@socketsecurity/cli-with-sentry 0.14.77 → 0.14.79
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.d.ts +12 -2
- package/dist/constants.js +32 -1
- package/dist/constants.js.map +1 -1
- package/dist/instrument-with-sentry.js +2 -2
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/artifact.d.ts +2 -0
- package/dist/module-sync/cli.js +7557 -7320
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/package-environment.d.ts +0 -4
- package/dist/module-sync/shadow-npm-inject.js +141 -19
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js +6 -4
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/module-sync/shared.d.ts +11 -0
- package/dist/module-sync/socket-package-alert.d.ts +2 -0
- package/dist/module-sync/types.d.ts +24 -79
- package/dist/module-sync/vendor.js +3755 -3755
- package/dist/module-sync/vendor.js.map +1 -1
- package/dist/require/cli.js +7557 -7320
- package/dist/require/cli.js.map +1 -1
- package/package.json +17 -15
- package/dist/module-sync/fs.d.ts +0 -61
|
@@ -11,9 +11,6 @@ declare const AGENTS: readonly [
|
|
|
11
11
|
'vlt'
|
|
12
12
|
]
|
|
13
13
|
type Agent = (typeof AGENTS)[number]
|
|
14
|
-
type StringKeyValueObject = {
|
|
15
|
-
[key: string]: string
|
|
16
|
-
}
|
|
17
14
|
type DetectOptions = {
|
|
18
15
|
cwd?: string | undefined
|
|
19
16
|
onUnknown?: (pkgManager: string | undefined) => void
|
|
@@ -77,7 +74,6 @@ declare function detectAndValidatePackageEnvironment(
|
|
|
77
74
|
export {
|
|
78
75
|
AGENTS,
|
|
79
76
|
Agent,
|
|
80
|
-
StringKeyValueObject,
|
|
81
77
|
DetectOptions,
|
|
82
78
|
EnvDetails,
|
|
83
79
|
PartialEnvDetails,
|
|
@@ -406,7 +406,7 @@ async function setupSdk(
|
|
|
406
406
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
|
|
407
407
|
name: '@socketsecurity/cli',
|
|
408
408
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
409
|
-
version: '0.14.
|
|
409
|
+
version: '0.14.79',
|
|
410
410
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
|
|
411
411
|
homepage: 'https://github.com/SocketDev/socket-cli'
|
|
412
412
|
})
|
|
@@ -1729,6 +1729,52 @@ function logAlertsMap(alertsMap, options) {
|
|
|
1729
1729
|
output.write('\n')
|
|
1730
1730
|
}
|
|
1731
1731
|
|
|
1732
|
+
function assignDefaultFixOptions(options) {
|
|
1733
|
+
if (options.autoMerge === undefined) {
|
|
1734
|
+
options.autoMerge = false
|
|
1735
|
+
}
|
|
1736
|
+
if (options.cwd === undefined) {
|
|
1737
|
+
options.cwd = process.cwd()
|
|
1738
|
+
}
|
|
1739
|
+
if (options.rangeStyle === undefined) {
|
|
1740
|
+
options.rangeStyle = 'preserve'
|
|
1741
|
+
}
|
|
1742
|
+
if (options.test === undefined) {
|
|
1743
|
+
options.test = !!options.testScript
|
|
1744
|
+
}
|
|
1745
|
+
if (options.testScript === undefined) {
|
|
1746
|
+
options.testScript = 'test'
|
|
1747
|
+
}
|
|
1748
|
+
return options
|
|
1749
|
+
}
|
|
1750
|
+
function applyRange(refRange, version, style = 'preserve') {
|
|
1751
|
+
switch (style) {
|
|
1752
|
+
case 'caret':
|
|
1753
|
+
return `^${version}`
|
|
1754
|
+
case 'gt':
|
|
1755
|
+
return `>${version}`
|
|
1756
|
+
case 'gte':
|
|
1757
|
+
return `>=${version}`
|
|
1758
|
+
case 'lt':
|
|
1759
|
+
return `<${version}`
|
|
1760
|
+
case 'lte':
|
|
1761
|
+
return `<=${version}`
|
|
1762
|
+
case 'preserve': {
|
|
1763
|
+
const comparators = [...new semver.Range(refRange).set].flat()
|
|
1764
|
+
const { length } = comparators
|
|
1765
|
+
return !length || length > 1
|
|
1766
|
+
? version
|
|
1767
|
+
: `${comparators[0].operator}${version}`
|
|
1768
|
+
}
|
|
1769
|
+
case 'tilde':
|
|
1770
|
+
return `~${version}`
|
|
1771
|
+
case 'pin':
|
|
1772
|
+
default:
|
|
1773
|
+
return version
|
|
1774
|
+
}
|
|
1775
|
+
}
|
|
1776
|
+
const RangeStyles = ['caret', 'gt', 'lt', 'pin', 'preserve', 'tilde']
|
|
1777
|
+
|
|
1732
1778
|
const { LOOP_SENTINEL, NPM: NPM$1, NPM_REGISTRY_URL } = constants
|
|
1733
1779
|
function getDetailsFromDiff(diff_, options) {
|
|
1734
1780
|
const details = []
|
|
@@ -1843,7 +1889,31 @@ function findBestPatchVersion(
|
|
|
1843
1889
|
}
|
|
1844
1890
|
return semver.maxSatisfying(eligibleVersions, '*')
|
|
1845
1891
|
}
|
|
1846
|
-
function
|
|
1892
|
+
function findPackageNode(tree, name, version) {
|
|
1893
|
+
const queue = [
|
|
1894
|
+
{
|
|
1895
|
+
node: tree
|
|
1896
|
+
}
|
|
1897
|
+
]
|
|
1898
|
+
let sentinel = 0
|
|
1899
|
+
while (queue.length) {
|
|
1900
|
+
if (sentinel++ === LOOP_SENTINEL) {
|
|
1901
|
+
throw new Error('Detected infinite loop in findPackageNodes')
|
|
1902
|
+
}
|
|
1903
|
+
const { node: currentNode } = queue.pop()
|
|
1904
|
+
const node = currentNode.children.get(name)
|
|
1905
|
+
if (node && (typeof version !== 'string' || node.version === version)) {
|
|
1906
|
+
return node
|
|
1907
|
+
}
|
|
1908
|
+
const children = [...currentNode.children.values()]
|
|
1909
|
+
for (let i = children.length - 1; i >= 0; i -= 1) {
|
|
1910
|
+
queue.push({
|
|
1911
|
+
node: children[i]
|
|
1912
|
+
})
|
|
1913
|
+
}
|
|
1914
|
+
}
|
|
1915
|
+
}
|
|
1916
|
+
function findPackageNodes(tree, name, version) {
|
|
1847
1917
|
const queue = [
|
|
1848
1918
|
{
|
|
1849
1919
|
node: tree
|
|
@@ -1856,8 +1926,8 @@ function findPackageNodes(tree, packageName) {
|
|
|
1856
1926
|
throw new Error('Detected infinite loop in findPackageNodes')
|
|
1857
1927
|
}
|
|
1858
1928
|
const { node: currentNode } = queue.pop()
|
|
1859
|
-
const node = currentNode.children.get(
|
|
1860
|
-
if (node) {
|
|
1929
|
+
const node = currentNode.children.get(name)
|
|
1930
|
+
if (node && 'undefined' !== 'string') {
|
|
1861
1931
|
matches.push(node)
|
|
1862
1932
|
}
|
|
1863
1933
|
const children = [...currentNode.children.values()]
|
|
@@ -1878,6 +1948,7 @@ async function getAlertsMapFromArborist(arb, options_) {
|
|
|
1878
1948
|
}
|
|
1879
1949
|
const include = {
|
|
1880
1950
|
__proto__: null,
|
|
1951
|
+
actions: undefined,
|
|
1881
1952
|
blocked: true,
|
|
1882
1953
|
critical: true,
|
|
1883
1954
|
cve: true,
|
|
@@ -1924,7 +1995,16 @@ async function getAlertsMapFromArborist(arb, options_) {
|
|
|
1924
1995
|
{
|
|
1925
1996
|
alerts: 'true',
|
|
1926
1997
|
compact: 'true',
|
|
1927
|
-
|
|
1998
|
+
...(include.actions
|
|
1999
|
+
? {
|
|
2000
|
+
actions: include.actions.join(',')
|
|
2001
|
+
}
|
|
2002
|
+
: {}),
|
|
2003
|
+
...(include.unfixable
|
|
2004
|
+
? {}
|
|
2005
|
+
: {
|
|
2006
|
+
fixable: 'true'
|
|
2007
|
+
})
|
|
1928
2008
|
},
|
|
1929
2009
|
{
|
|
1930
2010
|
components: pkgIds.map(id => ({
|
|
@@ -1954,6 +2034,9 @@ async function getAlertsMapFromArborist(arb, options_) {
|
|
|
1954
2034
|
spinner?.stop()
|
|
1955
2035
|
return alertsByPkgId
|
|
1956
2036
|
}
|
|
2037
|
+
function isTopLevel(tree, node) {
|
|
2038
|
+
return tree.children.get(node.name) === node
|
|
2039
|
+
}
|
|
1957
2040
|
function updateNode(
|
|
1958
2041
|
node,
|
|
1959
2042
|
packument,
|
|
@@ -1975,27 +2058,33 @@ function updateNode(
|
|
|
1975
2058
|
// No suitable patch version found.
|
|
1976
2059
|
return false
|
|
1977
2060
|
}
|
|
1978
|
-
//
|
|
2061
|
+
// Object.defineProperty is needed to set the version property and replace
|
|
2062
|
+
// the old value with targetVersion.
|
|
1979
2063
|
Object.defineProperty(node, 'version', {
|
|
1980
2064
|
configurable: true,
|
|
1981
2065
|
enumerable: true,
|
|
1982
2066
|
get: () => targetVersion
|
|
1983
2067
|
})
|
|
2068
|
+
// Update package.version associated with the node.
|
|
1984
2069
|
node.package.version = targetVersion
|
|
1985
|
-
// Update resolved
|
|
2070
|
+
// Update node.resolved.
|
|
1986
2071
|
const purlObj = packageurlJs.PackageURL.fromString(`pkg:npm/${node.name}`)
|
|
1987
2072
|
node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${targetVersion}.tgz`
|
|
2073
|
+
// Update node.integrity with the targetPackument.dist.integrity value if available
|
|
2074
|
+
// else delete node.integrity so a new value is resolved for the target version.
|
|
1988
2075
|
const { integrity } = targetPackument.dist
|
|
1989
2076
|
if (integrity) {
|
|
1990
2077
|
node.integrity = integrity
|
|
1991
2078
|
} else {
|
|
1992
2079
|
delete node.integrity
|
|
1993
2080
|
}
|
|
1994
|
-
|
|
2081
|
+
// Update node.package.deprecated based on targetPackument.deprecated.
|
|
2082
|
+
if (objects.hasOwn(targetPackument, 'deprecated')) {
|
|
1995
2083
|
node.package['deprecated'] = targetPackument.deprecated
|
|
1996
2084
|
} else {
|
|
1997
2085
|
delete node.package['deprecated']
|
|
1998
2086
|
}
|
|
2087
|
+
// Update node.package.dependencies.
|
|
1999
2088
|
const newDeps = {
|
|
2000
2089
|
...targetPackument.dependencies
|
|
2001
2090
|
}
|
|
@@ -2004,12 +2093,16 @@ function updateNode(
|
|
|
2004
2093
|
if (oldDeps) {
|
|
2005
2094
|
for (const oldDepName of Object.keys(oldDeps)) {
|
|
2006
2095
|
if (!objects.hasOwn(newDeps, oldDepName)) {
|
|
2096
|
+
// Detach old edges for dependencies that don't exist on the updated
|
|
2097
|
+
// node.package.dependencies.
|
|
2007
2098
|
node.edgesOut.get(oldDepName)?.detach()
|
|
2008
2099
|
}
|
|
2009
2100
|
}
|
|
2010
2101
|
}
|
|
2011
2102
|
for (const newDepName of Object.keys(newDeps)) {
|
|
2012
2103
|
if (!objects.hasOwn(oldDeps, newDepName)) {
|
|
2104
|
+
// Add new edges for dependencies that don't exist on the old
|
|
2105
|
+
// node.package.dependencies.
|
|
2013
2106
|
node.addEdgeOut(
|
|
2014
2107
|
new Edge({
|
|
2015
2108
|
from: node,
|
|
@@ -2022,6 +2115,29 @@ function updateNode(
|
|
|
2022
2115
|
}
|
|
2023
2116
|
return true
|
|
2024
2117
|
}
|
|
2118
|
+
function updatePackageJsonFromNode(editablePkgJson, tree, node, rangeStyle) {
|
|
2119
|
+
if (isTopLevel(tree, node)) {
|
|
2120
|
+
const { name, version } = node
|
|
2121
|
+
for (const depField of [
|
|
2122
|
+
'dependencies',
|
|
2123
|
+
'optionalDependencies',
|
|
2124
|
+
'peerDependencies'
|
|
2125
|
+
]) {
|
|
2126
|
+
const oldValue = editablePkgJson.content[depField]
|
|
2127
|
+
if (oldValue) {
|
|
2128
|
+
const oldVersion = oldValue[name]
|
|
2129
|
+
if (oldVersion) {
|
|
2130
|
+
editablePkgJson.update({
|
|
2131
|
+
[depField]: {
|
|
2132
|
+
...oldValue,
|
|
2133
|
+
[name]: applyRange(oldVersion, version, rangeStyle)
|
|
2134
|
+
}
|
|
2135
|
+
})
|
|
2136
|
+
}
|
|
2137
|
+
}
|
|
2138
|
+
}
|
|
2139
|
+
}
|
|
2140
|
+
}
|
|
2025
2141
|
|
|
2026
2142
|
const {
|
|
2027
2143
|
NPM,
|
|
@@ -2103,6 +2219,10 @@ class SafeArborist extends Arborist {
|
|
|
2103
2219
|
// @ts-ignore: TS gets grumpy about rest parameters.
|
|
2104
2220
|
...args.slice(1)
|
|
2105
2221
|
)
|
|
2222
|
+
// Lazily access constants.ENV[SOCKET_CLI_ACCEPT_RISKS].
|
|
2223
|
+
const acceptRisks = constants.ENV[SOCKET_CLI_ACCEPT_RISKS]
|
|
2224
|
+
// Lazily access constants.ENV[SOCKET_CLI_VIEW_ALL_RISKS].
|
|
2225
|
+
const viewAllRisks = constants.ENV[SOCKET_CLI_VIEW_ALL_RISKS]
|
|
2106
2226
|
const progress = ipc[SOCKET_CLI_SAFE_PROGRESS]
|
|
2107
2227
|
const spinner =
|
|
2108
2228
|
options['silent'] || !progress
|
|
@@ -2114,14 +2234,13 @@ class SafeArborist extends Arborist {
|
|
|
2114
2234
|
const alertsMap = await getAlertsMapFromArborist(this, {
|
|
2115
2235
|
spinner,
|
|
2116
2236
|
include:
|
|
2117
|
-
options.dryRun ||
|
|
2118
|
-
options['yes'] ||
|
|
2119
|
-
// Lazily access constants.ENV[SOCKET_CLI_ACCEPT_RISKS].
|
|
2120
|
-
constants.ENV[SOCKET_CLI_ACCEPT_RISKS]
|
|
2237
|
+
acceptRisks || options.dryRun || options['yes']
|
|
2121
2238
|
? {
|
|
2239
|
+
actions: ['error'],
|
|
2122
2240
|
blocked: true,
|
|
2123
2241
|
critical: false,
|
|
2124
2242
|
cve: false,
|
|
2243
|
+
existing: true,
|
|
2125
2244
|
unfixable: false
|
|
2126
2245
|
}
|
|
2127
2246
|
: {
|
|
@@ -2132,17 +2251,16 @@ class SafeArborist extends Arborist {
|
|
|
2132
2251
|
if (alertsMap.size) {
|
|
2133
2252
|
process$1.exitCode = 1
|
|
2134
2253
|
logAlertsMap(alertsMap, {
|
|
2135
|
-
|
|
2136
|
-
hideAt: constants.ENV[SOCKET_CLI_VIEW_ALL_RISKS] ? 'none' : 'middle',
|
|
2254
|
+
hideAt: viewAllRisks ? 'none' : 'middle',
|
|
2137
2255
|
output: process$1.stderr
|
|
2138
2256
|
})
|
|
2139
2257
|
throw new Error(commonTags.stripIndents`
|
|
2140
|
-
Socket ${binName} exiting due to risks
|
|
2141
|
-
View all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.
|
|
2142
|
-
Accept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.
|
|
2258
|
+
Socket ${binName} exiting due to risks.${viewAllRisks ? '' : `\nView all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.`}${acceptRisks ? '' : `\nAccept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.`}
|
|
2143
2259
|
`)
|
|
2144
2260
|
} else if (!options['silent']) {
|
|
2145
|
-
logger.logger.success(
|
|
2261
|
+
logger.logger.success(
|
|
2262
|
+
`Socket ${binName} ${acceptRisks ? 'accepted' : 'found no'} risks`
|
|
2263
|
+
)
|
|
2146
2264
|
if (binName === NPX) {
|
|
2147
2265
|
logger.logger.log(`Running ${options.add[0]}`)
|
|
2148
2266
|
}
|
|
@@ -2176,12 +2294,15 @@ exports.Arborist = Arborist
|
|
|
2176
2294
|
exports.AuthError = AuthError
|
|
2177
2295
|
exports.ColorOrMarkdown = ColorOrMarkdown
|
|
2178
2296
|
exports.InputError = InputError
|
|
2297
|
+
exports.RangeStyles = RangeStyles
|
|
2179
2298
|
exports.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES =
|
|
2180
2299
|
SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
2181
2300
|
exports.SafeArborist = SafeArborist
|
|
2182
2301
|
exports.addArtifactToAlertsMap = addArtifactToAlertsMap
|
|
2302
|
+
exports.assignDefaultFixOptions = assignDefaultFixOptions
|
|
2183
2303
|
exports.captureException = captureException
|
|
2184
2304
|
exports.findBestPatchVersion = findBestPatchVersion
|
|
2305
|
+
exports.findPackageNode = findPackageNode
|
|
2185
2306
|
exports.findPackageNodes = findPackageNodes
|
|
2186
2307
|
exports.findUp = findUp
|
|
2187
2308
|
exports.formatSeverityCount = formatSeverityCount
|
|
@@ -2204,5 +2325,6 @@ exports.setupSdk = setupSdk
|
|
|
2204
2325
|
exports.supportedConfigKeys = supportedConfigKeys
|
|
2205
2326
|
exports.updateConfigValue = updateConfigValue
|
|
2206
2327
|
exports.updateNode = updateNode
|
|
2207
|
-
|
|
2328
|
+
exports.updatePackageJsonFromNode = updatePackageJsonFromNode
|
|
2329
|
+
//# debugId=1d1585dd-7e83-4248-93a3-4d24eb899744
|
|
2208
2330
|
//# sourceMappingURL=shadow-npm-inject.js.map
|