@socketsecurity/cli-with-sentry 0.14.55 → 0.14.56

package/dist/module-sync/npm-paths.js

@@ -207,7 +207,7 @@ function findNpmPathSync(npmBinPath) {
     thePath = parent;
   }
 }
-async function getPackageFiles(cwd, inputPaths, config, supportedFiles) {
+async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, config) {
   debug.debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
   const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
     cwd,
@@ -218,16 +218,6 @@ async function getPackageFiles(cwd, inputPaths, config, supportedFiles) {
   debug.debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
   return packageFiles;
 }
-async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles) {
-  debug.debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
-  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
-    cwd
-  });
-  debug.debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
-  const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
-  debug.debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
-  return packageFiles;
-}
 
 const {
   NODE_MODULES,
@@ -364,9 +354,8 @@ exports.getArboristOverrideSetClassPath = getArboristOverrideSetClassPath;
 exports.getNpmBinPath = getNpmBinPath;
 exports.getNpmRequire = getNpmRequire;
 exports.getNpxBinPath = getNpxBinPath;
-exports.getPackageFiles = getPackageFiles;
 exports.getPackageFilesFullScans = getPackageFilesFullScans;
 exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
 exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
-//# debugId=3649b298-1928-4606-9d26-a0de08bd5fbc
+//# debugId=52f9f44d-70fa-45ae-bb19-c8af5a810f7b
 //# sourceMappingURL=npm-paths.js.map

package/dist/module-sync/npm-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"npm-paths.js","sources":["../../src/utils/ignore-by-default.ts","../../src/utils/path-resolve.ts","../../src/shadow/npm-paths.ts"],"sourcesContent":["const ignoredDirs = [\n  // Taken from ignore-by-default:\n  // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js\n  '.git', // Git repository files, see <https://git-scm.com/>\n  '.log', // Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>\n  '.nyc_output', // Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>\n  '.sass-cache', // Cache folder for node-sass, see <https://github.com/sass/node-sass>\n  '.yarn', // Where node modules are installed when using Yarn, see <https://yarnpkg.com/>\n  'bower_components', // Where Bower packages are installed, see <http://bower.io/>\n  'coverage', // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>\n  'node_modules', // Where Node modules are installed, see <https://nodejs.org/>\n  // Taken from globby:\n  // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16\n  'flow-typed'\n] as const\n\nconst ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`)\n\nexport function directoryPatterns() {\n  return [...ignoredDirPatterns]\n}\n","import { existsSync, promises as fs, realpathSync, statSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport ignore from 'ignore'\nimport micromatch from 'micromatch'\nimport { glob as tinyGlob } from 'tinyglobby'\nimport which from 'which'\n\nimport { debugLog } from '@socketsecurity/registry/lib/debug'\n\nimport { directoryPatterns } from './ignore-by-default'\nimport constants from '../constants'\n\nimport type { SocketYml } from '@socketsecurity/config'\nimport type { SocketSdkReturnType } from '@socketsecurity/sdk'\nimport type { GlobOptions } from 'tinyglobby'\n\ntype GlobWithGitIgnoreOptions = GlobOptions & {\n  socketConfig?: SocketYml | undefined\n}\n\nconst { NODE_MODULES, NPM, shadowBinPath } = constants\n\nasync function filterGlobResultToSupportedFiles(\n  entries: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  const patterns = ['golang', NPM, 'maven', 'pypi'].reduce(\n    (r: string[], n: string) => {\n      const supported = supportedFiles[n]\n      r.push(\n        ...(supported\n          ? Object.values(supported).map(p => `**/${p.pattern}`)\n          : [])\n      )\n      return r\n    },\n    []\n  )\n  return entries.filter(p => micromatch.some(p, patterns))\n}\n\nasync function globWithGitIgnore(\n  patterns: string[],\n  options: GlobWithGitIgnoreOptions\n) {\n  const {\n    cwd = process.cwd(),\n    socketConfig,\n    ...additionalOptions\n  } = <GlobWithGitIgnoreOptions>{ __proto__: null, ...options }\n  const projectIgnorePaths = socketConfig?.projectIgnorePaths\n  const ignoreFiles = await tinyGlob(['**/.gitignore'], {\n    absolute: true,\n    cwd,\n    expandDirectories: true\n  })\n  const ignores = [\n    ...directoryPatterns(),\n    ...(Array.isArray(projectIgnorePaths)\n      ? ignoreFileLinesToGlobPatterns(\n          projectIgnorePaths,\n          path.join(cwd, '.gitignore'),\n          cwd\n        )\n      : []),\n    ...(\n      await Promise.all(\n        ignoreFiles.map(async filepath =>\n          ignoreFileToGlobPatterns(\n            await fs.readFile(filepath, 'utf8'),\n            filepath,\n            cwd\n          )\n        )\n      )\n    ).flat()\n  ]\n  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/)\n  const globOptions = {\n    absolute: true,\n    cwd,\n    expandDirectories: false,\n    ignore: hasNegatedPattern ? [] : ignores,\n    ...additionalOptions\n  }\n  const result = await tinyGlob(patterns, globOptions)\n  if (!hasNegatedPattern) {\n    return result\n  }\n  const { absolute } = globOptions\n\n  // Note: the input files must be INSIDE the cwd. If you get strange looking\n  // relative path errors here, most likely your path is outside the given cwd.\n  const filtered = ignore()\n    .add(ignores)\n    .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)\n  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered\n}\n\nfunction ignoreFileLinesToGlobPatterns(\n  lines: string[],\n  filepath: string,\n  cwd: string\n): string[] {\n  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\\\/g, '/')\n  const patterns = []\n  for (let i = 0, { length } = lines; i < length; i += 1) {\n    const pattern = lines[i]!.trim()\n    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {\n      patterns.push(\n        ignorePatternToMinimatch(\n          pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/\n            ? `!${path.posix.join(base, pattern.slice(1))}`\n            : path.posix.join(base, pattern)\n        )\n      )\n    }\n  }\n  return patterns\n}\n\nfunction ignoreFileToGlobPatterns(\n  content: string,\n  filepath: string,\n  cwd: string\n): string[] {\n  return ignoreFileLinesToGlobPatterns(content.split(/\\r?\\n/), filepath, cwd)\n}\n\n// Based on `@eslint/compat` convertIgnorePatternToMinimatch.\n// Apache v2.0 licensed\n// Copyright Nicholas C. Zakas\n// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28\nfunction ignorePatternToMinimatch(pattern: string): string {\n  const isNegated = pattern.startsWith('!')\n  const negatedPrefix = isNegated ? '!' : ''\n  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd()\n  // Special cases.\n  if (\n    patternToTest === '' ||\n    patternToTest === '**' ||\n    patternToTest === '/**' ||\n    patternToTest === '**'\n  ) {\n    return `${negatedPrefix}${patternToTest}`\n  }\n  const firstIndexOfSlash = patternToTest.indexOf('/')\n  const matchEverywherePrefix =\n    firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1\n      ? '**/'\n      : ''\n  const patternWithoutLeadingSlash =\n    firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest\n  // Escape `{` and `(` because in gitignore patterns they are just\n  // literal characters without any specific syntactic meaning,\n  // while in minimatch patterns they can form brace expansion or extglob syntax.\n  //\n  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.\n  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.\n  // Minimatch pattern `src/\\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.\n  const escapedPatternWithoutLeadingSlash =\n    patternWithoutLeadingSlash.replaceAll(\n      /(?=((?:\\\\.|[^{(])*))\\1([{(])/guy,\n      '$1\\\\$2'\n    )\n  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : ''\n  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`\n}\n\nfunction pathsToPatterns(paths: string[] | readonly string[]): string[] {\n  // TODO: Does not support `~/` paths.\n  return paths.map(p => (p === '.' ? '**/*' : p))\n}\n\nexport function findBinPathDetailsSync(binName: string): {\n  name: string\n  path: string | undefined\n  shadowed: boolean\n} {\n  let shadowIndex = -1\n  const bins =\n    which.sync(binName, {\n      all: true,\n      nothrow: true\n    }) ?? []\n  let binPath: string | undefined\n  for (let i = 0, { length } = bins; i < length; i += 1) {\n    const bin = realpathSync.native(bins[i]!)\n    // Skip our bin directory if it's in the front.\n    if (path.dirname(bin) === shadowBinPath) {\n      shadowIndex = i\n    } else {\n      binPath = bin\n      break\n    }\n  }\n  return { name: binName, path: binPath, shadowed: shadowIndex !== -1 }\n}\n\nexport function findNpmPathSync(npmBinPath: string): string | undefined {\n  let thePath = npmBinPath\n  while (true) {\n    const nmPath = path.join(thePath, NODE_MODULES)\n    if (\n      // npm bin paths may look like:\n      // /usr/local/share/npm/bin/npm\n      // /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm\n      // C:\\Users\\SomeUsername\\AppData\\Roaming\\npm\\bin\\npm.cmd\n      // OR\n      // C:\\Program Files\\nodejs\\npm.cmd\n      //\n      // In all cases the npm path contains a node_modules folder:\n      // /usr/local/share/npm/bin/npm/node_modules\n      // C:\\Program Files\\nodejs\\node_modules\n      //\n      // Use existsSync here because statsSync, even with { throwIfNoEntry: false },\n      // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.\n      // See https://github.com/nodejs/node/issues/56993.\n      existsSync(nmPath) &&\n      statSync(nmPath, { throwIfNoEntry: false })?.isDirectory() &&\n      // Optimistically look for the default location.\n      (path.basename(thePath) === NPM ||\n        // Chocolatey installs npm bins in the same directory as node bins.\n        // Lazily access constants.WIN32.\n        (constants.WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))\n    ) {\n      return thePath\n    }\n    const parent = path.dirname(thePath)\n    if (parent === thePath) {\n      return undefined\n    }\n    thePath = parent\n  }\n}\n\nexport async function getPackageFiles(\n  cwd: string,\n  inputPaths: string[],\n  config: SocketYml | undefined,\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd,\n    socketConfig: config\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n\nexport async function getPackageFilesFullScans(\n  cwd: string,\n  inputPaths: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n","import { existsSync } from 'node:fs'\nimport Module from 'node:module'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../constants'\nimport { findBinPathDetailsSync, findNpmPathSync } from '../utils/path-resolve'\n\nconst { NODE_MODULES, NPM, NPX, SOCKET_CLI_ISSUES_URL } = constants\n\nfunction exitWithBinPathError(binName: string): never {\n  logger.error(\n    `Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`\n  )\n  // The exit code 127 indicates that the command or binary being executed\n  // could not be found.\n  process.exit(127)\n}\n\nlet _npmBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpmBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npmBinPathDetails === undefined) {\n    _npmBinPathDetails = findBinPathDetailsSync(NPM)\n  }\n  return _npmBinPathDetails\n}\n\nlet _npxBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpxBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npxBinPathDetails === undefined) {\n    _npxBinPathDetails = findBinPathDetailsSync(NPX)\n  }\n  return _npxBinPathDetails\n}\n\nlet _npmBinPath: string | undefined\nexport function getNpmBinPath(): string {\n  if (_npmBinPath === undefined) {\n    _npmBinPath = getNpmBinPathDetails().path\n    if (!_npmBinPath) {\n      exitWithBinPathError(NPM)\n    }\n  }\n  return _npmBinPath\n}\n\nexport function isNpmBinPathShadowed() {\n  return getNpmBinPathDetails().shadowed\n}\n\nlet _npxBinPath: string | undefined\nexport function getNpxBinPath(): string {\n  if (_npxBinPath === undefined) {\n    _npxBinPath = getNpxBinPathDetails().path\n    if (!_npxBinPath) {\n      exitWithBinPathError(NPX)\n    }\n  }\n  return _npxBinPath\n}\n\nexport function isNpxBinPathShadowed() {\n  return getNpxBinPathDetails().shadowed\n}\n\nlet _npmPath: string | undefined\nexport function getNpmPath() {\n  if (_npmPath === undefined) {\n    const npmBinPath = getNpmBinPath()\n    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined\n    if (!_npmPath) {\n      let message = 'Unable to find npm CLI install directory.'\n      if (npmBinPath) {\n        message += `\\nSearched parent directories of ${path.dirname(npmBinPath)}.`\n      }\n      message += `\\n\\nThis is may be a bug with socket-npm related to changes to the npm CLI.\\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`\n      logger.error(message)\n      // The exit code 127 indicates that the command or binary being executed\n      // could not be found.\n      process.exit(127)\n    }\n  }\n  return _npmPath\n}\n\nlet _npmRequire: NodeJS.Require | undefined\nexport function getNpmRequire(): NodeJS.Require {\n  if (_npmRequire === undefined) {\n    const npmPath = getNpmPath()\n    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM)\n    _npmRequire = Module.createRequire(\n      path.join(existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>')\n    )\n  }\n  return _npmRequire\n}\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName)\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js'\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js'\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js'\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n"],"names":["shadowBinPath","cwd","__proto__","absolute","expandDirectories","ignore","length","all","nothrow","shadowIndex","binPath","name","path","existsSync","throwIfNoEntry","constants","thePath","socketConfig","debugLog","SOCKET_CLI_ISSUES_URL","logger","process","_npmBinPathDetails","_npxBinPathDetails","_npmBinPath","_npxBinPath","_arboristPkgPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACE;AACA;AACA;AAAQ;AACR;AAAQ;AACR;AAAe;AACf;AAAe;AACf;AAAS;AACT;AAAoB;AACpB;AAAY;AACZ;AAAgB;AAChB;AACA;AACA;AAGF;AAEO;;AAEP;;ACEA;;;AAA2BA;AAAc;AAEzC;AAIE;AAEI;;AAMA;;AAIJ;AACF;AAEA;;AAKIC;;;AAGF;AAAgCC;;;AAChC;;AAEEC;;AAEAC;AACF;AACA;AAqBA;AACA;AACED;;AAEAC;AACAC;;;;;AAKA;AACF;;AACQF;AAAS;;AAEjB;AACA;AACA;AAGA;AACF;AAEA;;;AAOE;AAAkBG;;;AAEhB;;AAQA;AACF;AACA;AACF;AAEA;AAKE;AACF;;AAEA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AAME;AACF;AACA;AACA;AAIA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;;;AAQF;AAEA;AACE;AACA;AACF;AAEO;;AAML;AAEIC;AACAC;;AAEJ;AACA;AAAkBF;;;AAEhB;;AAEEG;AACF;AACEC;AACA;AACF;AACF;;AACSC;AAAeC;;;AAC1B;AAEO;;AAEL;;AAEE;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACAC;AACmBC;AAAsB;AACzC;AACCF;AACC;AACA;AACCG;AAEH;AACF;AACA;;AAEE;AACF;AACAC;AACF;AACF;AAEO;;;;AAUHC;AACF;AAEAC;;AAUAA;AAKA;AACF;AAEO;;;AAQHjB;AACF;AAEAiB;;AAUAA;AAKA;AACF;;AC7RA;;;;AAAgCC;AAAsB;AAEtD;AACEC;AAGA;AACA;AACAC;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEH;;;;AAIE;;AAEA;;AAEAL;AACA;AACA;AACAC;AACF;AACF;AACA;AACF;AAEA;AACO;;AAEH;;;AAKF;AACA;AACF;AAEA;AACO;;;AAGH;AAGA;AAIA;AACAK;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;;;;;;;;;;;;","debugId":"3649b298-1928-4606-9d26-a0de08bd5fbc"}
+{"version":3,"file":"npm-paths.js","sources":["../../src/utils/ignore-by-default.ts","../../src/utils/path-resolve.ts","../../src/shadow/npm-paths.ts"],"sourcesContent":["const ignoredDirs = [\n  // Taken from ignore-by-default:\n  // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js\n  '.git', // Git repository files, see <https://git-scm.com/>\n  '.log', // Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>\n  '.nyc_output', // Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>\n  '.sass-cache', // Cache folder for node-sass, see <https://github.com/sass/node-sass>\n  '.yarn', // Where node modules are installed when using Yarn, see <https://yarnpkg.com/>\n  'bower_components', // Where Bower packages are installed, see <http://bower.io/>\n  'coverage', // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>\n  'node_modules', // Where Node modules are installed, see <https://nodejs.org/>\n  // Taken from globby:\n  // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16\n  'flow-typed'\n] as const\n\nconst ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`)\n\nexport function directoryPatterns() {\n  return [...ignoredDirPatterns]\n}\n","import { existsSync, promises as fs, realpathSync, statSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport ignore from 'ignore'\nimport micromatch from 'micromatch'\nimport { glob as tinyGlob } from 'tinyglobby'\nimport which from 'which'\n\nimport { debugLog } from '@socketsecurity/registry/lib/debug'\n\nimport { directoryPatterns } from './ignore-by-default'\nimport constants from '../constants'\n\nimport type { SocketYml } from '@socketsecurity/config'\nimport type { SocketSdkReturnType } from '@socketsecurity/sdk'\nimport type { GlobOptions } from 'tinyglobby'\n\ntype GlobWithGitIgnoreOptions = GlobOptions & {\n  socketConfig?: SocketYml | undefined\n}\n\nconst { NODE_MODULES, NPM, shadowBinPath } = constants\n\nasync function filterGlobResultToSupportedFiles(\n  entries: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  const patterns = ['golang', NPM, 'maven', 'pypi'].reduce(\n    (r: string[], n: string) => {\n      const supported = supportedFiles[n]\n      r.push(\n        ...(supported\n          ? Object.values(supported).map(p => `**/${p.pattern}`)\n          : [])\n      )\n      return r\n    },\n    []\n  )\n  return entries.filter(p => micromatch.some(p, patterns))\n}\n\nasync function globWithGitIgnore(\n  patterns: string[],\n  options: GlobWithGitIgnoreOptions\n) {\n  const {\n    cwd = process.cwd(),\n    socketConfig,\n    ...additionalOptions\n  } = <GlobWithGitIgnoreOptions>{ __proto__: null, ...options }\n  const projectIgnorePaths = socketConfig?.projectIgnorePaths\n  const ignoreFiles = await tinyGlob(['**/.gitignore'], {\n    absolute: true,\n    cwd,\n    expandDirectories: true\n  })\n  const ignores = [\n    ...directoryPatterns(),\n    ...(Array.isArray(projectIgnorePaths)\n      ? ignoreFileLinesToGlobPatterns(\n          projectIgnorePaths,\n          path.join(cwd, '.gitignore'),\n          cwd\n        )\n      : []),\n    ...(\n      await Promise.all(\n        ignoreFiles.map(async filepath =>\n          ignoreFileToGlobPatterns(\n            await fs.readFile(filepath, 'utf8'),\n            filepath,\n            cwd\n          )\n        )\n      )\n    ).flat()\n  ]\n  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/)\n  const globOptions = {\n    absolute: true,\n    cwd,\n    expandDirectories: false,\n    ignore: hasNegatedPattern ? [] : ignores,\n    ...additionalOptions\n  }\n  const result = await tinyGlob(patterns, globOptions)\n  if (!hasNegatedPattern) {\n    return result\n  }\n  const { absolute } = globOptions\n\n  // Note: the input files must be INSIDE the cwd. If you get strange looking\n  // relative path errors here, most likely your path is outside the given cwd.\n  const filtered = ignore()\n    .add(ignores)\n    .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)\n  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered\n}\n\nfunction ignoreFileLinesToGlobPatterns(\n  lines: string[],\n  filepath: string,\n  cwd: string\n): string[] {\n  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\\\/g, '/')\n  const patterns = []\n  for (let i = 0, { length } = lines; i < length; i += 1) {\n    const pattern = lines[i]!.trim()\n    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {\n      patterns.push(\n        ignorePatternToMinimatch(\n          pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/\n            ? `!${path.posix.join(base, pattern.slice(1))}`\n            : path.posix.join(base, pattern)\n        )\n      )\n    }\n  }\n  return patterns\n}\n\nfunction ignoreFileToGlobPatterns(\n  content: string,\n  filepath: string,\n  cwd: string\n): string[] {\n  return ignoreFileLinesToGlobPatterns(content.split(/\\r?\\n/), filepath, cwd)\n}\n\n// Based on `@eslint/compat` convertIgnorePatternToMinimatch.\n// Apache v2.0 licensed\n// Copyright Nicholas C. Zakas\n// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28\nfunction ignorePatternToMinimatch(pattern: string): string {\n  const isNegated = pattern.startsWith('!')\n  const negatedPrefix = isNegated ? '!' : ''\n  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd()\n  // Special cases.\n  if (\n    patternToTest === '' ||\n    patternToTest === '**' ||\n    patternToTest === '/**' ||\n    patternToTest === '**'\n  ) {\n    return `${negatedPrefix}${patternToTest}`\n  }\n  const firstIndexOfSlash = patternToTest.indexOf('/')\n  const matchEverywherePrefix =\n    firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1\n      ? '**/'\n      : ''\n  const patternWithoutLeadingSlash =\n    firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest\n  // Escape `{` and `(` because in gitignore patterns they are just\n  // literal characters without any specific syntactic meaning,\n  // while in minimatch patterns they can form brace expansion or extglob syntax.\n  //\n  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.\n  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.\n  // Minimatch pattern `src/\\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.\n  const escapedPatternWithoutLeadingSlash =\n    patternWithoutLeadingSlash.replaceAll(\n      /(?=((?:\\\\.|[^{(])*))\\1([{(])/guy,\n      '$1\\\\$2'\n    )\n  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : ''\n  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`\n}\n\nfunction pathsToPatterns(paths: string[] | readonly string[]): string[] {\n  // TODO: Does not support `~/` paths.\n  return paths.map(p => (p === '.' ? '**/*' : p))\n}\n\nexport function findBinPathDetailsSync(binName: string): {\n  name: string\n  path: string | undefined\n  shadowed: boolean\n} {\n  let shadowIndex = -1\n  const bins =\n    which.sync(binName, {\n      all: true,\n      nothrow: true\n    }) ?? []\n  let binPath: string | undefined\n  for (let i = 0, { length } = bins; i < length; i += 1) {\n    const bin = realpathSync.native(bins[i]!)\n    // Skip our bin directory if it's in the front.\n    if (path.dirname(bin) === shadowBinPath) {\n      shadowIndex = i\n    } else {\n      binPath = bin\n      break\n    }\n  }\n  return { name: binName, path: binPath, shadowed: shadowIndex !== -1 }\n}\n\nexport function findNpmPathSync(npmBinPath: string): string | undefined {\n  let thePath = npmBinPath\n  while (true) {\n    const nmPath = path.join(thePath, NODE_MODULES)\n    if (\n      // npm bin paths may look like:\n      // /usr/local/share/npm/bin/npm\n      // /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm\n      // C:\\Users\\SomeUsername\\AppData\\Roaming\\npm\\bin\\npm.cmd\n      // OR\n      // C:\\Program Files\\nodejs\\npm.cmd\n      //\n      // In all cases the npm path contains a node_modules folder:\n      // /usr/local/share/npm/bin/npm/node_modules\n      // C:\\Program Files\\nodejs\\node_modules\n      //\n      // Use existsSync here because statsSync, even with { throwIfNoEntry: false },\n      // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.\n      // See https://github.com/nodejs/node/issues/56993.\n      existsSync(nmPath) &&\n      statSync(nmPath, { throwIfNoEntry: false })?.isDirectory() &&\n      // Optimistically look for the default location.\n      (path.basename(thePath) === NPM ||\n        // Chocolatey installs npm bins in the same directory as node bins.\n        // Lazily access constants.WIN32.\n        (constants.WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))\n    ) {\n      return thePath\n    }\n    const parent = path.dirname(thePath)\n    if (parent === thePath) {\n      return undefined\n    }\n    thePath = parent\n  }\n}\n\nexport async function getPackageFilesFullScans(\n  cwd: string,\n  inputPaths: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],\n  config?: SocketYml | undefined\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd,\n    socketConfig: config\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n","import { existsSync } from 'node:fs'\nimport Module from 'node:module'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../constants'\nimport { findBinPathDetailsSync, findNpmPathSync } from '../utils/path-resolve'\n\nconst { NODE_MODULES, NPM, NPX, SOCKET_CLI_ISSUES_URL } = constants\n\nfunction exitWithBinPathError(binName: string): never {\n  logger.error(\n    `Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`\n  )\n  // The exit code 127 indicates that the command or binary being executed\n  // could not be found.\n  process.exit(127)\n}\n\nlet _npmBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpmBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npmBinPathDetails === undefined) {\n    _npmBinPathDetails = findBinPathDetailsSync(NPM)\n  }\n  return _npmBinPathDetails\n}\n\nlet _npxBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpxBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npxBinPathDetails === undefined) {\n    _npxBinPathDetails = findBinPathDetailsSync(NPX)\n  }\n  return _npxBinPathDetails\n}\n\nlet _npmBinPath: string | undefined\nexport function getNpmBinPath(): string {\n  if (_npmBinPath === undefined) {\n    _npmBinPath = getNpmBinPathDetails().path\n    if (!_npmBinPath) {\n      exitWithBinPathError(NPM)\n    }\n  }\n  return _npmBinPath\n}\n\nexport function isNpmBinPathShadowed() {\n  return getNpmBinPathDetails().shadowed\n}\n\nlet _npxBinPath: string | undefined\nexport function getNpxBinPath(): string {\n  if (_npxBinPath === undefined) {\n    _npxBinPath = getNpxBinPathDetails().path\n    if (!_npxBinPath) {\n      exitWithBinPathError(NPX)\n    }\n  }\n  return _npxBinPath\n}\n\nexport function isNpxBinPathShadowed() {\n  return getNpxBinPathDetails().shadowed\n}\n\nlet _npmPath: string | undefined\nexport function getNpmPath() {\n  if (_npmPath === undefined) {\n    const npmBinPath = getNpmBinPath()\n    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined\n    if (!_npmPath) {\n      let message = 'Unable to find npm CLI install directory.'\n      if (npmBinPath) {\n        message += `\\nSearched parent directories of ${path.dirname(npmBinPath)}.`\n      }\n      message += `\\n\\nThis is may be a bug with socket-npm related to changes to the npm CLI.\\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`\n      logger.error(message)\n      // The exit code 127 indicates that the command or binary being executed\n      // could not be found.\n      process.exit(127)\n    }\n  }\n  return _npmPath\n}\n\nlet _npmRequire: NodeJS.Require | undefined\nexport function getNpmRequire(): NodeJS.Require {\n  if (_npmRequire === undefined) {\n    const npmPath = getNpmPath()\n    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM)\n    _npmRequire = Module.createRequire(\n      path.join(existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>')\n    )\n  }\n  return _npmRequire\n}\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName)\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js'\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js'\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js'\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n"],"names":["shadowBinPath","cwd","__proto__","absolute","expandDirectories","ignore","length","all","nothrow","shadowIndex","binPath","name","path","existsSync","throwIfNoEntry","constants","thePath","socketConfig","debugLog","SOCKET_CLI_ISSUES_URL","logger","process","_npmBinPathDetails","_npxBinPathDetails","_npmBinPath","_npxBinPath","_arboristPkgPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACE;AACA;AACA;AAAQ;AACR;AAAQ;AACR;AAAe;AACf;AAAe;AACf;AAAS;AACT;AAAoB;AACpB;AAAY;AACZ;AAAgB;AAChB;AACA;AACA;AAGF;AAEO;;AAEP;;ACEA;;;AAA2BA;AAAc;AAEzC;AAIE;AAEI;;AAMA;;AAIJ;AACF;AAEA;;AAKIC;;;AAGF;AAAgCC;;;AAChC;;AAEEC;;AAEAC;AACF;AACA;AAqBA;AACA;AACED;;AAEAC;AACAC;;;;;AAKA;AACF;;AACQF;AAAS;;AAEjB;AACA;AACA;AAGA;AACF;AAEA;;;AAOE;AAAkBG;;;AAEhB;;AAQA;AACF;AACA;AACF;AAEA;AAKE;AACF;;AAEA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AAME;AACF;AACA;AACA;AAIA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;;;AAQF;AAEA;AACE;AACA;AACF;AAEO;;AAML;AAEIC;AACAC;;AAEJ;AACA;AAAkBF;;;AAEhB;;AAEEG;AACF;AACEC;AACA;AACF;AACF;;AACSC;AAAeC;;;AAC1B;AAEO;;AAEL;;AAEE;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACAC;AACmBC;AAAsB;AACzC;AACCF;AACC;AACA;AACCG;AAEH;AACF;AACA;;AAEE;AACF;AACAC;AACF;AACF;AAEO;;;;AAUHC;AACF;AAEAC;;AAUAA;AAKA;AACF;;AChQA;;;;AAAgCC;AAAsB;AAEtD;AACEC;AAGA;AACA;AACAC;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEH;;;;AAIE;;AAEA;;AAEAL;AACA;AACA;AACAC;AACF;AACF;AACA;AACF;AAEA;AACO;;AAEH;;;AAKF;AACA;AACF;AAEA;AACO;;;AAGH;AAGA;AAIA;AACAK;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;;;;;;;;;;;","debugId":"52f9f44d-70fa-45ae-bb19-c8af5a810f7b"}

package/dist/module-sync/path-resolve.d.ts

@@ -6,6 +6,5 @@ declare function findBinPathDetailsSync(binName: string): {
     shadowed: boolean;
 };
 declare function findNpmPathSync(npmBinPath: string): string | undefined;
-declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
-declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
-export { findBinPathDetailsSync, findNpmPathSync, getPackageFiles, getPackageFilesFullScans };
+declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], config?: SocketYml | undefined): Promise<string[]>;
+export { findBinPathDetailsSync, findNpmPathSync, getPackageFilesFullScans };

package/dist/module-sync/reify.d.ts

@@ -998,6 +998,7 @@ type GetPackageAlertsOptions = {
     consolidate?: boolean | undefined;
     includeExisting?: boolean | undefined;
     includeUnfixable?: boolean | undefined;
+    includeUpgrades?: boolean | undefined;
 };
 declare function getPackagesAlerts(arb: SafeArborist, options?: GetPackageAlertsOptions | undefined): Promise<SocketPackageAlert[]>;
 type CveInfoByPackage = Map<string, Array<{
@@ -1010,9 +1011,10 @@ type GetCveInfoByPackageOptions = {
 declare function getCveInfoByPackage(alerts: SocketPackageAlert[], options?: GetCveInfoByPackageOptions | undefined): CveInfoByPackage | null;
 declare function updateAdvisoryNodes(arb: SafeArborist, alerts: SocketPackageAlert[]): Promise<void>;
 declare function updateSocketRegistryNodes(arb: SafeArborist): Promise<void>;
+declare const kCtorArgs: unique symbol;
 declare const kRiskyReify: unique symbol;
 type SafeArborist = ArboristClass & {
     [kRiskyReify](options?: ArboristReifyOptions): Promise<SafeNode>;
 };
-declare function reify(this: SafeArborist, ...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
-export { alerts, findPackageNodes, updateNode, getPackagesAlerts, getCveInfoByPackage, updateAdvisoryNodes, updateSocketRegistryNodes, kRiskyReify, reify };
+declare function reify(arb: SafeArborist, args: Parameters<InstanceType<ArboristClass>['reify']>, level?: number): Promise<SafeNode>;
+export { alerts, findPackageNodes, updateNode, getPackagesAlerts, getCveInfoByPackage, updateAdvisoryNodes, updateSocketRegistryNodes, kCtorArgs, kRiskyReify, reify };

package/dist/module-sync/shadow-bin.d.ts

@@ -1,2 +1,2 @@
-declare function shadowBin(binName: 'npm' | 'npx', args?: string[]): Promise<void>;
+declare function shadowBin(binName: 'npm' | 'npx', args?: string[], level?: number): Promise<void>;
 export { shadowBin as default };

package/dist/module-sync/shadow-bin.js

@@ -47,22 +47,14 @@ async function installLinks(realBinPath, binName) {
 }
 
 const {
-  NPM,
-  SOCKET_CLI_LEGACY_PACKAGE_NAME,
-  SOCKET_CLI_PACKAGE_NAME,
   SOCKET_CLI_SAFE_WRAPPER,
   SOCKET_CLI_SENTRY_BUILD,
-  SOCKET_CLI_SENTRY_PACKAGE_NAME,
   SOCKET_IPC_HANDSHAKE
 } = constants;
-async function shadowBin(binName, args = process.argv.slice(2)) {
+async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
   process.exitCode = 1;
   const terminatorPos = args.indexOf('--');
-  const skipSocketCliUpgrade = binName === NPM && args.length === 3 && args[0] === 'install' && args[1] === '-g' && (args[2] === SOCKET_CLI_PACKAGE_NAME || args[2] === SOCKET_CLI_LEGACY_PACKAGE_NAME || args[2] === SOCKET_CLI_SENTRY_PACKAGE_NAME);
-  let binArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
-  if (!skipSocketCliUpgrade) {
-    binArgs = binArgs.filter(a => !npm.isProgressFlag(a));
-  }
+  const binArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !npm.isProgressFlag(a));
   const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
   const spawnPromise = spawn.spawn(
   // Lazily access constants.execPath.
@@ -77,11 +69,11 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
   constants.npmInjectionPath,
   // Lazily access constants.shadowBinPath.
   await installLinks(constants.shadowBinPath, binName),
-  // Add `--no-progress` and `--quiet` flags to fix input being swallowed by
-  // the spinner when running the command with recent versions of npm.
-  ...(skipSocketCliUpgrade ? [] : ['--no-progress']),
-  // Add the '--quiet' flag if a loglevel flag is not provided.
-  ...(binArgs.some(npm.isLoglevelFlag) ? [] : skipSocketCliUpgrade ? ['--loglevel', 'error'] : ['--quiet']), ...binArgs, ...otherArgs], {
+  // Add `--no-progress` and `--loglevel=error` flags to fix input being
+  // swallowed by the npm spinner.
+  '--no-progress',
+  // Add the '--loglevel=error' flag if a loglevel flag is not provided.
+  ...(binArgs.some(npm.isLoglevelFlag) ? [] : ['--loglevel', 'error']), ...binArgs, ...otherArgs], {
     // 'inherit' + 'ipc'
     stdio: [0, 1, 2, 'ipc']
   });
@@ -95,12 +87,12 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
   });
   spawnPromise.process.send({
     [SOCKET_IPC_HANDSHAKE]: {
-      [SOCKET_CLI_SAFE_WRAPPER]: true
+      [SOCKET_CLI_SAFE_WRAPPER]: level
     }
   });
   await spawnPromise;
 }
 
 module.exports = shadowBin;
-//# debugId=4b080160-768f-48ff-859c-2da65a395a61
+//# debugId=6bb6d502-939a-444f-a22e-07a531d3b61f
 //# sourceMappingURL=shadow-bin.js.map

package/dist/module-sync/shadow-bin.js.map

@@ -1 +1 @@
-{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/link.ts","../../src/shadow/shadow-bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed\n} from './npm-paths'\nimport constants from '../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx'\n): Promise<string> {\n  const isNpx = binName === NPX\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.rootDistPath.\n        path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n        path.join(realBinPath, binName)\n      )\n    }\n    process.env['PATH'] =\n      `${realBinPath}${path.delimiter}${process.env['PATH']}`\n  }\n  return binPath\n}\n","import process from 'node:process'\n\nimport {\n  isLoglevelFlag,\n  isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../constants'\n\nconst {\n  NPM,\n  SOCKET_CLI_LEGACY_PACKAGE_NAME,\n  SOCKET_CLI_PACKAGE_NAME,\n  SOCKET_CLI_SAFE_WRAPPER,\n  SOCKET_CLI_SENTRY_BUILD,\n  SOCKET_CLI_SENTRY_PACKAGE_NAME,\n  SOCKET_IPC_HANDSHAKE\n} = constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2)\n) {\n  process.exitCode = 1\n  const terminatorPos = args.indexOf('--')\n  const skipSocketCliUpgrade =\n    binName === NPM &&\n    args.length === 3 &&\n    args[0] === 'install' &&\n    args[1] === '-g' &&\n    (args[2] === SOCKET_CLI_PACKAGE_NAME ||\n      args[2] === SOCKET_CLI_LEGACY_PACKAGE_NAME ||\n      args[2] === SOCKET_CLI_SENTRY_PACKAGE_NAME)\n\n  let binArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  if (!skipSocketCliUpgrade) {\n    binArgs = binArgs.filter(a => !isProgressFlag(a))\n  }\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].\n      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]\n        ? [\n            '--require',\n            // Lazily access constants.instrumentWithSentryPath.\n            constants.instrumentWithSentryPath\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.npmInjectionPath.\n      constants.npmInjectionPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      // Add `--no-progress` and `--quiet` flags to fix input being swallowed by\n      // the spinner when running the command with recent versions of npm.\n      ...(skipSocketCliUpgrade ? [] : ['--no-progress']),\n      // Add the '--quiet' flag if a loglevel flag is not provided.\n      ...(binArgs.some(isLoglevelFlag)\n        ? []\n        : skipSocketCliUpgrade\n          ? ['--loglevel', 'error']\n          : ['--quiet']),\n      ...binArgs,\n      ...otherArgs\n    ],\n    {\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc']\n    }\n  )\n  // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_WRAPPER]: true\n    }\n  })\n  await spawnPromise\n}\n"],"names":["NPX","WIN32","process","SOCKET_IPC_HANDSHAKE","binArgs","constants","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;AACAC;AAEF;AACA;AACF;;AC/BA;;;;;;;AAOEC;AACF;AAEe;;AAKb;;AAUA;;AAEEC;AACF;AACA;;AAEE;;AAGE;;AAEA;;AAIM;AACAC;AAIN;AACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASA;;AAEF;AAEF;;AAEE;;AAEA;AACEH;AACF;AACF;AACAI;AACE;AACE;AACF;AACF;AACA;AACF;;","debugId":"4b080160-768f-48ff-859c-2da65a395a61"}
+{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/link.ts","../../src/shadow/shadow-bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed\n} from './npm-paths'\nimport constants from '../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx'\n): Promise<string> {\n  const isNpx = binName === NPX\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.rootDistPath.\n        path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n        path.join(realBinPath, binName)\n      )\n    }\n    process.env['PATH'] =\n      `${realBinPath}${path.delimiter}${process.env['PATH']}`\n  }\n  return binPath\n}\n","import process from 'node:process'\n\nimport {\n  isLoglevelFlag,\n  isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../constants'\n\nconst {\n  SOCKET_CLI_SAFE_WRAPPER,\n  SOCKET_CLI_SENTRY_BUILD,\n  SOCKET_IPC_HANDSHAKE\n} = constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2),\n  level = 1\n) {\n  process.exitCode = 1\n  const terminatorPos = args.indexOf('--')\n  const binArgs = (\n    terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  ).filter(a => !isProgressFlag(a))\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].\n      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]\n        ? [\n            '--require',\n            // Lazily access constants.instrumentWithSentryPath.\n            constants.instrumentWithSentryPath\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.npmInjectionPath.\n      constants.npmInjectionPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      // Add `--no-progress` and `--loglevel=error` flags to fix input being\n      // swallowed by the npm spinner.\n      '--no-progress',\n      // Add the '--loglevel=error' flag if a loglevel flag is not provided.\n      ...(binArgs.some(isLoglevelFlag) ? [] : ['--loglevel', 'error']),\n      ...binArgs,\n      ...otherArgs\n    ],\n    {\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc']\n    }\n  )\n  // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_WRAPPER]: level\n    }\n  })\n  await spawnPromise\n}\n"],"names":["NPX","WIN32","process","SOCKET_IPC_HANDSHAKE","constants","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;AACAC;AAEF;AACA;AACF;;AC/BA;;;AAGEC;AACF;AAEe;;AAMb;AACA;AAGA;;AAEE;;AAGE;;AAEA;;AAIM;AACAC;AAIN;AACAA;AACA;AACA;AACA;AACA;;AAEA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACEF;AACF;AACF;AACAG;AACE;AACE;AACF;AACF;AACA;AACF;;","debugId":"6bb6d502-939a-444f-a22e-07a531d3b61f"}