@socketsecurity/cli-with-sentry 0.15.55 → 0.15.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/bin/cli.js +2 -2
  2. package/dist/cli.js +24 -24
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +49 -29
  5. package/dist/constants.js.map +1 -1
  6. package/dist/{shadow-bin.js → shadow-npm-bin.js} +6 -6
  7. package/dist/shadow-npm-bin.js.map +1 -0
  8. package/dist/{shadow-inject.js → shadow-npm-inject.js} +1 -1
  9. package/dist/shadow-npm-inject.js.map +1 -0
  10. package/dist/types/constants.d.mts +9 -5
  11. package/dist/types/constants.d.mts.map +1 -1
  12. package/dist/utils.js +5 -5
  13. package/dist/utils.js.map +1 -1
  14. package/external/@coana-tech/cli/cli.mjs +122 -7
  15. package/external/blessed-contrib/lib/layout/grid.js +400 -32
  16. package/external/blessed-contrib/lib/widget/charts/bar.js +8338 -67
  17. package/external/blessed-contrib/lib/widget/charts/line.js +17861 -196
  18. package/external/blessed-contrib/lib/widget/table.js +140 -121
  19. package/package.json +12 -11
  20. package/dist/shadow-bin.js.map +0 -1
  21. package/dist/shadow-inject.js.map +0 -1
  22. package/external/blessed-contrib/index.js +0 -28
  23. package/external/blessed-contrib/lib/layout/carousel.js +0 -74
  24. package/external/blessed-contrib/lib/server-utils.js +0 -73
  25. package/external/blessed-contrib/lib/utils.js +0 -73
  26. package/external/blessed-contrib/lib/widget/canvas.js +0 -51
  27. package/external/blessed-contrib/lib/widget/charts/stacked-bar.js +0 -218
  28. package/external/blessed-contrib/lib/widget/donut.js +0 -149
  29. package/external/blessed-contrib/lib/widget/gauge-list.js +0 -106
  30. package/external/blessed-contrib/lib/widget/gauge.js +0 -125
  31. package/external/blessed-contrib/lib/widget/lcd.js +0 -451
  32. package/external/blessed-contrib/lib/widget/log.js +0 -33
  33. package/external/blessed-contrib/lib/widget/map.js +0 -86
  34. package/external/blessed-contrib/lib/widget/markdown.js +0 -64
  35. package/external/blessed-contrib/lib/widget/picture.js +0 -66
  36. package/external/blessed-contrib/lib/widget/sparkline.js +0 -58
  37. package/external/blessed-contrib/lib/widget/tree.js +0 -167
package/external/blessed-contrib/lib/widget/table.js CHANGED
@@ -1,133 +1,152 @@
1
1
  'use strict';
2
2
 
3
- var Box = require('../../../blessed/lib/widgets/box')
4
- , List = require('../../../blessed/lib/widgets/list')
5
- , Node = require('../../../blessed/lib/widgets/node')
6
- , stripAnsi = require('strip-ansi');
7
-
8
- function Table(options) {
9
-
10
- var self = this;
11
-
12
- if (!(this instanceof Node)) {
13
- return new Table(options);
14
- }
15
-
16
- if (Array.isArray(options.columnSpacing)) {
17
- throw 'Error: columnSpacing cannot be an array.\r\n' +
18
- 'Note: From release 2.0.0 use property columnWidth instead of columnSpacing.\r\n' +
19
- 'Please refere to the README or to https://github.com/yaronn/blessed-contrib/issues/39';
20
- }
21
-
22
- if (!options.columnWidth) {
23
- throw 'Error: A table must get columnWidth as a property. Please refer to the README.';
24
- }
3
+ var require$$0 = require('../../../blessed/lib/widgets/box');
4
+ var require$$1 = require('../../../blessed/lib/widgets/list');
5
+ var require$$2 = require('../../../blessed/lib/widgets/node');
6
+
7
+ var ansiRegex;
8
+ var hasRequiredAnsiRegex;
9
+ function requireAnsiRegex() {
10
+ if (hasRequiredAnsiRegex) return ansiRegex;
11
+ hasRequiredAnsiRegex = 1;
12
+ ansiRegex = function () {
13
+ return /[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-PRZcf-nqry=><]/g;
14
+ };
15
+ return ansiRegex;
16
+ }
25
17
 
26
- options = options || {};
27
- options.columnSpacing = options.columnSpacing==null? 10 : options.columnSpacing;
28
- options.bold = true;
29
- options.selectedFg = options.selectedFg || 'white';
30
- options.selectedBg = options.selectedBg || 'blue';
31
- options.fg = options.fg || 'green';
32
- options.bg = options.bg || '';
33
- options.interactive = (typeof options.interactive === 'undefined') ? true : options.interactive;
34
- this.options = options;
35
- Box.call(this, options);
18
+ var stripAnsi;
19
+ var hasRequiredStripAnsi;
20
+ function requireStripAnsi() {
21
+ if (hasRequiredStripAnsi) return stripAnsi;
22
+ hasRequiredStripAnsi = 1;
23
+ var ansiRegex = requireAnsiRegex()();
24
+ stripAnsi = function (str) {
25
+ return typeof str === 'string' ? str.replace(ansiRegex, '') : str;
26
+ };
27
+ return stripAnsi;
28
+ }
36
29
 
37
- this.rows = new List({
38
- //height: 0,
39
- top: 2,
40
- width: 0,
41
- left: 1,
42
- style: { selected: {
43
- fg: options.selectedFg
44
- , bg: options.selectedBg
30
+ var table;
31
+ var hasRequiredTable;
32
+ function requireTable() {
33
+ if (hasRequiredTable) return table;
34
+ hasRequiredTable = 1;
35
+ var Box = require$$0,
36
+ List = require$$1,
37
+ Node = require$$2,
38
+ stripAnsi = requireStripAnsi();
39
+ function Table(options) {
40
+ var self = this;
41
+ if (!(this instanceof Node)) {
42
+ return new Table(options);
45
43
  }
46
- , item: {
47
- fg: options.fg
48
- , bg: options.bg
49
- }},
50
- keys: options.keys,
51
- vi: options.vi,
52
- mouse: options.mouse,
53
- tags: true,
54
- interactive: options.interactive,
55
- screen: this.screen
56
- });
57
-
58
- this.append(this.rows);
59
-
60
- this.on('attach', function() {
61
- if (self.options.data) {
62
- self.setData(self.options.data);
44
+ if (Array.isArray(options.columnSpacing)) {
45
+ throw 'Error: columnSpacing cannot be an array.\r\n' + 'Note: From release 2.0.0 use property columnWidth instead of columnSpacing.\r\n' + 'Please refere to the README or to https://github.com/yaronn/blessed-contrib/issues/39';
63
46
  }
64
- });
65
-
66
- }
67
-
68
- Table.prototype = Object.create(Box.prototype);
69
-
70
- Table.prototype.focus = function(){
71
- this.rows.focus();
72
- };
73
-
74
- Table.prototype.render = function() {
75
- if(this.screen.focused == this.rows)
76
- this.rows.focus();
77
-
78
- this.rows.width = this.width-3;
79
- this.rows.height = this.height-4;
80
- Box.prototype.render.call(this);
81
- };
82
-
83
-
84
- Table.prototype.setData = function(table) {
85
- var self = this;
86
-
87
- var dataToString = function(d) {
88
- var str = '';
89
- d.forEach(function(r, i) {
90
- var colsize = self.options.columnWidth[i]
91
- , strip = stripAnsi(r.toString())
92
- , ansiLen = r.toString().length - strip.length
93
- , spaceLength = colsize - strip.length + self.options.columnSpacing;
94
- r = r.toString().substring(0, colsize + ansiLen); //compensate for ansi len
95
- if (spaceLength < 0) {
96
- spaceLength = 0;
47
+ if (!options.columnWidth) {
48
+ throw 'Error: A table must get columnWidth as a property. Please refer to the README.';
49
+ }
50
+ options = options || {};
51
+ options.columnSpacing = options.columnSpacing == null ? 10 : options.columnSpacing;
52
+ options.bold = true;
53
+ options.selectedFg = options.selectedFg || 'white';
54
+ options.selectedBg = options.selectedBg || 'blue';
55
+ options.fg = options.fg || 'green';
56
+ options.bg = options.bg || '';
57
+ options.interactive = typeof options.interactive === 'undefined' ? true : options.interactive;
58
+ this.options = options;
59
+ Box.call(this, options);
60
+ this.rows = new List({
61
+ //height: 0,
62
+ top: 2,
63
+ width: 0,
64
+ left: 1,
65
+ style: {
66
+ selected: {
67
+ fg: options.selectedFg,
68
+ bg: options.selectedBg
69
+ },
70
+ item: {
71
+ fg: options.fg,
72
+ bg: options.bg
73
+ }
74
+ },
75
+ keys: options.keys,
76
+ vi: options.vi,
77
+ mouse: options.mouse,
78
+ tags: true,
79
+ interactive: options.interactive,
80
+ screen: this.screen
81
+ });
82
+ this.append(this.rows);
83
+ this.on('attach', function () {
84
+ if (self.options.data) {
85
+ self.setData(self.options.data);
97
86
  }
98
- var spaces = new Array(spaceLength).join(' ');
99
- str += r + spaces;
100
87
  });
101
- return str;
88
+ }
89
+ Table.prototype = Object.create(Box.prototype);
90
+ Table.prototype.focus = function () {
91
+ this.rows.focus();
92
+ };
93
+ Table.prototype.render = function () {
94
+ if (this.screen.focused == this.rows) this.rows.focus();
95
+ this.rows.width = this.width - 3;
96
+ this.rows.height = this.height - 4;
97
+ Box.prototype.render.call(this);
98
+ };
99
+ Table.prototype.setData = function (table) {
100
+ var self = this;
101
+ var dataToString = function (d) {
102
+ var str = '';
103
+ d.forEach(function (r, i) {
104
+ var colsize = self.options.columnWidth[i],
105
+ strip = stripAnsi(r.toString()),
106
+ ansiLen = r.toString().length - strip.length,
107
+ spaceLength = colsize - strip.length + self.options.columnSpacing;
108
+ r = r.toString().substring(0, colsize + ansiLen); //compensate for ansi len
109
+ if (spaceLength < 0) {
110
+ spaceLength = 0;
111
+ }
112
+ var spaces = new Array(spaceLength).join(' ');
113
+ str += r + spaces;
114
+ });
115
+ return str;
116
+ };
117
+ var formatted = [];
118
+ table.data.forEach(function (d) {
119
+ var str = dataToString(d);
120
+ formatted.push(str);
121
+ });
122
+ this.setContent(dataToString(table.headers));
123
+ this.rows.setItems(formatted);
102
124
  };
103
-
104
- var formatted = [];
105
-
106
- table.data.forEach(function(d) {
107
- var str = dataToString(d);
108
- formatted.push(str);
109
- });
110
- this.setContent(dataToString(table.headers));
111
- this.rows.setItems(formatted);
112
- };
113
-
114
- Table.prototype.getOptionsPrototype = function() {
115
- return { keys: true
116
- , fg: 'white'
117
- , interactive: false
118
- , label: 'Active Processes'
119
- , width: '30%'
120
- , height: '30%'
121
- , border: {type: 'line', fg: 'cyan'}
122
- , columnSpacing: 10
123
- , columnWidth: [16, 12]
124
- , data: { headers: ['col1', 'col2']
125
- , data: [ ['a', 'b']
126
- , ['5', 'u']
127
- , ['x', '16.1'] ]}
125
+ Table.prototype.getOptionsPrototype = function () {
126
+ return {
127
+ keys: true,
128
+ fg: 'white',
129
+ interactive: false,
130
+ label: 'Active Processes',
131
+ width: '30%',
132
+ height: '30%',
133
+ border: {
134
+ type: 'line',
135
+ fg: 'cyan'
136
+ },
137
+ columnSpacing: 10,
138
+ columnWidth: [16, 12],
139
+ data: {
140
+ headers: ['col1', 'col2'],
141
+ data: [['a', 'b'], ['5', 'u'], ['x', '16.1']]
142
+ }
143
+ };
128
144
  };
129
- };
145
+ Table.prototype.type = 'table';
146
+ table = Table;
147
+ return table;
148
+ }
130
149
 
131
- Table.prototype.type = 'table';
150
+ var tableExports = requireTable();
132
151
 
133
- module.exports = Table;
152
+ module.exports = tableExports;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@socketsecurity/cli-with-sentry",
3
- "version": "0.15.55",
3
+ "version": "0.15.56",
4
4
  "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
5
5
  "homepage": "https://github.com/SocketDev/socket-cli",
6
6
  "license": "MIT",
@@ -83,9 +83,9 @@
83
83
  "@babel/plugin-transform-export-namespace-from": "7.27.1",
84
84
  "@babel/plugin-transform-runtime": "7.27.4",
85
85
  "@babel/preset-typescript": "7.27.1",
86
- "@babel/runtime": "7.27.4",
86
+ "@babel/runtime": "7.27.6",
87
87
  "@biomejs/biome": "1.9.4",
88
- "@coana-tech/cli": "14.9.20",
88
+ "@coana-tech/cli": "14.9.21",
89
89
  "@cyclonedx/cdxgen": "11.3.2",
90
90
  "@dotenvx/dotenvx": "1.44.1",
91
91
  "@eslint/compat": "1.2.9",
@@ -118,7 +118,7 @@
118
118
  "@types/js-yaml": "4.0.9",
119
119
  "@types/micromatch": "4.0.9",
120
120
  "@types/mock-fs": "4.13.4",
121
- "@types/node": "22.15.29",
121
+ "@types/node": "22.15.30",
122
122
  "@types/npmcli__arborist": "6.3.0",
123
123
  "@types/proc-log": "3.0.4",
124
124
  "@types/semver": "7.7.0",
@@ -126,7 +126,7 @@
126
126
  "@types/yargs-parser": "21.0.3",
127
127
  "@typescript-eslint/parser": "8.33.1",
128
128
  "@typescript/native-preview": "7.0.0-dev.20250605.1",
129
- "@vitest/coverage-v8": "3.2.1",
129
+ "@vitest/coverage-v8": "3.2.2",
130
130
  "blessed": "0.1.81",
131
131
  "blessed-contrib": "4.11.0",
132
132
  "browserslist": "4.25.0",
@@ -136,8 +136,8 @@
136
136
  "del-cli": "6.0.0",
137
137
  "dev-null-cli": "2.0.0",
138
138
  "eslint": "9.28.0",
139
- "eslint-import-resolver-typescript": "4.4.2",
140
- "eslint-plugin-import-x": "4.15.0",
139
+ "eslint-import-resolver-typescript": "4.4.3",
140
+ "eslint-plugin-import-x": "4.15.1",
141
141
  "eslint-plugin-n": "17.19.0",
142
142
  "eslint-plugin-sort-destructure-keys": "2.0.0",
143
143
  "eslint-plugin-unicorn": "56.0.1",
@@ -146,7 +146,7 @@
146
146
  "husky": "9.1.7",
147
147
  "ignore": "7.0.5",
148
148
  "js-yaml": "npm:@zkochan/js-yaml@0.0.7",
149
- "knip": "5.60.1",
149
+ "knip": "5.60.2",
150
150
  "lint-staged": "16.1.0",
151
151
  "magic-string": "0.30.17",
152
152
  "meow": "13.2.0",
@@ -164,10 +164,11 @@
164
164
  "terminal-link": "2.1.1",
165
165
  "tiny-updater": "3.5.3",
166
166
  "tinyglobby": "0.2.14",
167
+ "trash": "9.0.0",
167
168
  "type-coverage": "2.29.7",
168
169
  "typescript-eslint": "8.33.1",
169
170
  "unplugin-purge-polyfills": "0.1.0",
170
- "vitest": "3.2.1",
171
+ "vitest": "3.2.2",
171
172
  "which": "5.0.0",
172
173
  "yaml": "2.8.0",
173
174
  "yargs-parser": "22.0.0",
@@ -200,7 +201,7 @@
200
201
  "side-channel": "npm:@socketregistry/side-channel@^1",
201
202
  "tiny-colors": "$yoctocolors-cjs",
202
203
  "typedarray": "npm:@socketregistry/typedarray@^1",
203
- "undici": "6.21.1",
204
+ "undici": "6.21.2",
204
205
  "vite": "6.3.5",
205
206
  "xml2js": "0.5.0",
206
207
  "yaml": "2.8.0"
@@ -233,6 +234,6 @@
233
234
  "strict": true
234
235
  },
235
236
  "dependencies": {
236
- "@sentry/node": "9.26.0"
237
+ "@sentry/node": "9.27.0"
237
238
  }
238
239
  }
package/dist/shadow-bin.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"shadow-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx',\n): Promise<string> {\n const isNpx = binName === 'npx'\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${binName}-cli.js`),\n path.join(realBinPath, binName),\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isLoglevelFlag,\n isNodeOptionsFlag,\n isProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2),\n) {\n process.exitCode = 1\n // Lazily access constants.ENV.NODE_COMPILE_CACHE\n const { NODE_COMPILE_CACHE } = constants.ENV\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const binArgs = rawBinArgs.filter(\n a => !isProgressFlag(a) && !isNodeOptionsFlag(a),\n )\n const nodeOptionsArg = rawBinArgs.findLast(isNodeOptionsFlag)\n const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const permArgs =\n binName === 'npm' &&\n // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n constants.SUPPORTS_NODE_PERMISSION_FLAG\n ? await (async () => {\n const cwd = process.cwd()\n const stdioPipeOptions: SpawnOptions = { cwd }\n const globalPrefix = (\n await spawn('npm', ['prefix', '-g'], stdioPipeOptions)\n ).stdout.trim()\n const npmCachePath = (\n await spawn('npm', ['config', 'get', 'cache'], stdioPipeOptions)\n ).stdout.trim()\n return [\n '--permission',\n '--allow-child-process',\n // '--allow-addons',\n // '--allow-wasi',\n // Allow all reads because npm walks up directories looking for config\n // and package.json files.\n '--allow-fs-read=*',\n `--allow-fs-write=${cwd}/*`,\n `--allow-fs-write=${globalPrefix}/*`,\n `--allow-fs-write=${npmCachePath}/*`,\n ]\n })()\n : []\n const useDebug = isDebug()\n const useNodeOptions = nodeOptionsArg || permArgs.length\n const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n ? [\n '--require',\n // Lazily access constants.distInstrumentWithSentryPath.\n constants.distInstrumentWithSentryPath,\n ]\n : []),\n '--require',\n // Lazily access constants.distShadowInjectPath.\n constants.distShadowInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n ...(useNodeOptions\n ? [\n `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n ]\n : []),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs,\n ],\n {\n env: {\n ...process.env,\n ...(NODE_COMPILE_CACHE ? { NODE_COMPILE_CACHE } : undefined),\n },\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc'],\n },\n )\n // See https://nodejs.org/api/child_process.html#event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_BIN]: binName,\n [SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n },\n })\n await spawnPromise\n}\n"],"names":["WIN32","env","SOCKET_IPC_HANDSHAKE","NODE_COMPILE_CACHE","constants","cwd","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;ACzBA;;;AAAuDC;AAAqB;AAG7D;;AAKb;;AACQC;;AACR;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAEM;AACA;AAAyCC;;;;;AAUvC;AACA;AACA;AACA;AACA;;AAOV;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;AACA;AAGM;AACAD;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAH;;AAEE;AAA2BE;AAAmB;;AAEhD;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAG;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"22cddd58-b602-498a-8e93-9b948460e294"}
package/dist/shadow-inject.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"shadow-inject.js","sources":["../src/shadow/npm/paths.mts","../src/shadow/npm/arborist/types.mts","../src/shadow/npm/arborist-helpers.mts","../src/shadow/npm/arborist/lib/arborist/index.mts","../src/shadow/npm/arborist/index.mts","../src/shadow/npm/inject.mts"],"sourcesContent":["import path from 'node:path'\n\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants.mts'\nimport { getNpmRequire } from '../../utils/npm-paths.mts'\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n if (_arboristPkgPath === undefined) {\n const pkgName = '@npmcli/arborist'\n const mainPathWithForwardSlashes = normalizePath(\n getNpmRequire().resolve(pkgName),\n )\n const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n 0,\n mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length,\n )\n // Lazily access constants.WIN32.\n _arboristPkgPath = constants.WIN32\n ? path.normalize(arboristPkgPathWithForwardSlashes)\n : arboristPkgPathWithForwardSlashes\n }\n return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n if (_arboristClassPath === undefined) {\n _arboristClassPath = path.join(\n getArboristPackagePath(),\n 'lib/arborist/index.js',\n )\n }\n return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n if (_arboristDepValidPath === undefined) {\n _arboristDepValidPath = path.join(\n getArboristPackagePath(),\n 'lib/dep-valid.js',\n )\n }\n return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n if (_arboristEdgeClassPath === undefined) {\n _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n }\n return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n if (_arboristNodeClassPath === undefined) {\n _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n }\n return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n if (_arboristOverrideSetClassPath === undefined) {\n _arboristOverrideSetClassPath = path.join(\n getArboristPackagePath(),\n 'lib/override-set.js',\n )\n }\n return _arboristOverrideSetClassPath\n}\n","import { createEnum } from '../../../utils/objects.mts'\n\nimport type {\n Options as ArboristOptions,\n Advisory as BaseAdvisory,\n Arborist as BaseArborist,\n AuditReport as BaseAuditReport,\n Diff as BaseDiff,\n Edge as BaseEdge,\n Node as BaseNode,\n BaseOverrideSet,\n BuildIdealTreeOptions,\n ReifyOptions,\n} from '@npmcli/arborist'\n\nexport type ArboristClass = ArboristInstance & {\n new (...args: any): ArboristInstance\n}\n\nexport type ArboristInstance = Omit<\n typeof BaseArborist,\n | 'actualTree'\n | 'auditReport'\n | 'buildIdealTree'\n | 'diff'\n | 'idealTree'\n | 'loadActual'\n | 'loadVirtual'\n | 'reify'\n> & {\n auditReport?: AuditReportInstance | null | undefined\n actualTree?: NodeClass | null | undefined\n diff: Diff | null\n idealTree?: NodeClass | null | undefined\n buildIdealTree(options?: BuildIdealTreeOptions): Promise<NodeClass>\n loadActual(options?: ArboristOptions): Promise<NodeClass>\n loadVirtual(options?: ArboristOptions): Promise<NodeClass>\n reify(options?: ArboristReifyOptions): Promise<NodeClass>\n}\n\nexport type ArboristReifyOptions = ReifyOptions & ArboristOptions\n\nexport type AuditAdvisory = Omit<BaseAdvisory, 'id'> & {\n id: number\n cwe: string[]\n cvss: {\n score: number\n vectorString: string\n }\n vulnerable_versions: string\n}\n\nexport type AuditReportInstance = Omit<BaseAuditReport, 'report'> & {\n report: { [dependency: string]: AuditAdvisory[] }\n}\n\nexport const DiffAction = createEnum({\n add: 'ADD',\n change: 'CHANGE',\n remove: 'REMOVE',\n})\n\nexport type Diff = Omit<\n BaseDiff,\n | 'actual'\n | 'children'\n | 'filterSet'\n | 'ideal'\n | 'leaves'\n | 'removed'\n | 'shrinkwrapInflated'\n | 'unchanged'\n> & {\n actual: NodeClass\n children: Diff[]\n filterSet: Set<NodeClass>\n ideal: NodeClass\n leaves: NodeClass[]\n parent: Diff | null\n removed: NodeClass[]\n shrinkwrapInflated: Set<NodeClass>\n unchanged: NodeClass[]\n}\n\nexport type EdgeClass = Omit<\n BaseEdge,\n | 'accept'\n | 'detach'\n | 'optional'\n | 'overrides'\n | 'peer'\n | 'peerConflicted'\n | 'rawSpec'\n | 'reload'\n | 'satisfiedBy'\n | 'spec'\n | 'to'\n> & {\n optional: boolean\n overrides: OverrideSetClass | undefined\n peer: boolean\n peerConflicted: boolean\n rawSpec: string\n get accept(): string | undefined\n get spec(): string\n get to(): NodeClass | null\n new (...args: any): EdgeClass\n detach(): void\n reload(hard?: boolean): void\n satisfiedBy(node: NodeClass): boolean\n}\n\nexport type LinkClass = Omit<NodeClass, 'isLink'> & {\n readonly isLink: true\n}\n\nexport type NodeClass = Omit<\n BaseNode,\n | 'addEdgeIn'\n | 'addEdgeOut'\n | 'canDedupe'\n | 'canReplace'\n | 'canReplaceWith'\n | 'children'\n | 'deleteEdgeIn'\n | 'edgesIn'\n | 'edgesOut'\n | 'from'\n | 'hasShrinkwrap'\n | 'inDepBundle'\n | 'inShrinkwrap'\n | 'integrity'\n | 'isTop'\n | 'matches'\n | 'meta'\n | 'name'\n | 'overrides'\n | 'packageName'\n | 'parent'\n | 'recalculateOutEdgesOverrides'\n | 'resolve'\n | 'resolveParent'\n | 'root'\n | 'target'\n | 'updateOverridesEdgeInAdded'\n | 'updateOverridesEdgeInRemoved'\n | 'version'\n | 'versions'\n> & {\n name: string\n version: string\n children: Map<string, NodeClass | LinkClass>\n edgesIn: Set<EdgeClass>\n edgesOut: Map<string, EdgeClass>\n from: NodeClass | null\n hasShrinkwrap: boolean\n inShrinkwrap: boolean | undefined\n integrity?: string | null\n isTop: boolean | undefined\n meta: BaseNode['meta'] & {\n addEdge(edge: EdgeClass): void\n }\n overrides: OverrideSetClass | undefined\n target: NodeClass\n versions: string[]\n get inDepBundle(): boolean\n get packageName(): string | null\n get parent(): NodeClass | null\n set parent(value: NodeClass | null)\n get resolveParent(): NodeClass | null\n get root(): NodeClass | null\n set root(value: NodeClass | null)\n new (...args: any): NodeClass\n addEdgeIn(edge: EdgeClass): void\n addEdgeOut(edge: EdgeClass): void\n canDedupe(preferDedupe?: boolean): boolean\n canReplace(node: NodeClass, ignorePeers?: string[]): boolean\n canReplaceWith(node: NodeClass, ignorePeers?: string[]): boolean\n deleteEdgeIn(edge: EdgeClass): void\n matches(node: NodeClass): boolean\n recalculateOutEdgesOverrides(): void\n resolve(name: string): NodeClass\n updateOverridesEdgeInAdded(\n otherOverrideSet: OverrideSetClass | undefined,\n ): boolean\n updateOverridesEdgeInRemoved(otherOverrideSet: OverrideSetClass): boolean\n}\n\nexport interface OverrideSetClass\n extends Omit<\n BaseOverrideSet,\n | 'ancestry'\n | 'children'\n | 'getEdgeRule'\n | 'getMatchingRule'\n | 'getNodeRule'\n | 'parent'\n | 'ruleset'\n > {\n children: Map<string, OverrideSetClass>\n key: string | undefined\n keySpec: string | undefined\n name: string | undefined\n parent: OverrideSetClass | undefined\n value: string | undefined\n version: string | undefined\n // eslint-disable-next-line @typescript-eslint/no-misused-new\n new (...args: any[]): OverrideSetClass\n get isRoot(): boolean\n get ruleset(): Map<string, OverrideSetClass>\n ancestry(): Generator<OverrideSetClass>\n childrenAreEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n getEdgeRule(edge: EdgeClass): OverrideSetClass\n getMatchingRule(node: NodeClass): OverrideSetClass | null\n getNodeRule(node: NodeClass): OverrideSetClass\n isEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n}\n","import semver from 'semver'\n\nimport { PackageURL } from '@socketregistry/packageurl-js'\nimport { getManifestData } from '@socketsecurity/registry'\nimport { debugFn } from '@socketsecurity/registry/lib/debug'\nimport { hasOwn } from '@socketsecurity/registry/lib/objects'\nimport { fetchPackagePackument } from '@socketsecurity/registry/lib/packages'\n\nimport constants from '../../constants.mts'\nimport { Edge } from './arborist/index.mts'\nimport { DiffAction } from './arborist/types.mts'\nimport { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'\nimport { type AliasResult, npa } from '../../utils/npm-package-arg.mts'\nimport { applyRange, getMajor, getMinVersion } from '../../utils/semver.mts'\nimport { idToNpmPurl } from '../../utils/spec.mts'\n\nimport type {\n ArboristInstance,\n Diff,\n EdgeClass,\n LinkClass,\n NodeClass,\n} from './arborist/types.mts'\nimport type { RangeStyle } from '../../utils/semver.mts'\nimport type {\n AlertIncludeFilter,\n AlertsByPurl,\n} from '../../utils/socket-package-alert.mts'\nimport type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'\nimport type { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nconst { LOOP_SENTINEL, NPM, NPM_REGISTRY_URL } = constants\n\nfunction getUrlOrigin(input: string): string {\n try {\n // TODO: URL.parse is available in Node 22.1.0. We can use it when we drop Node 18.\n // https://nodejs.org/docs/latest-v22.x/api/url.html#urlparseinput-base\n // return URL.parse(input)?.origin ?? ''\n return new URL(input).origin ?? ''\n } catch {}\n return ''\n}\n\nexport function findBestPatchVersion(\n node: NodeClass,\n availableVersions: string[],\n vulnerableVersionRange?: string,\n _firstPatchedVersionIdentifier?: string | undefined,\n): string | null {\n const manifestData = getManifestData(NPM, node.name)\n let eligibleVersions\n if (manifestData && manifestData.name === manifestData.package) {\n const major = getMajor(manifestData.version)\n if (typeof major !== 'number') {\n return null\n }\n eligibleVersions = availableVersions.filter(v => getMajor(v) === major)\n } else {\n const major = getMajor(node.version)\n if (typeof major !== 'number') {\n return null\n }\n eligibleVersions = availableVersions.filter(\n v =>\n // Filter for versions that are within the current major version and\n // are NOT in the vulnerable range.\n getMajor(v) === major &&\n (!vulnerableVersionRange ||\n !semver.satisfies(v, vulnerableVersionRange)),\n )\n }\n return eligibleVersions ? semver.maxSatisfying(eligibleVersions, '*') : null\n}\n\nexport function findPackageNode(\n tree: NodeClass,\n name: string,\n version?: string | undefined,\n): NodeClass | undefined {\n const queue: Array<NodeClass | LinkClass> = [tree]\n const visited = new Set<NodeClass>()\n let sentinel = 0\n while (queue.length) {\n if (sentinel++ === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop in findPackageNode')\n }\n const nodeOrLink = queue.pop()!\n const node = getTargetNode(nodeOrLink)\n if (visited.has(node)) {\n continue\n }\n visited.add(node)\n if (\n node.name === name &&\n (typeof version !== 'string' || node.version === version)\n ) {\n return node\n }\n for (const child of node.children.values()) {\n queue.push(child)\n }\n for (const edge of node.edgesOut.values()) {\n const { to } = edge\n if (to) {\n queue.push(to)\n }\n }\n }\n return undefined\n}\n\nexport function findPackageNodes(\n tree: NodeClass,\n name: string,\n version?: string | undefined,\n): NodeClass[] {\n const matches: NodeClass[] = []\n const queue: Array<NodeClass | LinkClass> = [tree]\n const visited = new Set<NodeClass>()\n let sentinel = 0\n while (queue.length) {\n if (sentinel++ === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop in findPackageNodes')\n }\n const nodeOrLink = queue.pop()!\n const node = getTargetNode(nodeOrLink)\n if (visited.has(node)) {\n continue\n }\n visited.add(node)\n\n const { version: targetVersion } = node\n if (!targetVersion && Array.isArray(node.errors) && node.errors.length) {\n debugFn(`miss: version for ${node.name} due to errors:\\n`, node.errors)\n }\n if (\n node.name === name &&\n (typeof version !== 'string' || node.version === version)\n ) {\n matches.push(node)\n }\n for (const child of node.children.values()) {\n queue.push(child)\n }\n for (const edge of node.edgesOut.values()) {\n const { to } = edge\n if (to) {\n queue.push(to)\n }\n }\n }\n return matches\n}\n\nexport type GetAlertsMapFromArboristOptions = {\n consolidate?: boolean | undefined\n include?: AlertIncludeFilter | undefined\n nothrow?: boolean | undefined\n spinner?: Spinner | undefined\n}\n\nexport async function getAlertsMapFromArborist(\n arb: ArboristInstance,\n options_?: GetAlertsMapFromArboristOptions | undefined,\n): Promise<AlertsByPurl> {\n const options = {\n __proto__: null,\n consolidate: false,\n include: undefined,\n limit: Infinity,\n nothrow: false,\n ...options_,\n } as GetAlertsMapFromArboristOptions\n\n options.include = {\n __proto__: null,\n // Leave 'actions' unassigned so it can be given a default value in\n // subsequent functions where `options` is passed.\n // actions: undefined,\n blocked: true,\n critical: true,\n cve: true,\n existing: false,\n unfixable: true,\n upgradable: false,\n ...options.include,\n } as AlertIncludeFilter\n\n const needInfoOn = getDetailsFromDiff(arb.diff, {\n include: {\n unchanged: options.include.existing,\n },\n })\n\n const purls = needInfoOn.map(d => idToNpmPurl(d.node.pkgid))\n\n let overrides: { [key: string]: string } | undefined\n const overridesMap = (\n arb.actualTree ??\n arb.idealTree ??\n (await arb.loadActual())\n )?.overrides?.children\n if (overridesMap) {\n overrides = Object.fromEntries(\n [...overridesMap.entries()].map(([key, overrideSet]) => {\n return [key, overrideSet.value!]\n }),\n )\n }\n\n return await getAlertsMapFromPurls(purls, {\n overrides,\n ...options,\n })\n}\n\nexport type DiffQueryIncludeFilter = {\n unchanged?: boolean | undefined\n unknownOrigin?: boolean | undefined\n}\n\nexport type DiffQueryOptions = {\n include?: DiffQueryIncludeFilter | undefined\n}\n\nexport type PackageDetail = {\n node: NodeClass\n existing?: NodeClass | undefined\n}\n\nexport function getDetailsFromDiff(\n diff_: Diff | null,\n options?: DiffQueryOptions | undefined,\n): PackageDetail[] {\n const details: PackageDetail[] = []\n // `diff_` is `null` when `npm install --package-lock-only` is passed.\n if (!diff_) {\n return details\n }\n\n const include = {\n __proto__: null,\n unchanged: false,\n unknownOrigin: false,\n ...({ __proto__: null, ...options } as DiffQueryOptions).include,\n } as DiffQueryIncludeFilter\n\n const queue: Diff[] = [...diff_.children]\n let pos = 0\n let { length: queueLength } = queue\n while (pos < queueLength) {\n if (pos === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop while walking Arborist diff')\n }\n const diff = queue[pos++]!\n const { action } = diff\n if (action) {\n // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff\n // action is 'REMOVE'\n // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff\n // action is 'ADD'.\n const { actual: oldNode, ideal: pkgNode } = diff\n let existing: NodeClass | undefined\n let keep = false\n if (action === DiffAction.change) {\n if (pkgNode?.package.version !== oldNode?.package.version) {\n keep = true\n if (\n oldNode?.package.name &&\n oldNode.package.name === pkgNode?.package.name\n ) {\n existing = oldNode\n }\n } else {\n // TODO: This debug log has too much information. We should narrow it down.\n // debugFn('skip: meta change diff\\n', diff)\n }\n } else {\n keep = action !== DiffAction.remove\n }\n if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {\n if (\n include.unknownOrigin ||\n getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL\n ) {\n details.push({\n node: pkgNode,\n existing,\n })\n }\n }\n }\n for (const child of diff.children) {\n queue[queueLength++] = child\n }\n }\n if (include.unchanged) {\n const { unchanged } = diff_!\n for (let i = 0, { length } = unchanged; i < length; i += 1) {\n const pkgNode = unchanged[i]!\n if (\n include.unknownOrigin ||\n getUrlOrigin(pkgNode.resolved!) === NPM_REGISTRY_URL\n ) {\n details.push({\n node: pkgNode,\n existing: pkgNode,\n })\n }\n }\n }\n return details\n}\n\nexport function getTargetNode(nodeOrLink: NodeClass | LinkClass): NodeClass\nexport function getTargetNode<T>(nodeOrLink: T): NodeClass | null\nexport function getTargetNode(nodeOrLink: any): NodeClass | null {\n return nodeOrLink?.isLink ? nodeOrLink.target : (nodeOrLink ?? null)\n}\n\nexport function isTopLevel(tree: NodeClass, node: NodeClass): boolean {\n return getTargetNode(tree.children.get(node.name)) === node\n}\n\nexport type Packument = Exclude<\n Awaited<ReturnType<typeof fetchPackagePackument>>,\n null\n>\n\nexport function updateNode(\n node: NodeClass,\n newVersion: string,\n newVersionPackument: Packument['versions'][number],\n): void {\n // Object.defineProperty is needed to set the version property and replace\n // the old value with newVersion.\n Object.defineProperty(node, 'version', {\n configurable: true,\n enumerable: true,\n get: () => newVersion,\n })\n // Update package.version associated with the node.\n node.package.version = newVersion\n // Update node.resolved.\n const purlObj = PackageURL.fromString(idToNpmPurl(node.name))\n node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${newVersion}.tgz`\n // Update node.integrity with the targetPackument.dist.integrity value if available\n // else delete node.integrity so a new value is resolved for the target version.\n const { integrity } = newVersionPackument.dist\n if (integrity) {\n node.integrity = integrity\n } else {\n delete node.integrity\n }\n // Update node.package.deprecated based on targetPackument.deprecated.\n if (hasOwn(newVersionPackument, 'deprecated')) {\n node.package['deprecated'] = newVersionPackument.deprecated as string\n } else {\n delete node.package['deprecated']\n }\n // Update node.package.dependencies.\n const newDeps = { ...newVersionPackument.dependencies }\n const { dependencies: oldDeps } = node.package\n node.package.dependencies = newDeps\n if (oldDeps) {\n for (const oldDepName of Object.keys(oldDeps)) {\n if (!hasOwn(newDeps, oldDepName)) {\n // Detach old edges for dependencies that don't exist on the updated\n // node.package.dependencies.\n node.edgesOut.get(oldDepName)?.detach()\n }\n }\n }\n for (const newDepName of Object.keys(newDeps)) {\n if (!hasOwn(oldDeps, newDepName)) {\n // Add new edges for dependencies that don't exist on the old\n // node.package.dependencies.\n node.addEdgeOut(\n new Edge({\n from: node,\n name: newDepName,\n spec: newDeps[newDepName],\n type: 'prod',\n }) as unknown as EdgeClass,\n )\n }\n }\n}\n\nexport function updatePackageJsonFromNode(\n editablePkgJson: EditablePackageJson,\n tree: NodeClass,\n node: NodeClass,\n newVersion: string,\n rangeStyle?: RangeStyle | undefined,\n): boolean {\n let result = false\n if (!isTopLevel(tree, node)) {\n return result\n }\n const { name } = node\n for (const depField of [\n 'dependencies',\n 'optionalDependencies',\n 'peerDependencies',\n ]) {\n const depObject = editablePkgJson.content[depField] as\n | { [key: string]: string }\n | undefined\n const depValue = hasOwn(depObject, name) ? depObject[name] : undefined\n if (typeof depValue !== 'string' || depValue.startsWith('catalog:')) {\n continue\n }\n let oldRange = depValue\n // Use npa if depValue looks like more than just a semver range.\n if (depValue.includes(':')) {\n const npaResult = npa(depValue)\n if (!npaResult || (npaResult as AliasResult).subSpec) {\n continue\n }\n oldRange = npaResult.rawSpec\n }\n const oldMin = getMinVersion(oldRange)\n const newRange =\n oldMin &&\n // Ensure we're on the same major version...\n getMajor(newVersion) === oldMin.major &&\n // and not a downgrade.\n semver.gte(newVersion, oldMin.version)\n ? applyRange(oldRange, newVersion, rangeStyle)\n : oldRange\n if (oldRange !== newRange) {\n result = true\n editablePkgJson.update({\n [depField]: {\n ...depObject,\n [name]: newRange,\n },\n })\n }\n }\n return result\n}\n","// @ts-ignore\nimport UntypedArborist from '@npmcli/arborist/lib/arborist/index.js'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\nimport constants from '../../../../../constants.mts'\nimport { logAlertsMap } from '../../../../../utils/socket-package-alert.mts'\nimport { getAlertsMapFromArborist } from '../../../arborist-helpers.mts'\n\nimport type {\n ArboristClass,\n ArboristReifyOptions,\n NodeClass,\n} from '../../types.mts'\n\nconst {\n NPM,\n NPX,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { getIpc },\n} = constants\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n __proto__: null,\n audit: false,\n dryRun: true,\n fund: false,\n ignoreScripts: true,\n progress: false,\n save: false,\n saveBundle: false,\n silent: true,\n}\n\nexport const kCtorArgs = Symbol('ctorArgs')\n\nexport const kRiskyReify = Symbol('riskyReify')\n\nexport const Arborist: ArboristClass = UntypedArborist\n\n// Implementation code not related to our custom behavior is based on\n// https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/index.js:\nexport class SafeArborist extends Arborist {\n constructor(...ctorArgs: ConstructorParameters<ArboristClass>) {\n super(\n {\n path:\n (ctorArgs.length ? ctorArgs[0]?.path : undefined) ?? process.cwd(),\n ...(ctorArgs.length ? ctorArgs[0] : undefined),\n ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n },\n ...ctorArgs.slice(1),\n )\n ;(this as any)[kCtorArgs] = ctorArgs\n }\n\n async [kRiskyReify](\n ...args: Parameters<InstanceType<ArboristClass>['reify']>\n ): Promise<NodeClass> {\n const ctorArgs = (this as any)[kCtorArgs]\n const arb = new Arborist(\n {\n ...(ctorArgs.length ? ctorArgs[0] : undefined),\n progress: false,\n },\n ...ctorArgs.slice(1),\n )\n const ret = await (arb.reify as (...args: any[]) => Promise<NodeClass>)(\n {\n ...(args.length ? args[0] : undefined),\n progress: false,\n },\n ...args.slice(1),\n )\n Object.assign(this, arb)\n return ret\n }\n\n // @ts-ignore Incorrectly typed.\n override async reify(\n this: SafeArborist,\n ...args: Parameters<InstanceType<ArboristClass>['reify']>\n ): Promise<NodeClass> {\n const options = {\n __proto__: null,\n ...(args.length ? args[0] : undefined),\n } as ArboristReifyOptions\n const ipc = await getIpc()\n const binName = ipc[SOCKET_CLI_SAFE_BIN]\n if (!binName) {\n return await this[kRiskyReify](...args)\n }\n await super.reify(\n {\n ...options,\n ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n progress: false,\n },\n // @ts-ignore: TypeScript gets grumpy about rest parameters.\n ...args.slice(1),\n )\n // Lazily access constants.ENV.SOCKET_CLI_ACCEPT_RISKS.\n const acceptRisks = constants.ENV.SOCKET_CLI_ACCEPT_RISKS\n const progress = ipc[SOCKET_CLI_SAFE_PROGRESS]\n const spinner =\n options['silent'] || !progress\n ? undefined\n : // Lazily access constants.spinner.\n constants.spinner\n const isSafeNpm = binName === NPM\n const isSafeNpx = binName === NPX\n const alertsMap = await getAlertsMapFromArborist(this, {\n spinner,\n include:\n acceptRisks || options.dryRun || options['yes']\n ? {\n actions: ['error'],\n blocked: true,\n critical: false,\n cve: false,\n existing: true,\n unfixable: false,\n }\n : {\n existing: isSafeNpx,\n unfixable: isSafeNpm,\n },\n })\n if (alertsMap.size) {\n process.exitCode = 1\n // Lazily access constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS.\n const viewAllRisks = constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS\n logAlertsMap(alertsMap, {\n hideAt: viewAllRisks ? 'none' : 'middle',\n output: process.stderr,\n })\n throw new Error(\n `\n Socket ${binName} exiting due to risks.${\n viewAllRisks\n ? ''\n : `\\nView all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.`\n }${\n acceptRisks\n ? ''\n : `\\nAccept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.`\n }\n `.trim(),\n )\n } else if (!options['silent']) {\n logger.success(\n `Socket ${binName} ${acceptRisks ? 'accepted' : 'found no'} risks`,\n )\n if (binName === NPX) {\n logger.log(`Running ${options.add![0]}`)\n }\n }\n return await this[kRiskyReify](...args)\n }\n}\n","import { createRequire } from 'node:module'\n\n// @ts-ignore\nimport UntypedEdge from '@npmcli/arborist/lib/edge.js'\n// @ts-ignore\nimport UntypedNode from '@npmcli/arborist/lib/node.js'\n// @ts-ignore\nimport UntypedOverrideSet from '@npmcli/arborist/lib/override-set.js'\n\nimport {\n getArboristClassPath,\n getArboristEdgeClassPath,\n getArboristNodeClassPath,\n getArboristOverrideSetClassPath,\n} from '../paths.mts'\nimport { Arborist, SafeArborist } from './lib/arborist/index.mts'\n\nimport type { EdgeClass, NodeClass, OverrideSetClass } from './types.mts'\n\nconst require = createRequire(import.meta.url)\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n __proto__: null,\n audit: false,\n dryRun: true,\n fund: false,\n ignoreScripts: true,\n progress: false,\n save: false,\n saveBundle: false,\n silent: true,\n}\n\nexport { Arborist, SafeArborist }\n\nexport const Edge: EdgeClass = UntypedEdge\n\nexport const Node: NodeClass = UntypedNode\n\nexport const OverrideSet: OverrideSetClass = UntypedOverrideSet\n\nexport function installSafeArborist() {\n // Override '@npmcli/arborist' module exports with patched variants based on\n // https://github.com/npm/cli/pull/8089.\n const cache: { [key: string]: any } = require.cache\n cache[getArboristClassPath()] = { exports: SafeArborist }\n cache[getArboristEdgeClassPath()] = { exports: Edge }\n cache[getArboristNodeClassPath()] = { exports: Node }\n cache[getArboristOverrideSetClassPath()] = { exports: OverrideSet }\n}\n","import { installSafeArborist } from './arborist/index.mts'\n\ninstallSafeArborist()\n"],"names":["_arboristPkgPath","add","change","remove","NPM_REGISTRY_URL","eligibleVersions","getMajor","visited","queue","to","version","matches","__proto__","consolidate","include","limit","nothrow","blocked","critical","cve","existing","unfixable","upgradable","unchanged","unknownOrigin","length","action","actual","ideal","keep","node","Object","configurable","enumerable","integrity","dependencies","from","name","spec","type","semver","result","getIpc","audit","dryRun","fund","ignoreScripts","progress","save","saveBundle","silent","path","constants","hideAt","logger","cache","exports","installSafeArborist"],"mappings":";;;;;;;;;;;;;;AAOA;AACO;;;AAGH;AAGA;AAIA;AACAA;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAaA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;ACjBO;AACLC;AACAC;AACAC;AACF;;AC7BA;;;AAA4BC;AAAiB;AAE7C;;AAEI;AACA;AACA;;;AAGF;AACF;AAEO;;AAOL;;AAEE;AACA;AACE;AACF;AACAC;AACF;AACE;AACA;AACE;AACF;AACAA;AAEI;AACA;AACAC;AAIN;;AAEF;AAEO;AAKL;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAC;AACA;AAIE;AACF;;AAEEC;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AAEO;;AAML;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAD;;AAEQG;AAAuB;AAC/B;;AAEA;AACA;AAIEC;AACF;;AAEEH;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AASO;AAIL;AACEI;AACAC;AACAC;AACAC;AACAC;;;;AAKAJ;AACA;AACA;AACA;AACAK;AACAC;AACAC;AACAC;AACAC;AACAC;AACA;;AAGF;AACER;AACES;AACF;AACF;AAEA;AAEA;;AAMA;;AAGM;AACF;AAEJ;AAEA;;;AAGA;AACF;AAgBO;;AAKL;;AAEE;AACF;AAEA;AACEX;AACAW;AACAC;;AACMZ;;AAA4B;;AAGpC;;;AAEMa;AAAoB;;;AAGtB;AACF;AACA;;AACQC;AAAO;AACf;AACE;AACA;AACA;AACA;;AACQC;AAAiBC;AAAe;AACxC;;AAEA;;AAEIC;AACA;AAIET;AACF;AACF;AAIF;AACES;AACF;AACA;AACE;;AAKIC;AACAV;AACF;AACF;AACF;AACF;AACA;AACEZ;AACF;AACF;;;AAEUe;AAAU;AAClB;AAAkBE;;AAChB;AACA;;AAKIK;AACAV;AACF;AACF;AACF;AACF;AACA;AACF;AAIO;;AAEP;AAEO;AACL;AACF;AAOO;AAKL;AACA;AACAW;AACEC;AACAC;;AAEF;AACA;AACAH;AACA;AACA;AACAA;AACA;AACA;;AACQI;;AACR;;AAEA;;AAEA;AACA;AACA;;AAEA;AACE;AACF;AACA;AACA;AAAkB;;;AACVC;;AACRL;AACA;;AAEI;AACE;AACA;;AAEF;AACF;AACF;;AAEE;AACE;AACA;AACAA;AAEIM;AACAC;AACAC;AACAC;AACF;AAEJ;AACF;AACF;AAEO;;AAQL;AACE;AACF;;AACQF;AAAK;;AAMX;AAGA;;AAEE;AACF;;AAEA;AACA;AACE;AACA;AACE;AACF;;AAEF;AACA;;AAGE;AACA/B;AACA;AACAkC;;AAIAC;;AAEE;AACE;AACA;AACF;AACF;AACF;AACF;AACA;AACF;;AC1bA;AAeA;;;;;;;;AAQE;AAA+DC;AAAO;AACxE;AAEO;AACL9B;AACA+B;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEO;AAEA;AAEA;;AAEP;AACA;AACO;;AAEH;AAEIC;;;;AAOF;AACJ;AAEA;AAGE;AACA;;AAGIJ;;AAIJ;;AAGIA;;AAIJhB;AACA;AACF;;AAEA;AACA;AAIE;AACEnB;;;AAGF;AACA;;;AAGA;;AAGI;AACA;AACAmC;;AAEF;AACA;AAEF;AACA;AACA;;AAIM;AACAK;AACN;AACA;AACA;;;;AAMUnC;AACAC;AACAC;AACAC;AACAC;AACF;AAEED;AACAC;AACF;AACR;;;AAGE;AACA;;AAEEgC;;AAEF;;AAGN;AAQA;AAGI;AACEC;;;AAKA;AACF;;AAEF;AACF;;AChJA,iBAAA;AAEO;AACL1C;AACA+B;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAIO;AAEA;AAEA;AAEA;AACL;AACA;AACA;AACAK;AAAkCC;;AAClCD;AAAsCC;;AACtCD;AAAsCC;;AACtCD;AAA6CC;;AAC/C;;AC/CAC;;;;;;;;;","debugId":"a5816f76-450f-4ee2-89c1-c52f85bce9ae"}
package/external/blessed-contrib/index.js DELETED
@@ -1,28 +0,0 @@
1
- 'use strict'
2
-
3
- exports.grid = require('./lib/layout/grid')
4
- exports.carousel = require('./lib/layout/carousel')
5
-
6
- exports.map = require('./lib/widget/map')
7
- exports.canvas = require('./lib/widget/canvas')
8
-
9
- exports.gauge = require('./lib/widget/gauge.js')
10
- exports.gaugeList = require('./lib/widget/gauge-list.js')
11
-
12
- exports.lcd = require('./lib/widget/lcd.js')
13
- exports.donut = require('./lib/widget/donut.js')
14
- exports.log = require('./lib/widget/log.js')
15
- exports.picture = require('./lib/widget/picture.js')
16
- exports.sparkline = require('./lib/widget/sparkline.js')
17
- exports.table = require('./lib/widget/table.js')
18
- exports.tree = require('./lib/widget/tree.js')
19
- exports.markdown = require('./lib/widget/markdown.js')
20
-
21
- exports.bar = require('./lib/widget/charts/bar')
22
- exports.stackedBar = require('./lib/widget/charts/stacked-bar')
23
- exports.line = require('./lib/widget/charts/line')
24
-
25
- exports.OutputBuffer = require('./lib/server-utils').OutputBuffer
26
- exports.InputBuffer = require('./lib/server-utils').InputBuffer
27
- exports.createScreen = require('./lib/server-utils').createScreen
28
- exports.serverError = require('./lib/server-utils').serverError
package/external/blessed-contrib/lib/layout/carousel.js DELETED
@@ -1,74 +0,0 @@
1
- 'use strict';
2
-
3
- function Carousel(pages, options) {
4
- this.currPage = 0;
5
- this.pages = pages;
6
- this.options = options;
7
- this.screen = this.options.screen;
8
- }
9
-
10
- Carousel.prototype.move = function() {
11
- var i = this.screen.children.length;
12
- while (i--) this.screen.children[i].detach();
13
-
14
- this.pages[this.currPage](this.screen, this.currPage);
15
- this.screen.render();
16
- };
17
-
18
- Carousel.prototype.next = function() {
19
- this.currPage++;
20
- if (this.currPage==this.pages.length){
21
- if (!this.options.rotate) {
22
- this.currPage--;
23
- return;
24
- } else {
25
- this.currPage=0;
26
- }
27
- }
28
- this.move();
29
- };
30
-
31
- Carousel.prototype.prev = function() {
32
- this.currPage--;
33
- if (this.currPage<0) {
34
- if (!this.options.rotate) {
35
- this.currPage++;
36
- return;
37
- } else {
38
- this.currPage=this.pages.length-1;
39
- }
40
- }
41
- this.move();
42
- };
43
-
44
- Carousel.prototype.home = function() {
45
- this.currPage = 0;
46
- this.move();
47
- };
48
-
49
- Carousel.prototype.end = function() {
50
- this.currPage = this.pages.length -1;
51
- this.move();
52
- };
53
-
54
- Carousel.prototype.start = function() {
55
- var self = this;
56
-
57
- this.move();
58
-
59
- if (this.options.interval) {
60
- setInterval(this.next.bind(this), this.options.interval);
61
- }
62
-
63
- if (this.options.controlKeys) {
64
- this.screen.key(['right', 'left', 'home', 'end'], function(ch, key) {
65
- if (key.name=='right') self.next();
66
- if (key.name=='left') self.prev();
67
- if (key.name=='home') self.home();
68
- if (key.name=='end') self.end();
69
- });
70
- }
71
-
72
- };
73
-
74
- module.exports = Carousel;
package/external/blessed-contrib/lib/server-utils.js DELETED
@@ -1,73 +0,0 @@
1
- 'use strict';
2
-
3
- function OutputBuffer(options) {
4
- this.isTTY = true;
5
- this.columns = options.cols;
6
- this.rows = options.rows;
7
- this.write = function(s) {
8
- s = s.replace('\x1b8', ''); //not clear from where in blessed this code comes from. It forces the terminal to clear and loose existing content.
9
- options.res.write(s);
10
- };
11
-
12
- this.on = function() {};
13
- }
14
-
15
- function InputBuffer() {
16
- this.isTTY = true;
17
- this.isRaw = true;
18
-
19
- this.emit = function() {};
20
-
21
- this.setRawMode = function() {};
22
- this.resume = function() {};
23
- this.pause = function() {};
24
-
25
- this.on = function() {};
26
- }
27
-
28
- function serverError(req, res, err) {
29
- setTimeout(function() {
30
- if (!res.headersSent) res.writeHead(500, {'Content-Type': 'text/plain'});
31
- res.write('\r\n\r\n'+err+'\r\n\r\n');
32
- //restore cursor
33
- res.end('\u001b[?25h');
34
- }, 0);
35
-
36
- return true;
37
- }
38
-
39
-
40
- function createScreen(req, res) {
41
- var url = require('url');
42
- var query = url.parse(req.url, true).query;
43
-
44
- var cols = query.cols || 250;
45
- var rows = query.rows || 50;
46
-
47
- if (cols<=35 || cols>=500 || rows<=5 || rows>=300) {
48
- serverError(req, res, 'cols must be bigger than 35 and rows must be bigger than 5');
49
- return null;
50
- }
51
-
52
- res.writeHead(200, {'Content-Type': 'text/plain'});
53
-
54
- var contrib = require('../index')
55
- var output = new contrib.OutputBuffer({res: res, cols: cols, rows: rows});
56
- var input = new contrib.InputBuffer(); //required to run under forever since it replaces stdin to non-tty
57
- var Program = require('../../blessed/lib/program')
58
- var program = new Program({output: output, input: input});
59
-
60
- if (query.terminal) program.terminal = query.terminal;
61
- if (query.isOSX) program.isOSXTerm = query.isOSX;
62
- if (query.isiTerm2) program.isiTerm2 = query.isiTerm2;
63
-
64
- var ScreenWidget = require('../../blessed/lib/widgets/screen')
65
- var screen = new ScreenWidget({program: program});
66
- return screen;
67
- }
68
-
69
-
70
- exports.createScreen = createScreen;
71
- exports.OutputBuffer = OutputBuffer;
72
- exports.InputBuffer = InputBuffer;
73
- exports.serverError = serverError;