@socketsecurity/cli-with-sentry 0.14.67 → 0.14.68

package/dist/module-sync/shadow-npm-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"shadow-npm-paths.js","sources":["../../src/utils/ignore-by-default.ts","../../src/utils/path-resolve.ts","../../src/shadow/npm/paths.ts"],"sourcesContent":["const ignoredDirs = [\n  // Taken from ignore-by-default:\n  // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js\n  '.git', // Git repository files, see <https://git-scm.com/>\n  '.log', // Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>\n  '.nyc_output', // Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>\n  '.sass-cache', // Cache folder for node-sass, see <https://github.com/sass/node-sass>\n  '.yarn', // Where node modules are installed when using Yarn, see <https://yarnpkg.com/>\n  'bower_components', // Where Bower packages are installed, see <http://bower.io/>\n  'coverage', // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>\n  'node_modules', // Where Node modules are installed, see <https://nodejs.org/>\n  // Taken from globby:\n  // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16\n  'flow-typed'\n] as const\n\nconst ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`)\n\nexport function directoryPatterns() {\n  return [...ignoredDirPatterns]\n}\n","import { existsSync, promises as fs, statSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport ignore from 'ignore'\nimport micromatch from 'micromatch'\nimport { glob as tinyGlob } from 'tinyglobby'\nimport which from 'which'\n\nimport { debugLog } from '@socketsecurity/registry/lib/debug'\nimport { resolveBinPath } from '@socketsecurity/registry/lib/npm'\n\nimport { directoryPatterns } from './ignore-by-default'\nimport constants from '../constants'\n\nimport type { SocketYml } from '@socketsecurity/config'\nimport type { SocketSdkReturnType } from '@socketsecurity/sdk'\nimport type { GlobOptions } from 'tinyglobby'\n\ntype GlobWithGitIgnoreOptions = GlobOptions & {\n  socketConfig?: SocketYml | undefined\n}\n\nconst { NODE_MODULES, NPM, shadowBinPath } = constants\n\nasync function filterGlobResultToSupportedFiles(\n  entries: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  const patterns = ['golang', NPM, 'maven', 'pypi', 'gem', 'nuget'].reduce(\n    (r: string[], n: string) => {\n      const supported = supportedFiles[n]\n      r.push(\n        ...(supported\n          ? Object.values(supported).map(p => `**/${p.pattern}`)\n          : [])\n      )\n      return r\n    },\n    []\n  )\n  return entries.filter(p => micromatch.some(p, patterns))\n}\n\nasync function globWithGitIgnore(\n  patterns: string[],\n  options: GlobWithGitIgnoreOptions\n) {\n  const {\n    cwd = process.cwd(),\n    socketConfig,\n    ...additionalOptions\n  } = { __proto__: null, ...options } as GlobWithGitIgnoreOptions\n  const projectIgnorePaths = socketConfig?.projectIgnorePaths\n  const ignoreFiles = await tinyGlob(['**/.gitignore'], {\n    absolute: true,\n    cwd,\n    expandDirectories: true\n  })\n  const ignores = [\n    ...directoryPatterns(),\n    ...(Array.isArray(projectIgnorePaths)\n      ? ignoreFileLinesToGlobPatterns(\n          projectIgnorePaths,\n          path.join(cwd, '.gitignore'),\n          cwd\n        )\n      : []),\n    ...(\n      await Promise.all(\n        ignoreFiles.map(async filepath =>\n          ignoreFileToGlobPatterns(\n            await fs.readFile(filepath, 'utf8'),\n            filepath,\n            cwd\n          )\n        )\n      )\n    ).flat()\n  ]\n  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/)\n  const globOptions = {\n    absolute: true,\n    cwd,\n    expandDirectories: false,\n    ignore: hasNegatedPattern ? [] : ignores,\n    ...additionalOptions\n  }\n  const result = await tinyGlob(patterns, globOptions)\n  if (!hasNegatedPattern) {\n    return result\n  }\n  const { absolute } = globOptions\n\n  // Note: the input files must be INSIDE the cwd. If you get strange looking\n  // relative path errors here, most likely your path is outside the given cwd.\n  const filtered = ignore()\n    .add(ignores)\n    .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)\n  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered\n}\n\nfunction ignoreFileLinesToGlobPatterns(\n  lines: string[],\n  filepath: string,\n  cwd: string\n): string[] {\n  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\\\/g, '/')\n  const patterns = []\n  for (let i = 0, { length } = lines; i < length; i += 1) {\n    const pattern = lines[i]!.trim()\n    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {\n      patterns.push(\n        ignorePatternToMinimatch(\n          pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/\n            ? `!${path.posix.join(base, pattern.slice(1))}`\n            : path.posix.join(base, pattern)\n        )\n      )\n    }\n  }\n  return patterns\n}\n\nfunction ignoreFileToGlobPatterns(\n  content: string,\n  filepath: string,\n  cwd: string\n): string[] {\n  return ignoreFileLinesToGlobPatterns(content.split(/\\r?\\n/), filepath, cwd)\n}\n\n// Based on `@eslint/compat` convertIgnorePatternToMinimatch.\n// Apache v2.0 licensed\n// Copyright Nicholas C. Zakas\n// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28\nfunction ignorePatternToMinimatch(pattern: string): string {\n  const isNegated = pattern.startsWith('!')\n  const negatedPrefix = isNegated ? '!' : ''\n  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd()\n  // Special cases.\n  if (\n    patternToTest === '' ||\n    patternToTest === '**' ||\n    patternToTest === '/**' ||\n    patternToTest === '**'\n  ) {\n    return `${negatedPrefix}${patternToTest}`\n  }\n  const firstIndexOfSlash = patternToTest.indexOf('/')\n  const matchEverywherePrefix =\n    firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1\n      ? '**/'\n      : ''\n  const patternWithoutLeadingSlash =\n    firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest\n  // Escape `{` and `(` because in gitignore patterns they are just\n  // literal characters without any specific syntactic meaning,\n  // while in minimatch patterns they can form brace expansion or extglob syntax.\n  //\n  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.\n  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.\n  // Minimatch pattern `src/\\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.\n  const escapedPatternWithoutLeadingSlash =\n    patternWithoutLeadingSlash.replaceAll(\n      /(?=((?:\\\\.|[^{(])*))\\1([{(])/guy,\n      '$1\\\\$2'\n    )\n  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : ''\n  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`\n}\n\nfunction pathsToPatterns(paths: string[] | readonly string[]): string[] {\n  // TODO: Does not support `~/` paths.\n  return paths.map(p => (p === '.' ? '**/*' : p))\n}\n\nexport function findBinPathDetailsSync(binName: string): {\n  name: string\n  path: string | undefined\n  shadowed: boolean\n} {\n  const binPaths =\n    which.sync(binName, {\n      all: true,\n      nothrow: true\n    }) ?? []\n  let shadowIndex = -1\n  let theBinPath: string | undefined\n  for (let i = 0, { length } = binPaths; i < length; i += 1) {\n    const binPath = binPaths[i]!\n    // Skip our bin directory if it's in the front.\n    if (path.dirname(binPath) === shadowBinPath) {\n      shadowIndex = i\n    } else {\n      theBinPath = resolveBinPath(binPath)\n      break\n    }\n  }\n  return { name: binName, path: theBinPath, shadowed: shadowIndex !== -1 }\n}\n\nexport function findNpmPathSync(npmBinPath: string): string | undefined {\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let thePath = npmBinPath\n  while (true) {\n    const libNmNpmPath = path.join(thePath, 'lib', NODE_MODULES, NPM)\n    // mise puts its npm bin in a path like:\n    //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.\n    // HOWEVER, the location of the npm install is:\n    //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/lib/node_modules/npm.\n    if (\n      // Use existsSync here because statsSync, even with { throwIfNoEntry: false },\n      // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.\n      // See https://github.com/nodejs/node/issues/56993.\n      existsSync(libNmNpmPath) &&\n      statSync(libNmNpmPath, { throwIfNoEntry: false })?.isDirectory()\n    ) {\n      thePath = path.join(libNmNpmPath, NPM)\n    }\n    const nmPath = path.join(thePath, NODE_MODULES)\n    if (\n      // npm bin paths may look like:\n      //   /usr/local/share/npm/bin/npm\n      //   /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm\n      //   C:\\Users\\SomeUsername\\AppData\\Roaming\\npm\\bin\\npm.cmd\n      // OR\n      //   C:\\Program Files\\nodejs\\npm.cmd\n      //\n      // In practically all cases the npm path contains a node_modules folder:\n      //   /usr/local/share/npm/bin/npm/node_modules\n      //   C:\\Program Files\\nodejs\\node_modules\n      existsSync(nmPath) &&\n      statSync(nmPath, { throwIfNoEntry: false })?.isDirectory() &&\n      // Optimistically look for the default location.\n      (path.basename(thePath) === NPM ||\n        // Chocolatey installs npm bins in the same directory as node bins.\n        (WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))\n    ) {\n      return thePath\n    }\n    const parent = path.dirname(thePath)\n    if (parent === thePath) {\n      return undefined\n    }\n    thePath = parent\n  }\n}\n\nexport async function getPackageFilesForScan(\n  cwd: string,\n  inputPaths: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],\n  config?: SocketYml | undefined\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd,\n    socketConfig: config\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n","import { existsSync } from 'node:fs'\nimport Module from 'node:module'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants'\nimport {\n  findBinPathDetailsSync,\n  findNpmPathSync\n} from '../../utils/path-resolve'\n\nconst { NODE_MODULES, NPM, NPX, SOCKET_CLI_ISSUES_URL } = constants\n\nfunction exitWithBinPathError(binName: string): never {\n  logger.fail(\n    `Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`\n  )\n  // The exit code 127 indicates that the command or binary being executed\n  // could not be found.\n  process.exit(127)\n}\n\nlet _npmBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpmBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npmBinPathDetails === undefined) {\n    _npmBinPathDetails = findBinPathDetailsSync(NPM)\n  }\n  return _npmBinPathDetails\n}\n\nlet _npxBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpxBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npxBinPathDetails === undefined) {\n    _npxBinPathDetails = findBinPathDetailsSync(NPX)\n  }\n  return _npxBinPathDetails\n}\n\nlet _npmBinPath: string | undefined\nexport function getNpmBinPath(): string {\n  if (_npmBinPath === undefined) {\n    _npmBinPath = getNpmBinPathDetails().path\n    if (!_npmBinPath) {\n      exitWithBinPathError(NPM)\n    }\n  }\n  return _npmBinPath\n}\n\nexport function isNpmBinPathShadowed() {\n  return getNpmBinPathDetails().shadowed\n}\n\nlet _npxBinPath: string | undefined\nexport function getNpxBinPath(): string {\n  if (_npxBinPath === undefined) {\n    _npxBinPath = getNpxBinPathDetails().path\n    if (!_npxBinPath) {\n      exitWithBinPathError(NPX)\n    }\n  }\n  return _npxBinPath\n}\n\nexport function isNpxBinPathShadowed() {\n  return getNpxBinPathDetails().shadowed\n}\n\nlet _npmPath: string | undefined\nexport function getNpmPath() {\n  if (_npmPath === undefined) {\n    const npmBinPath = getNpmBinPath()\n    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined\n    if (!_npmPath) {\n      let message = 'Unable to find npm CLI install directory.'\n      if (npmBinPath) {\n        message += `\\nSearched parent directories of ${path.dirname(npmBinPath)}.`\n      }\n      message += `\\n\\nThis is may be a bug with socket-npm related to changes to the npm CLI.\\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`\n      logger.fail(message)\n      // The exit code 127 indicates that the command or binary being executed\n      // could not be found.\n      process.exit(127)\n    }\n  }\n  return _npmPath\n}\n\nlet _npmRequire: NodeJS.Require | undefined\nexport function getNpmRequire(): NodeJS.Require {\n  if (_npmRequire === undefined) {\n    const npmPath = getNpmPath()\n    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM)\n    _npmRequire = Module.createRequire(\n      path.join(existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>')\n    )\n  }\n  return _npmRequire\n}\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName)\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js'\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js'\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js'\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n"],"names":["shadowBinPath","cwd","__proto__","absolute","expandDirectories","ignore","length","all","nothrow","shadowIndex","theBinPath","name","path","WIN32","existsSync","throwIfNoEntry","thePath","socketConfig","debugLog","SOCKET_CLI_ISSUES_URL","logger","process","_npmBinPathDetails","_npxBinPathDetails","_npmBinPath","_npxBinPath","_arboristPkgPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACE;AACA;AACA;AAAQ;AACR;AAAQ;AACR;AAAe;AACf;AAAe;AACf;AAAS;AACT;AAAoB;AACpB;AAAY;AACZ;AAAgB;AAChB;AACA;AACA;AAGF;AAEO;;AAEP;;ACGA;;;AAA2BA;AAAc;AAEzC;;AAMM;;AAMA;;AAIJ;AACF;AAEA;;AAKIC;;;AAGF;AAAMC;;;AACN;;AAEEC;;AAEAC;AACF;AACA;AAqBA;AACA;AACED;;AAEAC;AACAC;;;;;AAKA;AACF;;AACQF;AAAS;;AAEjB;AACA;AACA;AAGA;AACF;AAEA;;;AAOE;AAAkBG;;;AAEhB;;AAQA;AACF;AACA;AACF;AAEA;AAKE;AACF;;AAEA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AAME;AACF;AACA;AACA;AAIA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;;;AAQF;AAEA;AACE;AACA;AACF;AAEO;AAKL;AAEIC;AACAC;;;AAGJ;AACA;AAAkBF;;AAChB;AACA;;AAEEG;AACF;AACEC;AACA;AACF;AACF;;AACSC;AAAeC;;;AAC1B;AAEO;AACL;;AACQC;AAAM;;AAEd;AACE;AACA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACAC;AACyBC;AAAsB;;AAGjD;;AAEA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACAD;AACmBC;AAAsB;AACzC;AACCH;AACC;AACCC;AAEH;AACF;AACA;;AAEE;AACF;AACAG;AACF;AACF;AAEO;;;;AAUHC;AACF;AAEAC;;AAUAA;AAKA;AACF;;ACzQA;;;;AAAgCC;AAAsB;AAEtD;AACEC;AAGA;AACA;AACAC;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEH;;;;AAIE;;AAEA;;AAEAL;AACA;AACA;AACAC;AACF;AACF;AACA;AACF;AAEA;AACO;;AAEH;;;AAKF;AACA;AACF;AAEA;AACO;;;AAGH;AAGA;AAIA;AACAK;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;;;;;;;;;;;","debugId":"13ebca93-7937-4895-a63d-3f53428c40b"}
+{"version":3,"file":"shadow-npm-paths.js","sources":["../../src/utils/ignore-by-default.ts","../../src/utils/path-resolve.ts","../../src/shadow/npm/paths.ts"],"sourcesContent":["const ignoredDirs = [\n  // Taken from ignore-by-default:\n  // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js\n  '.git', // Git repository files, see <https://git-scm.com/>\n  '.log', // Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>\n  '.nyc_output', // Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>\n  '.sass-cache', // Cache folder for node-sass, see <https://github.com/sass/node-sass>\n  '.yarn', // Where node modules are installed when using Yarn, see <https://yarnpkg.com/>\n  'bower_components', // Where Bower packages are installed, see <http://bower.io/>\n  'coverage', // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>\n  'node_modules', // Where Node modules are installed, see <https://nodejs.org/>\n  // Taken from globby:\n  // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16\n  'flow-typed'\n] as const\n\nconst ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`)\n\nexport function directoryPatterns() {\n  return [...ignoredDirPatterns]\n}\n","import { existsSync, promises as fs, statSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport ignore from 'ignore'\nimport micromatch from 'micromatch'\nimport { glob as tinyGlob } from 'tinyglobby'\nimport which from 'which'\n\nimport { debugLog } from '@socketsecurity/registry/lib/debug'\nimport { resolveBinPath } from '@socketsecurity/registry/lib/npm'\n\nimport { directoryPatterns } from './ignore-by-default'\nimport constants from '../constants'\n\nimport type { SocketYml } from '@socketsecurity/config'\nimport type { SocketSdkReturnType } from '@socketsecurity/sdk'\nimport type { GlobOptions } from 'tinyglobby'\n\ntype GlobWithGitIgnoreOptions = GlobOptions & {\n  socketConfig?: SocketYml | undefined\n}\n\nconst { NODE_MODULES, NPM, shadowBinPath } = constants\n\nasync function filterGlobResultToSupportedFiles(\n  entries: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']\n): Promise<string[]> {\n  const patterns = ['golang', NPM, 'maven', 'pypi', 'gem', 'nuget'].reduce(\n    (r: string[], n: string) => {\n      const supported = supportedFiles[n]\n      r.push(\n        ...(supported\n          ? Object.values(supported).map(p => `**/${p.pattern}`)\n          : [])\n      )\n      return r\n    },\n    []\n  )\n  return entries.filter(p => micromatch.some(p, patterns))\n}\n\nasync function globWithGitIgnore(\n  patterns: string[],\n  options: GlobWithGitIgnoreOptions\n) {\n  const {\n    cwd = process.cwd(),\n    socketConfig,\n    ...additionalOptions\n  } = { __proto__: null, ...options } as GlobWithGitIgnoreOptions\n  const projectIgnorePaths = socketConfig?.projectIgnorePaths\n  const ignoreFiles = await tinyGlob(['**/.gitignore'], {\n    absolute: true,\n    cwd,\n    expandDirectories: true\n  })\n  const ignores = [\n    ...directoryPatterns(),\n    ...(Array.isArray(projectIgnorePaths)\n      ? ignoreFileLinesToGlobPatterns(\n          projectIgnorePaths,\n          path.join(cwd, '.gitignore'),\n          cwd\n        )\n      : []),\n    ...(\n      await Promise.all(\n        ignoreFiles.map(async filepath =>\n          ignoreFileToGlobPatterns(\n            await fs.readFile(filepath, 'utf8'),\n            filepath,\n            cwd\n          )\n        )\n      )\n    ).flat()\n  ]\n  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/)\n  const globOptions = {\n    absolute: true,\n    cwd,\n    expandDirectories: false,\n    ignore: hasNegatedPattern ? [] : ignores,\n    ...additionalOptions\n  }\n  const result = await tinyGlob(patterns, globOptions)\n  if (!hasNegatedPattern) {\n    return result\n  }\n  const { absolute } = globOptions\n\n  // Note: the input files must be INSIDE the cwd. If you get strange looking\n  // relative path errors here, most likely your path is outside the given cwd.\n  const filtered = ignore()\n    .add(ignores)\n    .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)\n  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered\n}\n\nfunction ignoreFileLinesToGlobPatterns(\n  lines: string[],\n  filepath: string,\n  cwd: string\n): string[] {\n  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\\\/g, '/')\n  const patterns = []\n  for (let i = 0, { length } = lines; i < length; i += 1) {\n    const pattern = lines[i]!.trim()\n    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {\n      patterns.push(\n        ignorePatternToMinimatch(\n          pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/\n            ? `!${path.posix.join(base, pattern.slice(1))}`\n            : path.posix.join(base, pattern)\n        )\n      )\n    }\n  }\n  return patterns\n}\n\nfunction ignoreFileToGlobPatterns(\n  content: string,\n  filepath: string,\n  cwd: string\n): string[] {\n  return ignoreFileLinesToGlobPatterns(content.split(/\\r?\\n/), filepath, cwd)\n}\n\n// Based on `@eslint/compat` convertIgnorePatternToMinimatch.\n// Apache v2.0 licensed\n// Copyright Nicholas C. Zakas\n// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28\nfunction ignorePatternToMinimatch(pattern: string): string {\n  const isNegated = pattern.startsWith('!')\n  const negatedPrefix = isNegated ? '!' : ''\n  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd()\n  // Special cases.\n  if (\n    patternToTest === '' ||\n    patternToTest === '**' ||\n    patternToTest === '/**' ||\n    patternToTest === '**'\n  ) {\n    return `${negatedPrefix}${patternToTest}`\n  }\n  const firstIndexOfSlash = patternToTest.indexOf('/')\n  const matchEverywherePrefix =\n    firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1\n      ? '**/'\n      : ''\n  const patternWithoutLeadingSlash =\n    firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest\n  // Escape `{` and `(` because in gitignore patterns they are just\n  // literal characters without any specific syntactic meaning,\n  // while in minimatch patterns they can form brace expansion or extglob syntax.\n  //\n  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.\n  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.\n  // Minimatch pattern `src/\\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.\n  const escapedPatternWithoutLeadingSlash =\n    patternWithoutLeadingSlash.replaceAll(\n      /(?=((?:\\\\.|[^{(])*))\\1([{(])/guy,\n      '$1\\\\$2'\n    )\n  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : ''\n  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`\n}\n\nfunction pathsToPatterns(paths: string[] | readonly string[]): string[] {\n  // TODO: Does not support `~/` paths.\n  return paths.map(p => (p === '.' ? '**/*' : p))\n}\n\nexport function findBinPathDetailsSync(binName: string): {\n  name: string\n  path: string | undefined\n  shadowed: boolean\n} {\n  const binPaths =\n    which.sync(binName, {\n      all: true,\n      nothrow: true\n    }) ?? []\n  let shadowIndex = -1\n  let theBinPath: string | undefined\n  for (let i = 0, { length } = binPaths; i < length; i += 1) {\n    const binPath = binPaths[i]!\n    // Skip our bin directory if it's in the front.\n    if (path.dirname(binPath) === shadowBinPath) {\n      shadowIndex = i\n    } else {\n      theBinPath = resolveBinPath(binPath)\n      break\n    }\n  }\n  return { name: binName, path: theBinPath, shadowed: shadowIndex !== -1 }\n}\n\nexport function findNpmPathSync(npmBinPath: string): string | undefined {\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let thePath = npmBinPath\n  while (true) {\n    const libNmNpmPath = path.join(thePath, 'lib', NODE_MODULES, NPM)\n    // mise puts its npm bin in a path like:\n    //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.\n    // HOWEVER, the location of the npm install is:\n    //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/lib/node_modules/npm.\n    if (\n      // Use existsSync here because statsSync, even with { throwIfNoEntry: false },\n      // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.\n      // See https://github.com/nodejs/node/issues/56993.\n      existsSync(libNmNpmPath) &&\n      statSync(libNmNpmPath, { throwIfNoEntry: false })?.isDirectory()\n    ) {\n      thePath = path.join(libNmNpmPath, NPM)\n    }\n    const nmPath = path.join(thePath, NODE_MODULES)\n    if (\n      // npm bin paths may look like:\n      //   /usr/local/share/npm/bin/npm\n      //   /Users/SomeUsername/.nvm/versions/node/vX.X.X/bin/npm\n      //   C:\\Users\\SomeUsername\\AppData\\Roaming\\npm\\bin\\npm.cmd\n      // OR\n      //   C:\\Program Files\\nodejs\\npm.cmd\n      //\n      // In practically all cases the npm path contains a node_modules folder:\n      //   /usr/local/share/npm/bin/npm/node_modules\n      //   C:\\Program Files\\nodejs\\node_modules\n      existsSync(nmPath) &&\n      statSync(nmPath, { throwIfNoEntry: false })?.isDirectory() &&\n      // Optimistically look for the default location.\n      (path.basename(thePath) === NPM ||\n        // Chocolatey installs npm bins in the same directory as node bins.\n        (WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))\n    ) {\n      return thePath\n    }\n    const parent = path.dirname(thePath)\n    if (parent === thePath) {\n      return undefined\n    }\n    thePath = parent\n  }\n}\n\nexport async function getPackageFilesForScan(\n  cwd: string,\n  inputPaths: string[],\n  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],\n  config?: SocketYml | undefined\n): Promise<string[]> {\n  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)\n\n  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {\n    cwd,\n    socketConfig: config\n  })\n\n  debugLog(\n    `Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`,\n    entries\n  )\n\n  const packageFiles = await filterGlobResultToSupportedFiles(\n    entries,\n    supportedFiles\n  )\n\n  debugLog(\n    `Mapped ${entries.length} entries to ${packageFiles.length} files:`,\n    packageFiles\n  )\n\n  return packageFiles\n}\n","import { existsSync } from 'node:fs'\nimport Module from 'node:module'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants'\nimport {\n  findBinPathDetailsSync,\n  findNpmPathSync\n} from '../../utils/path-resolve'\n\nconst { NODE_MODULES, NPM, NPX, SOCKET_CLI_ISSUES_URL } = constants\n\nfunction exitWithBinPathError(binName: string): never {\n  logger.fail(\n    `Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`\n  )\n  // The exit code 127 indicates that the command or binary being executed\n  // could not be found.\n  // eslint-disable-next-line n/no-process-exit\n  process.exit(127)\n}\n\nlet _npmBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpmBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npmBinPathDetails === undefined) {\n    _npmBinPathDetails = findBinPathDetailsSync(NPM)\n  }\n  return _npmBinPathDetails\n}\n\nlet _npxBinPathDetails: ReturnType<typeof findBinPathDetailsSync> | undefined\nfunction getNpxBinPathDetails(): ReturnType<typeof findBinPathDetailsSync> {\n  if (_npxBinPathDetails === undefined) {\n    _npxBinPathDetails = findBinPathDetailsSync(NPX)\n  }\n  return _npxBinPathDetails\n}\n\nlet _npmBinPath: string | undefined\nexport function getNpmBinPath(): string {\n  if (_npmBinPath === undefined) {\n    _npmBinPath = getNpmBinPathDetails().path\n    if (!_npmBinPath) {\n      exitWithBinPathError(NPM)\n    }\n  }\n  return _npmBinPath\n}\n\nexport function isNpmBinPathShadowed() {\n  return getNpmBinPathDetails().shadowed\n}\n\nlet _npxBinPath: string | undefined\nexport function getNpxBinPath(): string {\n  if (_npxBinPath === undefined) {\n    _npxBinPath = getNpxBinPathDetails().path\n    if (!_npxBinPath) {\n      exitWithBinPathError(NPX)\n    }\n  }\n  return _npxBinPath\n}\n\nexport function isNpxBinPathShadowed() {\n  return getNpxBinPathDetails().shadowed\n}\n\nlet _npmPath: string | undefined\nexport function getNpmPath() {\n  if (_npmPath === undefined) {\n    const npmBinPath = getNpmBinPath()\n    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined\n    if (!_npmPath) {\n      let message = 'Unable to find npm CLI install directory.'\n      if (npmBinPath) {\n        message += `\\nSearched parent directories of ${path.dirname(npmBinPath)}.`\n      }\n      message += `\\n\\nThis is may be a bug with socket-npm related to changes to the npm CLI.\\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`\n      logger.fail(message)\n      // The exit code 127 indicates that the command or binary being executed\n      // could not be found.\n      // eslint-disable-next-line n/no-process-exit\n      process.exit(127)\n    }\n  }\n  return _npmPath\n}\n\nlet _npmRequire: NodeJS.Require | undefined\nexport function getNpmRequire(): NodeJS.Require {\n  if (_npmRequire === undefined) {\n    const npmPath = getNpmPath()\n    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM)\n    _npmRequire = Module.createRequire(\n      path.join(existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>')\n    )\n  }\n  return _npmRequire\n}\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName)\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js'\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js'\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js'\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n"],"names":["shadowBinPath","cwd","__proto__","absolute","expandDirectories","ignore","length","all","nothrow","shadowIndex","theBinPath","name","path","WIN32","existsSync","throwIfNoEntry","thePath","socketConfig","debugLog","SOCKET_CLI_ISSUES_URL","logger","process","_npmBinPathDetails","_npxBinPathDetails","_npmBinPath","_npxBinPath","_arboristPkgPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACE;AACA;AACA;AAAQ;AACR;AAAQ;AACR;AAAe;AACf;AAAe;AACf;AAAS;AACT;AAAoB;AACpB;AAAY;AACZ;AAAgB;AAChB;AACA;AACA;AAGF;AAEO;;AAEP;;ACGA;;;AAA2BA;AAAc;AAEzC;;AAMM;;AAMA;;AAIJ;AACF;AAEA;;AAKIC;;;AAGF;AAAMC;;;AACN;;AAEEC;;AAEAC;AACF;AACA;AAqBA;AACA;AACED;;AAEAC;AACAC;;;;;AAKA;AACF;;AACQF;AAAS;;AAEjB;AACA;AACA;AAGA;AACF;AAEA;;;AAOE;AAAkBG;;;AAEhB;;AAQA;AACF;AACA;AACF;AAEA;AAKE;AACF;;AAEA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AAME;AACF;AACA;AACA;AAIA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;;;AAQF;AAEA;AACE;AACA;AACF;AAEO;AAKL;AAEIC;AACAC;;;AAGJ;AACA;AAAkBF;;AAChB;AACA;;AAEEG;AACF;AACEC;AACA;AACF;AACF;;AACSC;AAAeC;;;AAC1B;AAEO;AACL;;AACQC;AAAM;;AAEd;AACE;AACA;AACA;AACA;AACA;AACA;AACE;AACA;AACA;AACAC;AACyBC;AAAsB;;AAGjD;;AAEA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACAD;AACmBC;AAAsB;AACzC;AACCH;AACC;AACCC;AAEH;AACF;AACA;;AAEE;AACF;AACAG;AACF;AACF;AAEO;;;;AAUHC;AACF;AAEAC;;AAUAA;AAKA;AACF;;ACzQA;;;;AAAgCC;AAAsB;AAEtD;AACEC;AAGA;AACA;AACA;AACAC;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACA;;AAEIC;AACF;AACA;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEHC;;;AAGA;AACF;AACA;AACF;AAEO;AACL;AACF;AAEA;AACO;;AAEH;;;;AAIE;;AAEA;;AAEAL;AACA;AACA;AACA;AACAC;AACF;AACF;AACA;AACF;AAEA;AACO;;AAEH;;;AAKF;AACA;AACF;AAEA;AACO;;;AAGH;AAGA;AAIA;AACAK;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;;;;;;;;;;;","debugId":"4777fee1-28c3-4c4f-a837-eddb2bc51332"}

package/dist/module-sync/socket-package-alert.d.ts

@@ -1,46 +1,102 @@
 /// <reference types="node" />
-import { CompactSocketArtifact } from "./artifact.js";
-import { Spinner } from '@socketsecurity/registry/lib/spinner';
+import { ALERT_SEVERITY } from './shadow-npm-inject.js'
+import {
+  CompactSocketArtifact,
+  CompactSocketArtifactAlert
+} from './artifact.js'
+import { Spinner } from '@socketsecurity/registry/lib/spinner'
+declare enum ALERT_SEVERITY_COLOR {
+  critical = 'magenta',
+  high = 'red',
+  middle = 'yellow',
+  low = 'white'
+}
+declare enum ALERT_SEVERITY_ORDER {
+  critical = 0,
+  high = 1,
+  middle = 2,
+  low = 3,
+  none = 4
+}
 type SocketPackageAlert = {
-    key: string;
-    type: string;
-    block: boolean;
-    critical: boolean;
-    display: boolean;
-    fixable: boolean;
-    raw: any;
-    upgrade: boolean;
-};
-type AlertsByPkgId = Map<string, SocketPackageAlert[]>;
+  name: string
+  version: string
+  key: string
+  type: string
+  blocked: boolean
+  critical: boolean
+  fixable: boolean
+  raw: CompactSocketArtifactAlert
+  upgradable: boolean
+}
+type AlertsByPkgId = Map<string, SocketPackageAlert[]>
+type RiskCounts = {
+  critical: number
+  high: number
+  middle: number
+  low: number
+}
 type AlertIncludeFilter = {
-    critical?: boolean | undefined;
-    cve?: boolean | undefined;
-    existing?: boolean | undefined;
-    unfixable?: boolean | undefined;
-    upgrade?: boolean | undefined;
-};
+  blocked?: boolean | undefined
+  critical?: boolean | undefined
+  cve?: boolean | undefined
+  existing?: boolean | undefined
+  unfixable?: boolean | undefined
+  upgradable?: boolean | undefined
+}
 type AddSocketArtifactAlertToAlertsMapOptions = {
-    consolidate?: boolean | undefined;
-    include?: AlertIncludeFilter | undefined;
-    overrides?: {
-        [key: string]: string;
-    } | undefined;
-    spinner?: Spinner | undefined;
-};
-declare function addArtifactToAlertsMap<T extends AlertsByPkgId>(artifact: CompactSocketArtifact, alertsByPkgId: T, options?: AddSocketArtifactAlertToAlertsMapOptions | undefined): Promise<T>;
+  consolidate?: boolean | undefined
+  include?: AlertIncludeFilter | undefined
+  overrides?:
+    | {
+        [key: string]: string
+      }
+    | undefined
+  spinner?: Spinner | undefined
+}
+declare function addArtifactToAlertsMap<T extends AlertsByPkgId>(
+  artifact: CompactSocketArtifact,
+  alertsByPkgId: T,
+  options?: AddSocketArtifactAlertToAlertsMapOptions | undefined
+): Promise<T>
 type CveExcludeFilter = {
-    upgrade?: boolean | undefined;
-};
-type CveInfoByPkgId = Map<string, Array<{
-    firstPatchedVersionIdentifier: string;
-    vulnerableVersionRange: string;
-}>>;
+  upgradable?: boolean | undefined
+}
+type CveInfoByPkgId = Map<
+  string,
+  Array<{
+    firstPatchedVersionIdentifier: string
+    vulnerableVersionRange: string
+  }>
+>
 type GetCveInfoByPackageOptions = {
-    exclude?: CveExcludeFilter | undefined;
-};
-declare function getCveInfoByAlertsMap(alertsMap: AlertsByPkgId, options?: GetCveInfoByPackageOptions | undefined): CveInfoByPkgId | null;
+  exclude?: CveExcludeFilter | undefined
+}
+declare function getCveInfoByAlertsMap(
+  alertsMap: AlertsByPkgId,
+  options?: GetCveInfoByPackageOptions | undefined
+): CveInfoByPkgId | null
 type LogAlertsMapOptions = {
-    output?: NodeJS.WriteStream | undefined;
-};
-declare function logAlertsMap(alertsMap: AlertsByPkgId, options: LogAlertsMapOptions): void;
-export { SocketPackageAlert, AlertsByPkgId, addArtifactToAlertsMap, getCveInfoByAlertsMap, logAlertsMap };
+  hideAt?: `${ALERT_SEVERITY}` | 'none' | undefined
+  output?: NodeJS.WriteStream | undefined
+}
+declare function logAlertsMap(
+  alertsMap: AlertsByPkgId,
+  options: LogAlertsMapOptions
+): void
+export {
+  ALERT_SEVERITY_COLOR,
+  ALERT_SEVERITY_ORDER,
+  SocketPackageAlert,
+  AlertsByPkgId,
+  RiskCounts,
+  AlertIncludeFilter,
+  AddSocketArtifactAlertToAlertsMapOptions,
+  addArtifactToAlertsMap,
+  CveExcludeFilter,
+  CveInfoByPkgId,
+  GetCveInfoByPackageOptions,
+  getCveInfoByAlertsMap,
+  LogAlertsMapOptions,
+  logAlertsMap
+}

package/dist/module-sync/types.d.ts

@@ -1,53 +1,81 @@
 /// <reference types="npmcli__arborist" />
-import { SafeNode } from "./node.js";
-import { BuildIdealTreeOptions, ReifyOptions } from '@npmcli/arborist';
-import { Options as ArboristOptions } from "@npmcli/arborist";
-import { Advisory as BaseAdvisory } from "@npmcli/arborist";
-import { Arborist as BaseArborist } from "@npmcli/arborist";
-import { AuditReport as BaseAuditReport } from "@npmcli/arborist";
-import { Diff as BaseDiff } from "@npmcli/arborist";
+import { SafeNode } from './node.js'
+import { BuildIdealTreeOptions, ReifyOptions } from '@npmcli/arborist'
+import { Options as ArboristOptions } from '@npmcli/arborist'
+import { Advisory as BaseAdvisory } from '@npmcli/arborist'
+import { Arborist as BaseArborist } from '@npmcli/arborist'
+import { AuditReport as BaseAuditReport } from '@npmcli/arborist'
+import { Diff as BaseDiff } from '@npmcli/arborist'
 type ArboristClass = ArboristInstance & {
-    new (...args: any): ArboristInstance;
-};
-type ArboristInstance = Omit<typeof BaseArborist, 'actualTree' | 'auditReport' | 'buildIdealTree' | 'diff' | 'idealTree' | 'loadActual' | 'loadVirtual' | 'reify'> & {
-    auditReport?: AuditReportInstance | null | undefined;
-    actualTree?: SafeNode | null | undefined;
-    diff: Diff | null;
-    idealTree?: SafeNode | null | undefined;
-    buildIdealTree(options?: BuildIdealTreeOptions): Promise<SafeNode>;
-    loadActual(options?: ArboristOptions): Promise<SafeNode>;
-    loadVirtual(options?: ArboristOptions): Promise<SafeNode>;
-    reify(options?: ArboristReifyOptions): Promise<SafeNode>;
-};
-type ArboristReifyOptions = ReifyOptions & ArboristOptions;
+  new (...args: any): ArboristInstance
+}
+type ArboristInstance = Omit<
+  typeof BaseArborist,
+  | 'actualTree'
+  | 'auditReport'
+  | 'buildIdealTree'
+  | 'diff'
+  | 'idealTree'
+  | 'loadActual'
+  | 'loadVirtual'
+  | 'reify'
+> & {
+  auditReport?: AuditReportInstance | null | undefined
+  actualTree?: SafeNode | null | undefined
+  diff: Diff | null
+  idealTree?: SafeNode | null | undefined
+  buildIdealTree(options?: BuildIdealTreeOptions): Promise<SafeNode>
+  loadActual(options?: ArboristOptions): Promise<SafeNode>
+  loadVirtual(options?: ArboristOptions): Promise<SafeNode>
+  reify(options?: ArboristReifyOptions): Promise<SafeNode>
+}
+type ArboristReifyOptions = ReifyOptions & ArboristOptions
 type AuditReportInstance = Omit<BaseAuditReport, 'report'> & {
-    report: {
-        [dependency: string]: AuditAdvisory[];
-    };
-};
+  report: {
+    [dependency: string]: AuditAdvisory[]
+  }
+}
 type AuditAdvisory = Omit<BaseAdvisory, 'id'> & {
-    id: number;
-    cwe: string[];
-    cvss: {
-        score: number;
-        vectorString: string;
-    };
-    vulnerable_versions: string;
-};
+  id: number
+  cwe: string[]
+  cvss: {
+    score: number
+    vectorString: string
+  }
+  vulnerable_versions: string
+}
 declare enum DiffAction {
-    add = "ADD",
-    change = "CHANGE",
-    remove = "REMOVE"
+  add = 'ADD',
+  change = 'CHANGE',
+  remove = 'REMOVE'
+}
+type Diff = Omit<
+  BaseDiff,
+  | 'actual'
+  | 'children'
+  | 'filterSet'
+  | 'ideal'
+  | 'leaves'
+  | 'removed'
+  | 'shrinkwrapInflated'
+  | 'unchanged'
+> & {
+  actual: SafeNode
+  children: Diff[]
+  filterSet: Set<SafeNode>
+  ideal: SafeNode
+  leaves: SafeNode[]
+  parent: Diff | null
+  removed: SafeNode[]
+  shrinkwrapInflated: Set<SafeNode>
+  unchanged: SafeNode[]
+}
+export {
+  ArboristClass,
+  ArboristInstance,
+  ArboristReifyOptions,
+  AuditReportInstance,
+  AuditAdvisory,
+  DiffAction,
+  Diff
 }
-type Diff = Omit<BaseDiff, 'actual' | 'children' | 'filterSet' | 'ideal' | 'leaves' | 'removed' | 'shrinkwrapInflated' | 'unchanged'> & {
-    actual: SafeNode;
-    children: Diff[];
-    filterSet: Set<SafeNode>;
-    ideal: SafeNode;
-    leaves: SafeNode[];
-    parent: Diff | null;
-    removed: SafeNode[];
-    shrinkwrapInflated: Set<SafeNode>;
-    unchanged: SafeNode[];
-};
-export { ArboristClass, ArboristInstance, ArboristReifyOptions, AuditReportInstance, AuditAdvisory, DiffAction, Diff };