@socketsecurity/cli-with-sentry 0.14.84 → 0.14.86

package/dist/constants.d.ts

@@ -44,6 +44,8 @@ type IPC = Readonly<{
   SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined
 }>
 declare const constants: {
+  readonly NODE_ENV: 'NODE_ENV'
+  readonly kInternalsSymbol: unique symbol
   readonly [kInternalsSymbol]: registryConstants.Internals
   readonly AT_LATEST: '@latest'
   readonly BIOME_JSON: 'biome.json'
@@ -69,7 +71,6 @@ declare const constants: {
   readonly MANIFEST_JSON: 'manifest.json'
   readonly MIT: 'MIT'
   readonly NODE_AUTH_TOKEN: 'NODE_AUTH_TOKEN'
-  readonly NODE_ENV: 'NODE_ENV'
   readonly NODE_MODULES: 'node_modules'
   readonly NODE_MODULES_GLOB_RECURSIVE: '**/node_modules'
   readonly NODE_WORKSPACES: 'node_workspaces'
@@ -152,7 +153,6 @@ declare const constants: {
     '**/*.tsbuildinfo',
     '**/Thumbs.db'
   ]
-  readonly kInternalsSymbol: unique symbol
   readonly lifecycleScriptNames: ReadonlySet<string>
   readonly maintainedNodeVersions: Readonly<MaintainedNodeVersions>
   readonly nodeHardenFlags: readonly string[] & string[]

package/dist/instrument-with-sentry.js

@@ -41,7 +41,7 @@ const relConstantsPath = './constants'
   Sentry.setTag(
     'version',
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    '0.14.84:15b8c69:37077c67:pub'
+    '0.14.86:69093e9:7f5177c3:pub'
   )
   const constants = require(relConstantsPath)
   if (constants.ENV.SOCKET_CLI_DEBUG) {
@@ -56,5 +56,5 @@ const relConstantsPath = './constants'
   } = constants
   setSentry(Sentry)
 }
-//# debugId=136ffd21-491c-4a08-96d4-b9489ad97841
+//# debugId=b5cab285-105f-4455-b8eb-98de3d625ca5
 //# sourceMappingURL=instrument-with-sentry.js.map

package/dist/instrument-with-sentry.js.map

@@ -1 +1 @@
-{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n  const Sentry = require('@sentry/node')\n  Sentry.init({\n    onFatalError(error: Error) {\n      // Defer module loads until after Sentry.init is called.\n      if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n        logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n      }\n    },\n    dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n    enabled: true,\n    integrations: []\n  })\n  Sentry.setTag(\n    'environment',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n      ? 'pub'\n      : // The NODE_ENV convention is used by apps to define the runtime environment.\n        // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n        process.env['NODE_ENV']\n  )\n  Sentry.setTag(\n    'version',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n  )\n  const constants = require(relConstantsPath)\n  if (constants.ENV.SOCKET_CLI_DEBUG) {\n    Sentry.setTag('debugging', true)\n    logger.log('[DEBUG] Set up Sentry.')\n  } else {\n    Sentry.setTag('debugging', false)\n  }\n  const {\n    kInternalsSymbol,\n    [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n  } = constants\n  setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n  logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"136ffd21-491c-4a08-96d4-b9489ad97841"}
+{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n  const Sentry = require('@sentry/node')\n  Sentry.init({\n    onFatalError(error: Error) {\n      // Defer module loads until after Sentry.init is called.\n      if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n        logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n      }\n    },\n    dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n    enabled: true,\n    integrations: []\n  })\n  Sentry.setTag(\n    'environment',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n      ? 'pub'\n      : // The NODE_ENV convention is used by apps to define the runtime environment.\n        // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n        process.env['NODE_ENV']\n  )\n  Sentry.setTag(\n    'version',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n  )\n  const constants = require(relConstantsPath)\n  if (constants.ENV.SOCKET_CLI_DEBUG) {\n    Sentry.setTag('debugging', true)\n    logger.log('[DEBUG] Set up Sentry.')\n  } else {\n    Sentry.setTag('debugging', false)\n  }\n  const {\n    kInternalsSymbol,\n    [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n  } = constants\n  setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n  logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"b5cab285-105f-4455-b8eb-98de3d625ca5"}

package/dist/module-sync/cli.js

@@ -915,7 +915,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.84:15b8c69:37077c67:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.86:69093e9:7f5177c3:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3945,10 +3945,14 @@ async function npmFix(
           continue
         }
         const oldSpec = `${name}@${oldVersion}`
+        let targetVersion
+        let failed = false
+        let installed = false
+        let saved = false
         if (
           shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
         ) {
-          const targetVersion = node.package.version
+          targetVersion = node.package.version
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
             ...(pkgJson.dependencies
@@ -3968,8 +3972,6 @@ async function npmFix(
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
@@ -3996,20 +3998,8 @@ async function npmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI$1]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4025,8 +4015,35 @@ async function npmFix(
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI$1]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -4214,7 +4231,7 @@ function runAgentInstall(pkgEnvDetails, options) {
     ...options
   }
   const skipNodeHardenFlags =
-    pkgEnvDetails.agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
+    agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
   return spawn.spawn(agentExecPath, ['install', ...args], {
     spinner,
     stdio: 'inherit',
@@ -4235,8 +4252,15 @@ function runAgentInstall(pkgEnvDetails, options) {
 }
 
 const { CI, NPM: NPM$c, OVERRIDES: OVERRIDES$2, PNPM: PNPM$9 } = constants
+async function getActualTree(cwd = process.cwd()) {
+  const arb = new shadowNpmInject.SafeArborist({
+    path: cwd,
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+  })
+  return await arb.loadActual()
+}
 async function install(pkgEnvDetails, options) {
-  const { spinner } = {
+  const { cwd, spinner } = {
     __proto__: null,
     ...options
   }
@@ -4245,6 +4269,7 @@ async function install(pkgEnvDetails, options) {
     spinner,
     stdio: debug.isDebug() ? 'inherit' : 'ignore'
   })
+  return await getActualTree(cwd)
 }
 async function pnpmFix(
   pkgEnvDetails,
@@ -4274,11 +4299,7 @@ async function pnpmFix(
     editable: true
   })
   const { content: pkgJson } = editablePkgJson
-  const arb = new shadowNpmInject.SafeArborist({
-    path: cwd,
-    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
-  })
-  await arb.loadActual()
+  let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
@@ -4286,7 +4307,7 @@ async function pnpmFix(
     }
     const specs = arrays.arrayUnique(
       shadowNpmInject
-        .findPackageNodes(arb.actualTree, name)
+        .findPackageNodes(actualTree, name)
         .map(n => `${n.name}@${n.version}`)
     )
     const packument =
@@ -4306,7 +4327,7 @@ async function pnpmFix(
         vulnerableVersionRange
       } of infos) {
         const node = shadowNpmInject.findPackageNode(
-          arb.actualTree,
+          actualTree,
           name,
           oldVersion
         )
@@ -4323,6 +4344,9 @@ async function pnpmFix(
         const targetPackument = targetVersion
           ? packument.versions[targetVersion]
           : undefined
+        let failed = false
+        let installed = false
+        let saved = false
         if (targetVersion && targetPackument) {
           const oldPnpm = pkgJson[PNPM$9]
           const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
@@ -4372,13 +4396,11 @@ async function pnpmFix(
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             editablePkgJson.update(updateData)
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
-              arb.actualTree,
+              actualTree,
               node,
               rangeStyle
             )
@@ -4387,7 +4409,7 @@ async function pnpmFix(
             saved = true
 
             // eslint-disable-next-line no-await-in-loop
-            await install(pkgEnvDetails, {
+            actualTree = await install(pkgEnvDetails, {
               spinner
             })
             installed = true
@@ -4401,21 +4423,8 @@ async function pnpmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch (e) {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`, e)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4424,18 +4433,42 @@ async function pnpmFix(
             }
             if (installed) {
               // eslint-disable-next-line no-await-in-loop
-              await install(pkgEnvDetails, {
+              actualTree = await install(pkgEnvDetails, {
                 spinner
               })
-              arb.actualTree = null
-              // eslint-disable-next-line no-await-in-loop
-              await arb.loadActual()
             }
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -11309,7 +11342,7 @@ void (async () => {
   await updateNotifier({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.84',
+    version: '0.14.86',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11377,5 +11410,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=34480930-23ab-4abc-82b1-0714dcdc2d8e
+//# debugId=25e9779a-36e3-488a-a24f-cffa66f1d6b5
 //# sourceMappingURL=cli.js.map