@socketsecurity/cli-with-sentry 0.15.55 → 0.15.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/bin/cli.js +2 -2
  2. package/dist/cli.js +82 -55
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +49 -29
  5. package/dist/constants.js.map +1 -1
  6. package/dist/{shadow-bin.js → shadow-npm-bin.js} +6 -6
  7. package/dist/shadow-npm-bin.js.map +1 -0
  8. package/dist/{shadow-inject.js → shadow-npm-inject.js} +1 -1
  9. package/dist/shadow-npm-inject.js.map +1 -0
  10. package/dist/types/commands/scan/handle-reach-scan.d.mts +1 -1
  11. package/dist/types/commands/scan/handle-reach-scan.d.mts.map +1 -1
  12. package/dist/types/commands/scan/scan-reachability.d.mts +1 -1
  13. package/dist/types/commands/scan/scan-reachability.d.mts.map +1 -1
  14. package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts.map +1 -1
  15. package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts +4 -1
  16. package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts.map +1 -1
  17. package/dist/types/commands/threat-feed/handle-threat-feed.d.mts +4 -1
  18. package/dist/types/commands/threat-feed/handle-threat-feed.d.mts.map +1 -1
  19. package/dist/types/constants.d.mts +9 -5
  20. package/dist/types/constants.d.mts.map +1 -1
  21. package/dist/utils.js +5 -5
  22. package/dist/utils.js.map +1 -1
  23. package/dist/vendor.js +21 -21
  24. package/external/@coana-tech/cli/cli.mjs +123 -8
  25. package/external/@socketsecurity/registry/external/@npmcli/package-json/index.js +9 -4
  26. package/external/@socketsecurity/registry/external/@socketregistry/yocto-spinner.js +115 -132
  27. package/external/@socketsecurity/registry/external/@yarnpkg/extensions.js +18 -0
  28. package/external/@socketsecurity/registry/external/browserslist.js +662 -658
  29. package/external/@socketsecurity/registry/external/cacache.js +5 -3
  30. package/external/@socketsecurity/registry/external/libnpmpack.js +9 -4
  31. package/external/@socketsecurity/registry/external/make-fetch-happen.js +5 -3
  32. package/external/@socketsecurity/registry/external/npm-package-arg.js +4 -1
  33. package/external/@socketsecurity/registry/external/pacote.js +9 -4
  34. package/external/@socketsecurity/registry/external/validate-npm-package-name.js +4 -1
  35. package/external/@socketsecurity/registry/manifest.json +4 -4
  36. package/external/blessed-contrib/lib/layout/grid.js +400 -32
  37. package/external/blessed-contrib/lib/widget/charts/bar.js +8338 -67
  38. package/external/blessed-contrib/lib/widget/charts/line.js +17861 -196
  39. package/external/blessed-contrib/lib/widget/table.js +140 -121
  40. package/package.json +17 -16
  41. package/dist/shadow-bin.js.map +0 -1
  42. package/dist/shadow-inject.js.map +0 -1
  43. package/external/blessed-contrib/index.js +0 -28
  44. package/external/blessed-contrib/lib/layout/carousel.js +0 -74
  45. package/external/blessed-contrib/lib/server-utils.js +0 -73
  46. package/external/blessed-contrib/lib/utils.js +0 -73
  47. package/external/blessed-contrib/lib/widget/canvas.js +0 -51
  48. package/external/blessed-contrib/lib/widget/charts/stacked-bar.js +0 -218
  49. package/external/blessed-contrib/lib/widget/donut.js +0 -149
  50. package/external/blessed-contrib/lib/widget/gauge-list.js +0 -106
  51. package/external/blessed-contrib/lib/widget/gauge.js +0 -125
  52. package/external/blessed-contrib/lib/widget/lcd.js +0 -451
  53. package/external/blessed-contrib/lib/widget/log.js +0 -33
  54. package/external/blessed-contrib/lib/widget/map.js +0 -86
  55. package/external/blessed-contrib/lib/widget/markdown.js +0 -64
  56. package/external/blessed-contrib/lib/widget/picture.js +0 -66
  57. package/external/blessed-contrib/lib/widget/sparkline.js +0 -58
  58. package/external/blessed-contrib/lib/widget/tree.js +0 -167
package/dist/constants.js CHANGED
@@ -36,8 +36,8 @@ const NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0';
36
36
  const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
37
37
  const PNPM = 'pnpm';
38
38
  const REDACTED = '<redacted>';
39
- const SHADOW_BIN = 'shadow-bin';
40
- const SHADOW_INJECT = 'shadow-inject';
39
+ const SHADOW_NPM_BIN = 'shadow-npm-bin';
40
+ const SHADOW_NPM_INJECT = 'shadow-npm-inject';
41
41
  const SOCKET = 'socket';
42
42
  const SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS';
43
43
  const SOCKET_CLI_BIN_NAME = 'socket';
@@ -123,10 +123,10 @@ const LAZY_ENV = () => {
123
123
  INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(true),
124
124
  // Comp-time inlined Socket package version.
125
125
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
126
- INLINED_SOCKET_CLI_VERSION: envAsString("0.15.55"),
126
+ INLINED_SOCKET_CLI_VERSION: envAsString("0.15.57"),
127
127
  // Comp-time inlined Socket package version hash.
128
128
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
129
- INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.55:8027daa:7de0e947:pub"),
129
+ INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.57:54a57d4:f40ea1c7:pub"),
130
130
  // Comp-time inlined synp package version.
131
131
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
132
132
  INLINED_SYNP_VERSION: envAsString("1.9.14"),
@@ -189,30 +189,30 @@ path.join(constants.rootPath, 'bin');
189
189
  const lazyBinCliPath = () =>
190
190
  // Lazily access constants.binPath.
191
191
  path.join(constants.binPath, 'cli.js');
192
+ const lazyBlessedContribPath = () =>
193
+ // Lazily access constants.externalPath.
194
+ path.join(constants.externalPath, 'blessed-contrib');
192
195
  const lazyBlessedOptions = () => Object.freeze({
193
196
  smartCSR: true,
194
197
  // Lazily access constants.WIN32.
195
198
  term: constants.WIN32 ? 'windows-ansi' : 'xterm',
196
199
  useBCE: true
197
200
  });
201
+ const lazyBlessedPath = () =>
202
+ // Lazily access constants.externalPath.
203
+ path.join(constants.externalPath, 'blessed');
198
204
  const lazyCoanaBinPath = () =>
205
+ // Lazily access constants.coanaPath.
206
+ path.join(constants.coanaPath, 'cli.mjs');
207
+ const lazyCoanaPath = () =>
199
208
  // Lazily access constants.externalPath.
200
- path.join(constants.externalPath, '@coana-tech/cli/cli.mjs');
201
- const lazyDistPath = () =>
202
- // Lazily access constants.rootPath.
203
- path.join(constants.rootPath, 'dist');
209
+ path.join(constants.externalPath, '@coana-tech/cli');
204
210
  const lazyDistCliPath = () =>
205
211
  // Lazily access constants.distPath.
206
212
  path.join(constants.distPath, 'cli.js');
207
- const lazyDistInstrumentWithSentryPath = () =>
208
- // Lazily access constants.distPath.
209
- path.join(constants.distPath, 'instrument-with-sentry.js');
210
- const lazyDistShadowBinPath = () =>
211
- // Lazily access constants.distPath.
212
- path.join(constants.distPath, `${SHADOW_BIN}.js`);
213
- const lazyDistShadowInjectPath = () =>
214
- // Lazily access constants.distPath.
215
- path.join(constants.distPath, `${SHADOW_INJECT}.js`);
213
+ const lazyDistPath = () =>
214
+ // Lazily access constants.rootPath.
215
+ path.join(constants.rootPath, 'dist');
216
216
  const lazyExternalPath = () =>
217
217
  // Lazily access constants.rootPath.
218
218
  path.join(constants.rootPath, 'external');
@@ -220,6 +220,9 @@ const lazyGithubCachePath = () =>
220
220
  // Lazily access constants.socketCachePath.
221
221
  path.join(constants.socketCachePath, 'github');
222
222
  const lazyHomePath = () => os.homedir();
223
+ const lazyInstrumentWithSentryPath = () =>
224
+ // Lazily access constants.distPath.
225
+ path.join(constants.distPath, 'instrument-with-sentry.js');
223
226
  const lazyMinimumVersionByAgent = () => new Map([
224
227
  // Bun >=1.1.39 supports the text-based lockfile.
225
228
  // https://bun.sh/blog/bun-lock-text-lockfile
@@ -259,6 +262,15 @@ constants.WIN32 ? [] :
259
262
  // √ https://github.com/pnpm/components/pull/23
260
263
  '--frozen-intrinsics', '--no-deprecation']);
261
264
  const lazyRootPath = () => path.join(fs.realpathSync.native(__dirname$1), '..');
265
+ const lazyShadowBinPath = () =>
266
+ // Lazily access constants.rootPath.
267
+ path.join(constants.rootPath, 'shadow-bin');
268
+ const lazyShadowNpmBinPath = () =>
269
+ // Lazily access constants.distPath.
270
+ path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`);
271
+ const lazyShadowNpmInjectPath = () =>
272
+ // Lazily access constants.distPath.
273
+ path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`);
262
274
  const lazySocketAppDataPath = () => {
263
275
  // Get the OS app data folder:
264
276
  // - Win: %LOCALAPPDATA% or fail?
@@ -298,9 +310,9 @@ const lazySocketAppDataPath = () => {
298
310
  const lazySocketCachePath = () =>
299
311
  // Lazily access constants.rootPath.
300
312
  path.join(constants.rootPath, '.cache');
301
- const lazyShadowBinPath = () =>
302
- // Lazily access constants.rootPath.
303
- path.join(constants.rootPath, SHADOW_BIN);
313
+ const lazySocketRegistryPath = () =>
314
+ // Lazily access constants.externalPath.
315
+ path.join(constants.externalPath, '@socketsecurity/registry');
304
316
  const lazyZshRcPath = () =>
305
317
  // Lazily access constants.homePath.
306
318
  path.join(constants.homePath, '.zshrc');
@@ -323,8 +335,8 @@ const constants = createConstantsObject({
323
335
  NPM_REGISTRY_URL,
324
336
  PNPM,
325
337
  REDACTED,
326
- SHADOW_BIN,
327
- SHADOW_INJECT,
338
+ SHADOW_NPM_BIN,
339
+ SHADOW_NPM_INJECT,
328
340
  SOCKET,
329
341
  SOCKET_CLI_ACCEPT_RISKS,
330
342
  SOCKET_CLI_BIN_NAME,
@@ -354,23 +366,27 @@ const constants = createConstantsObject({
354
366
  bashRcPath: undefined,
355
367
  binPath: undefined,
356
368
  binCliPath: undefined,
369
+ blessedContribPath: undefined,
357
370
  blessedOptions: undefined,
371
+ blessedPath: undefined,
358
372
  coanaBinPath: undefined,
373
+ coanaPath: undefined,
359
374
  distCliPath: undefined,
360
- distInstrumentWithSentryPath: undefined,
361
375
  distPath: undefined,
362
- distShadowBinPath: undefined,
363
- distShadowInjectPath: undefined,
364
376
  externalPath: undefined,
365
377
  githubCachePath: undefined,
366
378
  homePath: undefined,
379
+ instrumentWithSentryPath: undefined,
367
380
  minimumVersionByAgent: undefined,
368
381
  nmBinPath: undefined,
369
382
  nodeHardenFlags: undefined,
370
383
  rootPath: undefined,
371
384
  shadowBinPath: undefined,
385
+ shadowNpmInjectPath: undefined,
386
+ shadowNpmBinPath: undefined,
372
387
  socketAppDataPath: undefined,
373
388
  socketCachePath: undefined,
389
+ socketRegistryPath: undefined,
374
390
  zshRcPath: undefined
375
391
  }, {
376
392
  getters: {
@@ -379,23 +395,27 @@ const constants = createConstantsObject({
379
395
  bashRcPath: lazyBashRcPath,
380
396
  binCliPath: lazyBinCliPath,
381
397
  binPath: lazyBinPath,
398
+ blessedContribPath: lazyBlessedContribPath,
382
399
  blessedOptions: lazyBlessedOptions,
400
+ blessedPath: lazyBlessedPath,
383
401
  coanaBinPath: lazyCoanaBinPath,
402
+ coanaPath: lazyCoanaPath,
384
403
  distCliPath: lazyDistCliPath,
385
- distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,
386
404
  distPath: lazyDistPath,
387
- distShadowBinPath: lazyDistShadowBinPath,
388
- distShadowInjectPath: lazyDistShadowInjectPath,
389
405
  externalPath: lazyExternalPath,
390
406
  githubCachePath: lazyGithubCachePath,
391
407
  homePath: lazyHomePath,
408
+ instrumentWithSentryPath: lazyInstrumentWithSentryPath,
392
409
  minimumVersionByAgent: lazyMinimumVersionByAgent,
393
410
  nmBinPath: lazyNmBinPath,
394
411
  nodeHardenFlags: lazyNodeHardenFlags,
395
412
  rootPath: lazyRootPath,
396
413
  shadowBinPath: lazyShadowBinPath,
414
+ shadowNpmBinPath: lazyShadowNpmBinPath,
415
+ shadowNpmInjectPath: lazyShadowNpmInjectPath,
397
416
  socketAppDataPath: lazySocketAppDataPath,
398
417
  socketCachePath: lazySocketCachePath,
418
+ socketRegistryPath: lazySocketRegistryPath,
399
419
  zshRcPath: lazyZshRcPath
400
420
  },
401
421
  internals: {
@@ -415,5 +435,5 @@ const constants = createConstantsObject({
415
435
  });
416
436
 
417
437
  module.exports = constants;
418
- //# debugId=bc26c11e-0fae-41db-8a33-5522d7cd11f4
438
+ //# debugId=f99c888e-27cb-4612-b867-19db3faceb30
419
439
  //# sourceMappingURL=constants.js.map
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_TOKEN: string\n INLINED_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SHADOW_BIN: 'shadow-bin'\n readonly SHADOW_INJECT: 'shadow-inject'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly coanaBinPath: string\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowBinPath: string\n readonly externalPath: string\n readonly distShadowInjectPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_BIN = 'shadow-bin'\nconst SHADOW_INJECT = 'shadow-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n const {\n envAsBoolean,\n envAsString,\n } = require('@socketsecurity/registry/lib/env')\n const { env } = process\n const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag to disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n // Flag to enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(env['PATH']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(env['SOCKET_CLI_API_PROXY']) ||\n envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n envAsString(env['SOCKET_CLI_API_KEY']) ||\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // Flag containing a JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n `github-actions[bot]@users.noreply.github.com`,\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli/cli.mjs')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyDistShadowBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_BIN}.js`)\n\nconst lazyDistShadowInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_INJECT}.js`)\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data folder:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SHADOW_BIN,\n SHADOW_INJECT,\n SOCKET,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_WEBSITE_URL,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedOptions: undefined,\n coanaBinPath: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowBinPath: undefined,\n distShadowInjectPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedOptions: lazyBlessedOptions,\n coanaBinPath: lazyCoanaBinPath,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowBinPath: lazyDistShadowBinPath,\n distShadowInjectPath: lazyDistShadowInjectPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedOptions","coanaBinPath","distCliPath","distInstrumentWithSentryPath","distPath","distShadowBinPath","distShadowInjectPath","externalPath","githubCachePath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootPath","shadowBinPath","socketAppDataPath","socketCachePath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAgJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AAEA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQkB;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEId;;;;;;;;;;;;;AAcFoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEEtB;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"bc26c11e-0fae-41db-8a33-5522d7cd11f4"}
1
+ {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_TOKEN: string\n INLINED_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SHADOW_NPM_BIN: 'shadow-npm-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_NPM_BIN = 'shadow-npm-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n const {\n envAsBoolean,\n envAsString,\n } = require('@socketsecurity/registry/lib/env')\n const { env } = process\n const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag to disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n // Flag to enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(env['PATH']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(env['SOCKET_CLI_API_PROXY']) ||\n envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n envAsString(env['SOCKET_CLI_API_KEY']) ||\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // Flag containing a JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n `github-actions[bot]@users.noreply.github.com`,\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data folder:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SOCKET,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_WEBSITE_URL,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAoJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEId;;;;;;;;;;;;;AAcFoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE1B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"f99c888e-27cb-4612-b867-19db3faceb30"}
package/dist/{shadow-bin.js → shadow-npm-bin.js} RENAMED
@@ -84,10 +84,10 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
84
84
  ...constants.nodeNoWarningsFlags,
85
85
  // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.
86
86
  ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ? ['--require',
87
- // Lazily access constants.distInstrumentWithSentryPath.
88
- constants.distInstrumentWithSentryPath] : []), '--require',
89
- // Lazily access constants.distShadowInjectPath.
90
- constants.distShadowInjectPath,
87
+ // Lazily access constants.instrumentWithSentryPath.
88
+ constants.instrumentWithSentryPath] : []), '--require',
89
+ // Lazily access constants.shadowNpmInjectPath.
90
+ constants.shadowNpmInjectPath,
91
91
  // Lazily access constants.shadowBinPath.
92
92
  await installLinks(constants.shadowBinPath, binName), ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []), ...(useNodeOptions ? [`--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${utils.cmdFlagsToString(permArgs)}'`] : []),
93
93
  // Add '--no-progress' to fix input being swallowed by the npm spinner.
@@ -123,5 +123,5 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
123
123
  }
124
124
 
125
125
  module.exports = shadowBin;
126
- //# debugId=22cddd58-b602-498a-8e93-9b948460e294
127
- //# sourceMappingURL=shadow-bin.js.map
126
+ //# debugId=47ec8b9b-5e96-4483-8b12-7958ba842843
127
+ //# sourceMappingURL=shadow-npm-bin.js.map
package/dist/shadow-npm-bin.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"shadow-npm-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx',\n): Promise<string> {\n const isNpx = binName === 'npx'\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${binName}-cli.js`),\n path.join(realBinPath, binName),\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isLoglevelFlag,\n isNodeOptionsFlag,\n isProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2),\n) {\n process.exitCode = 1\n // Lazily access constants.ENV.NODE_COMPILE_CACHE\n const { NODE_COMPILE_CACHE } = constants.ENV\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const binArgs = rawBinArgs.filter(\n a => !isProgressFlag(a) && !isNodeOptionsFlag(a),\n )\n const nodeOptionsArg = rawBinArgs.findLast(isNodeOptionsFlag)\n const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const permArgs =\n binName === 'npm' &&\n // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n constants.SUPPORTS_NODE_PERMISSION_FLAG\n ? await (async () => {\n const cwd = process.cwd()\n const stdioPipeOptions: SpawnOptions = { cwd }\n const globalPrefix = (\n await spawn('npm', ['prefix', '-g'], stdioPipeOptions)\n ).stdout.trim()\n const npmCachePath = (\n await spawn('npm', ['config', 'get', 'cache'], stdioPipeOptions)\n ).stdout.trim()\n return [\n '--permission',\n '--allow-child-process',\n // '--allow-addons',\n // '--allow-wasi',\n // Allow all reads because npm walks up directories looking for config\n // and package.json files.\n '--allow-fs-read=*',\n `--allow-fs-write=${cwd}/*`,\n `--allow-fs-write=${globalPrefix}/*`,\n `--allow-fs-write=${npmCachePath}/*`,\n ]\n })()\n : []\n const useDebug = isDebug()\n const useNodeOptions = nodeOptionsArg || permArgs.length\n const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n ? [\n '--require',\n // Lazily access constants.instrumentWithSentryPath.\n constants.instrumentWithSentryPath,\n ]\n : []),\n '--require',\n // Lazily access constants.shadowNpmInjectPath.\n constants.shadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n ...(useNodeOptions\n ? [\n `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n ]\n : []),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs,\n ],\n {\n env: {\n ...process.env,\n ...(NODE_COMPILE_CACHE ? { NODE_COMPILE_CACHE } : undefined),\n },\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc'],\n },\n )\n // See https://nodejs.org/api/child_process.html#event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_BIN]: binName,\n [SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n },\n })\n await spawnPromise\n}\n"],"names":["WIN32","env","SOCKET_IPC_HANDSHAKE","NODE_COMPILE_CACHE","constants","cwd","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;ACzBA;;;AAAuDC;AAAqB;AAG7D;;AAKb;;AACQC;;AACR;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAEM;AACA;AAAyCC;;;;;AAUvC;AACA;AACA;AACA;AACA;;AAOV;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;AACA;AAGM;AACAD;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAH;;AAEE;AAA2BE;AAAmB;;AAEhD;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAG;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"47ec8b9b-5e96-4483-8b12-7958ba842843"}
package/dist/{shadow-inject.js → shadow-npm-inject.js} RENAMED
@@ -547,4 +547,4 @@ exports.getAlertsMapFromArborist = getAlertsMapFromArborist;
547
547
  exports.updateNode = updateNode;
548
548
  exports.updatePackageJsonFromNode = updatePackageJsonFromNode;
549
549
  //# debugId=a5816f76-450f-4ee2-89c1-c52f85bce9ae
550
- //# sourceMappingURL=shadow-inject.js.map
550
+ //# sourceMappingURL=shadow-npm-inject.js.map
package/dist/shadow-npm-inject.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"shadow-npm-inject.js","sources":["../src/shadow/npm/paths.mts","../src/shadow/npm/arborist/types.mts","../src/shadow/npm/arborist-helpers.mts","../src/shadow/npm/arborist/lib/arborist/index.mts","../src/shadow/npm/arborist/index.mts","../src/shadow/npm/inject.mts"],"sourcesContent":["import path from 'node:path'\n\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants.mts'\nimport { getNpmRequire } from '../../utils/npm-paths.mts'\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n if (_arboristPkgPath === undefined) {\n const pkgName = '@npmcli/arborist'\n const mainPathWithForwardSlashes = normalizePath(\n getNpmRequire().resolve(pkgName),\n )\n const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n 0,\n mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length,\n )\n // Lazily access constants.WIN32.\n _arboristPkgPath = constants.WIN32\n ? path.normalize(arboristPkgPathWithForwardSlashes)\n : arboristPkgPathWithForwardSlashes\n }\n return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n if (_arboristClassPath === undefined) {\n _arboristClassPath = path.join(\n getArboristPackagePath(),\n 'lib/arborist/index.js',\n )\n }\n return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n if (_arboristDepValidPath === undefined) {\n _arboristDepValidPath = path.join(\n getArboristPackagePath(),\n 'lib/dep-valid.js',\n )\n }\n return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n if (_arboristEdgeClassPath === undefined) {\n _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n }\n return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n if (_arboristNodeClassPath === undefined) {\n _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n }\n return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n if (_arboristOverrideSetClassPath === undefined) {\n _arboristOverrideSetClassPath = path.join(\n getArboristPackagePath(),\n 'lib/override-set.js',\n )\n }\n return _arboristOverrideSetClassPath\n}\n","import { createEnum } from '../../../utils/objects.mts'\n\nimport type {\n Options as ArboristOptions,\n Advisory as BaseAdvisory,\n Arborist as BaseArborist,\n AuditReport as BaseAuditReport,\n Diff as BaseDiff,\n Edge as BaseEdge,\n Node as BaseNode,\n BaseOverrideSet,\n BuildIdealTreeOptions,\n ReifyOptions,\n} from '@npmcli/arborist'\n\nexport type ArboristClass = ArboristInstance & {\n new (...args: any): ArboristInstance\n}\n\nexport type ArboristInstance = Omit<\n typeof BaseArborist,\n | 'actualTree'\n | 'auditReport'\n | 'buildIdealTree'\n | 'diff'\n | 'idealTree'\n | 'loadActual'\n | 'loadVirtual'\n | 'reify'\n> & {\n auditReport?: AuditReportInstance | null | undefined\n actualTree?: NodeClass | null | undefined\n diff: Diff | null\n idealTree?: NodeClass | null | undefined\n buildIdealTree(options?: BuildIdealTreeOptions): Promise<NodeClass>\n loadActual(options?: ArboristOptions): Promise<NodeClass>\n loadVirtual(options?: ArboristOptions): Promise<NodeClass>\n reify(options?: ArboristReifyOptions): Promise<NodeClass>\n}\n\nexport type ArboristReifyOptions = ReifyOptions & ArboristOptions\n\nexport type AuditAdvisory = Omit<BaseAdvisory, 'id'> & {\n id: number\n cwe: string[]\n cvss: {\n score: number\n vectorString: string\n }\n vulnerable_versions: string\n}\n\nexport type AuditReportInstance = Omit<BaseAuditReport, 'report'> & {\n report: { [dependency: string]: AuditAdvisory[] }\n}\n\nexport const DiffAction = createEnum({\n add: 'ADD',\n change: 'CHANGE',\n remove: 'REMOVE',\n})\n\nexport type Diff = Omit<\n BaseDiff,\n | 'actual'\n | 'children'\n | 'filterSet'\n | 'ideal'\n | 'leaves'\n | 'removed'\n | 'shrinkwrapInflated'\n | 'unchanged'\n> & {\n actual: NodeClass\n children: Diff[]\n filterSet: Set<NodeClass>\n ideal: NodeClass\n leaves: NodeClass[]\n parent: Diff | null\n removed: NodeClass[]\n shrinkwrapInflated: Set<NodeClass>\n unchanged: NodeClass[]\n}\n\nexport type EdgeClass = Omit<\n BaseEdge,\n | 'accept'\n | 'detach'\n | 'optional'\n | 'overrides'\n | 'peer'\n | 'peerConflicted'\n | 'rawSpec'\n | 'reload'\n | 'satisfiedBy'\n | 'spec'\n | 'to'\n> & {\n optional: boolean\n overrides: OverrideSetClass | undefined\n peer: boolean\n peerConflicted: boolean\n rawSpec: string\n get accept(): string | undefined\n get spec(): string\n get to(): NodeClass | null\n new (...args: any): EdgeClass\n detach(): void\n reload(hard?: boolean): void\n satisfiedBy(node: NodeClass): boolean\n}\n\nexport type LinkClass = Omit<NodeClass, 'isLink'> & {\n readonly isLink: true\n}\n\nexport type NodeClass = Omit<\n BaseNode,\n | 'addEdgeIn'\n | 'addEdgeOut'\n | 'canDedupe'\n | 'canReplace'\n | 'canReplaceWith'\n | 'children'\n | 'deleteEdgeIn'\n | 'edgesIn'\n | 'edgesOut'\n | 'from'\n | 'hasShrinkwrap'\n | 'inDepBundle'\n | 'inShrinkwrap'\n | 'integrity'\n | 'isTop'\n | 'matches'\n | 'meta'\n | 'name'\n | 'overrides'\n | 'packageName'\n | 'parent'\n | 'recalculateOutEdgesOverrides'\n | 'resolve'\n | 'resolveParent'\n | 'root'\n | 'target'\n | 'updateOverridesEdgeInAdded'\n | 'updateOverridesEdgeInRemoved'\n | 'version'\n | 'versions'\n> & {\n name: string\n version: string\n children: Map<string, NodeClass | LinkClass>\n edgesIn: Set<EdgeClass>\n edgesOut: Map<string, EdgeClass>\n from: NodeClass | null\n hasShrinkwrap: boolean\n inShrinkwrap: boolean | undefined\n integrity?: string | null\n isTop: boolean | undefined\n meta: BaseNode['meta'] & {\n addEdge(edge: EdgeClass): void\n }\n overrides: OverrideSetClass | undefined\n target: NodeClass\n versions: string[]\n get inDepBundle(): boolean\n get packageName(): string | null\n get parent(): NodeClass | null\n set parent(value: NodeClass | null)\n get resolveParent(): NodeClass | null\n get root(): NodeClass | null\n set root(value: NodeClass | null)\n new (...args: any): NodeClass\n addEdgeIn(edge: EdgeClass): void\n addEdgeOut(edge: EdgeClass): void\n canDedupe(preferDedupe?: boolean): boolean\n canReplace(node: NodeClass, ignorePeers?: string[]): boolean\n canReplaceWith(node: NodeClass, ignorePeers?: string[]): boolean\n deleteEdgeIn(edge: EdgeClass): void\n matches(node: NodeClass): boolean\n recalculateOutEdgesOverrides(): void\n resolve(name: string): NodeClass\n updateOverridesEdgeInAdded(\n otherOverrideSet: OverrideSetClass | undefined,\n ): boolean\n updateOverridesEdgeInRemoved(otherOverrideSet: OverrideSetClass): boolean\n}\n\nexport interface OverrideSetClass\n extends Omit<\n BaseOverrideSet,\n | 'ancestry'\n | 'children'\n | 'getEdgeRule'\n | 'getMatchingRule'\n | 'getNodeRule'\n | 'parent'\n | 'ruleset'\n > {\n children: Map<string, OverrideSetClass>\n key: string | undefined\n keySpec: string | undefined\n name: string | undefined\n parent: OverrideSetClass | undefined\n value: string | undefined\n version: string | undefined\n // eslint-disable-next-line @typescript-eslint/no-misused-new\n new (...args: any[]): OverrideSetClass\n get isRoot(): boolean\n get ruleset(): Map<string, OverrideSetClass>\n ancestry(): Generator<OverrideSetClass>\n childrenAreEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n getEdgeRule(edge: EdgeClass): OverrideSetClass\n getMatchingRule(node: NodeClass): OverrideSetClass | null\n getNodeRule(node: NodeClass): OverrideSetClass\n isEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n}\n","import semver from 'semver'\n\nimport { PackageURL } from '@socketregistry/packageurl-js'\nimport { getManifestData } from '@socketsecurity/registry'\nimport { debugFn } from '@socketsecurity/registry/lib/debug'\nimport { hasOwn } from '@socketsecurity/registry/lib/objects'\nimport { fetchPackagePackument } from '@socketsecurity/registry/lib/packages'\n\nimport constants from '../../constants.mts'\nimport { Edge } from './arborist/index.mts'\nimport { DiffAction } from './arborist/types.mts'\nimport { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'\nimport { type AliasResult, npa } from '../../utils/npm-package-arg.mts'\nimport { applyRange, getMajor, getMinVersion } from '../../utils/semver.mts'\nimport { idToNpmPurl } from '../../utils/spec.mts'\n\nimport type {\n ArboristInstance,\n Diff,\n EdgeClass,\n LinkClass,\n NodeClass,\n} from './arborist/types.mts'\nimport type { RangeStyle } from '../../utils/semver.mts'\nimport type {\n AlertIncludeFilter,\n AlertsByPurl,\n} from '../../utils/socket-package-alert.mts'\nimport type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'\nimport type { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nconst { LOOP_SENTINEL, NPM, NPM_REGISTRY_URL } = constants\n\nfunction getUrlOrigin(input: string): string {\n try {\n // TODO: URL.parse is available in Node 22.1.0. We can use it when we drop Node 18.\n // https://nodejs.org/docs/latest-v22.x/api/url.html#urlparseinput-base\n // return URL.parse(input)?.origin ?? ''\n return new URL(input).origin ?? ''\n } catch {}\n return ''\n}\n\nexport function findBestPatchVersion(\n node: NodeClass,\n availableVersions: string[],\n vulnerableVersionRange?: string,\n _firstPatchedVersionIdentifier?: string | undefined,\n): string | null {\n const manifestData = getManifestData(NPM, node.name)\n let eligibleVersions\n if (manifestData && manifestData.name === manifestData.package) {\n const major = getMajor(manifestData.version)\n if (typeof major !== 'number') {\n return null\n }\n eligibleVersions = availableVersions.filter(v => getMajor(v) === major)\n } else {\n const major = getMajor(node.version)\n if (typeof major !== 'number') {\n return null\n }\n eligibleVersions = availableVersions.filter(\n v =>\n // Filter for versions that are within the current major version and\n // are NOT in the vulnerable range.\n getMajor(v) === major &&\n (!vulnerableVersionRange ||\n !semver.satisfies(v, vulnerableVersionRange)),\n )\n }\n return eligibleVersions ? semver.maxSatisfying(eligibleVersions, '*') : null\n}\n\nexport function findPackageNode(\n tree: NodeClass,\n name: string,\n version?: string | undefined,\n): NodeClass | undefined {\n const queue: Array<NodeClass | LinkClass> = [tree]\n const visited = new Set<NodeClass>()\n let sentinel = 0\n while (queue.length) {\n if (sentinel++ === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop in findPackageNode')\n }\n const nodeOrLink = queue.pop()!\n const node = getTargetNode(nodeOrLink)\n if (visited.has(node)) {\n continue\n }\n visited.add(node)\n if (\n node.name === name &&\n (typeof version !== 'string' || node.version === version)\n ) {\n return node\n }\n for (const child of node.children.values()) {\n queue.push(child)\n }\n for (const edge of node.edgesOut.values()) {\n const { to } = edge\n if (to) {\n queue.push(to)\n }\n }\n }\n return undefined\n}\n\nexport function findPackageNodes(\n tree: NodeClass,\n name: string,\n version?: string | undefined,\n): NodeClass[] {\n const matches: NodeClass[] = []\n const queue: Array<NodeClass | LinkClass> = [tree]\n const visited = new Set<NodeClass>()\n let sentinel = 0\n while (queue.length) {\n if (sentinel++ === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop in findPackageNodes')\n }\n const nodeOrLink = queue.pop()!\n const node = getTargetNode(nodeOrLink)\n if (visited.has(node)) {\n continue\n }\n visited.add(node)\n\n const { version: targetVersion } = node\n if (!targetVersion && Array.isArray(node.errors) && node.errors.length) {\n debugFn(`miss: version for ${node.name} due to errors:\\n`, node.errors)\n }\n if (\n node.name === name &&\n (typeof version !== 'string' || node.version === version)\n ) {\n matches.push(node)\n }\n for (const child of node.children.values()) {\n queue.push(child)\n }\n for (const edge of node.edgesOut.values()) {\n const { to } = edge\n if (to) {\n queue.push(to)\n }\n }\n }\n return matches\n}\n\nexport type GetAlertsMapFromArboristOptions = {\n consolidate?: boolean | undefined\n include?: AlertIncludeFilter | undefined\n nothrow?: boolean | undefined\n spinner?: Spinner | undefined\n}\n\nexport async function getAlertsMapFromArborist(\n arb: ArboristInstance,\n options_?: GetAlertsMapFromArboristOptions | undefined,\n): Promise<AlertsByPurl> {\n const options = {\n __proto__: null,\n consolidate: false,\n include: undefined,\n limit: Infinity,\n nothrow: false,\n ...options_,\n } as GetAlertsMapFromArboristOptions\n\n options.include = {\n __proto__: null,\n // Leave 'actions' unassigned so it can be given a default value in\n // subsequent functions where `options` is passed.\n // actions: undefined,\n blocked: true,\n critical: true,\n cve: true,\n existing: false,\n unfixable: true,\n upgradable: false,\n ...options.include,\n } as AlertIncludeFilter\n\n const needInfoOn = getDetailsFromDiff(arb.diff, {\n include: {\n unchanged: options.include.existing,\n },\n })\n\n const purls = needInfoOn.map(d => idToNpmPurl(d.node.pkgid))\n\n let overrides: { [key: string]: string } | undefined\n const overridesMap = (\n arb.actualTree ??\n arb.idealTree ??\n (await arb.loadActual())\n )?.overrides?.children\n if (overridesMap) {\n overrides = Object.fromEntries(\n [...overridesMap.entries()].map(([key, overrideSet]) => {\n return [key, overrideSet.value!]\n }),\n )\n }\n\n return await getAlertsMapFromPurls(purls, {\n overrides,\n ...options,\n })\n}\n\nexport type DiffQueryIncludeFilter = {\n unchanged?: boolean | undefined\n unknownOrigin?: boolean | undefined\n}\n\nexport type DiffQueryOptions = {\n include?: DiffQueryIncludeFilter | undefined\n}\n\nexport type PackageDetail = {\n node: NodeClass\n existing?: NodeClass | undefined\n}\n\nexport function getDetailsFromDiff(\n diff_: Diff | null,\n options?: DiffQueryOptions | undefined,\n): PackageDetail[] {\n const details: PackageDetail[] = []\n // `diff_` is `null` when `npm install --package-lock-only` is passed.\n if (!diff_) {\n return details\n }\n\n const include = {\n __proto__: null,\n unchanged: false,\n unknownOrigin: false,\n ...({ __proto__: null, ...options } as DiffQueryOptions).include,\n } as DiffQueryIncludeFilter\n\n const queue: Diff[] = [...diff_.children]\n let pos = 0\n let { length: queueLength } = queue\n while (pos < queueLength) {\n if (pos === LOOP_SENTINEL) {\n throw new Error('Detected infinite loop while walking Arborist diff')\n }\n const diff = queue[pos++]!\n const { action } = diff\n if (action) {\n // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff\n // action is 'REMOVE'\n // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff\n // action is 'ADD'.\n const { actual: oldNode, ideal: pkgNode } = diff\n let existing: NodeClass | undefined\n let keep = false\n if (action === DiffAction.change) {\n if (pkgNode?.package.version !== oldNode?.package.version) {\n keep = true\n if (\n oldNode?.package.name &&\n oldNode.package.name === pkgNode?.package.name\n ) {\n existing = oldNode\n }\n } else {\n // TODO: This debug log has too much information. We should narrow it down.\n // debugFn('skip: meta change diff\\n', diff)\n }\n } else {\n keep = action !== DiffAction.remove\n }\n if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {\n if (\n include.unknownOrigin ||\n getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL\n ) {\n details.push({\n node: pkgNode,\n existing,\n })\n }\n }\n }\n for (const child of diff.children) {\n queue[queueLength++] = child\n }\n }\n if (include.unchanged) {\n const { unchanged } = diff_!\n for (let i = 0, { length } = unchanged; i < length; i += 1) {\n const pkgNode = unchanged[i]!\n if (\n include.unknownOrigin ||\n getUrlOrigin(pkgNode.resolved!) === NPM_REGISTRY_URL\n ) {\n details.push({\n node: pkgNode,\n existing: pkgNode,\n })\n }\n }\n }\n return details\n}\n\nexport function getTargetNode(nodeOrLink: NodeClass | LinkClass): NodeClass\nexport function getTargetNode<T>(nodeOrLink: T): NodeClass | null\nexport function getTargetNode(nodeOrLink: any): NodeClass | null {\n return nodeOrLink?.isLink ? nodeOrLink.target : (nodeOrLink ?? null)\n}\n\nexport function isTopLevel(tree: NodeClass, node: NodeClass): boolean {\n return getTargetNode(tree.children.get(node.name)) === node\n}\n\nexport type Packument = Exclude<\n Awaited<ReturnType<typeof fetchPackagePackument>>,\n null\n>\n\nexport function updateNode(\n node: NodeClass,\n newVersion: string,\n newVersionPackument: Packument['versions'][number],\n): void {\n // Object.defineProperty is needed to set the version property and replace\n // the old value with newVersion.\n Object.defineProperty(node, 'version', {\n configurable: true,\n enumerable: true,\n get: () => newVersion,\n })\n // Update package.version associated with the node.\n node.package.version = newVersion\n // Update node.resolved.\n const purlObj = PackageURL.fromString(idToNpmPurl(node.name))\n node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${newVersion}.tgz`\n // Update node.integrity with the targetPackument.dist.integrity value if available\n // else delete node.integrity so a new value is resolved for the target version.\n const { integrity } = newVersionPackument.dist\n if (integrity) {\n node.integrity = integrity\n } else {\n delete node.integrity\n }\n // Update node.package.deprecated based on targetPackument.deprecated.\n if (hasOwn(newVersionPackument, 'deprecated')) {\n node.package['deprecated'] = newVersionPackument.deprecated as string\n } else {\n delete node.package['deprecated']\n }\n // Update node.package.dependencies.\n const newDeps = { ...newVersionPackument.dependencies }\n const { dependencies: oldDeps } = node.package\n node.package.dependencies = newDeps\n if (oldDeps) {\n for (const oldDepName of Object.keys(oldDeps)) {\n if (!hasOwn(newDeps, oldDepName)) {\n // Detach old edges for dependencies that don't exist on the updated\n // node.package.dependencies.\n node.edgesOut.get(oldDepName)?.detach()\n }\n }\n }\n for (const newDepName of Object.keys(newDeps)) {\n if (!hasOwn(oldDeps, newDepName)) {\n // Add new edges for dependencies that don't exist on the old\n // node.package.dependencies.\n node.addEdgeOut(\n new Edge({\n from: node,\n name: newDepName,\n spec: newDeps[newDepName],\n type: 'prod',\n }) as unknown as EdgeClass,\n )\n }\n }\n}\n\nexport function updatePackageJsonFromNode(\n editablePkgJson: EditablePackageJson,\n tree: NodeClass,\n node: NodeClass,\n newVersion: string,\n rangeStyle?: RangeStyle | undefined,\n): boolean {\n let result = false\n if (!isTopLevel(tree, node)) {\n return result\n }\n const { name } = node\n for (const depField of [\n 'dependencies',\n 'optionalDependencies',\n 'peerDependencies',\n ]) {\n const depObject = editablePkgJson.content[depField] as\n | { [key: string]: string }\n | undefined\n const depValue = hasOwn(depObject, name) ? depObject[name] : undefined\n if (typeof depValue !== 'string' || depValue.startsWith('catalog:')) {\n continue\n }\n let oldRange = depValue\n // Use npa if depValue looks like more than just a semver range.\n if (depValue.includes(':')) {\n const npaResult = npa(depValue)\n if (!npaResult || (npaResult as AliasResult).subSpec) {\n continue\n }\n oldRange = npaResult.rawSpec\n }\n const oldMin = getMinVersion(oldRange)\n const newRange =\n oldMin &&\n // Ensure we're on the same major version...\n getMajor(newVersion) === oldMin.major &&\n // and not a downgrade.\n semver.gte(newVersion, oldMin.version)\n ? applyRange(oldRange, newVersion, rangeStyle)\n : oldRange\n if (oldRange !== newRange) {\n result = true\n editablePkgJson.update({\n [depField]: {\n ...depObject,\n [name]: newRange,\n },\n })\n }\n }\n return result\n}\n","// @ts-ignore\nimport UntypedArborist from '@npmcli/arborist/lib/arborist/index.js'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\nimport constants from '../../../../../constants.mts'\nimport { logAlertsMap } from '../../../../../utils/socket-package-alert.mts'\nimport { getAlertsMapFromArborist } from '../../../arborist-helpers.mts'\n\nimport type {\n ArboristClass,\n ArboristReifyOptions,\n NodeClass,\n} from '../../types.mts'\n\nconst {\n NPM,\n NPX,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { getIpc },\n} = constants\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n __proto__: null,\n audit: false,\n dryRun: true,\n fund: false,\n ignoreScripts: true,\n progress: false,\n save: false,\n saveBundle: false,\n silent: true,\n}\n\nexport const kCtorArgs = Symbol('ctorArgs')\n\nexport const kRiskyReify = Symbol('riskyReify')\n\nexport const Arborist: ArboristClass = UntypedArborist\n\n// Implementation code not related to our custom behavior is based on\n// https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/index.js:\nexport class SafeArborist extends Arborist {\n constructor(...ctorArgs: ConstructorParameters<ArboristClass>) {\n super(\n {\n path:\n (ctorArgs.length ? ctorArgs[0]?.path : undefined) ?? process.cwd(),\n ...(ctorArgs.length ? ctorArgs[0] : undefined),\n ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n },\n ...ctorArgs.slice(1),\n )\n ;(this as any)[kCtorArgs] = ctorArgs\n }\n\n async [kRiskyReify](\n ...args: Parameters<InstanceType<ArboristClass>['reify']>\n ): Promise<NodeClass> {\n const ctorArgs = (this as any)[kCtorArgs]\n const arb = new Arborist(\n {\n ...(ctorArgs.length ? ctorArgs[0] : undefined),\n progress: false,\n },\n ...ctorArgs.slice(1),\n )\n const ret = await (arb.reify as (...args: any[]) => Promise<NodeClass>)(\n {\n ...(args.length ? args[0] : undefined),\n progress: false,\n },\n ...args.slice(1),\n )\n Object.assign(this, arb)\n return ret\n }\n\n // @ts-ignore Incorrectly typed.\n override async reify(\n this: SafeArborist,\n ...args: Parameters<InstanceType<ArboristClass>['reify']>\n ): Promise<NodeClass> {\n const options = {\n __proto__: null,\n ...(args.length ? args[0] : undefined),\n } as ArboristReifyOptions\n const ipc = await getIpc()\n const binName = ipc[SOCKET_CLI_SAFE_BIN]\n if (!binName) {\n return await this[kRiskyReify](...args)\n }\n await super.reify(\n {\n ...options,\n ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n progress: false,\n },\n // @ts-ignore: TypeScript gets grumpy about rest parameters.\n ...args.slice(1),\n )\n // Lazily access constants.ENV.SOCKET_CLI_ACCEPT_RISKS.\n const acceptRisks = constants.ENV.SOCKET_CLI_ACCEPT_RISKS\n const progress = ipc[SOCKET_CLI_SAFE_PROGRESS]\n const spinner =\n options['silent'] || !progress\n ? undefined\n : // Lazily access constants.spinner.\n constants.spinner\n const isSafeNpm = binName === NPM\n const isSafeNpx = binName === NPX\n const alertsMap = await getAlertsMapFromArborist(this, {\n spinner,\n include:\n acceptRisks || options.dryRun || options['yes']\n ? {\n actions: ['error'],\n blocked: true,\n critical: false,\n cve: false,\n existing: true,\n unfixable: false,\n }\n : {\n existing: isSafeNpx,\n unfixable: isSafeNpm,\n },\n })\n if (alertsMap.size) {\n process.exitCode = 1\n // Lazily access constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS.\n const viewAllRisks = constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS\n logAlertsMap(alertsMap, {\n hideAt: viewAllRisks ? 'none' : 'middle',\n output: process.stderr,\n })\n throw new Error(\n `\n Socket ${binName} exiting due to risks.${\n viewAllRisks\n ? ''\n : `\\nView all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.`\n }${\n acceptRisks\n ? ''\n : `\\nAccept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.`\n }\n `.trim(),\n )\n } else if (!options['silent']) {\n logger.success(\n `Socket ${binName} ${acceptRisks ? 'accepted' : 'found no'} risks`,\n )\n if (binName === NPX) {\n logger.log(`Running ${options.add![0]}`)\n }\n }\n return await this[kRiskyReify](...args)\n }\n}\n","import { createRequire } from 'node:module'\n\n// @ts-ignore\nimport UntypedEdge from '@npmcli/arborist/lib/edge.js'\n// @ts-ignore\nimport UntypedNode from '@npmcli/arborist/lib/node.js'\n// @ts-ignore\nimport UntypedOverrideSet from '@npmcli/arborist/lib/override-set.js'\n\nimport {\n getArboristClassPath,\n getArboristEdgeClassPath,\n getArboristNodeClassPath,\n getArboristOverrideSetClassPath,\n} from '../paths.mts'\nimport { Arborist, SafeArborist } from './lib/arborist/index.mts'\n\nimport type { EdgeClass, NodeClass, OverrideSetClass } from './types.mts'\n\nconst require = createRequire(import.meta.url)\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n __proto__: null,\n audit: false,\n dryRun: true,\n fund: false,\n ignoreScripts: true,\n progress: false,\n save: false,\n saveBundle: false,\n silent: true,\n}\n\nexport { Arborist, SafeArborist }\n\nexport const Edge: EdgeClass = UntypedEdge\n\nexport const Node: NodeClass = UntypedNode\n\nexport const OverrideSet: OverrideSetClass = UntypedOverrideSet\n\nexport function installSafeArborist() {\n // Override '@npmcli/arborist' module exports with patched variants based on\n // https://github.com/npm/cli/pull/8089.\n const cache: { [key: string]: any } = require.cache\n cache[getArboristClassPath()] = { exports: SafeArborist }\n cache[getArboristEdgeClassPath()] = { exports: Edge }\n cache[getArboristNodeClassPath()] = { exports: Node }\n cache[getArboristOverrideSetClassPath()] = { exports: OverrideSet }\n}\n","import { installSafeArborist } from './arborist/index.mts'\n\ninstallSafeArborist()\n"],"names":["_arboristPkgPath","add","change","remove","NPM_REGISTRY_URL","eligibleVersions","getMajor","visited","queue","to","version","matches","__proto__","consolidate","include","limit","nothrow","blocked","critical","cve","existing","unfixable","upgradable","unchanged","unknownOrigin","length","action","actual","ideal","keep","node","Object","configurable","enumerable","integrity","dependencies","from","name","spec","type","semver","result","getIpc","audit","dryRun","fund","ignoreScripts","progress","save","saveBundle","silent","path","constants","hideAt","logger","cache","exports","installSafeArborist"],"mappings":";;;;;;;;;;;;;;AAOA;AACO;;;AAGH;AAGA;AAIA;AACAA;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAaA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;ACjBO;AACLC;AACAC;AACAC;AACF;;AC7BA;;;AAA4BC;AAAiB;AAE7C;;AAEI;AACA;AACA;;;AAGF;AACF;AAEO;;AAOL;;AAEE;AACA;AACE;AACF;AACAC;AACF;AACE;AACA;AACE;AACF;AACAA;AAEI;AACA;AACAC;AAIN;;AAEF;AAEO;AAKL;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAC;AACA;AAIE;AACF;;AAEEC;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AAEO;;AAML;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAD;;AAEQG;AAAuB;AAC/B;;AAEA;AACA;AAIEC;AACF;;AAEEH;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AASO;AAIL;AACEI;AACAC;AACAC;AACAC;AACAC;;;;AAKAJ;AACA;AACA;AACA;AACAK;AACAC;AACAC;AACAC;AACAC;AACAC;AACA;;AAGF;AACER;AACES;AACF;AACF;AAEA;AAEA;;AAMA;;AAGM;AACF;AAEJ;AAEA;;;AAGA;AACF;AAgBO;;AAKL;;AAEE;AACF;AAEA;AACEX;AACAW;AACAC;;AACMZ;;AAA4B;;AAGpC;;;AAEMa;AAAoB;;;AAGtB;AACF;AACA;;AACQC;AAAO;AACf;AACE;AACA;AACA;AACA;;AACQC;AAAiBC;AAAe;AACxC;;AAEA;;AAEIC;AACA;AAIET;AACF;AACF;AAIF;AACES;AACF;AACA;AACE;;AAKIC;AACAV;AACF;AACF;AACF;AACF;AACA;AACEZ;AACF;AACF;;;AAEUe;AAAU;AAClB;AAAkBE;;AAChB;AACA;;AAKIK;AACAV;AACF;AACF;AACF;AACF;AACA;AACF;AAIO;;AAEP;AAEO;AACL;AACF;AAOO;AAKL;AACA;AACAW;AACEC;AACAC;;AAEF;AACA;AACAH;AACA;AACA;AACAA;AACA;AACA;;AACQI;;AACR;;AAEA;;AAEA;AACA;AACA;;AAEA;AACE;AACF;AACA;AACA;AAAkB;;;AACVC;;AACRL;AACA;;AAEI;AACE;AACA;;AAEF;AACF;AACF;;AAEE;AACE;AACA;AACAA;AAEIM;AACAC;AACAC;AACAC;AACF;AAEJ;AACF;AACF;AAEO;;AAQL;AACE;AACF;;AACQF;AAAK;;AAMX;AAGA;;AAEE;AACF;;AAEA;AACA;AACE;AACA;AACE;AACF;;AAEF;AACA;;AAGE;AACA/B;AACA;AACAkC;;AAIAC;;AAEE;AACE;AACA;AACF;AACF;AACF;AACF;AACA;AACF;;AC1bA;AAeA;;;;;;;;AAQE;AAA+DC;AAAO;AACxE;AAEO;AACL9B;AACA+B;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEO;AAEA;AAEA;;AAEP;AACA;AACO;;AAEH;AAEIC;;;;AAOF;AACJ;AAEA;AAGE;AACA;;AAGIJ;;AAIJ;;AAGIA;;AAIJhB;AACA;AACF;;AAEA;AACA;AAIE;AACEnB;;;AAGF;AACA;;;AAGA;;AAGI;AACA;AACAmC;;AAEF;AACA;AAEF;AACA;AACA;;AAIM;AACAK;AACN;AACA;AACA;;;;AAMUnC;AACAC;AACAC;AACAC;AACAC;AACF;AAEED;AACAC;AACF;AACR;;;AAGE;AACA;;AAEEgC;;AAEF;;AAGN;AAQA;AAGI;AACEC;;;AAKA;AACF;;AAEF;AACF;;AChJA,iBAAA;AAEO;AACL1C;AACA+B;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAIO;AAEA;AAEA;AAEA;AACL;AACA;AACA;AACAK;AAAkCC;;AAClCD;AAAsCC;;AACtCD;AAAsCC;;AACtCD;AAA6CC;;AAC/C;;AC/CAC;;;;;;;;;","debugId":"a5816f76-450f-4ee2-89c1-c52f85bce9ae"}
package/dist/types/commands/scan/handle-reach-scan.d.mts CHANGED
@@ -1,3 +1,3 @@
1
1
  import type { OutputKind } from '../../types.mts';
2
- export declare function handleScanReach(cwd: string, outputKind: OutputKind): Promise<void>;
2
+ export declare function handleScanReach(argv: string[] | readonly string[], cwd: string, outputKind: OutputKind): Promise<void>;
3
3
  //# sourceMappingURL=handle-reach-scan.d.mts.map
package/dist/types/commands/scan/handle-reach-scan.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handle-reach-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-reach-scan.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,iBAIxE"}
1
+ {"version":3,"file":"handle-reach-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-reach-scan.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,UAAU,iBAKvB"}
package/dist/types/commands/scan/scan-reachability.d.mts CHANGED
@@ -1,3 +1,3 @@
1
1
  import type { CResult } from '../../types.mts';
2
- export declare function scanReachability(cwd: string): Promise<CResult<unknown>>;
2
+ export declare function scanReachability(argv: string[] | readonly string[], cwd: string): Promise<CResult<unknown>>;
3
3
  //# sourceMappingURL=scan-reachability.d.mts.map
package/dist/types/commands/scan/scan-reachability.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"scan-reachability.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/scan-reachability.mts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAI9C,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CA+B7E"}
1
+ {"version":3,"file":"scan-reachability.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/scan-reachability.mts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAI9C,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAgC3B"}
package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cmd-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/cmd-threat-feed.mts"],"names":[],"mappings":"AA8GA,eAAO,MAAM,aAAa;;;;CAIzB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CA8Df"}
1
+ {"version":3,"file":"cmd-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/cmd-threat-feed.mts"],"names":[],"mappings":"AA2HA,eAAO,MAAM,aAAa;;;;CAIzB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAyEf"}
package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts CHANGED
@@ -1,10 +1,13 @@
1
1
  import type { ThreadFeedResponse } from './types.mts';
2
2
  import type { CResult } from '../../types.mts';
3
- export declare function fetchThreatFeed({ direction, ecosystem, filter, page, perPage }: {
3
+ export declare function fetchThreatFeed({ direction, ecosystem, filter, orgSlug, page, perPage, pkg, version }: {
4
4
  direction: string;
5
5
  ecosystem: string;
6
6
  filter: string;
7
+ orgSlug: string;
7
8
  page: string;
8
9
  perPage: number;
10
+ pkg: string;
11
+ version: string;
9
12
  }): Promise<CResult<ThreadFeedResponse>>;
10
13
  //# sourceMappingURL=fetch-threat-feed.d.mts.map
package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fetch-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/fetch-threat-feed.mts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,eAAe,CAAC,EACpC,SAAS,EACT,SAAS,EACT,MAAM,EACN,IAAI,EACJ,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAavC"}
1
+ {"version":3,"file":"fetch-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/fetch-threat-feed.mts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,eAAe,CAAC,EACpC,SAAS,EACT,SAAS,EACT,MAAM,EACN,OAAO,EACP,IAAI,EACJ,OAAO,EACP,GAAG,EACH,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAevC"}
package/dist/types/commands/threat-feed/handle-threat-feed.d.mts CHANGED
@@ -1,10 +1,13 @@
1
1
  import type { OutputKind } from '../../types.mts';
2
- export declare function handleThreatFeed({ direction, ecosystem, filter, outputKind, page, perPage }: {
2
+ export declare function handleThreatFeed({ direction, ecosystem, filter, orgSlug, outputKind, page, perPage, pkg, version }: {
3
3
  direction: string;
4
4
  ecosystem: string;
5
5
  filter: string;
6
6
  outputKind: OutputKind;
7
+ orgSlug: string;
7
8
  page: string;
8
9
  perPage: number;
10
+ pkg: string;
11
+ version: string;
9
12
  }): Promise<void>;
10
13
  //# sourceMappingURL=handle-threat-feed.d.mts.map
package/dist/types/commands/threat-feed/handle-threat-feed.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handle-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/handle-threat-feed.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,gBAAgB,CAAC,EACrC,SAAS,EACT,SAAS,EACT,MAAM,EACN,UAAU,EACV,IAAI,EACJ,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAUhB"}
1
+ {"version":3,"file":"handle-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/handle-threat-feed.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,gBAAgB,CAAC,EACrC,SAAS,EACT,SAAS,EACT,MAAM,EACN,OAAO,EACP,UAAU,EACV,IAAI,EACJ,OAAO,EACP,GAAG,EACH,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAahB"}
package/dist/types/constants.d.mts CHANGED
@@ -71,8 +71,8 @@ type Constants = Remap<Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)'
71
71
  readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
72
72
  readonly PNPM: 'pnpm';
73
73
  readonly REDACTED: '<redacted>';
74
- readonly SHADOW_BIN: 'shadow-bin';
75
- readonly SHADOW_INJECT: 'shadow-inject';
74
+ readonly SHADOW_NPM_BIN: 'shadow-npm-bin';
75
+ readonly SHADOW_NPM_INJECT: 'shadow-npm-inject';
76
76
  readonly SOCKET: 'socket';
77
77
  readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS';
78
78
  readonly SOCKET_CLI_BIN_NAME: 'socket';
@@ -103,27 +103,31 @@ type Constants = Remap<Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)'
103
103
  readonly bashRcPath: string;
104
104
  readonly binCliPath: string;
105
105
  readonly binPath: string;
106
+ readonly blessedContribPath: string;
106
107
  readonly blessedOptions: {
107
108
  smartCSR: boolean;
108
109
  term: string;
109
110
  useBCE: boolean;
110
111
  };
112
+ readonly blessedPath: string;
111
113
  readonly coanaBinPath: string;
114
+ readonly coanaPath: string;
112
115
  readonly distCliPath: string;
113
- readonly distInstrumentWithSentryPath: string;
114
116
  readonly distPath: string;
115
- readonly distShadowBinPath: string;
116
117
  readonly externalPath: string;
117
- readonly distShadowInjectPath: string;
118
118
  readonly githubCachePath: string;
119
119
  readonly homePath: string;
120
+ readonly instrumentWithSentryPath: string;
120
121
  readonly minimumVersionByAgent: Map<Agent, string>;
121
122
  readonly nmBinPath: string;
122
123
  readonly nodeHardenFlags: string[];
123
124
  readonly rootPath: string;
124
125
  readonly shadowBinPath: string;
126
+ readonly shadowNpmBinPath: string;
127
+ readonly shadowNpmInjectPath: string;
125
128
  readonly socketAppDataPath: string;
126
129
  readonly socketCachePath: string;
130
+ readonly socketRegistryPath: string;
127
131
  readonly zshRcPath: string;
128
132
  }>;
129
133
  declare const constants: Constants;