@socketsecurity/cli-with-sentry 0.14.86 → 0.14.88

package/dist/constants.d.ts

@@ -44,8 +44,6 @@ type IPC = Readonly<{
   SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined
 }>
 declare const constants: {
-  readonly NODE_ENV: 'NODE_ENV'
-  readonly kInternalsSymbol: unique symbol
   readonly [kInternalsSymbol]: registryConstants.Internals
   readonly AT_LATEST: '@latest'
   readonly BIOME_JSON: 'biome.json'
@@ -71,6 +69,7 @@ declare const constants: {
   readonly MANIFEST_JSON: 'manifest.json'
   readonly MIT: 'MIT'
   readonly NODE_AUTH_TOKEN: 'NODE_AUTH_TOKEN'
+  readonly NODE_ENV: 'NODE_ENV'
   readonly NODE_MODULES: 'node_modules'
   readonly NODE_MODULES_GLOB_RECURSIVE: '**/node_modules'
   readonly NODE_WORKSPACES: 'node_workspaces'
@@ -153,6 +152,7 @@ declare const constants: {
     '**/*.tsbuildinfo',
     '**/Thumbs.db'
   ]
+  readonly kInternalsSymbol: unique symbol
   readonly lifecycleScriptNames: ReadonlySet<string>
   readonly maintainedNodeVersions: Readonly<MaintainedNodeVersions>
   readonly nodeHardenFlags: readonly string[] & string[]

package/dist/instrument-with-sentry.js

@@ -41,7 +41,7 @@ const relConstantsPath = './constants'
   Sentry.setTag(
     'version',
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    '0.14.86:69093e9:7f5177c3:pub'
+    '0.14.88:959a4cc:d7e588e6:pub'
   )
   const constants = require(relConstantsPath)
   if (constants.ENV.SOCKET_CLI_DEBUG) {
@@ -56,5 +56,5 @@ const relConstantsPath = './constants'
   } = constants
   setSentry(Sentry)
 }
-//# debugId=b5cab285-105f-4455-b8eb-98de3d625ca5
+//# debugId=62792282-4926-4712-8bf6-c517fce548c
 //# sourceMappingURL=instrument-with-sentry.js.map

package/dist/instrument-with-sentry.js.map

@@ -1 +1 @@
-{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n  const Sentry = require('@sentry/node')\n  Sentry.init({\n    onFatalError(error: Error) {\n      // Defer module loads until after Sentry.init is called.\n      if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n        logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n      }\n    },\n    dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n    enabled: true,\n    integrations: []\n  })\n  Sentry.setTag(\n    'environment',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n      ? 'pub'\n      : // The NODE_ENV convention is used by apps to define the runtime environment.\n        // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n        process.env['NODE_ENV']\n  )\n  Sentry.setTag(\n    'version',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n  )\n  const constants = require(relConstantsPath)\n  if (constants.ENV.SOCKET_CLI_DEBUG) {\n    Sentry.setTag('debugging', true)\n    logger.log('[DEBUG] Set up Sentry.')\n  } else {\n    Sentry.setTag('debugging', false)\n  }\n  const {\n    kInternalsSymbol,\n    [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n  } = constants\n  setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n  logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"b5cab285-105f-4455-b8eb-98de3d625ca5"}
+{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n  const Sentry = require('@sentry/node')\n  Sentry.init({\n    onFatalError(error: Error) {\n      // Defer module loads until after Sentry.init is called.\n      if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n        logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n      }\n    },\n    dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n    enabled: true,\n    integrations: []\n  })\n  Sentry.setTag(\n    'environment',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n      ? 'pub'\n      : // The NODE_ENV convention is used by apps to define the runtime environment.\n        // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n        process.env['NODE_ENV']\n  )\n  Sentry.setTag(\n    'version',\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n  )\n  const constants = require(relConstantsPath)\n  if (constants.ENV.SOCKET_CLI_DEBUG) {\n    Sentry.setTag('debugging', true)\n    logger.log('[DEBUG] Set up Sentry.')\n  } else {\n    Sentry.setTag('debugging', false)\n  }\n  const {\n    kInternalsSymbol,\n    [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n  } = constants\n  setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n  logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"62792282-4926-4712-8bf6-c517fce548c"}

package/dist/module-sync/cli.js

@@ -915,7 +915,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.86:69093e9:7f5177c3:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.88:959a4cc:d7e588e6:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3903,7 +3903,6 @@ async function npmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
   await arb.buildIdealTree()
   for (const { 0: name, 1: infos } of infoByPkg) {
     const hasUpgrade = !!registry.getManifestData(NPM$f, name)
@@ -3955,19 +3954,20 @@ async function npmFix(
           targetVersion = node.package.version
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
@@ -3977,6 +3977,7 @@ async function npmFix(
               editablePkgJson,
               arb.idealTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -4298,7 +4299,6 @@ async function pnpmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
   let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
@@ -4348,14 +4348,18 @@ async function pnpmFix(
         let installed = false
         let saved = false
         if (targetVersion && targetPackument) {
-          const oldPnpm = pkgJson[PNPM$9]
-          const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
+          const oldPnpm = editablePkgJson.content[PNPM$9]
+          const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
           const oldOverrides = oldPnpm?.[OVERRIDES$2]
-          const overridesCount = oldOverrides
+          const oldOverridesCount = oldOverrides
             ? Object.keys(oldOverrides).length
             : 0
           const overrideKey = `${node.name}@${vulnerableVersionRange}`
-          const overrideRange = `^${targetVersion}`
+          const overrideRange = shadowNpmInject.applyRange(
+            oldOverrides?.[overrideKey] ?? targetVersion,
+            targetVersion,
+            rangeStyle
+          )
           const fixSpec = `${name}@${overrideRange}`
           const updateData = {
             [PNPM$9]: {
@@ -4367,11 +4371,11 @@ async function pnpmFix(
             }
           }
           const revertData = {
-            [PNPM$9]: pnpmKeyCount
+            [PNPM$9]: oldPnpmKeyCount
               ? {
                   ...oldPnpm,
                   [OVERRIDES$2]:
-                    overridesCount === 1
+                    oldOverridesCount === 1
                       ? undefined
                       : {
                           [overrideKey]: undefined,
@@ -4379,19 +4383,20 @@ async function pnpmFix(
                         }
                 }
               : undefined,
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
@@ -4402,6 +4407,7 @@ async function pnpmFix(
               editablePkgJson,
               actualTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -4455,6 +4461,7 @@ async function pnpmFix(
             // eslint-disable-next-line no-await-in-loop
             prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
           } catch (e) {
+            console.log(e)
             logger.logger.error('Failed to open pull request', e)
           }
           if (prResponse && autoMerge) {
@@ -6400,13 +6407,13 @@ const depsIncludesByAgent = new Map([
   [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]
 ])
 
-function getDependencyEntries(pkgJson) {
+function getDependencyEntries(editablePkgJson) {
   const {
     dependencies,
     devDependencies,
     optionalDependencies,
     peerDependencies
-  } = pkgJson
+  } = editablePkgJson.content
   return [
     [
       'dependencies',
@@ -6457,8 +6464,8 @@ const {
   YARN_BERRY: YARN_BERRY$3,
   YARN_CLASSIC: YARN_CLASSIC$4
 } = constants
-function getOverridesDataBun(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataBun(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6467,8 +6474,8 @@ function getOverridesDataBun(pkgJson) {
 
 // npm overrides documentation:
 // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
-function getOverridesDataNpm(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataNpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: NPM$5,
     overrides
@@ -6477,15 +6484,15 @@ function getOverridesDataNpm(pkgJson) {
 
 // pnpm overrides documentation:
 // https://pnpm.io/package_json#pnpmoverrides
-function getOverridesDataPnpm(pkgJson) {
-  const overrides = pkgJson?.pnpm?.[OVERRIDES$1] ?? {}
+function getOverridesDataPnpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[PNPM$5]?.[OVERRIDES$1] ?? {}
   return {
     type: PNPM$5,
     overrides
   }
 }
-function getOverridesDataVlt(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataVlt(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: VLT$3,
     overrides
@@ -6494,8 +6501,8 @@ function getOverridesDataVlt(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://yarnpkg.com/configuration/manifest#resolutions
-function getOverridesDataYarn(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarn(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6504,8 +6511,8 @@ function getOverridesDataYarn(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://classic.yarnpkg.com/en/docs/selective-version-resolutions
-function getOverridesDataClassic(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarnClassic(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_CLASSIC$4,
     overrides
@@ -6517,12 +6524,12 @@ const overridesDataByAgent = new Map([
   [PNPM$5, getOverridesDataPnpm],
   [VLT$3, getOverridesDataVlt],
   [YARN_BERRY$3, getOverridesDataYarn],
-  [YARN_CLASSIC$4, getOverridesDataClassic]
+  [YARN_CLASSIC$4, getOverridesDataYarnClassic]
 ])
 
 const { PNPM: PNPM$4 } = constants
 const PNPM_WORKSPACE = `${PNPM$4}-workspace`
-async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
+async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
   let workspacePatterns
   if (agent === PNPM$4) {
     for (const workspacePath of [
@@ -6541,7 +6548,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
       }
     }
   } else {
-    workspacePatterns = pkgJson['workspaces']
+    workspacePatterns = editablePkgJson.content['workspaces']
   }
   return Array.isArray(workspacePatterns)
     ? workspacePatterns
@@ -6814,8 +6821,7 @@ function getHighestEntryIndex(entries, keys) {
   return getEntryIndexes(entries, keys).at(-1) ?? -1
 }
 function updatePkgJsonField(editablePkgJson, field, value) {
-  const { content: pkgJson } = editablePkgJson
-  const oldValue = pkgJson[field]
+  const oldValue = editablePkgJson.content[field]
   if (oldValue) {
     // The field already exists so we simply update the field value.
     if (field === PNPM$1) {
@@ -6866,7 +6872,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
   // Since the field doesn't exist we want to insert it into the package.json
   // in a place that makes sense, e.g. close to the "dependencies" field. If
   // we can't find a place to insert the field we'll add it to the bottom.
-  const entries = Object.entries(pkgJson)
+  const entries = Object.entries(editablePkgJson.content)
   let insertIndex = -1
   let isPlacingHigher = false
   if (field === OVERRIDES) {
@@ -6965,9 +6971,12 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
       editable: true
     })
   }
-  const { content: pkgJson } = editablePkgJson
   const workspaceName = path$1.relative(rootPath, pkgPath)
-  const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson)
+  const workspaceGlobs = await getWorkspaceGlobs(
+    agent,
+    pkgPath,
+    editablePkgJson
+  )
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
   const isWorkspace = !!workspaceGlobs
@@ -6987,19 +6996,19 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
     )
   }
   const overridesDataObjects = []
-  if (pkgJson['private'] || isWorkspace) {
-    overridesDataObjects.push(overridesDataByAgent.get(agent)(pkgJson))
+  if (editablePkgJson.content['private'] || isWorkspace) {
+    overridesDataObjects.push(overridesDataByAgent.get(agent)(editablePkgJson))
   } else {
     overridesDataObjects.push(
-      overridesDataByAgent.get(NPM$1)(pkgJson),
-      overridesDataByAgent.get(YARN_CLASSIC)(pkgJson)
+      overridesDataByAgent.get(NPM$1)(editablePkgJson),
+      overridesDataByAgent.get(YARN_CLASSIC)(editablePkgJson)
     )
   }
   spinner?.setText(
     `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`
   )
   const depAliasMap = new Map()
-  const depEntries = getDependencyEntries(pkgJson)
+  const depEntries = getDependencyEntries(editablePkgJson)
   const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
     semver.satisfies(
       // Roughly check Node range as semver.coerce will strip leading
@@ -11342,7 +11351,7 @@ void (async () => {
   await updateNotifier({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.86',
+    version: '0.14.88',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11410,5 +11419,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=25e9779a-36e3-488a-a24f-cffa66f1d6b5
+//# debugId=651998b3-39a1-4965-a7b7-d5b2b0e06056
 //# sourceMappingURL=cli.js.map