@socketsecurity/cli-with-sentry 0.14.66 → 0.14.67

package/dist/module-sync/config.d.ts

@@ -0,0 +1,19 @@
+import config from '@socketsecurity/config';
+interface LocalConfig {
+    apiBaseUrl?: string | null | undefined;
+    apiKey?: string | null | undefined;
+    apiProxy?: string | null | undefined;
+    apiToken?: string | null | undefined;
+    defaultOrg?: string;
+    enforcedOrgs?: string[] | readonly string[] | null | undefined;
+    test?: unknown;
+}
+declare const supportedConfigKeys: Map<keyof LocalConfig, string>;
+declare const sensitiveConfigKeys: Set<keyof LocalConfig>;
+declare function findSocketYmlSync(): {
+    path: string;
+    parsed: config.SocketYml;
+} | null;
+declare function getConfigValue<Key extends keyof LocalConfig>(key: Key): LocalConfig[Key];
+declare function updateConfigValue<Key extends keyof LocalConfig>(key: keyof LocalConfig, value: LocalConfig[Key]): void;
+export { LocalConfig, supportedConfigKeys, sensitiveConfigKeys, findSocketYmlSync, getConfigValue, updateConfigValue };

package/dist/module-sync/path-resolve.d.ts

@@ -6,5 +6,5 @@ declare function findBinPathDetailsSync(binName: string): {
     shadowed: boolean;
 };
 declare function findNpmPathSync(npmBinPath: string): string | undefined;
-declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], config?: SocketYml | undefined): Promise<string[]>;
-export { findBinPathDetailsSync, findNpmPathSync, getPackageFilesFullScans };
+declare function getPackageFilesForScan(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], config?: SocketYml | undefined): Promise<string[]>;
+export { findBinPathDetailsSync, findNpmPathSync, getPackageFilesForScan };

package/dist/module-sync/shadow-npm-inject.js

@@ -26,51 +26,17 @@ var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var strings = require('@socketsecurity/registry/lib/strings');
 var sdk = require('@socketsecurity/sdk');
-var promises = require('node:timers/promises');
 var fs = require('node:fs');
 var os = require('node:os');
 var path = require('node:path');
 var config = require('@socketsecurity/config');
+var promises = require('node:timers/promises');
 var packages = require('@socketsecurity/registry/lib/packages');
 var sorts = require('@socketsecurity/registry/lib/sorts');
 var terminalLink = _socketInterop(require('terminal-link'));
 var colors = _socketInterop(require('yoctocolors-cjs'));
 var indentString = require('@socketregistry/indent-string/index.cjs');
 
-const {
-  kInternalsSymbol: kInternalsSymbol$1,
-  [kInternalsSymbol$1]: {
-    getSentry
-  }
-} = constants;
-class AuthError extends Error {}
-class InputError extends Error {
-  constructor(message, body) {
-    super(message);
-    this.body = body;
-  }
-}
-async function captureException(exception, hint) {
-  const result = captureExceptionSync(exception, hint);
-  // "Sleep" for a second, just in case, hopefully enough time to initiate fetch.
-  await promises.setTimeout(1000);
-  return result;
-}
-function captureExceptionSync(exception, hint) {
-  const Sentry = getSentry();
-  if (!Sentry) {
-    return '';
-  }
-  debug.debugLog('captureException: Sending exception to Sentry.');
-  return Sentry.captureException(exception, hint);
-}
-function isErrnoException(value) {
-  if (!(value instanceof Error)) {
-    return false;
-  }
-  return value.code !== undefined;
-}
-
 const {
   abortSignal
 } = constants;
@@ -143,34 +109,36 @@ function safeReadFileSync(filepath, options) {
 const LOCALAPPDATA = 'LOCALAPPDATA';
 // Default app data folder env var on Mac/Linux
 const XDG_DATA_HOME = 'XDG_DATA_HOME';
-const SOCKET_APP_DIR = 'socket/settings';
-const supportedApiKeys = new Set(['apiBaseUrl', 'apiKey', 'apiProxy', 'enforcedOrgs']);
-let settings;
-let settingsPath;
-let warnedSettingPathWin32Missing = false;
+const SOCKET_APP_DIR = 'socket/settings'; // It used to be settings...
+
+const supportedConfigKeys = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiToken', 'The API token required to access most API endpoints'], ['apiProxy', 'A proxy through which to access the API'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine']]);
+const sensitiveConfigKeys = new Set(['apiToken']);
+let cachedConfig;
+let configPath;
+let warnedConfigPathWin32Missing = false;
 let pendingSave = false;
-function getSettings() {
-  if (settings === undefined) {
-    settings = {};
-    const settingsPath = getSettingsPath();
-    if (settingsPath) {
-      const raw = safeReadFileSync(settingsPath);
+function getConfigValues() {
+  if (cachedConfig === undefined) {
+    cachedConfig = {};
+    const configPath = getConfigPath();
+    if (configPath) {
+      const raw = safeReadFileSync(configPath);
       if (raw) {
         try {
-          Object.assign(settings, JSON.parse(Buffer.from(raw, 'base64').toString()));
+          Object.assign(cachedConfig, JSON.parse(Buffer.from(raw, 'base64').toString()));
         } catch {
-          logger.logger.warn(`Failed to parse settings at ${settingsPath}`);
+          logger.logger.warn(`Failed to parse config at ${configPath}`);
         }
       } else {
-        fs.mkdirSync(path.dirname(settingsPath), {
+        fs.mkdirSync(path.dirname(configPath), {
           recursive: true
         });
       }
     }
   }
-  return settings;
+  return cachedConfig;
 }
-function getSettingsPath() {
+function getConfigPath() {
   // Get the OS app data folder:
   // - Win: %LOCALAPPDATA% or fail?
   // - Mac: %XDG_DATA_HOME% or fallback to "~/Library/Application Support/"
@@ -183,7 +151,7 @@ function getSettingsPath() {
   // - Mac: %XDG_DATA_HOME%/socket/settings or "~/Library/Application Support/socket/settings"
   // - Linux: %XDG_DATA_HOME%/socket/settings or "~/.local/share/socket/settings"
 
-  if (settingsPath === undefined) {
+  if (configPath === undefined) {
     // Lazily access constants.WIN32.
     const {
       WIN32
@@ -191,22 +159,22 @@ function getSettingsPath() {
     let dataHome = WIN32 ? process$1.env[LOCALAPPDATA] : process$1.env[XDG_DATA_HOME];
     if (!dataHome) {
       if (WIN32) {
-        if (!warnedSettingPathWin32Missing) {
-          warnedSettingPathWin32Missing = true;
+        if (!warnedConfigPathWin32Missing) {
+          warnedConfigPathWin32Missing = true;
           logger.logger.warn(`Missing %${LOCALAPPDATA}%`);
         }
       } else {
         dataHome = path.join(os.homedir(), ...(process$1.platform === 'darwin' ? ['Library', 'Application Support'] : ['.local', 'share']));
       }
     }
-    settingsPath = dataHome ? path.join(dataHome, SOCKET_APP_DIR) : undefined;
+    configPath = dataHome ? path.join(dataHome, SOCKET_APP_DIR) : undefined;
   }
-  return settingsPath;
+  return configPath;
 }
-function normalizeSettingsKey(key) {
+function normalizeConfigKey(key) {
   const normalizedKey = key === 'apiToken' ? 'apiKey' : key;
-  if (!supportedApiKeys.has(normalizedKey)) {
-    throw new Error(`Invalid settings key: ${normalizedKey}`);
+  if (normalizedKey !== 'apiKey' && normalizedKey !== 'test' && !supportedConfigKeys.has(normalizedKey)) {
+    throw new Error(`Invalid config key: ${normalizedKey}`);
   }
   return normalizedKey;
 }
@@ -235,37 +203,72 @@ function findSocketYmlSync() {
   }
   return null;
 }
-function getSetting(key) {
-  return getSettings()[normalizeSettingsKey(key)];
+function getConfigValue(key) {
+  return getConfigValues()[normalizeConfigKey(key)];
 }
-function updateSetting(key, value) {
-  const settings = getSettings();
-  settings[normalizeSettingsKey(key)] = value;
+function updateConfigValue(key, value) {
+  const localConfig = getConfigValues();
+  localConfig[normalizeConfigKey(key)] = value;
   if (!pendingSave) {
     pendingSave = true;
     process$1.nextTick(() => {
       pendingSave = false;
-      const settingsPath = getSettingsPath();
-      if (settingsPath) {
-        fs.writeFileSync(settingsPath, Buffer.from(JSON.stringify(settings)).toString('base64'));
+      const configPath = getConfigPath();
+      if (configPath) {
+        fs.writeFileSync(configPath, Buffer.from(JSON.stringify(localConfig)).toString('base64'));
       }
     });
   }
 }
 
 const {
-  SOCKET_CLI_NO_API_TOKEN
+  kInternalsSymbol: kInternalsSymbol$1,
+  [kInternalsSymbol$1]: {
+    getSentry
+  }
+} = constants;
+class AuthError extends Error {}
+class InputError extends Error {
+  constructor(message, body) {
+    super(message);
+    this.body = body;
+  }
+}
+async function captureException(exception, hint) {
+  const result = captureExceptionSync(exception, hint);
+  // "Sleep" for a second, just in case, hopefully enough time to initiate fetch.
+  await promises.setTimeout(1000);
+  return result;
+}
+function captureExceptionSync(exception, hint) {
+  const Sentry = getSentry();
+  if (!Sentry) {
+    return '';
+  }
+  debug.debugLog('captureException: Sending exception to Sentry.');
+  return Sentry.captureException(exception, hint);
+}
+function isErrnoException(value) {
+  if (!(value instanceof Error)) {
+    return false;
+  }
+  return value.code !== undefined;
+}
+
+const {
+  SOCKET_CLI_NO_API_TOKEN,
+  SOCKET_SECURITY_API_TOKEN
 } = constants;
 
 // The API server that should be used for operations.
 function getDefaultApiBaseUrl() {
-  const baseUrl = process$1.env['SOCKET_SECURITY_API_BASE_URL'] || getSetting('apiBaseUrl');
+  const baseUrl = process$1.env['SOCKET_SECURITY_API_BASE_URL'] || getConfigValue('apiBaseUrl');
   return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
 }
 
 // The API server that should be used for operations.
 function getDefaultHttpProxy() {
-  const apiProxy = process$1.env['SOCKET_SECURITY_API_PROXY'] || getSetting('apiProxy');
+  const apiProxy = process$1.env['SOCKET_SECURITY_API_PROXY'] || getConfigValue('apiProxy');
   return strings.isNonEmptyString(apiProxy) ? apiProxy : undefined;
 }
 
@@ -276,16 +279,18 @@ function getDefaultToken() {
   if (constants.ENV[SOCKET_CLI_NO_API_TOKEN]) {
     _defaultToken = undefined;
   } else {
-    const key = process$1.env['SOCKET_SECURITY_API_TOKEN'] ||
-    // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.
-    // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.
-    process$1.env['SOCKET_SECURITY_API_KEY'] || getSetting('apiToken') || _defaultToken;
+    const key =
+    // Lazily access constants.ENV[SOCKET_SECURITY_API_TOKEN].
+    constants.ENV[SOCKET_SECURITY_API_TOKEN] || getConfigValue('apiToken') || _defaultToken;
     _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
   }
   return _defaultToken;
 }
 function getPublicToken() {
-  return (process$1.env['SOCKET_SECURITY_API_TOKEN'] || getDefaultToken()) ?? registryConstants.SOCKET_PUBLIC_API_TOKEN;
+  return (
+    // Lazily access constants.ENV[SOCKET_SECURITY_API_TOKEN].
+    (constants.ENV[SOCKET_SECURITY_API_TOKEN] || getDefaultToken()) ?? registryConstants.SOCKET_PUBLIC_API_TOKEN
+  );
 }
 async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApiBaseUrl(), proxy = getDefaultHttpProxy()) {
   if (typeof apiToken !== 'string' && isInteractive()) {
@@ -306,7 +311,7 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
       // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
       name: "@socketsecurity/cli",
       // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-      version: "0.14.66",
+      version: "0.14.67",
       // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
       homepage: "https://github.com/SocketDev/socket-cli"
     })
@@ -1213,7 +1218,7 @@ async function uxLookup(settings) {
       }
     })();
     // Remove any organizations not being enforced.
-    const enforcedOrgs = getSetting('enforcedOrgs') ?? [];
+    const enforcedOrgs = getConfigValue('enforcedOrgs') ?? [];
     for (const {
       0: i,
       1: org
@@ -1638,7 +1643,10 @@ function getDetailsFromDiff(diff_, options) {
 }
 function getUrlOrigin(input) {
   try {
-    return URL.parse(input)?.origin ?? '';
+    // TODO: URL.parse is available in Node 22.1.0. We can use it when we drop Node 18.
+    // https://nodejs.org/docs/latest-v22.x/api/url.html#urlparseinput-base
+    // return URL.parse(input)?.origin ?? ''
+    return new URL(input).origin ?? '';
   } catch {}
   return '';
 }
@@ -1719,12 +1727,12 @@ async function getAlertsMapFromArborist(arb, options) {
       return [key, overrideSet.value];
     }));
   }
-  const socketSdk = await setupSdk(getPublicToken());
+  const sockSdk = await setupSdk(getPublicToken());
   const toAlertsMapOptions = {
     overrides,
     ...options
   };
-  for await (const batchPackageFetchResult of socketSdk.batchPackageStream({
+  for await (const batchPackageFetchResult of sockSdk.batchPackageStream({
     alerts: 'true',
     compact: 'true',
     fixable: include.unfixable ? 'false' : 'true'
@@ -1936,18 +1944,20 @@ exports.findPackageNodes = findPackageNodes;
 exports.findUp = findUp;
 exports.formatSeverityCount = formatSeverityCount;
 exports.getAlertsMapFromArborist = getAlertsMapFromArborist;
+exports.getConfigValue = getConfigValue;
 exports.getCveInfoByAlertsMap = getCveInfoByAlertsMap;
 exports.getDefaultToken = getDefaultToken;
 exports.getPublicToken = getPublicToken;
-exports.getSetting = getSetting;
 exports.getSeverityCount = getSeverityCount;
 exports.getSocketDevAlertUrl = getSocketDevAlertUrl;
 exports.getSocketDevPackageOverviewUrl = getSocketDevPackageOverviewUrl;
 exports.readFileBinary = readFileBinary;
 exports.readFileUtf8 = readFileUtf8;
 exports.safeReadFile = safeReadFile;
+exports.sensitiveConfigKeys = sensitiveConfigKeys;
 exports.setupSdk = setupSdk;
+exports.supportedConfigKeys = supportedConfigKeys;
+exports.updateConfigValue = updateConfigValue;
 exports.updateNode = updateNode;
-exports.updateSetting = updateSetting;
-//# debugId=86178861-a8cc-486b-ac92-f49e627e80af
+//# debugId=be8eae0e-badd-401f-9719-bf4c7157004d
 //# sourceMappingURL=shadow-npm-inject.js.map