@socketsecurity/cli-with-sentry 0.14.56 → 0.14.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +10 -10
- package/bin/npm-cli.js +1 -1
- package/bin/npx-cli.js +3 -1
- package/dist/constants.d.ts +20 -8
- package/dist/constants.js +54 -25
- package/dist/constants.js.map +1 -1
- package/dist/instrument-with-sentry.js +3 -3
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/artifact.d.ts +75 -0
- package/dist/module-sync/cli.js +1372 -1062
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/edge.d.ts +1 -1
- package/dist/module-sync/index.d.ts +5 -173
- package/dist/module-sync/node.d.ts +1 -1
- package/dist/module-sync/override-set.d.ts +37 -0
- package/dist/module-sync/shadow-bin.js +10 -8
- package/dist/module-sync/shadow-bin.js.map +1 -1
- package/dist/module-sync/{index.js → shadow-npm-inject.js} +1436 -1302
- package/dist/module-sync/shadow-npm-inject.js.map +1 -0
- package/dist/module-sync/{npm-paths.js → shadow-npm-paths.js} +4 -4
- package/dist/module-sync/shadow-npm-paths.js.map +1 -0
- package/dist/module-sync/socket-package-alert.d.ts +46 -0
- package/dist/module-sync/types.d.ts +11 -3
- package/dist/require/cli.js +1372 -1062
- package/dist/require/cli.js.map +1 -1
- package/dist/require/shadow-npm-inject.js +3 -0
- package/dist/require/shadow-npm-paths.js +3 -0
- package/package.json +14 -11
- package/dist/module-sync/index.js.map +0 -1
- package/dist/module-sync/npm-injection.js +0 -26
- package/dist/module-sync/npm-injection.js.map +0 -1
- package/dist/module-sync/npm-paths.js.map +0 -1
- package/dist/module-sync/proc-log.d.ts +0 -3
- package/dist/module-sync/reify.d.ts +0 -1020
- package/dist/require/index.js +0 -3
- package/dist/require/npm-injection.js +0 -3
- package/dist/require/npm-paths.js +0 -3
- /package/dist/module-sync/{npm-injection.d.ts → shadow-npm-inject.d.ts} +0 -0
- /package/dist/module-sync/{npm-paths.d.ts → shadow-npm-paths.d.ts} +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/// <reference types="npmcli__arborist" />
|
|
2
2
|
import { SafeNode } from "./node.js";
|
|
3
|
-
import { SafeOverrideSet } from "./
|
|
3
|
+
import { SafeOverrideSet } from "./override-set.js";
|
|
4
4
|
import { DependencyProblem } from '@npmcli/arborist';
|
|
5
5
|
import { Edge as BaseEdge } from "@npmcli/arborist";
|
|
6
6
|
type EdgeClass = Omit<BaseEdge, 'accept' | 'detach' | 'optional' | 'overrides' | 'peer' | 'peerConflicted' | 'rawSpec' | 'reload' | 'satisfiedBy' | 'spec' | 'to'> & {
|
|
@@ -1,176 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
import { SafeEdge } from "./edge.js";
|
|
1
|
+
import { ArboristClass } from "./types.js";
|
|
3
2
|
import { SafeNode } from "./node.js";
|
|
4
|
-
import indentString from "@socketregistry/indent-string/index.cjs";
|
|
5
|
-
import { LogSymbols } from "@socketsecurity/registry/lib/logger";
|
|
6
|
-
import { SocketSdkResultType } from "@socketsecurity/sdk";
|
|
7
|
-
import { Diff, ArboristClass } from "./types.js";
|
|
8
|
-
import { ObjectEncodingOptions, OpenMode, PathLike } from "node:fs";
|
|
9
|
-
import { promises as fs } from "node:fs";
|
|
10
|
-
import { readFileSync as fsReadFileSync } from "node:fs";
|
|
11
|
-
import { Abortable } from "node:events";
|
|
12
|
-
import { FileHandle } from "node:fs/promises";
|
|
13
|
-
import { kRiskyReify } from "./reify.js";
|
|
14
|
-
interface OverrideSetClass {
|
|
15
|
-
children: Map<string, SafeOverrideSet>;
|
|
16
|
-
key: string | undefined;
|
|
17
|
-
keySpec: string | undefined;
|
|
18
|
-
name: string | undefined;
|
|
19
|
-
parent: SafeOverrideSet | undefined;
|
|
20
|
-
value: string | undefined;
|
|
21
|
-
version: string | undefined;
|
|
22
|
-
// eslint-disable-next-line @typescript-eslint/no-misused-new
|
|
23
|
-
new (...args: any[]): OverrideSetClass;
|
|
24
|
-
get isRoot(): boolean;
|
|
25
|
-
get ruleset(): Map<string, SafeOverrideSet>;
|
|
26
|
-
ancestry(): Generator<SafeOverrideSet>;
|
|
27
|
-
childrenAreEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
28
|
-
getEdgeRule(edge: SafeEdge): SafeOverrideSet;
|
|
29
|
-
getNodeRule(node: SafeNode): SafeOverrideSet;
|
|
30
|
-
getMatchingRule(node: SafeNode): SafeOverrideSet | null;
|
|
31
|
-
isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
32
|
-
}
|
|
33
|
-
declare const OverrideSet: OverrideSetClass;
|
|
34
|
-
// Implementation code not related to patch https://github.com/npm/cli/pull/8089
|
|
35
|
-
// is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/override-set.js:
|
|
36
|
-
declare class SafeOverrideSet extends OverrideSet {
|
|
37
|
-
// Patch adding doOverrideSetsConflict is based on
|
|
38
|
-
// https://github.com/npm/cli/pull/8089.
|
|
39
|
-
static doOverrideSetsConflict(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): boolean;
|
|
40
|
-
// Patch adding findSpecificOverrideSet is based on
|
|
41
|
-
// https://github.com/npm/cli/pull/8089.
|
|
42
|
-
static findSpecificOverrideSet(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): SafeOverrideSet | undefined;
|
|
43
|
-
// Patch adding childrenAreEqual is based on
|
|
44
|
-
// https://github.com/npm/cli/pull/8089.
|
|
45
|
-
childrenAreEqual(otherOverrideSet: SafeOverrideSet): boolean;
|
|
46
|
-
getEdgeRule(edge: SafeEdge): SafeOverrideSet;
|
|
47
|
-
// Patch adding isEqual is based on
|
|
48
|
-
// https://github.com/npm/cli/pull/8089.
|
|
49
|
-
isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
50
|
-
}
|
|
51
|
-
declare const depValid: (child: SafeNode, requested: string, accept: string | undefined, requester: SafeNode) => boolean;
|
|
52
|
-
declare function getSocketDevAlertUrl(alertType: string): string;
|
|
53
|
-
declare function getSocketDevPackageOverviewUrl(eco: string, name: string, version?: string | undefined): string;
|
|
54
|
-
declare class ColorOrMarkdown {
|
|
55
|
-
useMarkdown: boolean;
|
|
56
|
-
constructor(useMarkdown: boolean);
|
|
57
|
-
bold(text: string): string;
|
|
58
|
-
header(text: string, level?: number): string;
|
|
59
|
-
hyperlink(text: string, url: string | undefined, { fallback, fallbackToUrl }?: {
|
|
60
|
-
fallback?: boolean | undefined;
|
|
61
|
-
fallbackToUrl?: boolean | undefined;
|
|
62
|
-
}): string;
|
|
63
|
-
indent(...args: Parameters<typeof indentString>): ReturnType<typeof indentString>;
|
|
64
|
-
italic(text: string): string;
|
|
65
|
-
json(value: any): string;
|
|
66
|
-
list(items: string[]): string;
|
|
67
|
-
get logSymbols(): LogSymbols;
|
|
68
|
-
}
|
|
69
|
-
type AlertUxLookup = ReturnType<typeof createAlertUXLookup>;
|
|
70
|
-
type AlertUxLookupSettings = Parameters<AlertUxLookup>[0];
|
|
71
|
-
type AlertUxLookupResult = ReturnType<AlertUxLookup>;
|
|
72
|
-
type RuleActionUX = {
|
|
73
|
-
block: boolean;
|
|
74
|
-
display: boolean;
|
|
75
|
-
};
|
|
76
|
-
type SettingsType = (SocketSdkResultType<"postSettings"> & {
|
|
77
|
-
success: true;
|
|
78
|
-
})["data"];
|
|
79
|
-
declare function createAlertUXLookup(settings: SettingsType): (context: {
|
|
80
|
-
package: {
|
|
81
|
-
name: string;
|
|
82
|
-
version: string;
|
|
83
|
-
};
|
|
84
|
-
alert: {
|
|
85
|
-
type: string;
|
|
86
|
-
};
|
|
87
|
-
}) => RuleActionUX;
|
|
88
|
-
declare function uxLookup(settings: AlertUxLookupSettings): Promise<AlertUxLookupResult>;
|
|
89
|
-
type CveAlertType = "cve" | "mediumCVE" | "mildCVE" | "criticalCVE";
|
|
90
|
-
type ArtifactAlertCveFixable = Omit<SocketArtifactAlert, "props" | "title"> & {
|
|
91
|
-
type: CveAlertType;
|
|
92
|
-
props: {
|
|
93
|
-
firstPatchedVersionIdentifier: string;
|
|
94
|
-
vulnerableVersionRange: string;
|
|
95
|
-
[key: string]: any;
|
|
96
|
-
};
|
|
97
|
-
};
|
|
98
|
-
type ArtifactAlertFixable = ArtifactAlertCveFixable & {
|
|
99
|
-
type: CveAlertType | "socketUpgradeAvailable";
|
|
100
|
-
};
|
|
101
|
-
type SocketArtifactAlert = {
|
|
102
|
-
key: string;
|
|
103
|
-
type: string;
|
|
104
|
-
severity: string;
|
|
105
|
-
category: string;
|
|
106
|
-
action?: string | undefined;
|
|
107
|
-
actionPolicyIndex?: number | undefined;
|
|
108
|
-
file?: string | undefined;
|
|
109
|
-
props?: any | undefined;
|
|
110
|
-
start?: number | undefined;
|
|
111
|
-
end?: number | undefined;
|
|
112
|
-
};
|
|
113
|
-
type SocketArtifact = {
|
|
114
|
-
type: string;
|
|
115
|
-
name: string;
|
|
116
|
-
namespace?: string | undefined;
|
|
117
|
-
version?: string | undefined;
|
|
118
|
-
subpath?: string | undefined;
|
|
119
|
-
release?: string | undefined;
|
|
120
|
-
id?: string | undefined;
|
|
121
|
-
author?: string[];
|
|
122
|
-
license?: string | undefined;
|
|
123
|
-
licenseDetails?: Array<{
|
|
124
|
-
spdxDisj: string;
|
|
125
|
-
provenance: string;
|
|
126
|
-
filepath: string;
|
|
127
|
-
match_strength: number;
|
|
128
|
-
}>;
|
|
129
|
-
licenseAttrib?: Array<{
|
|
130
|
-
attribText: string;
|
|
131
|
-
attribData: Array<{
|
|
132
|
-
purl: string;
|
|
133
|
-
foundInFilepath: string;
|
|
134
|
-
spdxExpr: string;
|
|
135
|
-
foundAuthors: string[];
|
|
136
|
-
}>;
|
|
137
|
-
}>;
|
|
138
|
-
score?: {
|
|
139
|
-
supplyChain: number;
|
|
140
|
-
quality: number;
|
|
141
|
-
maintenance: number;
|
|
142
|
-
vulnerability: number;
|
|
143
|
-
license: number;
|
|
144
|
-
overall: number;
|
|
145
|
-
};
|
|
146
|
-
alerts?: SocketArtifactAlert[];
|
|
147
|
-
size?: number | undefined;
|
|
148
|
-
batchIndex?: number | undefined;
|
|
149
|
-
};
|
|
150
|
-
declare function batchScan(pkgIds: string[], concurrencyLimit?: number): AsyncGenerator<SocketArtifact>;
|
|
151
|
-
declare function isArtifactAlertCveFixable(alert: SocketArtifactAlert): alert is ArtifactAlertCveFixable;
|
|
152
|
-
declare function isArtifactAlertUpgradeFixable(alert: SocketArtifactAlert): alert is ArtifactAlertFixable;
|
|
153
|
-
declare function isArtifactAlertFixable(alert: SocketArtifactAlert): alert is ArtifactAlertFixable;
|
|
154
|
-
type PackageDetail = {
|
|
155
|
-
node: SafeNode;
|
|
156
|
-
existing?: SafeNode | undefined;
|
|
157
|
-
};
|
|
158
|
-
type GetPackagesToQueryFromDiffOptions = {
|
|
159
|
-
includeUnchanged?: boolean | undefined;
|
|
160
|
-
includeUnknownOrigin?: boolean | undefined;
|
|
161
|
-
};
|
|
162
|
-
declare function getPackagesToQueryFromDiff(diff_: Diff | null, options?: GetPackagesToQueryFromDiffOptions | undefined): PackageDetail[];
|
|
163
|
-
declare function findUp(name: string | string[], { cwd }: {
|
|
164
|
-
cwd: string;
|
|
165
|
-
}): Promise<string | undefined>;
|
|
166
|
-
type ReadFileOptions = ObjectEncodingOptions & Abortable & {
|
|
167
|
-
flag?: OpenMode | undefined;
|
|
168
|
-
};
|
|
169
|
-
declare function readFileBinary(filepath: PathLike | FileHandle, options?: ReadFileOptions | undefined): Promise<Buffer>;
|
|
170
|
-
declare function readFileUtf8(filepath: PathLike | FileHandle, options?: ReadFileOptions | undefined): Promise<string>;
|
|
171
|
-
declare function safeReadFile(...args: Parameters<typeof fs.readFile>): ReturnType<typeof fs.readFile> | undefined;
|
|
172
|
-
declare function safeReadFileSync(...args: Parameters<typeof fsReadFileSync>): ReturnType<typeof fsReadFileSync> | undefined;
|
|
173
|
-
declare const Arborist: ArboristClass;
|
|
174
3
|
declare const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES: {
|
|
175
4
|
__proto__: null;
|
|
176
5
|
audit: boolean;
|
|
@@ -182,10 +11,13 @@ declare const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES: {
|
|
|
182
11
|
saveBundle: boolean;
|
|
183
12
|
silent: boolean;
|
|
184
13
|
};
|
|
14
|
+
declare const kCtorArgs: unique symbol;
|
|
15
|
+
declare const kRiskyReify: unique symbol;
|
|
16
|
+
declare const Arborist: ArboristClass;
|
|
185
17
|
declare class SafeArborist extends Arborist {
|
|
186
18
|
constructor(...ctorArgs: ConstructorParameters<ArboristClass>);
|
|
187
19
|
[kRiskyReify](...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
|
|
188
20
|
// @ts-ignore Incorrectly typed.
|
|
189
21
|
reify(this: SafeArborist, ...args: Parameters<InstanceType<ArboristClass>['reify']>): Promise<SafeNode>;
|
|
190
22
|
}
|
|
191
|
-
export {
|
|
23
|
+
export { SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES, kCtorArgs, kRiskyReify, Arborist, SafeArborist };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="npmcli__arborist" />
|
|
2
|
-
import { SafeOverrideSet } from "./
|
|
2
|
+
import { SafeOverrideSet } from "./override-set.js";
|
|
3
3
|
import { SafeEdge } from "./edge.js";
|
|
4
4
|
import { Link } from '@npmcli/arborist';
|
|
5
5
|
import { Node as BaseNode } from "@npmcli/arborist";
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { SafeEdge } from "./edge.js";
|
|
2
|
+
import { SafeNode } from "./node.js";
|
|
3
|
+
interface OverrideSetClass {
|
|
4
|
+
children: Map<string, SafeOverrideSet>;
|
|
5
|
+
key: string | undefined;
|
|
6
|
+
keySpec: string | undefined;
|
|
7
|
+
name: string | undefined;
|
|
8
|
+
parent: SafeOverrideSet | undefined;
|
|
9
|
+
value: string | undefined;
|
|
10
|
+
version: string | undefined;
|
|
11
|
+
new (...args: any[]): OverrideSetClass;
|
|
12
|
+
get isRoot(): boolean;
|
|
13
|
+
get ruleset(): Map<string, SafeOverrideSet>;
|
|
14
|
+
ancestry(): Generator<SafeOverrideSet>;
|
|
15
|
+
childrenAreEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
16
|
+
getEdgeRule(edge: SafeEdge): SafeOverrideSet;
|
|
17
|
+
getNodeRule(node: SafeNode): SafeOverrideSet;
|
|
18
|
+
getMatchingRule(node: SafeNode): SafeOverrideSet | null;
|
|
19
|
+
isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
20
|
+
}
|
|
21
|
+
declare const OverrideSet: OverrideSetClass;
|
|
22
|
+
declare class SafeOverrideSet extends OverrideSet {
|
|
23
|
+
// Patch adding doOverrideSetsConflict is based on
|
|
24
|
+
// https://github.com/npm/cli/pull/8089.
|
|
25
|
+
static doOverrideSetsConflict(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): boolean;
|
|
26
|
+
// Patch adding findSpecificOverrideSet is based on
|
|
27
|
+
// https://github.com/npm/cli/pull/8089.
|
|
28
|
+
static findSpecificOverrideSet(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): SafeOverrideSet | undefined;
|
|
29
|
+
// Patch adding childrenAreEqual is based on
|
|
30
|
+
// https://github.com/npm/cli/pull/8089.
|
|
31
|
+
childrenAreEqual(otherOverrideSet: SafeOverrideSet): boolean;
|
|
32
|
+
getEdgeRule(edge: SafeEdge): SafeOverrideSet;
|
|
33
|
+
// Patch adding isEqual is based on
|
|
34
|
+
// https://github.com/npm/cli/pull/8089.
|
|
35
|
+
isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
|
|
36
|
+
}
|
|
37
|
+
export { SafeOverrideSet };
|
|
@@ -14,7 +14,7 @@ var npm = require('@socketsecurity/registry/lib/npm');
|
|
|
14
14
|
var spawn = require('@socketsecurity/registry/lib/spawn');
|
|
15
15
|
var path = require('node:path');
|
|
16
16
|
var cmdShim = _socketInterop(require('cmd-shim'));
|
|
17
|
-
var
|
|
17
|
+
var shadowNpmPaths = require('./shadow-npm-paths.js');
|
|
18
18
|
var constants = require('./constants.js');
|
|
19
19
|
|
|
20
20
|
const {
|
|
@@ -24,7 +24,7 @@ const {
|
|
|
24
24
|
async function installLinks(realBinPath, binName) {
|
|
25
25
|
const isNpx = binName === NPX;
|
|
26
26
|
// Find package manager being shadowed by this process.
|
|
27
|
-
const binPath = isNpx ?
|
|
27
|
+
const binPath = isNpx ? shadowNpmPaths.getNpxBinPath() : shadowNpmPaths.getNpmBinPath();
|
|
28
28
|
// Lazily access constants.WIN32.
|
|
29
29
|
const {
|
|
30
30
|
WIN32
|
|
@@ -33,7 +33,7 @@ async function installLinks(realBinPath, binName) {
|
|
|
33
33
|
if (WIN32 && binPath) {
|
|
34
34
|
return binPath;
|
|
35
35
|
}
|
|
36
|
-
const shadowed = isNpx ?
|
|
36
|
+
const shadowed = isNpx ? shadowNpmPaths.isNpxBinPathShadowed() : shadowNpmPaths.isNpmBinPathShadowed();
|
|
37
37
|
// Move our bin directory to front of PATH so its found first.
|
|
38
38
|
if (!shadowed) {
|
|
39
39
|
if (WIN32) {
|
|
@@ -59,14 +59,16 @@ async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
|
|
|
59
59
|
const spawnPromise = spawn.spawn(
|
|
60
60
|
// Lazily access constants.execPath.
|
|
61
61
|
constants.execPath, [
|
|
62
|
+
// Lazily access constants.nodeHardenFlags.
|
|
63
|
+
...constants.nodeHardenFlags,
|
|
62
64
|
// Lazily access constants.nodeNoWarningsFlags.
|
|
63
65
|
...constants.nodeNoWarningsFlags,
|
|
64
66
|
// Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
|
|
65
67
|
...(constants.ENV[SOCKET_CLI_SENTRY_BUILD] ? ['--require',
|
|
66
|
-
// Lazily access constants.
|
|
67
|
-
constants.
|
|
68
|
-
// Lazily access constants.
|
|
69
|
-
constants.
|
|
68
|
+
// Lazily access constants.distInstrumentWithSentryPath.
|
|
69
|
+
constants.distInstrumentWithSentryPath] : []), '--require',
|
|
70
|
+
// Lazily access constants.distShadowNpmInjectPath.
|
|
71
|
+
constants.distShadowNpmInjectPath,
|
|
70
72
|
// Lazily access constants.shadowBinPath.
|
|
71
73
|
await installLinks(constants.shadowBinPath, binName),
|
|
72
74
|
// Add `--no-progress` and `--loglevel=error` flags to fix input being
|
|
@@ -94,5 +96,5 @@ async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
|
|
|
94
96
|
}
|
|
95
97
|
|
|
96
98
|
module.exports = shadowBin;
|
|
97
|
-
//# debugId=
|
|
99
|
+
//# debugId=ee6e1727-ba87-4d1b-89c3-a573fd8401bd
|
|
98
100
|
//# sourceMappingURL=shadow-bin.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/link.ts","../../src/shadow/
|
|
1
|
+
{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/npm/link.ts","../../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx'\n): Promise<string> {\n const isNpx = binName === NPX\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n path.join(realBinPath, binName)\n )\n }\n process.env['PATH'] =\n `${realBinPath}${path.delimiter}${process.env['PATH']}`\n }\n return binPath\n}\n","import process from 'node:process'\n\nimport {\n isLoglevelFlag,\n isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst {\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BUILD,\n SOCKET_IPC_HANDSHAKE\n} = constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2),\n level = 1\n) {\n process.exitCode = 1\n const terminatorPos = args.indexOf('--')\n const binArgs = (\n terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n ).filter(a => !isProgressFlag(a))\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].\n ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]\n ? [\n '--require',\n // Lazily access constants.distInstrumentWithSentryPath.\n constants.distInstrumentWithSentryPath\n ]\n : []),\n '--require',\n // Lazily access constants.distShadowNpmInjectPath.\n constants.distShadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n // Add `--no-progress` and `--loglevel=error` flags to fix input being\n // swallowed by the npm spinner.\n '--no-progress',\n // Add the '--loglevel=error' flag if a loglevel flag is not provided.\n ...(binArgs.some(isLoglevelFlag) ? [] : ['--loglevel', 'error']),\n ...binArgs,\n ...otherArgs\n ],\n {\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc']\n }\n )\n // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_WRAPPER]: level\n }\n })\n await spawnPromise\n}\n"],"names":["NPX","WIN32","process","SOCKET_IPC_HANDSHAKE","constants","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;AACAC;AAEF;AACA;AACF;;AC/BA;;;AAGEC;AACF;AAEe;;AAMb;AACA;AAGA;;AAEE;;AAGE;;AAEA;;AAEA;;AAIM;AACAC;AAIN;AACAA;AACA;AACA;AACA;AACA;;AAEA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACEF;AACF;AACF;AACAG;AACE;AACE;AACF;AACF;AACA;AACF;;","debugId":"ee6e1727-ba87-4d1b-89c3-a573fd8401bd"}
|