@socketsecurity/cli-with-sentry 0.15.19 → 0.15.21

package/dist/constants.js

@@ -74,6 +74,7 @@ const LAZY_ENV = () => {
   const {
     env
   } = process;
+  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN']);
   // We inline some environment values so that they CANNOT be influenced by user
   // provided environment variables.
   return Object.freeze({
@@ -101,7 +102,7 @@ const LAZY_ENV = () => {
     // The GITHUB_TOKEN secret is a GitHub App installation access token. The token's
     // permissions are limited to the repository that contains the workflow.
     // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret
-    GITHUB_TOKEN: envAsString(env['GITHUB_TOKEN']),
+    GITHUB_TOKEN,
     // Comp-time inlined @cyclonedx/cdxgen package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
     INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString("11.3.1"),
@@ -122,10 +123,10 @@ const LAZY_ENV = () => {
     INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(true),
     // Comp-time inlined Socket package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    INLINED_SOCKET_CLI_VERSION: envAsString("0.15.19"),
+    INLINED_SOCKET_CLI_VERSION: envAsString("0.15.21"),
     // Comp-time inlined Socket package version hash.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.19:f7783fb:702fb2fd:pub"),
+    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.21:8b6b8a4:6cf48ac8:pub"),
     // Comp-time inlined synp package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
     INLINED_SYNP_VERSION: envAsString("1.9.14"),
@@ -146,40 +147,27 @@ const LAZY_ENV = () => {
     PATH: envAsString(env['PATH']),
     // Flag to accepts risks of safe-npm and safe-npx run.
     SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),
-    // Flag containing a JSON stringified Socket configuration object.
-    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),
-    // Flag to help debug Socket CLI.
-    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),
-    // Flag to make the default API token `undefined`.
-    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),
-    // Flag to view all risks of safe-npm and safe-npx run.
-    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),
     // Flag to change the base URL for all API-calls.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development
-    SOCKET_SECURITY_API_BASE_URL: envAsString(env['SOCKET_SECURITY_API_BASE_URL']) ||
-    // For consistency; allow socket_cli prefix too
-    envAsString(env['SOCKET_CLI_API_BASE_URL']),
+    SOCKET_CLI_API_BASE_URL: envAsString(env['SOCKET_CLI_API_BASE_URL']) || envAsString(env['SOCKET_SECURITY_API_BASE_URL']),
     // Flag to set the proxy all requests are routed through.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development
-    SOCKET_SECURITY_API_PROXY: envAsString(env['SOCKET_SECURITY_API_PROXY']) ||
-    // For consistency; allow socket_cli prefix too
-    envAsString(env['SOCKET_CLI_API_BASE_URL']),
+    SOCKET_CLI_API_PROXY: envAsString(env['SOCKET_CLI_API_PROXY']) || envAsString(env['SOCKET_SECURITY_API_PROXY']),
     // Flag to set the API token.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables
-    SOCKET_SECURITY_API_TOKEN:
-    // Note: These are SOCKET_SECURITY prefixed because they're not specific
-    //       to the CLI. For the sake of consistency we'll also support the env
-    //       keys that do have the SOCKET_CLI prefix, it's an easy mistake.
-    // In case multiple are supplied, the tokens supersede the keys and the
-    // security prefix supersedes the cli prefix. "Adventure mode" ;)
-    envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||
-    // Keep 'SOCKET_SECURITY_API_KEY' alias.
-    // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.
-    envAsString(env['SOCKET_SECURITY_API_KEY']) || envAsString(env['SOCKET_CLI_API_TOKEN']) || envAsString(env['SOCKET_CLI_API_KEY']),
+    SOCKET_CLI_API_TOKEN: envAsString(env['SOCKET_CLI_API_TOKEN']) || envAsString(env['SOCKET_CLI_API_KEY']) || envAsString(env['SOCKET_SECURITY_API_TOKEN']) || envAsString(env['SOCKET_SECURITY_API_KEY']),
+    // Flag containing a JSON stringified Socket configuration object.
+    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),
+    // Flag to help debug Socket CLI.
+    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),
     // A classic GitHub personal access token with the "repo" scope or a fine-grained
     // access token with read/write permissions set for "Contents" and "Pull Request".
     // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens
-    SOCKET_SECURITY_GITHUB_PAT: envAsString(env['SOCKET_SECURITY_GITHUB_PAT']),
+    SOCKET_CLI_GITHUB_TOKEN: envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) || envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) || GITHUB_TOKEN,
+    // Flag to make the default API token `undefined`.
+    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),
+    // Flag to view all risks of safe-npm and safe-npx run.
+    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),
     // Specifies the type of terminal or terminal emulator being used by the process.
     TERM: envAsString(env['TERM']),
     // The location of the base directory on Linux and MacOS used to store
@@ -408,5 +396,5 @@ const constants = createConstantsObject({
 });
 
 module.exports = constants;
-//# debugId=74e98f13-8573-476e-94ac-aa658acce26b
+//# debugId=ced14064-d90d-4a17-a165-a2222c3c5abf
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_ACTIONS: boolean\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_TOKEN: string\n      INLINED_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      SOCKET_SECURITY_API_BASE_URL: string\n      SOCKET_SECURITY_API_PROXY: string\n      SOCKET_SECURITY_API_TOKEN: string\n      SOCKET_SECURITY_GITHUB_PAT: string\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly CLI: 'cli'\n    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n    readonly ENV: ENV\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SHADOW_BIN: 'shadow-bin'\n    readonly SHADOW_INJECT: 'shadow-inject'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n    readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n    readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n    readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n    readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly WITH_SENTRY: 'with-sentry'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly distCliPath: string\n    readonly distInstrumentWithSentryPath: string\n    readonly distShadowBinPath: string\n    readonly distShadowInjectPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly rootBinPath: string\n    readonly distPath: string\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n  'firstPatchedVersionIdentifier'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_BIN = 'shadow-bin'\nconst SHADOW_INJECT = 'shadow-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n  const {\n    envAsBoolean,\n    envAsString,\n  } = require('@socketsecurity/registry/lib/env')\n  const { env } = process\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag to disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // Always set to true when GitHub Actions is running the workflow. This variable\n    // can be used to differentiate when tests are being run locally or by GitHub Actions.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow run.\n    // This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.\n    // For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The GITHUB_TOKEN secret is a GitHub App installation access token. The token's\n    // permissions are limited to the repository that contains the workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN: envAsString(env['GITHUB_TOKEN']),\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n    INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n    // The location of the %localappdata% folder on Windows used to store user-specific,\n    // non-roaming application data, like temporary files, cached data, and program\n    // settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Flag to enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Flag to accepts risks of safe-npm and safe-npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Flag containing a JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // Flag to help debug Socket CLI.\n    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n    // Flag to make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // Flag to view all risks of safe-npm and safe-npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Flag to change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_SECURITY_API_BASE_URL:\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']) ||\n      // For consistency; allow socket_cli prefix too\n      envAsString(env['SOCKET_CLI_API_BASE_URL']),\n    // Flag to set the proxy all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_SECURITY_API_PROXY:\n      envAsString(env['SOCKET_SECURITY_API_PROXY']) ||\n      // For consistency; allow socket_cli prefix too\n      envAsString(env['SOCKET_CLI_API_BASE_URL']),\n    // Flag to set the API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_SECURITY_API_TOKEN:\n      // Note: These are SOCKET_SECURITY prefixed because they're not specific\n      //       to the CLI. For the sake of consistency we'll also support the env\n      //       keys that do have the SOCKET_CLI prefix, it's an easy mistake.\n      // In case multiple are supplied, the tokens supersede the keys and the\n      // security prefix supersedes the cli prefix. \"Adventure mode\" ;)\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      // Keep 'SOCKET_SECURITY_API_KEY' alias.\n      // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.\n      envAsString(env['SOCKET_SECURITY_API_KEY']) ||\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']),\n    // A classic GitHub personal access token with the \"repo\" scope or a fine-grained\n    // access token with read/write permissions set for \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_SECURITY_GITHUB_PAT: envAsString(env['SOCKET_SECURITY_GITHUB_PAT']),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyDistShadowBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_BIN}.js`)\n\nconst lazyDistShadowInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_INJECT}.js`)\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyRootBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data folder:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    CLI,\n    CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SHADOW_BIN,\n    SHADOW_INJECT,\n    SOCKET,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_BIN_NAME_ALIAS,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n    SOCKET_CLI_LEGACY_PACKAGE_NAME,\n    SOCKET_CLI_NPM_BIN_NAME,\n    SOCKET_CLI_NPX_BIN_NAME,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PACKAGE_NAME,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_SENTRY_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n    SOCKET_CLI_SENTRY_PACKAGE_NAME,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    WITH_SENTRY,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    blessedOptions: undefined,\n    distCliPath: undefined,\n    distInstrumentWithSentryPath: undefined,\n    distPath: undefined,\n    distShadowBinPath: undefined,\n    distShadowInjectPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    rootBinPath: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      blessedOptions: lazyBlessedOptions,\n      distCliPath: lazyDistCliPath,\n      distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n      distPath: lazyDistPath,\n      distShadowBinPath: lazyDistShadowBinPath,\n      distShadowInjectPath: lazyDistShadowInjectPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      rootBinPath: lazyRootBinPath,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","GITHUB_TOKEN","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","SOCKET_SECURITY_API_BASE_URL","SOCKET_SECURITY_API_PROXY","SOCKET_SECURITY_GITHUB_PAT","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","blessedOptions","distCliPath","distInstrumentWithSentryPath","distPath","distShadowBinPath","distShadowInjectPath","githubCachePath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootPath","shadowBinPath","socketAppDataPath","socketCachePath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AA4IA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;AACZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACAjB;AACF;AACA;AACAkB;AAEE;AACAlB;AACF;AACA;;AAEE;AACA;AACA;AACA;AACA;AACAA;AACA;AACA;;AAIF;AACA;AACA;AACAmB;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAZ;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AACE;AACAY;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAjB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAY;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIZ;;;;;;;;;;;;;;AAeFkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEEnB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"74e98f13-8573-476e-94ac-aa658acce26b"}
+{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_ACTIONS: boolean\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_TOKEN: string\n      INLINED_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_API_BASE_URL: string\n      SOCKET_CLI_API_PROXY: string\n      SOCKET_CLI_API_TOKEN: string\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_GITHUB_TOKEN: string\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly CLI: 'cli'\n    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n    readonly ENV: ENV\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SHADOW_BIN: 'shadow-bin'\n    readonly SHADOW_INJECT: 'shadow-inject'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n    readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n    readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n    readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n    readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly WITH_SENTRY: 'with-sentry'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly distCliPath: string\n    readonly distInstrumentWithSentryPath: string\n    readonly distShadowBinPath: string\n    readonly distShadowInjectPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly rootBinPath: string\n    readonly distPath: string\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n  'firstPatchedVersionIdentifier'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_BIN = 'shadow-bin'\nconst SHADOW_INJECT = 'shadow-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n  const {\n    envAsBoolean,\n    envAsString,\n  } = require('@socketsecurity/registry/lib/env')\n  const { env } = process\n  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag to disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // Always set to true when GitHub Actions is running the workflow. This variable\n    // can be used to differentiate when tests are being run locally or by GitHub Actions.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow run.\n    // This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.\n    // For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The GITHUB_TOKEN secret is a GitHub App installation access token. The token's\n    // permissions are limited to the repository that contains the workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN,\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n    INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n    // The location of the %localappdata% folder on Windows used to store user-specific,\n    // non-roaming application data, like temporary files, cached data, and program\n    // settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Flag to enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Flag to accepts risks of safe-npm and safe-npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Flag to change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_BASE_URL:\n      envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n    // Flag to set the proxy all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_PROXY:\n      envAsString(env['SOCKET_CLI_API_PROXY']) ||\n      envAsString(env['SOCKET_SECURITY_API_PROXY']),\n    // Flag to set the API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_CLI_API_TOKEN:\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']) ||\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_API_KEY']),\n    // Flag containing a JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // Flag to help debug Socket CLI.\n    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n    // A classic GitHub personal access token with the \"repo\" scope or a fine-grained\n    // access token with read/write permissions set for \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_CLI_GITHUB_TOKEN:\n      envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n      GITHUB_TOKEN,\n    // Flag to make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // Flag to view all risks of safe-npm and safe-npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyDistShadowBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_BIN}.js`)\n\nconst lazyDistShadowInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_INJECT}.js`)\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyRootBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data folder:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    CLI,\n    CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SHADOW_BIN,\n    SHADOW_INJECT,\n    SOCKET,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_BIN_NAME_ALIAS,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n    SOCKET_CLI_LEGACY_PACKAGE_NAME,\n    SOCKET_CLI_NPM_BIN_NAME,\n    SOCKET_CLI_NPX_BIN_NAME,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PACKAGE_NAME,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_SENTRY_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n    SOCKET_CLI_SENTRY_PACKAGE_NAME,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    WITH_SENTRY,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    blessedOptions: undefined,\n    distCliPath: undefined,\n    distInstrumentWithSentryPath: undefined,\n    distPath: undefined,\n    distShadowBinPath: undefined,\n    distShadowInjectPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    rootBinPath: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      blessedOptions: lazyBlessedOptions,\n      distCliPath: lazyDistCliPath,\n      distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n      distPath: lazyDistPath,\n      distShadowBinPath: lazyDistShadowBinPath,\n      distShadowInjectPath: lazyDistShadowInjectPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      rootBinPath: lazyRootBinPath,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","blessedOptions","distCliPath","distInstrumentWithSentryPath","distPath","distShadowBinPath","distShadowInjectPath","githubCachePath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootPath","shadowBinPath","socketAppDataPath","socketCachePath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AA4IA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAb;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AACE;AACAa;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAlB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAa;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIb;;;;;;;;;;;;;;AAeFmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEEnB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"ced14064-d90d-4a17-a165-a2222c3c5abf"}

package/dist/utils.js

@@ -505,16 +505,16 @@ const {
 // The API server that should be used for operations.
 function getDefaultApiBaseUrl$1() {
   const baseUrl =
-  // Lazily access constants.ENV.SOCKET_SECURITY_API_BASE_URL.
-  constants.ENV.SOCKET_SECURITY_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  // Lazily access constants.ENV.SOCKET_CLI_API_BASE_URL.
+  constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
 }
 
 // The API server that should be used for operations.
 function getDefaultHttpProxy() {
   const apiProxy =
-  // Lazily access constants.ENV.SOCKET_SECURITY_API_PROXY.
-  constants.ENV.SOCKET_SECURITY_API_PROXY || getConfigValueOrUndef('apiProxy');
+  // Lazily access constants.ENV.SOCKET_CLI_API_PROXY.
+  constants.ENV.SOCKET_CLI_API_PROXY || getConfigValueOrUndef('apiProxy');
   return strings.isNonEmptyString(apiProxy) ? apiProxy : undefined;
 }
 
@@ -526,8 +526,8 @@ function getDefaultToken() {
     _defaultToken = undefined;
   } else {
     const key =
-    // Lazily access constants.ENV.SOCKET_SECURITY_API_TOKEN.
-    constants.ENV.SOCKET_SECURITY_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
+    // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
+    constants.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
     _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
   }
   return _defaultToken;
@@ -541,8 +541,8 @@ function hasDefaultToken() {
 }
 function getPublicToken() {
   return (
-    // Lazily access constants.ENV.SOCKET_SECURITY_API_TOKEN.
-    (constants.ENV.SOCKET_SECURITY_API_TOKEN || getDefaultToken()) ?? SOCKET_PUBLIC_API_TOKEN
+    // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
+    (constants.ENV.SOCKET_CLI_API_TOKEN || getDefaultToken()) ?? SOCKET_PUBLIC_API_TOKEN
   );
 }
 async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApiBaseUrl$1(), proxy = getDefaultHttpProxy()) {
@@ -694,9 +694,9 @@ async function getErrorMessageForHttpStatusCode(code) {
 
 // The API server that should be used for operations.
 function getDefaultApiBaseUrl() {
-  // Lazily access constants.ENV.SOCKET_SECURITY_API_BASE_URL.
-  const SOCKET_SECURITY_API_BASE_URL = constants.ENV.SOCKET_SECURITY_API_BASE_URL;
-  const baseUrl = SOCKET_SECURITY_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  const baseUrl =
+  // Lazily access constants.ENV.SOCKET_CLI_API_BASE_URL.
+  constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   if (strings.isNonEmptyString(baseUrl)) {
     return baseUrl;
   }
@@ -1131,8 +1131,8 @@ async function meowWithSubcommands(subcommands, options) {
     // The config will be marked as readOnly to prevent persisting it.
     overrideConfigApiToken(undefined);
   } else {
-    // Lazily access constants.ENV.SOCKET_SECURITY_API_TOKEN.
-    const tokenOverride = constants.ENV.SOCKET_SECURITY_API_TOKEN;
+    // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
+    const tokenOverride = constants.ENV.SOCKET_CLI_API_TOKEN;
     if (tokenOverride) {
       // This will set the token (even if there was a config override) and
       // set it to readOnly, making sure the temp token won't be persisted.
@@ -2036,10 +2036,10 @@ function getCveInfoFromAlertsMap(alertsMap, options) {
   alertsMapLoop: for (const [pkgId, sockPkgAlerts] of alertsMap) {
     const purlObj = vendor.packageurlJsExports.PackageURL.fromString(idToPurl(pkgId));
     const name = packages.resolvePackageName(purlObj);
-    for (const sockPkgAlert of sockPkgAlerts) {
+    sockPkgAlertsLoop: for (const sockPkgAlert of sockPkgAlerts) {
       const alert = sockPkgAlert.raw;
       if (alert.fix?.type !== ALERT_FIX_TYPE.cve || exclude.upgradable && registry.getManifestData(NPM$3, name)) {
-        continue;
+        continue sockPkgAlertsLoop;
       }
       if (!infoByPkgName) {
         infoByPkgName = new Map();
@@ -2935,5 +2935,5 @@ exports.supportedConfigKeys = supportedConfigKeys;
 exports.updateConfigValue = updateConfigValue;
 exports.validationFlags = validationFlags;
 exports.walkNestedMap = walkNestedMap;
-//# debugId=8743d856-59d2-4e34-8527-7a1be1f6157f
+//# debugId=b0a949b5-7c7b-46ea-b147-73f0f9c6007a
 //# sourceMappingURL=utils.js.map