+      }
+      message += `\n\nThis is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
+      console.error(message);
+      // The exit code 127 indicates that the command or binary being executed
+      // could not be found.
+      process.exit(127);
+    }
+  }
+  return _npmPath;
+}
+let _npmRequire;
+function getNpmRequire() {
+  if (_npmRequire === undefined) {
+    const npmPath = getNpmPath();
+    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM);
+    _npmRequire = Module.createRequire(path.join(fs.existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>'));
+  }
+  return _npmRequire;
+}
+let _arboristPkgPath;
+function getArboristPackagePath() {
+  if (_arboristPkgPath === undefined) {
+    const pkgName = '@npmcli/arborist';
+    const mainPathWithForwardSlashes = path$1.normalizePath(getNpmRequire().resolve(pkgName));
+    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(0, mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length);
+    // Lazily access constants.WIN32.
+    _arboristPkgPath = constants.constants.WIN32 ? path.normalize(arboristPkgPathWithForwardSlashes) : arboristPkgPathWithForwardSlashes;
+  }
+  return _arboristPkgPath;
+}
+let _arboristClassPath;
+function getArboristClassPath() {
+  if (_arboristClassPath === undefined) {
+    _arboristClassPath = path.join(getArboristPackagePath(), 'lib/arborist/index.js');
+  }
+  return _arboristClassPath;
+}
+let _arboristDepValidPath;
+function getArboristDepValidPath() {
+  if (_arboristDepValidPath === undefined) {
+    _arboristDepValidPath = path.join(getArboristPackagePath(), 'lib/dep-valid.js');
+  }
+  return _arboristDepValidPath;
+}
+let _arboristEdgeClassPath;
+function getArboristEdgeClassPath() {
+  if (_arboristEdgeClassPath === undefined) {
+    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js');
+  }
+  return _arboristEdgeClassPath;
+}
+let _arboristNodeClassPath;
+function getArboristNodeClassPath() {
+  if (_arboristNodeClassPath === undefined) {
+    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js');
+  }
+  return _arboristNodeClassPath;
+}
+let _arboristOverrideSetClassPath;
+function getArboristOverrideSetClassPath() {
+  if (_arboristOverrideSetClassPath === undefined) {
+    _arboristOverrideSetClassPath = path.join(getArboristPackagePath(), 'lib/override-set.js');
+  }
+  return _arboristOverrideSetClassPath;
+}
+
+exports.debugLog = debugLog;
+exports.getArboristClassPath = getArboristClassPath;
+exports.getArboristDepValidPath = getArboristDepValidPath;
+exports.getArboristEdgeClassPath = getArboristEdgeClassPath;
+exports.getArboristNodeClassPath = getArboristNodeClassPath;
+exports.getArboristOverrideSetClassPath = getArboristOverrideSetClassPath;
+exports.getLogSymbols = getLogSymbols;
+exports.getNpmBinPath = getNpmBinPath;
+exports.getNpmRequire = getNpmRequire;
+exports.getNpxBinPath = getNpxBinPath;
+exports.getPackageFiles = getPackageFiles;
+exports.getPackageFilesFullScans = getPackageFilesFullScans;
+exports.isDebug = isDebug;
+exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
+exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
+exports.logger = logger;
+//# debugId=ff4e9bce-e186-418c-a87c-6ea63ce4776e
+//# sourceMappingURL=npm-paths.js.map

package/dist/module-sync/npm-paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-paths.js","sources":["../../src/utils/logging.ts","../../src/utils/debug.ts","../../src/utils/ignore-by-default.ts","../../src/utils/path-resolve.ts","../../src/shadow/npm-paths.ts"],"sourcesContent":["import colors from 'yoctocolors-cjs'\n\nimport isUnicodeSupported from '@socketregistry/is-unicode-supported/index.cjs'\nimport { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nexport type LogSymbols = {\n  info: string\n  success: string\n  warning: string\n  error: string\n}\n\nlet _logSymbols: LogSymbols | undefined\nexport function getLogSymbols() {\n  if (_logSymbols === undefined) {\n    _logSymbols = <LogSymbols>(isUnicodeSupported()\n      ? {\n          __proto__: null,\n          info: colors.blue('ℹ'),\n          success: colors.green('✔'),\n          warning: colors.yellow('⚠'),\n          error: colors.red('✖️')\n        }\n      : {\n          __proto__: null,\n          info: colors.blue('i'),\n          success: colors.green('√'),\n          warning: colors.yellow('‼'),\n          error: colors.red('×')\n        })\n  }\n  return _logSymbols\n}\n\nexport class Logger {\n  #spinnerLogger: ReturnType<typeof Spinner>\n  constructor() {\n    this.#spinnerLogger = new Spinner()\n  }\n\n  error(text: string) {\n    this.#spinnerLogger.error(text)\n  }\n\n  info(text: string) {\n    this.#spinnerLogger.info(text)\n  }\n\n  warn(text: string) {\n    this.#spinnerLogger.warning(text)\n  }\n}\n\nexport const logger = new Logger()\n","import { getLogSymbols } from './logging'\nimport constants from '../constants'\n\nexport function isDebug() {\n  // Lazily access constants.ENV.\n  return constants.ENV.SOCKET_CLI_DEBUG\n}\n\nexport function debugLog(...args: any[]) {\n  if (isDebug()) {\n    console.error(getLogSymbols().info, ...args)\n  }\n}\n","const ignoredDirs = [\n  // Taken from ignore-by-default:\n  // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js\n  '.git', // Git repository files, see <https://git-scm.com/>\n  '.log', // Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>\n  '.nyc_output', // Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>\n  '.sass-cache', // Cache folder for node-sass, see <https://github.com/sass/node-sass>\n  '.yarn', // Where node modules are installed when using Yarn, see <https://yarnpkg.com/>\n  'bower_components', // Where Bower packages are installed, see <http://bower.io/>\n  'coverage', // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>\n  'node_modules', // Where Node modules are installed, see <https://nodejs.org/>\n  // Taken from globby:\n  // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16\n  'flow-typed'\n] as const\n\nconst ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`)\n\nexport function directoryPatterns() {\n  return [...ignoredDirPatterns]\n}\n","import { existsSync, promises as fs, realpathSync, statSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport ignore from 'ignore'\nimport micromatch from 'micromatch'\nimport { glob as tinyGlob } from 'tinyglobby'\nimport which from 'which'\n\nimport { debugLog } from './debug'\nimport { directoryPatterns } from './ignore-by-default'\nimport constants from '../constants'\n\nimport type { SocketYml } from '@socketsecurity/config'\nimport type { SocketSdkReturnType } from '@socketsecurity/sdk'\nimport type { GlobOptions } from 'tinyglobby'\n\ntype GlobWithGitIgnoreOptions = GlobOptions & {\n  socketConfig?: SocketYml | undefined\n}\n\nconst { NODE_MODULES, NPM, shadowBinPath } = constants\n\nasync function filterGlobResultToSupportedFiles(\n  entries: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  const patterns = ['golang', NPM, 'maven', 'pypi'].reduce(\n    (r: string[], n: string) => {\n      const supported = supportedFiles[n]\n      r.push(\n        ...(supported\n          ? Object.values(supported).map(p => `**/${p.pattern}`)\n          : [])\n      )\n      return r\n    },\n    []\n  )\n  return entries.filter(p => micromatch.some(p, patterns))\n}\n\nasync function globWithGitIgnore(\n  patterns: string[],\n  options: GlobWithGitIgnoreOptions\n) {\n  const {\n    cwd = process.cwd(),\n    socketConfig,\n    ...additionalOptions\n  } = <GlobWithGitIgnoreOptions>{ __proto__: null, ...options }\n  const projectIgnorePaths = socketConfig?.projectIgnorePaths\n  const ignoreFiles = await tinyGlob(['**/.gitignore'], {\n    absolute: true,\n    cwd,\n    expandDirectories: true\n  })\n  const ignores = [\n    ...directoryPatterns(),\n    ...(Array.isArray(projectIgnorePaths)\n      ? ignoreFileLinesToGlobPatterns(\n          projectIgnorePaths,\n          path.join(cwd, '.gitignore'),\n          cwd\n        )\n      : []),\n    ...(\n      await Promise.all(\n        ignoreFiles.map(async filepath =>\n          ignoreFileToGlobPatterns(\n            await fs.readFile(filepath, 'utf8'),\n            filepath,\n            cwd\n          )\n        )\n      )\n    ).flat()\n  ]\n  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/)\n  const globOptions = {\n    absolute: true,\n    cwd,\n    expandDirectories: false,\n    ignore: hasNegatedPattern ? [] : ignores,\n    ...additionalOptions\n  }\n  const result = await tinyGlob(patterns, globOptions)\n  if (!hasNegatedPattern) {\n    return result\n  }\n  const { absolute } = globOptions\n\n  // Note: the input files must be INSIDE the cwd. If you get strange looking\n  // relative path errors here, most likely your path is outside the given cwd.\n  const filtered = ignore()\n    .add(ignores)\n    .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)\n  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered\n}\n\nfunction ignoreFileLinesToGlobPatterns(\n  lines: string[],\n  filepath: string,\n  cwd: string\n): string[] {\n  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\\\/g, '/')\n  const patterns = []\n  for (let i = 0, { length } = lines; i < length; i += 1) {\n    const pattern = lines[i]!.trim()\n    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {\n      patterns.push(\n        ignorePatternToMinimatch(\n          pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/\n            ? `!${path.posix.join(base, pattern.slice(1))}`\n            : path.posix.join(base, pattern)\n        )\n      )\n    }\n  }\n  return patterns\n}\n\nfunction ignoreFileToGlobPatterns(\n  content: string,\n  filepath: string,\n  cwd: string\n): string[] {\n  return ignoreFileLinesToGlobPatterns(content.split(/\\r?\\n/), filepath, cwd)\n}\n\n// Based on `@eslint/compat` convertIgnorePatternToMinimatch.\n// Apache v2.0 licensed\n// Copyright Nicholas C. Zakas\n// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28\nfunction ignorePatternToMinimatch(pattern: string): string {\n  const isNegated = pattern.startsWith('!')\n  const negatedPrefix = isNegated ? '!' : ''\n  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd()\n  // Special cases.\n  if (\n    patternToTest === '' ||\n    patternToTest === '**' ||\n    patternToTest === '/**' ||\n    patternToTest === '**'\n  ) {\n    return `${negatedPrefix}${patternToTest}`\n  }\n  const firstIndexOfSlash = patternToTest.indexOf('/')\n  const matchEverywherePrefix =\n    firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1\n      ? '**/'\n      : ''\n  const patternWithoutLeadingSlash =\n    firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest\n  // Escape `{` and `(` because in gitignore patterns they are just\n  // literal characters without any specific syntactic meaning,\n  // while in minimatch patterns they can form brace expansion or extglob syntax.\n  //\n  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.\n  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.\n  // Minimatch pattern `src/\\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.\n  const escapedPatternWithoutLeadingSlash =\n    patternWithoutLeadingSlash.replaceAll(\n      /(?=((?:\\\\.|[^{(])*))\\1([{(])/guy,\n      '$1\\\\$2'\n    )\n  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : ''\n  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`\n}\n\nfunction pathsToPatterns(paths: string[]): string[] {\n  // TODO: Does not support `~/` paths.\n  return paths.map(p => (p === '.' ? '**/*' : p))\n}\n\nexport function findBinPathDetailsSync(binName: string): {\n  name: string\n  path: string | undefined\n  shadowed: boolean\n} {\n  let shadowIndex = -1\n  const bins =\n    which.sync(binName, {\n      all: true,\n      nothrow: true\n    }) ?? []\n  let binPath: string | undefined\n  for (let i = 0, { length } = bins; i < length; i += 1) {\n    const bin = realpathSync.native(bins[i]!)\n    // Skip our bin directory if it's in the front.\n    if (path.dirname(bin) === shadowBinPath) {\n      shadowIndex = i\n    } else {\n      binPath = bin\n      break\n    }\n  }\n  return { name: binName, path: binPath, shadowed: shadowIndex !== -1 }\n}\n\nexport function findNpmPathSync(npmBinPath: string): string | undefined {\n  let thePath = npmBinPath\n  while (true) {\n    const nmPath = path.join(thePath, NODE_MODULES)\n    if (\n      // npm bin paths may look like:\n      // /usr/local/share/npm/bin/npm\n      // /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm\n      // C:\\Users\\SomeUsername\\AppData\\Roaming\\npm\\bin\\npm.cmd\n      // OR\n      // C:\\Program Files\\nodejs\\npm.cmd\n      //\n      // In all cases the npm path contains a node_modules folder:\n      // /usr/local/share/npm/bin/npm/node_modules\n      // C:\\Program Files\\nodejs\\node_modules\n      //\n      // Use existsSync here because statsSync, even with { throwIfNoEntry: false },\n      // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.\n      // See https://github.com/nodejs/node/issues/56993.\n      existsSync(nmPath) &&\n      statSync(nmPath, { throwIfNoEntry: false })?.isDirectory() &&\n      // Optimistically look for the default location.\n      (path.basename(thePath) === NPM ||\n        // Chocolatey installs npm bins in the same directory as node bins.\n        // Lazily access constants.WIN32.\n        (constants.WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))\n    ) {\n      return thePath\n    }\n    const parent = path.dirname(thePath)\n    if (parent === thePath) {\n      return undefined\n    }\n    thePath = parent\n  }\n}\n\nexport async function getPackageFiles(\n  cwd: string,\n  inputPaths: string[],\n  config: SocketYml | undefined,\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd,\n    socketConfig: config\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n\nexport async function getPackageFilesFullScans(\n  cwd: string,\n  inputPaths: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],\n  debugLog: typeof console.error = () => {}\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n","import { existsSync } from 'node:fs'\nimport Module from 'node:module'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../constants'\nimport { findBinPathDetailsSync, findNpmPathSync } from '../utils/path-resolve'\n\nconst { NODE_MODULES, NPM, NPX, SOCKET_CLI_ISSUES_URL } = constants\n\nfunction exitWithBinPathError(binName: string): never {\n  console.error(\n    `Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`\n  )\n  // The exit code 127 indicates that the command or binary being executed\n  // could not be found.\n  process.exit(127)\n}\n\nlet _npmBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpmBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npmBinPathDetails === undefined) {\n    _npmBinPathDetails = findBinPathDetailsSync(NPM)\n  }\n  return _npmBinPathDetails\n}\n\nlet _npxBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpxBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npxBinPathDetails === undefined) {\n    _npxBinPathDetails = findBinPathDetailsSync(NPX)\n  }\n  return _npxBinPathDetails\n}\n\nlet _npmBinPath: string | undefined\nexport function getNpmBinPath(): string {\n  if (_npmBinPath === undefined) {\n    _npmBinPath = getNpmBinPathDetails().path\n    if (!_npmBinPath) {\n      exitWithBinPathError(NPM)\n    }\n  }\n  return _npmBinPath\n}\n\nexport function isNpmBinPathShadowed() {\n  return getNpmBinPathDetails().shadowed\n}\n\nlet _npxBinPath: string | undefined\nexport function getNpxBinPath(): string {\n  if (_npxBinPath === undefined) {\n    _npxBinPath = getNpxBinPathDetails().path\n    if (!_npxBinPath) {\n      exitWithBinPathError(NPX)\n    }\n  }\n  return _npxBinPath\n}\n\nexport function isNpxBinPathShadowed() {\n  return getNpxBinPathDetails().shadowed\n}\n\nlet _npmPath: string | undefined\nexport function getNpmPath() {\n  if (_npmPath === undefined) {\n    const npmBinPath = getNpmBinPath()\n    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined\n    if (!_npmPath) {\n      let message = 'Unable to find npm CLI install directory.'\n      if (npmBinPath) {\n        message += `\\nSearched parent directories of ${path.dirname(npmBinPath)}.`\n      }\n      message += `\\n\\nThis is may be a bug with socket-npm related to changes to the npm CLI.\\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`\n      console.error(message)\n      // The exit code 127 indicates that the command or binary being executed\n      // could not be found.\n      process.exit(127)\n    }\n  }\n  return _npmPath\n}\n\nlet _npmRequire: NodeJS.Require | undefined\nexport function getNpmRequire(): NodeJS.Require {\n  if (_npmRequire === undefined) {\n    const npmPath = getNpmPath()\n    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM)\n    _npmRequire = Module.createRequire(\n      path.join(existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>')\n    )\n  }\n  return _npmRequire\n}\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName)\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js'\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js'\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js'\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n"],"names":["_logSymbols","__proto__","info","success","warning","error","constructor","shadowBinPath","cwd","absolute","expandDirectories","ignore","length","all","nothrow","shadowIndex","binPath","name","path","existsSync","throwIfNoEntry","constants","thePath","socketConfig","debugLog","SOCKET_CLI_ISSUES_URL","console","process","_npmBinPathDetails","_npxBinPathDetails","_npmBinPath","_npxBinPath","_arboristPkgPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAYA;AACO;;AAEHA;AAEMC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEJ;AACAC;AACAC;AACAC;AACAC;;AAER;AACA;AACF;AAEO;AACL;AACAC;AACE;AACF;;AAGE;AACF;;AAGE;AACF;;AAGE;AACF;AACF;;;AChDO;AACL;AACA;AACF;AAEO;;;AAGL;AACF;;ACZA;AACE;AACA;AACA;AAAQ;AACR;AAAQ;AACR;AAAe;AACf;AAAe;AACf;AAAS;AACT;AAAoB;AACpB;AAAY;AACZ;AAAgB;AAChB;AACA;AACA;AAGF;AAEO;;AAEP;;ACCA;;;AAA2BC;AAAc;AAEzC;AAIE;AAEI;;AAMA;;AAIJ;AACF;AAEA;;AAKIC;;;AAGF;AAAgCP;;;AAChC;;AAEEQ;;AAEAC;AACF;AACA;AAqBA;AACA;AACED;;AAEAC;AACAC;;;;;AAKA;AACF;;AACQF;AAAS;;AAEjB;AACA;AACA;AAGA;AACF;AAEA;;;AAOE;AAAkBG;;;AAEhB;;AAQA;AACF;AACA;AACF;AAEA;AAKE;AACF;;AAEA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AAME;AACF;AACA;AACA;AAIA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;;;AAQF;AAEA;AACE;AACA;AACF;AAEO;;AAML;AAEIC;AACAC;;AAEJ;AACA;AAAkBF;;;AAEhB;;AAEEG;AACF;AACEC;AACA;AACF;AACF;;AACSC;AAAeC;;;AAC1B;AAEO;;AAEL;;AAEE;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACAC;AACmBC;AAAsB;AACzC;AACCF;AACC;AACA;AACCG;AAEH;AACF;AACA;;AAEE;AACF;AACAC;AACF;AACF;AAEO;;;;AAUHC;AACF;AAEAC;;AAUAA;AAKA;AACF;AAEO;;;AASHhB;AACF;AAEAgB;;AAUAA;AAKA;AACF;;AC9RA;;;;AAAgCC;AAAsB;AAEtD;AACEC;AAGA;AACA;AACAC;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEH;;;;AAIE;;AAEA;;AAEAL;AACA;AACA;AACAC;AACF;AACF;AACA;AACF;AAEA;AACO;;AAEH;;;AAKF;AACA;AACF;AAEA;AACO;;;AAGH;AAGA;AAIA;AACAK;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;;;;;;;;;;;;;;;;","debugId":"ff4e9bce-e186-418c-a87c-6ea63ce4776e"}

package/dist/module-sync/npm.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="npmcli__promise-spawn" />
+/// <reference types="node" />
+import spawn from '@npmcli/promise-spawn';
+declare function isAuditFlag(cmdArg: string): boolean;
+declare function isFundFlag(cmdArg: string): boolean;
+declare function isLoglevelFlag(cmdArg: string): boolean;
+declare function isProgressFlag(cmdArg: string): boolean;
+type SpawnOption = Exclude<Parameters<typeof spawn>[2], undefined>;
+type SafeNpmInstallOptions = SpawnOption & {
+    args?: string[];
+    ipc?: object;
+};
+declare function safeNpmInstall(opts?: SafeNpmInstallOptions): Promise<{
+    cmd: string;
+    args: string[];
+    code: number;
+    signal: NodeJS.Signals | null;
+    stdout: string;
+    stderr: string;
+} & Record<any, any>> & {
+    process: import("child_process").ChildProcess;
+    stdio: [import("stream").Writable | null, import("stream").Readable | null, import("stream").Readable | null, import("stream").Writable | import("stream").Readable | null | undefined, import("stream").Writable | import("stream").Readable | null | undefined];
+};
+export { isAuditFlag, isFundFlag, isLoglevelFlag, isProgressFlag, safeNpmInstall };

package/dist/module-sync/npm.js

@@ -0,0 +1,99 @@
+'use strict';
+
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c && k !== '__esModule') break
+  }
+  return c ? e.default : e
+}
+
+var process = require('node:process');
+var spawn = _socketInterop(require('@npmcli/promise-spawn'));
+var objects = require('@socketsecurity/registry/lib/objects');
+var npmPaths = require('./npm-paths.js');
+var constants = require('./constants2.js');
+
+const {
+  SOCKET_IPC_HANDSHAKE,
+  abortSignal
+} = constants.constants;
+const auditFlags = new Set(['--audit', '--no-audit']);
+const fundFlags = new Set(['--fund', '--no-fund']);
+
+// https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
+const logFlags = new Set(['--loglevel', '-d', '--dd', '--ddd', '-q', '--quiet', '-s', '--silent']);
+const progressFlags = new Set(['--progress', '--no-progress']);
+function isAuditFlag(cmdArg) {
+  return auditFlags.has(cmdArg);
+}
+function isFundFlag(cmdArg) {
+  return fundFlags.has(cmdArg);
+}
+function isLoglevelFlag(cmdArg) {
+  // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels
+  return cmdArg.startsWith('--loglevel=') || logFlags.has(cmdArg);
+}
+function isProgressFlag(cmdArg) {
+  return progressFlags.has(cmdArg);
+}
+function safeNpmInstall(opts) {
+  const {
+    args = [],
+    ipc,
+    ...spawnOptions
+  } = {
+    __proto__: null,
+    ...opts
+  };
+  const terminatorPos = args.indexOf('--');
+  const npmArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !isAuditFlag(a) && !isFundFlag(a) && !isProgressFlag(a));
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
+  const useIpc = objects.isObject(ipc);
+  const useDebug = npmPaths.isDebug();
+  const spawnPromise = spawn(
+  // Lazily access constants.execPath.
+  constants.constants.execPath, [
+  // Lazily access constants.nodeNoWarningsFlags.
+  ...constants.constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.npmInjectionPath.
+  constants.constants.npmInjectionPath, npmPaths.getNpmBinPath(), 'install',
+  // Even though the '--silent' flag is passed npm will still run through
+  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+  // flags are passed.
+  '--no-audit', '--no-fund',
+  // Add `--no-progress` and `--silent` flags to fix input being swallowed
+  // by the spinner when running the command with recent versions of npm.
+  '--no-progress',
+  // Add the '--silent' flag if a loglevel flag is not provided and the
+  // SOCKET_CLI_DEBUG environment variable is not truthy.
+  ...(useDebug || npmArgs.some(isLoglevelFlag) ? [] : ['--silent']), ...npmArgs, ...otherArgs], {
+    signal: abortSignal,
+    // Set stdio to include 'ipc'.
+    // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
+    // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
+    stdio: useDebug ?
+    // 'inherit'
+    useIpc ? [0, 1, 2, 'ipc'] : 'inherit' :
+    // 'ignore'
+    useIpc ? ['ignore', 'ignore', 'ignore', 'ipc'] : 'ignore',
+    ...spawnOptions,
+    env: {
+      ...process.env,
+      ...spawnOptions.env
+    }
+  });
+  if (useIpc) {
+    spawnPromise.process.send({
+      [SOCKET_IPC_HANDSHAKE]: ipc
+    });
+  }
+  return spawnPromise;
+}
+
+exports.isLoglevelFlag = isLoglevelFlag;
+exports.isProgressFlag = isProgressFlag;
+exports.safeNpmInstall = safeNpmInstall;
+//# debugId=fcfc8894-7d11-47dd-a73e-8b7ff358443
+//# sourceMappingURL=npm.js.map

package/dist/module-sync/npm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm.js","sources":["../../src/utils/npm.ts"],"sourcesContent":["import process from 'node:process'\n\nimport spawn from '@npmcli/promise-spawn'\n\nimport { isObject } from '@socketsecurity/registry/lib/objects'\n\nimport { isDebug } from './debug'\nimport constants from '../constants'\nimport { getNpmBinPath } from '../shadow/npm-paths'\n\nconst { SOCKET_IPC_HANDSHAKE, abortSignal } = constants\n\nconst auditFlags = new Set(['--audit', '--no-audit'])\n\nconst fundFlags = new Set(['--fund', '--no-fund'])\n\n// https://docs.npmjs.com/cli/v11/using-npm/logging#aliases\nconst logFlags = new Set([\n  '--loglevel',\n  '-d',\n  '--dd',\n  '--ddd',\n  '-q',\n  '--quiet',\n  '-s',\n  '--silent'\n])\n\nconst progressFlags = new Set(['--progress', '--no-progress'])\n\nexport function isAuditFlag(cmdArg: string) {\n  return auditFlags.has(cmdArg)\n}\n\nexport function isFundFlag(cmdArg: string) {\n  return fundFlags.has(cmdArg)\n}\n\nexport function isLoglevelFlag(cmdArg: string) {\n  // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels\n  return cmdArg.startsWith('--loglevel=') || logFlags.has(cmdArg)\n}\n\nexport function isProgressFlag(cmdArg: string) {\n  return progressFlags.has(cmdArg)\n}\n\ntype SpawnOption = Exclude<Parameters<typeof spawn>[2], undefined>\n\ntype SafeNpmInstallOptions = SpawnOption & {\n  args?: string[]\n  ipc?: object\n}\n\nexport function safeNpmInstall(opts?: SafeNpmInstallOptions) {\n  const { args = [], ipc, ...spawnOptions } = { __proto__: null, ...opts }\n  const terminatorPos = args.indexOf('--')\n  const npmArgs = (\n    terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  ).filter(a => !isAuditFlag(a) && !isFundFlag(a) && !isProgressFlag(a))\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const useIpc = isObject(ipc)\n  const useDebug = isDebug()\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      '--require',\n      // Lazily access constants.npmInjectionPath.\n      constants.npmInjectionPath,\n      getNpmBinPath(),\n      'install',\n      // Even though the '--silent' flag is passed npm will still run through\n      // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'\n      // flags are passed.\n      '--no-audit',\n      '--no-fund',\n      // Add `--no-progress` and `--silent` flags to fix input being swallowed\n      // by the spinner when running the command with recent versions of npm.\n      '--no-progress',\n      // Add the '--silent' flag if a loglevel flag is not provided and the\n      // SOCKET_CLI_DEBUG environment variable is not truthy.\n      ...(useDebug || npmArgs.some(isLoglevelFlag) ? [] : ['--silent']),\n      ...npmArgs,\n      ...otherArgs\n    ],\n    {\n      signal: abortSignal,\n      // Set stdio to include 'ipc'.\n      // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166\n      // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.\n      stdio: useDebug\n        ? // 'inherit'\n          useIpc\n          ? [0, 1, 2, 'ipc']\n          : 'inherit'\n        : // 'ignore'\n          useIpc\n          ? ['ignore', 'ignore', 'ignore', 'ipc']\n          : 'ignore',\n      ...spawnOptions,\n      env: {\n        ...process.env,\n        ...spawnOptions.env\n      }\n    }\n  )\n  if (useIpc) {\n    spawnPromise.process.send({ [SOCKET_IPC_HANDSHAKE]: ipc })\n  }\n  return spawnPromise\n}\n"],"names":["abortSignal","args","__proto__","constants","signal","stdio","env","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;AAUA;;AAA8BA;AAAY;AAE1C;AAEA;;AAEA;AACA;AAWA;AAEO;AACL;AACF;AAEO;AACL;AACF;AAEO;AACL;AACA;AACF;AAEO;AACL;AACF;AASO;;AACGC;;;AAAgC;AAAMC;;;AAC9C;AACA;AAGA;AACA;AACA;;AAEE;;AAGE;AACA;AAEA;AACAC;AAGA;AACA;AACA;AACA;AAEA;AACA;;AAEA;AACA;;AAMAC;AACA;AACA;AACA;AACAC;AACI;;AAIA;;AAIJ;AACAC;;AAEE;AACF;AACF;AAEF;AACEC;AAA4B;AAA4B;AAC1D;AACA;AACF;;;;","debugId":"fcfc8894-7d11-47dd-a73e-8b7ff358443"}

package/dist/module-sync/path-resolve.d.ts

@@ -0,0 +1,12 @@
+/// <reference types="node" />
+import { SocketYml } from '@socketsecurity/config';
+import { SocketSdkReturnType } from '@socketsecurity/sdk';
+declare function findBinPathDetailsSync(binName: string): {
+    name: string;
+    path: string | undefined;
+    shadowed: boolean;
+};
+declare function findNpmPathSync(npmBinPath: string): string | undefined;
+declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
+declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
+export { findBinPathDetailsSync, findNpmPathSync, getPackageFiles, getPackageFilesFullScans };

package/dist/module-sync/proc-log.d.ts

@@ -0,0 +1,3 @@
+type Logger = typeof import("npmlog") | typeof import("proc-log") | undefined;
+declare function getLogger(): Logger;
+export { Logger, getLogger };