@socketsecurity/cli-with-sentry 0.14.59 → 0.14.60

package/dist/module-sync/shadow-bin.d.ts

@@ -1,2 +1,2 @@
-declare function shadowBin(binName: 'npm' | 'npx', args?: string[], level?: number): Promise<void>;
+declare function shadowBin(binName: 'npm' | 'npx', args?: string[]): Promise<void>;
 export { shadowBin as default };

package/dist/module-sync/shadow-bin.js

@@ -10,6 +10,7 @@ function _socketInterop(e) {
 }
 
 var process = require('node:process');
+var debug = require('@socketsecurity/registry/lib/debug');
 var npm = require('@socketsecurity/registry/lib/npm');
 var spawn = require('@socketsecurity/registry/lib/spawn');
 var path = require('node:path');
@@ -48,14 +49,18 @@ async function installLinks(realBinPath, binName) {
 
 const {
   SOCKET_CLI_SAFE_WRAPPER,
-  SOCKET_CLI_SENTRY_BUILD,
   SOCKET_IPC_HANDSHAKE
 } = constants;
-async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
+async function shadowBin(binName, args = process.argv.slice(2)) {
   process.exitCode = 1;
+  const useDebug = debug.isDebug();
   const terminatorPos = args.indexOf('--');
   const binArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !npm.isProgressFlag(a));
   const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
+  const isSilent = !useDebug && !binArgs.some(npm.isLoglevelFlag);
+  // The default value of loglevel is "notice". We default to "error" which is
+  // two levels quieter.
+  const logLevelArgs = isSilent ? ['--loglevel', 'error'] : [];
   const spawnPromise = spawn.spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
@@ -63,19 +68,19 @@ async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
   ...constants.nodeHardenFlags,
   // Lazily access constants.nodeNoWarningsFlags.
   ...constants.nodeNoWarningsFlags,
-  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-  ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD] ? ['--require',
+  // Lazily access true.
+  ...(['--require',
   // Lazily access constants.distInstrumentWithSentryPath.
-  constants.distInstrumentWithSentryPath] : []), '--require',
+  constants.distInstrumentWithSentryPath] ), '--require',
   // Lazily access constants.distShadowNpmInjectPath.
   constants.distShadowNpmInjectPath,
   // Lazily access constants.shadowBinPath.
   await installLinks(constants.shadowBinPath, binName),
-  // Add `--no-progress` and `--loglevel=error` flags to fix input being
-  // swallowed by the npm spinner.
+  // Add '--no-progress' to fix input being swallowed by the npm spinner.
   '--no-progress',
-  // Add the '--loglevel=error' flag if a loglevel flag is not provided.
-  ...(binArgs.some(npm.isLoglevelFlag) ? [] : ['--loglevel', 'error']), ...binArgs, ...otherArgs], {
+  // Add '--loglevel=error' if a loglevel flag is not provided and the
+  // SOCKET_CLI_DEBUG environment variable is not truthy.
+  ...logLevelArgs, ...binArgs, ...otherArgs], {
     // 'inherit' + 'ipc'
     stdio: [0, 1, 2, 'ipc']
   });
@@ -89,12 +94,12 @@ async function shadowBin(binName, args = process.argv.slice(2), level = 1) {
   });
   spawnPromise.process.send({
     [SOCKET_IPC_HANDSHAKE]: {
-      [SOCKET_CLI_SAFE_WRAPPER]: level
+      [SOCKET_CLI_SAFE_WRAPPER]: binName
     }
   });
   await spawnPromise;
 }
 
 module.exports = shadowBin;
-//# debugId=ee6e1727-ba87-4d1b-89c3-a573fd8401bd
+//# debugId=bf8f79ac-a63c-41a9-b162-f90694b830f6
 //# sourceMappingURL=shadow-bin.js.map

package/dist/module-sync/shadow-bin.js.map

@@ -1 +1 @@
-{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/npm/link.ts","../../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx'\n): Promise<string> {\n  const isNpx = binName === NPX\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.rootDistPath.\n        path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n        path.join(realBinPath, binName)\n      )\n    }\n    process.env['PATH'] =\n      `${realBinPath}${path.delimiter}${process.env['PATH']}`\n  }\n  return binPath\n}\n","import process from 'node:process'\n\nimport {\n  isLoglevelFlag,\n  isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst {\n  SOCKET_CLI_SAFE_WRAPPER,\n  SOCKET_CLI_SENTRY_BUILD,\n  SOCKET_IPC_HANDSHAKE\n} = constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2),\n  level = 1\n) {\n  process.exitCode = 1\n  const terminatorPos = args.indexOf('--')\n  const binArgs = (\n    terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  ).filter(a => !isProgressFlag(a))\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeHardenFlags.\n      ...constants.nodeHardenFlags,\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].\n      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]\n        ? [\n            '--require',\n            // Lazily access constants.distInstrumentWithSentryPath.\n            constants.distInstrumentWithSentryPath\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.distShadowNpmInjectPath.\n      constants.distShadowNpmInjectPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      // Add `--no-progress` and `--loglevel=error` flags to fix input being\n      // swallowed by the npm spinner.\n      '--no-progress',\n      // Add the '--loglevel=error' flag if a loglevel flag is not provided.\n      ...(binArgs.some(isLoglevelFlag) ? [] : ['--loglevel', 'error']),\n      ...binArgs,\n      ...otherArgs\n    ],\n    {\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc']\n    }\n  )\n  // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_WRAPPER]: level\n    }\n  })\n  await spawnPromise\n}\n"],"names":["NPX","WIN32","process","SOCKET_IPC_HANDSHAKE","constants","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;AACAC;AAEF;AACA;AACF;;AC/BA;;;AAGEC;AACF;AAEe;;AAMb;AACA;AAGA;;AAEE;;AAGE;;AAEA;;AAEA;;AAIM;AACAC;AAIN;AACAA;AACA;AACA;AACA;AACA;;AAEA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACEF;AACF;AACF;AACAG;AACE;AACE;AACF;AACF;AACA;AACF;;","debugId":"ee6e1727-ba87-4d1b-89c3-a573fd8401bd"}
+{"version":3,"file":"shadow-bin.js","sources":["../../src/shadow/npm/link.ts","../../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx'\n): Promise<string> {\n  const isNpx = binName === NPX\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.rootDistPath.\n        path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n        path.join(realBinPath, binName)\n      )\n    }\n    process.env['PATH'] =\n      `${realBinPath}${path.delimiter}${process.env['PATH']}`\n  }\n  return binPath\n}\n","import process from 'node:process'\n\nimport { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n  isLoglevelFlag,\n  isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst { SOCKET_CLI_SAFE_WRAPPER, SOCKET_IPC_HANDSHAKE } = constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2)\n) {\n  process.exitCode = 1\n  const useDebug = isDebug()\n  const terminatorPos = args.indexOf('--')\n  const binArgs = (\n    terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  ).filter(a => !isProgressFlag(a))\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n  // The default value of loglevel is \"notice\". We default to \"error\" which is\n  // two levels quieter.\n  const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeHardenFlags.\n      ...constants.nodeHardenFlags,\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'].\n      ...(process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\n        ? [\n            '--require',\n            // Lazily access constants.distInstrumentWithSentryPath.\n            constants.distInstrumentWithSentryPath\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.distShadowNpmInjectPath.\n      constants.distShadowNpmInjectPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      // Add '--no-progress' to fix input being swallowed by the npm spinner.\n      '--no-progress',\n      // Add '--loglevel=error' if a loglevel flag is not provided and the\n      // SOCKET_CLI_DEBUG environment variable is not truthy.\n      ...logLevelArgs,\n      ...binArgs,\n      ...otherArgs\n    ],\n    {\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc']\n    }\n  )\n  // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_WRAPPER]: binName\n    }\n  })\n  await spawnPromise\n}\n"],"names":["NPX","WIN32","process","SOCKET_IPC_HANDSHAKE","constants","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;AACAC;AAEF;AACA;AACF;;AC9BA;;AAAiCC;AAAqB;AAEvC;;AAKb;AACA;AACA;AAGA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AAIM;AACAC;AAIN;AACAA;AACA;AACA;AACA;;AAEA;AACA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACEF;AACF;AACF;AACAG;AACE;AACE;AACF;AACF;AACA;AACF;;","debugId":"bf8f79ac-a63c-41a9-b162-f90694b830f6"}

package/dist/module-sync/shadow-npm-inject.js

@@ -74,8 +74,12 @@ function isErrnoException(value) {
   return value.code !== undefined;
 }
 
+const {
+  abortSignal: abortSignal$2
+} = constants;
 async function findUp(name, {
-  cwd = process$1.cwd()
+  cwd = process$1.cwd(),
+  signal = abortSignal$2
 }) {
   let dir = path.resolve(cwd);
   const {
@@ -84,6 +88,9 @@ async function findUp(name, {
   const names = [name].flat();
   while (dir && dir !== root) {
     for (const name of names) {
+      if (signal?.aborted) {
+        return undefined;
+      }
       const filePath = path.join(dir, name);
       try {
         // eslint-disable-next-line no-await-in-loop
@@ -99,25 +106,38 @@ async function findUp(name, {
 }
 async function readFileBinary(filepath, options) {
   return await fs.promises.readFile(filepath, {
+    signal: abortSignal$2,
     ...options,
     encoding: 'binary'
   });
 }
 async function readFileUtf8(filepath, options) {
   return await fs.promises.readFile(filepath, {
+    signal: abortSignal$2,
     ...options,
     encoding: 'utf8'
   });
 }
-async function safeReadFile(...args) {
+async function safeReadFile(filepath, options) {
   try {
-    return await fs.promises.readFile(...args);
+    return await fs.promises.readFile(filepath, {
+      encoding: 'utf8',
+      signal: abortSignal$2,
+      ...(typeof options === 'string' ? {
+        encoding: options
+      } : options)
+    });
   } catch {}
   return undefined;
 }
-function safeReadFileSync(...args) {
+function safeReadFileSync(filepath, options) {
   try {
-    return fs.readFileSync(...args);
+    return fs.readFileSync(filepath, {
+      encoding: 'utf8',
+      ...(typeof options === 'string' ? {
+        encoding: options
+      } : options)
+    });
   } catch {}
   return undefined;
 }
@@ -130,7 +150,7 @@ function getSettings() {
     _settings = {};
     const settingsPath = getSettingsPath();
     if (settingsPath) {
-      const raw = safeReadFileSync(settingsPath, 'utf8');
+      const raw = safeReadFileSync(settingsPath);
       if (raw) {
         try {
           Object.assign(_settings, JSON.parse(Buffer.from(raw, 'base64').toString()));
@@ -181,10 +201,10 @@ function findSocketYmlSync() {
   let dir = process$1.cwd();
   while (dir !== prevDir) {
     let ymlPath = path.join(dir, 'socket.yml');
-    let yml = safeReadFileSync(ymlPath, 'utf8');
+    let yml = safeReadFileSync(ymlPath);
     if (yml === undefined) {
       ymlPath = path.join(dir, 'socket.yaml');
-      yml = safeReadFileSync(ymlPath, 'utf8');
+      yml = safeReadFileSync(ymlPath);
     }
     if (typeof yml === 'string') {
       try {
@@ -274,8 +294,14 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
       })
     } : undefined,
     baseUrl: apiBaseUrl,
-    // Lazily access constants.rootPkgJsonPath.
-    userAgent: sdk.createUserAgentFromPkgJson(require(constants.rootPkgJsonPath))
+    userAgent: sdk.createUserAgentFromPkgJson({
+      // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
+      name: "@socketsecurity/cli",
+      // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
+      version: "0.14.60",
+      // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
+      homepage: "https://github.com/SocketDev/socket-cli"
+    })
   });
 }
 
@@ -1452,7 +1478,7 @@ function getTranslations() {
 
 const {
   CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,
-  NPM: NPM$1
+  NPM: NPM$2
 } = constants;
 const format = new ColorOrMarkdown(false);
 async function addArtifactToAlertsMap(artifact, alertsByPkgId, options) {
@@ -1568,7 +1594,7 @@ function getCveInfoByAlertsMap(alertsMap, options) {
     const purlObj = packageurlJs.PackageURL.fromString(`pkg:npm/${pkgId}`);
     const name = packages.resolvePackageName(purlObj);
     for (const alert of alerts) {
-      if (!isArtifactAlertCveFixable(alert.raw) || exclude.upgrade && registry.getManifestData(NPM$1, name)) {
+      if (!isArtifactAlertCveFixable(alert.raw) || exclude.upgrade && registry.getManifestData(NPM$2, name)) {
         continue;
       }
       if (!infoByPkg) {
@@ -1616,7 +1642,7 @@ function logAlertsMap(alertsMap, options) {
       // TODO: emoji seems to mis-align terminals sometimes
       lines.add(`  ${title}${maybeAttributes}${maybeDesc}`);
     }
-    output.write(`(socket) ${format.hyperlink(pkgId, getSocketDevPackageOverviewUrl(NPM$1, packages.resolvePackageName(purlObj), purlObj.version))} contains risks:\n`);
+    output.write(`(socket) ${format.hyperlink(pkgId, getSocketDevPackageOverviewUrl(NPM$2, packages.resolvePackageName(purlObj), purlObj.version))} contains risks:\n`);
     for (const line of lines) {
       output.write(`${line}\n`);
     }
@@ -1625,7 +1651,7 @@ function logAlertsMap(alertsMap, options) {
 
 const {
   LOOP_SENTINEL,
-  NPM,
+  NPM: NPM$1,
   NPM_REGISTRY_URL
 } = constants;
 function getDetailsFromDiff(diff_, options) {
@@ -1717,7 +1743,7 @@ function getUrlOrigin(input) {
   return '';
 }
 function findBestPatchVersion(node, availableVersions, vulnerableVersionRange, _firstPatchedVersionIdentifier) {
-  const manifestData = registry.getManifestData(NPM, node.name);
+  const manifestData = registry.getManifestData(NPM$1, node.name);
   let eligibleVersions;
   if (manifestData && manifestData.name === manifestData.package) {
     const major = semver.major(manifestData.version);
@@ -1868,6 +1894,8 @@ function updateNode(node, packument, vulnerableVersionRange, firstPatchedVersion
 }
 
 const {
+  NPM,
+  NPX,
   SOCKET_CLI_SAFE_WRAPPER,
   kInternalsSymbol,
   [kInternalsSymbol]: {
@@ -1920,10 +1948,13 @@ class SafeArborist extends Arborist {
       __proto__: null,
       ...(args.length ? args[0] : undefined)
     };
-    const level = options.dryRun ? 0 : await getIPC(SOCKET_CLI_SAFE_WRAPPER);
-    if (!level) {
+    const safeWrapperName = options.dryRun ? undefined : await getIPC(SOCKET_CLI_SAFE_WRAPPER);
+    const isSafeNpm = safeWrapperName === NPM;
+    const isSafeNpx = safeWrapperName === NPX;
+    if (!safeWrapperName || isSafeNpx && options['yes']) {
       return await this[kRiskyReify](...args);
     }
+
     // Lazily access constants.spinner.
     const {
       spinner
@@ -1938,7 +1969,8 @@ class SafeArborist extends Arborist {
     const alertsMap = await getAlertsMapFromArborist(this, {
       spinner,
       include: {
-        unfixable: level < 2
+        existing: isSafeNpx,
+        unfixable: isSafeNpm
       }
     });
     if (alertsMap.size) {
@@ -2006,5 +2038,5 @@ exports.safeReadFile = safeReadFile;
 exports.setupSdk = setupSdk;
 exports.updateNode = updateNode;
 exports.updateSetting = updateSetting;
-//# debugId=1b6e4e80-401e-49a9-9b56-3f777bfba08f
+//# debugId=afbd2a97-a4dc-4824-88de-5e8258203e75
 //# sourceMappingURL=shadow-npm-inject.js.map