@socketsecurity/cli-with-sentry 0.14.94 → 0.14.96
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/instrument-with-sentry.js +2 -2
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/cli.js +178 -159
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-bin.js +3 -14
- package/dist/module-sync/shadow-bin.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +68 -59
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js +16 -29
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/module-sync/vendor.d.ts +0 -0
- package/dist/module-sync/vendor.js +85829 -12598
- package/dist/module-sync/vendor.js.map +1 -1
- package/dist/require/cli.js +160 -140
- package/dist/require/cli.js.map +1 -1
- package/dist/require/shadow-bin.d.ts +5 -0
- package/dist/require/shadow-bin.js +108 -1
- package/dist/require/shadow-bin.js.map +1 -0
- package/dist/require/shadow-npm-inject.d.ts +1 -0
- package/dist/require/shadow-npm-inject.js +2335 -1
- package/dist/require/shadow-npm-inject.js.map +1 -0
- package/dist/require/shadow-npm-paths.d.ts +29 -0
- package/dist/require/shadow-npm-paths.js +454 -1
- package/dist/require/shadow-npm-paths.js.map +1 -0
- package/package.json +29 -29
- package/dist/blessed/lib/alias.js +0 -521
- package/dist/blessed/lib/blessed.js +0 -34
- package/dist/blessed/lib/colors.js +0 -492
- package/dist/blessed/lib/events.js +0 -197
- package/dist/blessed/lib/gpmclient.js +0 -247
- package/dist/blessed/lib/helpers.js +0 -172
- package/dist/blessed/lib/keys.js +0 -514
- package/dist/blessed/lib/program.js +0 -4532
- package/dist/blessed/lib/tput.js +0 -3113
- package/dist/blessed/lib/unicode.js +0 -914
- package/dist/blessed/lib/widget.js +0 -62
- package/dist/blessed/lib/widgets/ansiimage.js +0 -175
- package/dist/blessed/lib/widgets/bigtext.js +0 -172
- package/dist/blessed/lib/widgets/box.js +0 -36
- package/dist/blessed/lib/widgets/button.js +0 -64
- package/dist/blessed/lib/widgets/checkbox.js +0 -97
- package/dist/blessed/lib/widgets/element.js +0 -2873
- package/dist/blessed/lib/widgets/filemanager.js +0 -225
- package/dist/blessed/lib/widgets/form.js +0 -303
- package/dist/blessed/lib/widgets/image.js +0 -73
- package/dist/blessed/lib/widgets/input.js +0 -36
- package/dist/blessed/lib/widgets/layout.js +0 -251
- package/dist/blessed/lib/widgets/line.js +0 -61
- package/dist/blessed/lib/widgets/list.js +0 -654
- package/dist/blessed/lib/widgets/listbar.js +0 -454
- package/dist/blessed/lib/widgets/listtable.js +0 -267
- package/dist/blessed/lib/widgets/loading.js +0 -90
- package/dist/blessed/lib/widgets/log.js +0 -84
- package/dist/blessed/lib/widgets/message.js +0 -147
- package/dist/blessed/lib/widgets/node.js +0 -315
- package/dist/blessed/lib/widgets/overlayimage.js +0 -796
- package/dist/blessed/lib/widgets/progressbar.js +0 -168
- package/dist/blessed/lib/widgets/prompt.js +0 -129
- package/dist/blessed/lib/widgets/question.js +0 -131
- package/dist/blessed/lib/widgets/radiobutton.js +0 -64
- package/dist/blessed/lib/widgets/radioset.js +0 -38
- package/dist/blessed/lib/widgets/screen.js +0 -2487
- package/dist/blessed/lib/widgets/scrollablebox.js +0 -417
- package/dist/blessed/lib/widgets/scrollabletext.js +0 -37
- package/dist/blessed/lib/widgets/table.js +0 -385
- package/dist/blessed/lib/widgets/terminal.js +0 -454
- package/dist/blessed/lib/widgets/text.js +0 -37
- package/dist/blessed/lib/widgets/textarea.js +0 -378
- package/dist/blessed/lib/widgets/textbox.js +0 -81
- package/dist/blessed/lib/widgets/video.js +0 -132
- package/dist/blessed/usr/fonts/AUTHORS +0 -1
- package/dist/blessed/usr/fonts/LICENSE +0 -94
- package/dist/blessed/usr/fonts/README +0 -340
- package/dist/blessed/usr/fonts/ter-u14b.json +0 -17826
- package/dist/blessed/usr/fonts/ter-u14n.json +0 -17826
- package/dist/blessed/usr/linux +0 -0
- package/dist/blessed/usr/windows-ansi +0 -0
- package/dist/blessed/usr/xterm +0 -0
- package/dist/blessed/usr/xterm-256color +0 -0
- package/dist/blessed/usr/xterm.termcap +0 -243
- package/dist/blessed/usr/xterm.terminfo +0 -1977
- package/dist/blessed/vendor/tng.js +0 -1878
package/dist/module-sync/cli.js
CHANGED
|
@@ -12,57 +12,38 @@ function _socketInterop(e) {
|
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
const process$1 = require('node:process')
|
|
15
|
-
const
|
|
16
|
-
const
|
|
17
|
-
const updateNotifier = _socketInterop(require('tiny-updater'))
|
|
15
|
+
const require$$0$2 = require('node:url')
|
|
16
|
+
const vendor = require('./vendor.js')
|
|
18
17
|
const debug = require('@socketsecurity/registry/lib/debug')
|
|
19
18
|
const logger = require('@socketsecurity/registry/lib/logger')
|
|
20
19
|
const assert = require('node:assert')
|
|
21
20
|
const fs = require('node:fs/promises')
|
|
22
|
-
const commonTags = _socketInterop(require('common-tags'))
|
|
23
21
|
const strings = require('@socketsecurity/registry/lib/strings')
|
|
24
22
|
const shadowNpmInject = require('./shadow-npm-inject.js')
|
|
25
23
|
const constants = require('./constants.js')
|
|
26
|
-
const colors = _socketInterop(require('yoctocolors-cjs'))
|
|
27
24
|
const path$1 = require('node:path')
|
|
28
|
-
const meow = _socketInterop(require('meow'))
|
|
29
25
|
const objects = require('@socketsecurity/registry/lib/objects')
|
|
30
26
|
const path = require('@socketsecurity/registry/lib/path')
|
|
31
27
|
const regexps = require('@socketsecurity/registry/lib/regexps')
|
|
32
|
-
const yargsParse = _socketInterop(require('yargs-parser'))
|
|
33
28
|
const words = require('@socketsecurity/registry/lib/words')
|
|
34
|
-
const
|
|
29
|
+
const require$$0 = require('node:fs')
|
|
35
30
|
const shadowBin = require('./shadow-bin.js')
|
|
36
|
-
const open = _socketInterop(require('open'))
|
|
37
31
|
const prompts = require('@socketsecurity/registry/lib/prompts')
|
|
38
32
|
const shadowNpmPaths = require('./shadow-npm-paths.js')
|
|
39
|
-
const
|
|
40
|
-
const util = require('node:util')
|
|
41
|
-
const terminalLink = _socketInterop(require('terminal-link'))
|
|
33
|
+
const require$$0$1 = require('node:util')
|
|
42
34
|
const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
43
35
|
const registry = require('@socketsecurity/registry')
|
|
44
36
|
const npm = require('@socketsecurity/registry/lib/npm')
|
|
45
37
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
46
38
|
const spawn = require('@socketsecurity/registry/lib/spawn')
|
|
47
|
-
const rest = _socketInterop(require('@octokit/rest'))
|
|
48
|
-
const lockfile_fs = _socketInterop(require('@pnpm/lockfile.fs'))
|
|
49
|
-
const lockfile_detectDepTypes = _socketInterop(
|
|
50
|
-
require('@pnpm/lockfile.detect-dep-types')
|
|
51
|
-
)
|
|
52
|
-
const browserslist = _socketInterop(require('browserslist'))
|
|
53
|
-
const semver = _socketInterop(require('semver'))
|
|
54
|
-
const which = _socketInterop(require('which'))
|
|
55
39
|
const index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs')
|
|
56
40
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
57
41
|
const registryConstants = require('@socketsecurity/registry/lib/constants')
|
|
58
42
|
const isInteractive = require('@socketregistry/is-interactive/index.cjs')
|
|
59
|
-
const npa = _socketInterop(require('npm-package-arg'))
|
|
60
|
-
const tinyglobby = _socketInterop(require('tinyglobby'))
|
|
61
43
|
const promises = require('@socketsecurity/registry/lib/promises')
|
|
62
|
-
const yaml = _socketInterop(require('yaml'))
|
|
63
44
|
|
|
64
45
|
function failMsgWithBadge(badge, msg) {
|
|
65
|
-
return `${
|
|
46
|
+
return `${vendor.yoctocolorsCjsExports.bgRed(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.white(` ${badge}: `)))} ${vendor.yoctocolorsCjsExports.bold(msg)}`
|
|
66
47
|
}
|
|
67
48
|
|
|
68
49
|
function handleUnsuccessfulApiResponse(_name, sockSdkError) {
|
|
@@ -365,7 +346,7 @@ function renderJson(data) {
|
|
|
365
346
|
}
|
|
366
347
|
}
|
|
367
348
|
function renderMarkdown(data, days, repoSlug) {
|
|
368
|
-
return
|
|
349
|
+
return vendor.stripIndents`
|
|
369
350
|
# Socket Alert Analytics
|
|
370
351
|
|
|
371
352
|
These are the Socket.dev stats are analytics for the ${repoSlug ? `${repoSlug} repo` : 'org'} of the past ${days} days
|
|
@@ -405,7 +386,7 @@ ${[
|
|
|
405
386
|
]
|
|
406
387
|
]
|
|
407
388
|
.map(
|
|
408
|
-
([title, table]) =>
|
|
389
|
+
([title, table]) => vendor.stripIndents`
|
|
409
390
|
## ${title}
|
|
410
391
|
|
|
411
392
|
${table}
|
|
@@ -684,7 +665,7 @@ function handleBadInput(...checks) {
|
|
|
684
665
|
// If the message has newlines then format the first line with the input
|
|
685
666
|
// expectation and teh rest indented below it
|
|
686
667
|
msg.push(
|
|
687
|
-
` - ${lines[0]} (${d.test ?
|
|
668
|
+
` - ${lines[0]} (${d.test ? vendor.yoctocolorsCjsExports.green(d.pass) : vendor.yoctocolorsCjsExports.red(d.fail)})`
|
|
688
669
|
)
|
|
689
670
|
if (lines.length > 1) {
|
|
690
671
|
msg.push(...lines.slice(1).map(str => ` ${str}`))
|
|
@@ -757,7 +738,7 @@ async function meowWithSubcommands(subcommands, options) {
|
|
|
757
738
|
...commonFlags,
|
|
758
739
|
...additionalOptions.flags
|
|
759
740
|
}
|
|
760
|
-
const cli = meow(
|
|
741
|
+
const cli = vendor.meow(
|
|
761
742
|
`
|
|
762
743
|
Usage
|
|
763
744
|
$ ${name} <command>
|
|
@@ -889,7 +870,7 @@ function meowOrExit({
|
|
|
889
870
|
const command = `${parentName} ${config.commandName}`
|
|
890
871
|
|
|
891
872
|
// This exits if .printHelp() is called either by meow itself or by us.
|
|
892
|
-
const cli = meow({
|
|
873
|
+
const cli = vendor.meow({
|
|
893
874
|
argv,
|
|
894
875
|
description: config.description,
|
|
895
876
|
help: config.help(command, config),
|
|
@@ -918,7 +899,7 @@ function emitBanner(name) {
|
|
|
918
899
|
logger.logger.error(getAsciiHeader(name))
|
|
919
900
|
}
|
|
920
901
|
function getAsciiHeader(command) {
|
|
921
|
-
const cliVersion = '0.14.
|
|
902
|
+
const cliVersion = '0.14.96:b940b80:d716bd90:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
922
903
|
const nodeVersion = process$1.version
|
|
923
904
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
924
905
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -1364,9 +1345,9 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1364
1345
|
if (
|
|
1365
1346
|
yargv.type !== YARN$1 &&
|
|
1366
1347
|
nodejsPlatformTypes.has(yargv.type) &&
|
|
1367
|
-
|
|
1348
|
+
require$$0.existsSync(`./${YARN_LOCK}`)
|
|
1368
1349
|
) {
|
|
1369
|
-
if (
|
|
1350
|
+
if (require$$0.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
|
|
1370
1351
|
yargv.type = NPM$g
|
|
1371
1352
|
} else {
|
|
1372
1353
|
// Use synp to create a package-lock.json from the yarn.lock,
|
|
@@ -1392,12 +1373,14 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1392
1373
|
])
|
|
1393
1374
|
if (cleanupPackageLock) {
|
|
1394
1375
|
try {
|
|
1395
|
-
await
|
|
1376
|
+
await require$$0.promises.rm(`./${PACKAGE_LOCK_JSON}`)
|
|
1396
1377
|
} catch {}
|
|
1397
1378
|
}
|
|
1398
1379
|
const fullOutputPath = path$1.join(process$1.cwd(), yargv.output)
|
|
1399
|
-
if (
|
|
1400
|
-
logger.logger.log(
|
|
1380
|
+
if (require$$0.existsSync(fullOutputPath)) {
|
|
1381
|
+
logger.logger.log(
|
|
1382
|
+
vendor.yoctocolorsCjsExports.cyanBright(`${yargv.output} created!`)
|
|
1383
|
+
)
|
|
1401
1384
|
}
|
|
1402
1385
|
}
|
|
1403
1386
|
function argvToArray(argv) {
|
|
@@ -1600,7 +1583,7 @@ async function run$I(argv, importMeta, { parentName }) {
|
|
|
1600
1583
|
|
|
1601
1584
|
// TODO: Convert to meow.
|
|
1602
1585
|
const yargv = {
|
|
1603
|
-
...
|
|
1586
|
+
...vendor.yargsParser(argv, yargsConfig)
|
|
1604
1587
|
}
|
|
1605
1588
|
const unknown = yargv._
|
|
1606
1589
|
const { length: unknownLength } = unknown
|
|
@@ -2335,7 +2318,9 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2335
2318
|
logger.logger.log('')
|
|
2336
2319
|
return
|
|
2337
2320
|
}
|
|
2338
|
-
const link =
|
|
2321
|
+
const link = vendor.yoctocolorsCjsExports.underline(
|
|
2322
|
+
vendor.yoctocolorsCjsExports.cyan(`${data.html_report_url}`)
|
|
2323
|
+
)
|
|
2339
2324
|
logger.logger.log(`Available at: ${link}`)
|
|
2340
2325
|
if (
|
|
2341
2326
|
await prompts.confirm({
|
|
@@ -2343,7 +2328,7 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2343
2328
|
default: false
|
|
2344
2329
|
})
|
|
2345
2330
|
) {
|
|
2346
|
-
await open(`${data.html_report_url}`)
|
|
2331
|
+
await vendor.open(`${data.html_report_url}`)
|
|
2347
2332
|
}
|
|
2348
2333
|
}
|
|
2349
2334
|
|
|
@@ -3330,35 +3315,35 @@ async function outputDependencies(data, { limit, offset, outputKind }) {
|
|
|
3330
3315
|
columns: [
|
|
3331
3316
|
{
|
|
3332
3317
|
field: 'namespace',
|
|
3333
|
-
name:
|
|
3318
|
+
name: vendor.yoctocolorsCjsExports.cyan('Namespace')
|
|
3334
3319
|
},
|
|
3335
3320
|
{
|
|
3336
3321
|
field: 'name',
|
|
3337
|
-
name:
|
|
3322
|
+
name: vendor.yoctocolorsCjsExports.cyan('Name')
|
|
3338
3323
|
},
|
|
3339
3324
|
{
|
|
3340
3325
|
field: 'version',
|
|
3341
|
-
name:
|
|
3326
|
+
name: vendor.yoctocolorsCjsExports.cyan('Version')
|
|
3342
3327
|
},
|
|
3343
3328
|
{
|
|
3344
3329
|
field: 'repository',
|
|
3345
|
-
name:
|
|
3330
|
+
name: vendor.yoctocolorsCjsExports.cyan('Repository')
|
|
3346
3331
|
},
|
|
3347
3332
|
{
|
|
3348
3333
|
field: 'branch',
|
|
3349
|
-
name:
|
|
3334
|
+
name: vendor.yoctocolorsCjsExports.cyan('Branch')
|
|
3350
3335
|
},
|
|
3351
3336
|
{
|
|
3352
3337
|
field: 'type',
|
|
3353
|
-
name:
|
|
3338
|
+
name: vendor.yoctocolorsCjsExports.cyan('Type')
|
|
3354
3339
|
},
|
|
3355
3340
|
{
|
|
3356
3341
|
field: 'direct',
|
|
3357
|
-
name:
|
|
3342
|
+
name: vendor.yoctocolorsCjsExports.cyan('Direct')
|
|
3358
3343
|
}
|
|
3359
3344
|
]
|
|
3360
3345
|
}
|
|
3361
|
-
logger.logger.log(
|
|
3346
|
+
logger.logger.log(vendor.srcExports(options, data.rows))
|
|
3362
3347
|
}
|
|
3363
3348
|
|
|
3364
3349
|
async function handleDependencies({ limit, offset, outputKind }) {
|
|
@@ -3485,7 +3470,7 @@ async function fetchDiffScan({ after, before, orgSlug }) {
|
|
|
3485
3470
|
async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
3486
3471
|
const dashboardUrl = result.diff_report_url
|
|
3487
3472
|
const dashboardMessage = dashboardUrl
|
|
3488
|
-
? `\n View this diff scan in the Socket dashboard: ${
|
|
3473
|
+
? `\n View this diff scan in the Socket dashboard: ${vendor.yoctocolorsCjsExports.cyan(dashboardUrl)}`
|
|
3489
3474
|
: ''
|
|
3490
3475
|
|
|
3491
3476
|
// When forcing json, or dumping to file, serialize to string such that it
|
|
@@ -3504,7 +3489,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3504
3489
|
}
|
|
3505
3490
|
if (file && file !== '-') {
|
|
3506
3491
|
logger.logger.log(`Writing json to \`${file}\``)
|
|
3507
|
-
|
|
3492
|
+
require$$0.writeFile(file, JSON.stringify(result, null, 2), err => {
|
|
3508
3493
|
if (err) {
|
|
3509
3494
|
logger.logger.fail(`Writing to \`${file}\` failed...`)
|
|
3510
3495
|
logger.logger.error(err)
|
|
@@ -3527,7 +3512,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3527
3512
|
|
|
3528
3513
|
logger.logger.log('Diff scan result:')
|
|
3529
3514
|
logger.logger.log(
|
|
3530
|
-
|
|
3515
|
+
require$$0$1.inspect(result, {
|
|
3531
3516
|
showHidden: false,
|
|
3532
3517
|
depth: depth > 0 ? depth : null,
|
|
3533
3518
|
colors: true,
|
|
@@ -3749,7 +3734,7 @@ const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
|
3749
3734
|
let _octokit
|
|
3750
3735
|
function getOctokit() {
|
|
3751
3736
|
if (_octokit === undefined) {
|
|
3752
|
-
_octokit = new
|
|
3737
|
+
_octokit = new vendor.Octokit({
|
|
3753
3738
|
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
3754
3739
|
auth: constants.ENV[SOCKET_SECURITY_GITHUB_PAT]
|
|
3755
3740
|
})
|
|
@@ -3823,7 +3808,6 @@ async function openGitHubPullRequest(
|
|
|
3823
3808
|
if (!pat) {
|
|
3824
3809
|
throw new Error('Missing SOCKET_SECURITY_GITHUB_PAT environment variable')
|
|
3825
3810
|
}
|
|
3826
|
-
const commitMsg = `chore: upgrade ${name} to ${version}`
|
|
3827
3811
|
const url = `https://x-access-token:${pat}@github.com/${owner}/${repo}`
|
|
3828
3812
|
await spawn.spawn('git', ['remote', 'set-url', 'origin', url], {
|
|
3829
3813
|
cwd
|
|
@@ -3832,8 +3816,8 @@ async function openGitHubPullRequest(
|
|
|
3832
3816
|
return await octokit.pulls.create({
|
|
3833
3817
|
owner,
|
|
3834
3818
|
repo,
|
|
3835
|
-
title:
|
|
3836
|
-
head:
|
|
3819
|
+
title: `chore: upgrade ${name} to ${version}`,
|
|
3820
|
+
head: branch,
|
|
3837
3821
|
base: baseBranch,
|
|
3838
3822
|
body: `[socket] Upgrade \`${name}\` to ${version}`
|
|
3839
3823
|
})
|
|
@@ -4061,7 +4045,7 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
|
4061
4045
|
...options.include
|
|
4062
4046
|
}
|
|
4063
4047
|
const { spinner } = options
|
|
4064
|
-
const depTypes =
|
|
4048
|
+
const depTypes = vendor.libExports$2.detectDepTypes(lockfile)
|
|
4065
4049
|
const pkgIds = Object.keys(depTypes)
|
|
4066
4050
|
let { length: remaining } = pkgIds
|
|
4067
4051
|
const alertsByPkgId = new Map()
|
|
@@ -4267,7 +4251,7 @@ async function pnpmFix(
|
|
|
4267
4251
|
pkgEnvDetails,
|
|
4268
4252
|
{ autoMerge, cwd, rangeStyle, spinner, test, testScript }
|
|
4269
4253
|
) {
|
|
4270
|
-
const lockfile = await
|
|
4254
|
+
const lockfile = await vendor.libExports$3.readWantedLockfile(cwd, {
|
|
4271
4255
|
ignoreIncompatible: false
|
|
4272
4256
|
})
|
|
4273
4257
|
if (!lockfile) {
|
|
@@ -4516,7 +4500,7 @@ const binByAgent = new Map([
|
|
|
4516
4500
|
async function getAgentExecPath(agent) {
|
|
4517
4501
|
const binName = binByAgent.get(agent)
|
|
4518
4502
|
return (
|
|
4519
|
-
(await
|
|
4503
|
+
(await vendor.libExports$1(binName, {
|
|
4520
4504
|
nothrow: true
|
|
4521
4505
|
})) ?? binName
|
|
4522
4506
|
)
|
|
@@ -4528,7 +4512,7 @@ async function getAgentVersion(agentExecPath, cwd) {
|
|
|
4528
4512
|
// Coerce version output into a valid semver version by passing it through
|
|
4529
4513
|
// semver.coerce which strips leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
4530
4514
|
// and tildes (~).
|
|
4531
|
-
|
|
4515
|
+
vendor.semverExports.coerce(
|
|
4532
4516
|
// All package managers support the "--version" flag.
|
|
4533
4517
|
(
|
|
4534
4518
|
await spawn.spawn(agentExecPath, ['--version'], {
|
|
@@ -4622,7 +4606,7 @@ async function detectPackageEnvironment({
|
|
|
4622
4606
|
cwd
|
|
4623
4607
|
})
|
|
4624
4608
|
const pkgPath =
|
|
4625
|
-
pkgJsonPath &&
|
|
4609
|
+
pkgJsonPath && require$$0.existsSync(pkgJsonPath)
|
|
4626
4610
|
? path$1.dirname(pkgJsonPath)
|
|
4627
4611
|
: undefined
|
|
4628
4612
|
const editablePkgJson = pkgPath
|
|
@@ -4676,7 +4660,7 @@ async function detectPackageEnvironment({
|
|
|
4676
4660
|
// Lazily access constants.minimumVersionByAgent.
|
|
4677
4661
|
const minSupportedAgentVersion = constants.minimumVersionByAgent.get(agent)
|
|
4678
4662
|
const minSupportedNodeVersion = maintainedNodeVersions.last
|
|
4679
|
-
const nodeVersion =
|
|
4663
|
+
const nodeVersion = vendor.semverExports.coerce(process$1.version)
|
|
4680
4664
|
let lockSrc
|
|
4681
4665
|
let pkgAgentRange
|
|
4682
4666
|
let pkgNodeRange
|
|
@@ -4690,8 +4674,8 @@ async function detectPackageEnvironment({
|
|
|
4690
4674
|
pkgAgentRange = engineAgentRange
|
|
4691
4675
|
// Roughly check agent range as semver.coerce will strip leading
|
|
4692
4676
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4693
|
-
const coerced =
|
|
4694
|
-
if (coerced &&
|
|
4677
|
+
const coerced = vendor.semverExports.coerce(pkgAgentRange)
|
|
4678
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinAgentVersion)) {
|
|
4695
4679
|
pkgMinAgentVersion = coerced.version
|
|
4696
4680
|
}
|
|
4697
4681
|
}
|
|
@@ -4699,22 +4683,23 @@ async function detectPackageEnvironment({
|
|
|
4699
4683
|
pkgNodeRange = engineNodeRange
|
|
4700
4684
|
// Roughly check Node range as semver.coerce will strip leading
|
|
4701
4685
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4702
|
-
const coerced =
|
|
4703
|
-
if (coerced &&
|
|
4686
|
+
const coerced = vendor.semverExports.coerce(pkgNodeRange)
|
|
4687
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4704
4688
|
pkgMinNodeVersion = coerced.version
|
|
4705
4689
|
}
|
|
4706
4690
|
}
|
|
4707
4691
|
const browserslistQuery = pkgJson['browserslist']
|
|
4708
4692
|
if (Array.isArray(browserslistQuery)) {
|
|
4709
4693
|
// List Node targets in ascending version order.
|
|
4710
|
-
const browserslistNodeTargets =
|
|
4694
|
+
const browserslistNodeTargets = vendor
|
|
4695
|
+
.browserslistExports(browserslistQuery)
|
|
4711
4696
|
.filter(v => /^node /i.test(v))
|
|
4712
4697
|
.map(v => v.slice(5 /*'node '.length*/))
|
|
4713
4698
|
.sort(sorts.naturalCompare)
|
|
4714
4699
|
if (browserslistNodeTargets.length) {
|
|
4715
4700
|
// browserslistNodeTargets[0] is the lowest Node target version.
|
|
4716
|
-
const coerced =
|
|
4717
|
-
if (coerced &&
|
|
4701
|
+
const coerced = vendor.semverExports.coerce(browserslistNodeTargets[0])
|
|
4702
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4718
4703
|
pkgMinNodeVersion = coerced.version
|
|
4719
4704
|
}
|
|
4720
4705
|
}
|
|
@@ -4730,17 +4715,20 @@ async function detectPackageEnvironment({
|
|
|
4730
4715
|
// Does the system agent version meet our minimum supported agent version?
|
|
4731
4716
|
const agentSupported =
|
|
4732
4717
|
!!agentVersion &&
|
|
4733
|
-
|
|
4718
|
+
vendor.semverExports.satisfies(
|
|
4719
|
+
agentVersion,
|
|
4720
|
+
`>=${minSupportedAgentVersion}`
|
|
4721
|
+
)
|
|
4734
4722
|
|
|
4735
4723
|
// Does the system Node version meet our minimum supported Node version?
|
|
4736
|
-
const nodeSupported =
|
|
4724
|
+
const nodeSupported = vendor.semverExports.satisfies(
|
|
4737
4725
|
nodeVersion,
|
|
4738
4726
|
`>=${minSupportedNodeVersion}`
|
|
4739
4727
|
)
|
|
4740
4728
|
const npmBuggyOverrides =
|
|
4741
4729
|
agent === NPM$b &&
|
|
4742
4730
|
!!agentVersion &&
|
|
4743
|
-
|
|
4731
|
+
vendor.semverExports.lt(agentVersion, NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1)
|
|
4744
4732
|
return {
|
|
4745
4733
|
agent,
|
|
4746
4734
|
agentExecPath,
|
|
@@ -4763,13 +4751,13 @@ async function detectPackageEnvironment({
|
|
|
4763
4751
|
},
|
|
4764
4752
|
pkgSupports: {
|
|
4765
4753
|
// Does our minimum supported agent version meet the package's requirements?
|
|
4766
|
-
agent:
|
|
4754
|
+
agent: vendor.semverExports.satisfies(
|
|
4767
4755
|
minSupportedAgentVersion,
|
|
4768
4756
|
`>=${pkgMinAgentVersion}`
|
|
4769
4757
|
),
|
|
4770
4758
|
// Does our supported Node versions meet the package's requirements?
|
|
4771
4759
|
node: maintainedNodeVersions.some(v =>
|
|
4772
|
-
|
|
4760
|
+
vendor.semverExports.satisfies(v, `>=${pkgMinNodeVersion}`)
|
|
4773
4761
|
)
|
|
4774
4762
|
}
|
|
4775
4763
|
}
|
|
@@ -4917,12 +4905,12 @@ const config$z = {
|
|
|
4917
4905
|
autoMerge: {
|
|
4918
4906
|
type: 'boolean',
|
|
4919
4907
|
default: false,
|
|
4920
|
-
description: `Enable auto-merge for pull requests that Socket opens.\n See ${
|
|
4908
|
+
description: `Enable auto-merge for pull requests that Socket opens.\n See ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4921
4909
|
},
|
|
4922
4910
|
rangeStyle: {
|
|
4923
4911
|
type: 'string',
|
|
4924
4912
|
default: 'preserve',
|
|
4925
|
-
description:
|
|
4913
|
+
description: vendor.stripIndent`
|
|
4926
4914
|
Define how updated dependency versions should be written in package.json.
|
|
4927
4915
|
Available styles:
|
|
4928
4916
|
* caret - Use ^ range for compatible updates (e.g. ^1.2.3)
|
|
@@ -5031,11 +5019,11 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
|
|
|
5031
5019
|
const { NPM: NPM$9 } = registryConstants
|
|
5032
5020
|
function formatScore$1(score) {
|
|
5033
5021
|
if (score > 80) {
|
|
5034
|
-
return
|
|
5022
|
+
return vendor.yoctocolorsCjsExports.green(`${score}`)
|
|
5035
5023
|
} else if (score < 80 && score > 60) {
|
|
5036
|
-
return
|
|
5024
|
+
return vendor.yoctocolorsCjsExports.yellow(`${score}`)
|
|
5037
5025
|
}
|
|
5038
|
-
return
|
|
5026
|
+
return vendor.yoctocolorsCjsExports.red(`${score}`)
|
|
5039
5027
|
}
|
|
5040
5028
|
function outputPackageIssuesDetails(packageData, outputMarkdown) {
|
|
5041
5029
|
const issueDetails = packageData.filter(
|
|
@@ -5083,7 +5071,7 @@ function outputPackageInfo(
|
|
|
5083
5071
|
return
|
|
5084
5072
|
}
|
|
5085
5073
|
if (outputKind === 'markdown') {
|
|
5086
|
-
logger.logger.log(
|
|
5074
|
+
logger.logger.log(vendor.stripIndents`
|
|
5087
5075
|
# Package report for ${pkgName}
|
|
5088
5076
|
|
|
5089
5077
|
Package report card:
|
|
@@ -5140,8 +5128,8 @@ function outputPackageInfo(
|
|
|
5140
5128
|
}
|
|
5141
5129
|
if (outputKind !== 'markdown') {
|
|
5142
5130
|
logger.logger.log(
|
|
5143
|
-
|
|
5144
|
-
`\nOr rerun ${
|
|
5131
|
+
vendor.yoctocolorsCjsExports.dim(
|
|
5132
|
+
`\nOr rerun ${vendor.yoctocolorsCjsExports.italic(commandName)} using the ${vendor.yoctocolorsCjsExports.italic('--json')} flag to get full JSON output`
|
|
5145
5133
|
)
|
|
5146
5134
|
)
|
|
5147
5135
|
} else {
|
|
@@ -5272,7 +5260,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
|
|
|
5272
5260
|
apiProxy ??= shadowNpmInject.getConfigValue('apiProxy') ?? undefined
|
|
5273
5261
|
const apiToken =
|
|
5274
5262
|
(await prompts.password({
|
|
5275
|
-
message: `Enter your ${
|
|
5263
|
+
message: `Enter your ${vendor.terminalLinkExports('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
|
|
5276
5264
|
})) || SOCKET_PUBLIC_API_TOKEN
|
|
5277
5265
|
// Lazily access constants.spinner.
|
|
5278
5266
|
const { spinner } = constants
|
|
@@ -6018,7 +6006,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6018
6006
|
subArgs.push('--verbose')
|
|
6019
6007
|
}
|
|
6020
6008
|
const dir = cwd
|
|
6021
|
-
if (
|
|
6009
|
+
if (require$$0.existsSync(path$1.join(dir, 'build.sbt'))) {
|
|
6022
6010
|
logger.logger.log(
|
|
6023
6011
|
'Detected a Scala sbt build, running default Scala generator...'
|
|
6024
6012
|
)
|
|
@@ -6035,7 +6023,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6035
6023
|
})
|
|
6036
6024
|
return
|
|
6037
6025
|
}
|
|
6038
|
-
if (
|
|
6026
|
+
if (require$$0.existsSync(path$1.join(dir, 'gradlew'))) {
|
|
6039
6027
|
logger.logger.log(
|
|
6040
6028
|
'Detected a gradle build, running default gradle generator...'
|
|
6041
6029
|
)
|
|
@@ -6058,8 +6046,9 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6058
6046
|
}
|
|
6059
6047
|
|
|
6060
6048
|
// Show new help screen and exit.
|
|
6061
|
-
|
|
6062
|
-
|
|
6049
|
+
vendor
|
|
6050
|
+
.meow(
|
|
6051
|
+
`
|
|
6063
6052
|
$ ${parentName} ${config$t.commandName}
|
|
6064
6053
|
|
|
6065
6054
|
Unfortunately this script did not discover a supported language in the
|
|
@@ -6072,12 +6061,13 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6072
6061
|
If that doesn't work, see \`${parentName} <lang> --help\` for config details for
|
|
6073
6062
|
your target language.
|
|
6074
6063
|
`,
|
|
6075
|
-
|
|
6076
|
-
|
|
6077
|
-
|
|
6078
|
-
|
|
6079
|
-
|
|
6080
|
-
|
|
6064
|
+
{
|
|
6065
|
+
argv: [],
|
|
6066
|
+
description: config$t.description,
|
|
6067
|
+
importMeta
|
|
6068
|
+
}
|
|
6069
|
+
)
|
|
6070
|
+
.showHelp()
|
|
6081
6071
|
}
|
|
6082
6072
|
|
|
6083
6073
|
const { DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$p } = constants
|
|
@@ -6547,7 +6537,7 @@ async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
|
|
|
6547
6537
|
const yml = await shadowNpmInject.safeReadFile(workspacePath)
|
|
6548
6538
|
if (yml) {
|
|
6549
6539
|
try {
|
|
6550
|
-
workspacePatterns =
|
|
6540
|
+
workspacePatterns = vendor.distExports$1.parse(yml)?.packages
|
|
6551
6541
|
} catch {}
|
|
6552
6542
|
if (workspacePatterns) {
|
|
6553
6543
|
break
|
|
@@ -7017,10 +7007,10 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7017
7007
|
const depAliasMap = new Map()
|
|
7018
7008
|
const depEntries = getDependencyEntries(editablePkgJson)
|
|
7019
7009
|
const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
|
|
7020
|
-
|
|
7010
|
+
vendor.semverExports.satisfies(
|
|
7021
7011
|
// Roughly check Node range as semver.coerce will strip leading
|
|
7022
7012
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
7023
|
-
|
|
7013
|
+
vendor.semverExports.coerce(data.engines.node),
|
|
7024
7014
|
pkgEnvDetails.pkgRequirements.node
|
|
7025
7015
|
)
|
|
7026
7016
|
)
|
|
@@ -7028,7 +7018,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7028
7018
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7029
7019
|
await promises.pEach(manifestEntries, 3, async ({ 1: data }) => {
|
|
7030
7020
|
const { name: sockRegPkgName, package: origPkgName, version } = data
|
|
7031
|
-
const major =
|
|
7021
|
+
const major = vendor.semverExports.major(version)
|
|
7032
7022
|
const sockOverridePrefix = `${NPM$1}:${sockRegPkgName}@`
|
|
7033
7023
|
const sockOverrideSpec = `${sockOverridePrefix}${pin ? version : `^${major}`}`
|
|
7034
7024
|
for (const { 1: depObj } of depEntries) {
|
|
@@ -7052,7 +7042,8 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7052
7042
|
thisSpec.startsWith(sockOverridePrefix) &&
|
|
7053
7043
|
// Check the validity of the spec by passing it through npa and
|
|
7054
7044
|
// seeing if it will coerce to a version.
|
|
7055
|
-
|
|
7045
|
+
vendor.semverExports.coerce(vendor.npaExports(thisSpec).rawSpec)
|
|
7046
|
+
?.version
|
|
7056
7047
|
)
|
|
7057
7048
|
) {
|
|
7058
7049
|
thisSpec = sockOverrideSpec
|
|
@@ -7109,20 +7100,22 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7109
7100
|
if (thisSpec.startsWith(sockOverridePrefix)) {
|
|
7110
7101
|
if (
|
|
7111
7102
|
pin &&
|
|
7112
|
-
|
|
7103
|
+
vendor.semverExports.major(
|
|
7113
7104
|
// Check the validity of the spec by passing it through npa
|
|
7114
7105
|
// and seeing if it will coerce to a version. semver.coerce
|
|
7115
7106
|
// will strip leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
7116
7107
|
// and tildes (~). If not coerced to a valid version then
|
|
7117
7108
|
// default to the manifest entry version.
|
|
7118
|
-
|
|
7109
|
+
vendor.semverExports.coerce(
|
|
7110
|
+
vendor.npaExports(thisSpec).rawSpec
|
|
7111
|
+
)?.version ?? version
|
|
7119
7112
|
) !== major
|
|
7120
7113
|
) {
|
|
7121
7114
|
const otherVersion = (
|
|
7122
7115
|
await packages.fetchPackageManifest(thisSpec)
|
|
7123
7116
|
)?.version
|
|
7124
7117
|
if (otherVersion && otherVersion !== version) {
|
|
7125
|
-
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${
|
|
7118
|
+
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${vendor.semverExports.major(otherVersion)}`}`
|
|
7126
7119
|
}
|
|
7127
7120
|
}
|
|
7128
7121
|
} else {
|
|
@@ -7140,11 +7133,14 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7140
7133
|
}
|
|
7141
7134
|
})
|
|
7142
7135
|
if (workspaceGlobs) {
|
|
7143
|
-
const workspacePkgJsonPaths = await
|
|
7144
|
-
|
|
7145
|
-
|
|
7146
|
-
|
|
7147
|
-
|
|
7136
|
+
const workspacePkgJsonPaths = await vendor.distExports.glob(
|
|
7137
|
+
workspaceGlobs,
|
|
7138
|
+
{
|
|
7139
|
+
absolute: true,
|
|
7140
|
+
cwd: pkgPath,
|
|
7141
|
+
ignore: ['**/node_modules/**', '**/bower_components/**']
|
|
7142
|
+
}
|
|
7143
|
+
)
|
|
7148
7144
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7149
7145
|
await promises.pEach(
|
|
7150
7146
|
workspacePkgJsonPaths,
|
|
@@ -7381,7 +7377,7 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7381
7377
|
}
|
|
7382
7378
|
logger.logger.log('# Organizations\n')
|
|
7383
7379
|
logger.logger.log(
|
|
7384
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7380
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7385
7381
|
)
|
|
7386
7382
|
logger.logger.log(
|
|
7387
7383
|
`| Name${' '.repeat(mw1 - 4)} | ID${' '.repeat(mw2 - 2)} | Plan${' '.repeat(mw3 - 4)} |`
|
|
@@ -7401,12 +7397,12 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7401
7397
|
}
|
|
7402
7398
|
default: {
|
|
7403
7399
|
logger.logger.log(
|
|
7404
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7400
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7405
7401
|
)
|
|
7406
7402
|
// Just dump
|
|
7407
7403
|
for (const o of organizations) {
|
|
7408
7404
|
logger.logger.log(
|
|
7409
|
-
`- Name: ${
|
|
7405
|
+
`- Name: ${vendor.yoctocolorsCjsExports.bold(o.name ?? 'undefined')}, ID: ${vendor.yoctocolorsCjsExports.bold(o.id)}, Plan: ${vendor.yoctocolorsCjsExports.bold(o.plan)}`
|
|
7410
7406
|
)
|
|
7411
7407
|
}
|
|
7412
7408
|
}
|
|
@@ -8395,7 +8391,7 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8395
8391
|
return true // not found
|
|
8396
8392
|
})
|
|
8397
8393
|
if (outputKind === 'markdown') {
|
|
8398
|
-
logger.logger.log(
|
|
8394
|
+
logger.logger.log(vendor.stripIndents`
|
|
8399
8395
|
# Shallow Package Report
|
|
8400
8396
|
|
|
8401
8397
|
This report contains the response for requesting data on some package url(s).
|
|
@@ -8409,14 +8405,16 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8409
8405
|
`)
|
|
8410
8406
|
return
|
|
8411
8407
|
}
|
|
8412
|
-
logger.logger.log(
|
|
8408
|
+
logger.logger.log(
|
|
8409
|
+
'\n' + vendor.yoctocolorsCjsExports.bold('Shallow Package Score') + '\n'
|
|
8410
|
+
)
|
|
8413
8411
|
logger.logger.log(
|
|
8414
8412
|
'Please note: The listed scores are ONLY for the package itself. It does NOT\n' +
|
|
8415
8413
|
' reflect the scores of any dependencies, transitive or otherwise.'
|
|
8416
8414
|
)
|
|
8417
8415
|
if (missing.length) {
|
|
8418
8416
|
logger.logger.log(
|
|
8419
|
-
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' +
|
|
8417
|
+
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' + vendor.yoctocolorsCjsExports.bold(purl)).join('')}`
|
|
8420
8418
|
)
|
|
8421
8419
|
}
|
|
8422
8420
|
packageData.forEach(data => {
|
|
@@ -8436,7 +8434,7 @@ function formatReportCard(data, color) {
|
|
|
8436
8434
|
const alertString = getAlertString(data.alerts, !color)
|
|
8437
8435
|
const purl = 'pkg:' + data.type + '/' + data.name + '@' + data.version
|
|
8438
8436
|
return [
|
|
8439
|
-
'Package: ' + (color ?
|
|
8437
|
+
'Package: ' + (color ? vendor.yoctocolorsCjsExports.bold(purl) : purl),
|
|
8440
8438
|
'',
|
|
8441
8439
|
...Object.entries(scoreResult).map(
|
|
8442
8440
|
score =>
|
|
@@ -8452,16 +8450,18 @@ function formatScore(score, noColor = false, pad = false) {
|
|
|
8452
8450
|
return padded
|
|
8453
8451
|
}
|
|
8454
8452
|
if (score >= 80) {
|
|
8455
|
-
return
|
|
8453
|
+
return vendor.yoctocolorsCjsExports.green(padded)
|
|
8456
8454
|
}
|
|
8457
8455
|
if (score >= 60) {
|
|
8458
|
-
return
|
|
8456
|
+
return vendor.yoctocolorsCjsExports.yellow(padded)
|
|
8459
8457
|
}
|
|
8460
|
-
return
|
|
8458
|
+
return vendor.yoctocolorsCjsExports.red(padded)
|
|
8461
8459
|
}
|
|
8462
8460
|
function getAlertString(alerts, noColor = false) {
|
|
8463
8461
|
if (!alerts?.length) {
|
|
8464
|
-
return noColor
|
|
8462
|
+
return noColor
|
|
8463
|
+
? `- Alerts: none!`
|
|
8464
|
+
: `- Alerts: ${vendor.yoctocolorsCjsExports.green('none')}!`
|
|
8465
8465
|
}
|
|
8466
8466
|
const bad = alerts
|
|
8467
8467
|
.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle')
|
|
@@ -8491,22 +8491,32 @@ function getAlertString(alerts, noColor = false) {
|
|
|
8491
8491
|
)
|
|
8492
8492
|
}
|
|
8493
8493
|
return (
|
|
8494
|
-
`- Alerts (${
|
|
8494
|
+
`- Alerts (${vendor.yoctocolorsCjsExports.red(bad.length.toString())}/${vendor.yoctocolorsCjsExports.yellow(mid.length.toString())}/${low.length}):` +
|
|
8495
8495
|
' '.repeat(Math.max(0, 20 - colorless.length)) +
|
|
8496
8496
|
' ' +
|
|
8497
8497
|
[
|
|
8498
8498
|
bad
|
|
8499
8499
|
.map(alert =>
|
|
8500
|
-
|
|
8500
|
+
vendor.yoctocolorsCjsExports.red(
|
|
8501
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8502
|
+
alert.type
|
|
8503
|
+
)
|
|
8501
8504
|
)
|
|
8502
8505
|
.join(', '),
|
|
8503
8506
|
mid
|
|
8504
8507
|
.map(alert =>
|
|
8505
|
-
|
|
8508
|
+
vendor.yoctocolorsCjsExports.yellow(
|
|
8509
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8510
|
+
alert.type
|
|
8511
|
+
)
|
|
8506
8512
|
)
|
|
8507
8513
|
.join(', '),
|
|
8508
8514
|
low
|
|
8509
|
-
.map(
|
|
8515
|
+
.map(
|
|
8516
|
+
alert =>
|
|
8517
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8518
|
+
alert.type
|
|
8519
|
+
)
|
|
8510
8520
|
.join(', ')
|
|
8511
8521
|
]
|
|
8512
8522
|
.filter(Boolean)
|
|
@@ -9124,27 +9134,27 @@ async function outputListRepos(data, outputKind) {
|
|
|
9124
9134
|
columns: [
|
|
9125
9135
|
{
|
|
9126
9136
|
field: 'id',
|
|
9127
|
-
name:
|
|
9137
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9128
9138
|
},
|
|
9129
9139
|
{
|
|
9130
9140
|
field: 'name',
|
|
9131
|
-
name:
|
|
9141
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9132
9142
|
},
|
|
9133
9143
|
{
|
|
9134
9144
|
field: 'visibility',
|
|
9135
|
-
name:
|
|
9145
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9136
9146
|
},
|
|
9137
9147
|
{
|
|
9138
9148
|
field: 'default_branch',
|
|
9139
|
-
name:
|
|
9149
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9140
9150
|
},
|
|
9141
9151
|
{
|
|
9142
9152
|
field: 'archived',
|
|
9143
|
-
name:
|
|
9153
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9144
9154
|
}
|
|
9145
9155
|
]
|
|
9146
9156
|
}
|
|
9147
|
-
logger.logger.log(
|
|
9157
|
+
logger.logger.log(vendor.srcExports(options, data.results))
|
|
9148
9158
|
}
|
|
9149
9159
|
|
|
9150
9160
|
async function handleListRepos({
|
|
@@ -9489,35 +9499,35 @@ async function outputViewRepo(data, outputKind) {
|
|
|
9489
9499
|
columns: [
|
|
9490
9500
|
{
|
|
9491
9501
|
field: 'id',
|
|
9492
|
-
name:
|
|
9502
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9493
9503
|
},
|
|
9494
9504
|
{
|
|
9495
9505
|
field: 'name',
|
|
9496
|
-
name:
|
|
9506
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9497
9507
|
},
|
|
9498
9508
|
{
|
|
9499
9509
|
field: 'visibility',
|
|
9500
|
-
name:
|
|
9510
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9501
9511
|
},
|
|
9502
9512
|
{
|
|
9503
9513
|
field: 'default_branch',
|
|
9504
|
-
name:
|
|
9514
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9505
9515
|
},
|
|
9506
9516
|
{
|
|
9507
9517
|
field: 'homepage',
|
|
9508
|
-
name:
|
|
9518
|
+
name: vendor.yoctocolorsCjsExports.magenta('Homepage')
|
|
9509
9519
|
},
|
|
9510
9520
|
{
|
|
9511
9521
|
field: 'archived',
|
|
9512
|
-
name:
|
|
9522
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9513
9523
|
},
|
|
9514
9524
|
{
|
|
9515
9525
|
field: 'created_at',
|
|
9516
|
-
name:
|
|
9526
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
9517
9527
|
}
|
|
9518
9528
|
]
|
|
9519
9529
|
}
|
|
9520
|
-
logger.logger.log(
|
|
9530
|
+
logger.logger.log(vendor.srcExports(options, [data]))
|
|
9521
9531
|
}
|
|
9522
9532
|
|
|
9523
9533
|
async function handleViewRepo(orgSlug, repoName, outputKind) {
|
|
@@ -10122,26 +10132,28 @@ async function outputListScans(data, outputKind) {
|
|
|
10122
10132
|
columns: [
|
|
10123
10133
|
{
|
|
10124
10134
|
field: 'id',
|
|
10125
|
-
name:
|
|
10135
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
10126
10136
|
},
|
|
10127
10137
|
{
|
|
10128
10138
|
field: 'report_url',
|
|
10129
|
-
name:
|
|
10139
|
+
name: vendor.yoctocolorsCjsExports.magenta('Scan URL')
|
|
10130
10140
|
},
|
|
10131
10141
|
{
|
|
10132
10142
|
field: 'branch',
|
|
10133
|
-
name:
|
|
10143
|
+
name: vendor.yoctocolorsCjsExports.magenta('Branch')
|
|
10134
10144
|
},
|
|
10135
10145
|
{
|
|
10136
10146
|
field: 'created_at',
|
|
10137
|
-
name:
|
|
10147
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
10138
10148
|
}
|
|
10139
10149
|
]
|
|
10140
10150
|
}
|
|
10141
10151
|
const formattedResults = data.results.map(d => {
|
|
10142
10152
|
return {
|
|
10143
10153
|
id: d.id,
|
|
10144
|
-
report_url:
|
|
10154
|
+
report_url: vendor.yoctocolorsCjsExports.underline(
|
|
10155
|
+
`${d.html_report_url}`
|
|
10156
|
+
),
|
|
10145
10157
|
created_at: d.created_at
|
|
10146
10158
|
? new Date(d.created_at).toLocaleDateString('en-us', {
|
|
10147
10159
|
year: 'numeric',
|
|
@@ -10152,7 +10164,7 @@ async function outputListScans(data, outputKind) {
|
|
|
10152
10164
|
branch: d.branch
|
|
10153
10165
|
}
|
|
10154
10166
|
})
|
|
10155
|
-
logger.logger.log(
|
|
10167
|
+
logger.logger.log(vendor.srcExports(options, formattedResults))
|
|
10156
10168
|
}
|
|
10157
10169
|
|
|
10158
10170
|
async function handleListScans({
|
|
@@ -11153,7 +11165,7 @@ async function run$1(argv, importMeta, { parentName }) {
|
|
|
11153
11165
|
}
|
|
11154
11166
|
|
|
11155
11167
|
function addSocketWrapper(file) {
|
|
11156
|
-
return
|
|
11168
|
+
return require$$0.appendFile(
|
|
11157
11169
|
file,
|
|
11158
11170
|
'alias npm="socket npm"\nalias npx="socket npx"\n',
|
|
11159
11171
|
err => {
|
|
@@ -11162,7 +11174,7 @@ function addSocketWrapper(file) {
|
|
|
11162
11174
|
}
|
|
11163
11175
|
// TODO: pretty sure you need to source the file or restart
|
|
11164
11176
|
// any terminal session before changes are reflected.
|
|
11165
|
-
logger.logger.log(
|
|
11177
|
+
logger.logger.log(vendor.stripIndents`
|
|
11166
11178
|
The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
|
|
11167
11179
|
If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
11168
11180
|
`)
|
|
@@ -11171,7 +11183,7 @@ If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
|
11171
11183
|
}
|
|
11172
11184
|
|
|
11173
11185
|
function checkSocketWrapperSetup(file) {
|
|
11174
|
-
const fileContent =
|
|
11186
|
+
const fileContent = require$$0.readFileSync(file, 'utf8')
|
|
11175
11187
|
const linesWithSocketAlias = fileContent
|
|
11176
11188
|
.split('\n')
|
|
11177
11189
|
.filter(
|
|
@@ -11190,10 +11202,11 @@ async function postinstallWrapper() {
|
|
|
11190
11202
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11191
11203
|
const { bashRcPath, zshRcPath } = constants
|
|
11192
11204
|
const socketWrapperEnabled =
|
|
11193
|
-
(
|
|
11194
|
-
|
|
11205
|
+
(require$$0.existsSync(bashRcPath) &&
|
|
11206
|
+
checkSocketWrapperSetup(bashRcPath)) ||
|
|
11207
|
+
(require$$0.existsSync(zshRcPath) && checkSocketWrapperSetup(zshRcPath))
|
|
11195
11208
|
if (!socketWrapperEnabled) {
|
|
11196
|
-
await installSafeNpm(
|
|
11209
|
+
await installSafeNpm(vendor.stripIndents`
|
|
11197
11210
|
The Socket CLI is now successfully installed! 🎉
|
|
11198
11211
|
|
|
11199
11212
|
To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.
|
|
@@ -11218,10 +11231,10 @@ async function installSafeNpm(query) {
|
|
|
11218
11231
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11219
11232
|
const { bashRcPath, zshRcPath } = constants
|
|
11220
11233
|
try {
|
|
11221
|
-
if (
|
|
11234
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11222
11235
|
addSocketWrapper(bashRcPath)
|
|
11223
11236
|
}
|
|
11224
|
-
if (
|
|
11237
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11225
11238
|
addSocketWrapper(zshRcPath)
|
|
11226
11239
|
}
|
|
11227
11240
|
} catch (e) {
|
|
@@ -11233,7 +11246,7 @@ async function installSafeNpm(query) {
|
|
|
11233
11246
|
}
|
|
11234
11247
|
|
|
11235
11248
|
function removeSocketWrapper(file) {
|
|
11236
|
-
return
|
|
11249
|
+
return require$$0.readFile(file, 'utf8', function (err, data) {
|
|
11237
11250
|
if (err) {
|
|
11238
11251
|
logger.logger.fail('There was an error removing the alias:')
|
|
11239
11252
|
logger.logger.error(err)
|
|
@@ -11245,7 +11258,7 @@ function removeSocketWrapper(file) {
|
|
|
11245
11258
|
l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"'
|
|
11246
11259
|
)
|
|
11247
11260
|
const updatedFileContent = linesWithoutSocketAlias.join('\n')
|
|
11248
|
-
|
|
11261
|
+
require$$0.writeFile(file, updatedFileContent, function (err) {
|
|
11249
11262
|
if (err) {
|
|
11250
11263
|
logger.logger.error(err)
|
|
11251
11264
|
return
|
|
@@ -11333,21 +11346,27 @@ async function run(argv, importMeta, { parentName }) {
|
|
|
11333
11346
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11334
11347
|
const { bashRcPath, zshRcPath } = constants
|
|
11335
11348
|
if (enable) {
|
|
11336
|
-
if (
|
|
11349
|
+
if (
|
|
11350
|
+
require$$0.existsSync(bashRcPath) &&
|
|
11351
|
+
!checkSocketWrapperSetup(bashRcPath)
|
|
11352
|
+
) {
|
|
11337
11353
|
addSocketWrapper(bashRcPath)
|
|
11338
11354
|
}
|
|
11339
|
-
if (
|
|
11355
|
+
if (
|
|
11356
|
+
require$$0.existsSync(zshRcPath) &&
|
|
11357
|
+
!checkSocketWrapperSetup(zshRcPath)
|
|
11358
|
+
) {
|
|
11340
11359
|
addSocketWrapper(zshRcPath)
|
|
11341
11360
|
}
|
|
11342
11361
|
} else {
|
|
11343
|
-
if (
|
|
11362
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11344
11363
|
removeSocketWrapper(bashRcPath)
|
|
11345
11364
|
}
|
|
11346
|
-
if (
|
|
11365
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11347
11366
|
removeSocketWrapper(zshRcPath)
|
|
11348
11367
|
}
|
|
11349
11368
|
}
|
|
11350
|
-
if (!
|
|
11369
|
+
if (!require$$0.existsSync(bashRcPath) && !require$$0.existsSync(zshRcPath)) {
|
|
11351
11370
|
logger.logger.fail(
|
|
11352
11371
|
'There was an issue setting up the alias in your bash profile'
|
|
11353
11372
|
)
|
|
@@ -11358,10 +11377,10 @@ const { SOCKET_CLI_BIN_NAME } = constants
|
|
|
11358
11377
|
|
|
11359
11378
|
// TODO: Add autocompletion using https://socket.dev/npm/package/omelette
|
|
11360
11379
|
void (async () => {
|
|
11361
|
-
await
|
|
11380
|
+
await vendor.updater({
|
|
11362
11381
|
name: SOCKET_CLI_BIN_NAME,
|
|
11363
11382
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11364
|
-
version: '0.14.
|
|
11383
|
+
version: '0.14.96',
|
|
11365
11384
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11366
11385
|
})
|
|
11367
11386
|
try {
|
|
@@ -11398,7 +11417,7 @@ void (async () => {
|
|
|
11398
11417
|
argv: process$1.argv.slice(2),
|
|
11399
11418
|
name: SOCKET_CLI_BIN_NAME,
|
|
11400
11419
|
importMeta: {
|
|
11401
|
-
url: `${
|
|
11420
|
+
url: `${require$$0$2.pathToFileURL(__filename)}`
|
|
11402
11421
|
}
|
|
11403
11422
|
}
|
|
11404
11423
|
)
|
|
@@ -11416,8 +11435,8 @@ void (async () => {
|
|
|
11416
11435
|
errorBody = e.body
|
|
11417
11436
|
} else if (e instanceof Error) {
|
|
11418
11437
|
errorTitle = 'Unexpected error'
|
|
11419
|
-
errorMessage =
|
|
11420
|
-
errorBody =
|
|
11438
|
+
errorMessage = vendor.messageWithCauses(e)
|
|
11439
|
+
errorBody = vendor.stackWithCauses(e)
|
|
11421
11440
|
} else {
|
|
11422
11441
|
errorTitle = 'Unexpected error with no details'
|
|
11423
11442
|
}
|
|
@@ -11429,5 +11448,5 @@ void (async () => {
|
|
|
11429
11448
|
await shadowNpmInject.captureException(e)
|
|
11430
11449
|
}
|
|
11431
11450
|
})()
|
|
11432
|
-
//# debugId=
|
|
11451
|
+
//# debugId=f7c27252-6de0-4577-9a6d-4ca8ce4c19fe
|
|
11433
11452
|
//# sourceMappingURL=cli.js.map
|