@socketsecurity/cli-with-sentry 0.15.56 → 0.15.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +59 -32
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/types/commands/scan/handle-reach-scan.d.mts +1 -1
- package/dist/types/commands/scan/handle-reach-scan.d.mts.map +1 -1
- package/dist/types/commands/scan/scan-reachability.d.mts +1 -1
- package/dist/types/commands/scan/scan-reachability.d.mts.map +1 -1
- package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts.map +1 -1
- package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts +4 -1
- package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts.map +1 -1
- package/dist/types/commands/threat-feed/handle-threat-feed.d.mts +4 -1
- package/dist/types/commands/threat-feed/handle-threat-feed.d.mts.map +1 -1
- package/dist/vendor.js +21 -21
- package/external/@coana-tech/cli/cli.mjs +2 -2
- package/external/@socketsecurity/registry/external/@npmcli/package-json/index.js +9 -4
- package/external/@socketsecurity/registry/external/@socketregistry/yocto-spinner.js +115 -132
- package/external/@socketsecurity/registry/external/@yarnpkg/extensions.js +18 -0
- package/external/@socketsecurity/registry/external/browserslist.js +662 -658
- package/external/@socketsecurity/registry/external/cacache.js +5 -3
- package/external/@socketsecurity/registry/external/libnpmpack.js +9 -4
- package/external/@socketsecurity/registry/external/make-fetch-happen.js +5 -3
- package/external/@socketsecurity/registry/external/npm-package-arg.js +4 -1
- package/external/@socketsecurity/registry/external/pacote.js +9 -4
- package/external/@socketsecurity/registry/external/validate-npm-package-name.js +4 -1
- package/external/@socketsecurity/registry/manifest.json +4 -4
- package/external/blessed-contrib/lib/widget/charts/line.js +5 -5
- package/package.json +7 -7
package/dist/constants.js
CHANGED
|
@@ -123,10 +123,10 @@ const LAZY_ENV = () => {
|
|
|
123
123
|
INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(true),
|
|
124
124
|
// Comp-time inlined Socket package version.
|
|
125
125
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
126
|
-
INLINED_SOCKET_CLI_VERSION: envAsString("0.15.
|
|
126
|
+
INLINED_SOCKET_CLI_VERSION: envAsString("0.15.57"),
|
|
127
127
|
// Comp-time inlined Socket package version hash.
|
|
128
128
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
129
|
-
INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.
|
|
129
|
+
INLINED_SOCKET_CLI_VERSION_HASH: envAsString("0.15.57:54a57d4:f40ea1c7:pub"),
|
|
130
130
|
// Comp-time inlined synp package version.
|
|
131
131
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
|
|
132
132
|
INLINED_SYNP_VERSION: envAsString("1.9.14"),
|
|
@@ -435,5 +435,5 @@ const constants = createConstantsObject({
|
|
|
435
435
|
});
|
|
436
436
|
|
|
437
437
|
module.exports = constants;
|
|
438
|
-
//# debugId=
|
|
438
|
+
//# debugId=f99c888e-27cb-4612-b867-19db3faceb30
|
|
439
439
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_TOKEN: string\n INLINED_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SHADOW_NPM_BIN: 'shadow-npm-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_NPM_BIN = 'shadow-npm-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n const {\n envAsBoolean,\n envAsString,\n } = require('@socketsecurity/registry/lib/env')\n const { env } = process\n const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag to disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n // Flag to enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(env['PATH']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(env['SOCKET_CLI_API_PROXY']) ||\n envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n envAsString(env['SOCKET_CLI_API_KEY']) ||\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // Flag containing a JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n `github-actions[bot]@users.noreply.github.com`,\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data folder:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SOCKET,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_WEBSITE_URL,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAoJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEId;;;;;;;;;;;;;AAcFoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE1B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"2957b00a-ed1f-45fc-811a-38990c0e967f"}
|
|
1
|
+
{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_TOKEN: string\n INLINED_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SHADOW_NPM_BIN: 'shadow-npm-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_NPM_BIN = 'shadow-npm-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n const {\n envAsBoolean,\n envAsString,\n } = require('@socketsecurity/registry/lib/env')\n const { env } = process\n const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag to disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n // Flag to enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(env['PATH']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(env['SOCKET_CLI_API_PROXY']) ||\n envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n envAsString(env['SOCKET_CLI_API_KEY']) ||\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // Flag containing a JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n `github-actions[bot]@users.noreply.github.com`,\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data folder:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SOCKET,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_WEBSITE_URL,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAoJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEId;;;;;;;;;;;;;AAcFoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE1B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"f99c888e-27cb-4612-b867-19db3faceb30"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import type { OutputKind } from '../../types.mts';
|
|
2
|
-
export declare function handleScanReach(cwd: string, outputKind: OutputKind): Promise<void>;
|
|
2
|
+
export declare function handleScanReach(argv: string[] | readonly string[], cwd: string, outputKind: OutputKind): Promise<void>;
|
|
3
3
|
//# sourceMappingURL=handle-reach-scan.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handle-reach-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-reach-scan.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,eAAe,
|
|
1
|
+
{"version":3,"file":"handle-reach-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-reach-scan.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,UAAU,iBAKvB"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import type { CResult } from '../../types.mts';
|
|
2
|
-
export declare function scanReachability(cwd: string): Promise<CResult<unknown>>;
|
|
2
|
+
export declare function scanReachability(argv: string[] | readonly string[], cwd: string): Promise<CResult<unknown>>;
|
|
3
3
|
//# sourceMappingURL=scan-reachability.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-reachability.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/scan-reachability.mts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAI9C,wBAAsB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"scan-reachability.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/scan-reachability.mts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAI9C,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAgC3B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cmd-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/cmd-threat-feed.mts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cmd-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/cmd-threat-feed.mts"],"names":[],"mappings":"AA2HA,eAAO,MAAM,aAAa;;;;CAIzB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAyEf"}
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import type { ThreadFeedResponse } from './types.mts';
|
|
2
2
|
import type { CResult } from '../../types.mts';
|
|
3
|
-
export declare function fetchThreatFeed({ direction, ecosystem, filter, page, perPage }: {
|
|
3
|
+
export declare function fetchThreatFeed({ direction, ecosystem, filter, orgSlug, page, perPage, pkg, version }: {
|
|
4
4
|
direction: string;
|
|
5
5
|
ecosystem: string;
|
|
6
6
|
filter: string;
|
|
7
|
+
orgSlug: string;
|
|
7
8
|
page: string;
|
|
8
9
|
perPage: number;
|
|
10
|
+
pkg: string;
|
|
11
|
+
version: string;
|
|
9
12
|
}): Promise<CResult<ThreadFeedResponse>>;
|
|
10
13
|
//# sourceMappingURL=fetch-threat-feed.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/fetch-threat-feed.mts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,eAAe,CAAC,EACpC,SAAS,EACT,SAAS,EACT,MAAM,EACN,IAAI,EACJ,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"fetch-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/fetch-threat-feed.mts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,eAAe,CAAC,EACpC,SAAS,EACT,SAAS,EACT,MAAM,EACN,OAAO,EACP,IAAI,EACJ,OAAO,EACP,GAAG,EACH,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAevC"}
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import type { OutputKind } from '../../types.mts';
|
|
2
|
-
export declare function handleThreatFeed({ direction, ecosystem, filter, outputKind, page, perPage }: {
|
|
2
|
+
export declare function handleThreatFeed({ direction, ecosystem, filter, orgSlug, outputKind, page, perPage, pkg, version }: {
|
|
3
3
|
direction: string;
|
|
4
4
|
ecosystem: string;
|
|
5
5
|
filter: string;
|
|
6
6
|
outputKind: OutputKind;
|
|
7
|
+
orgSlug: string;
|
|
7
8
|
page: string;
|
|
8
9
|
perPage: number;
|
|
10
|
+
pkg: string;
|
|
11
|
+
version: string;
|
|
9
12
|
}): Promise<void>;
|
|
10
13
|
//# sourceMappingURL=handle-threat-feed.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handle-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/handle-threat-feed.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,gBAAgB,CAAC,EACrC,SAAS,EACT,SAAS,EACT,MAAM,EACN,UAAU,EACV,IAAI,EACJ,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"handle-threat-feed.d.mts","sourceRoot":"","sources":["../../../../src/commands/threat-feed/handle-threat-feed.mts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAEjD,wBAAsB,gBAAgB,CAAC,EACrC,SAAS,EACT,SAAS,EACT,MAAM,EACN,OAAO,EACP,UAAU,EACV,IAAI,EACJ,OAAO,EACP,GAAG,EACH,OAAO,EACR,EAAE;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAahB"}
|
package/dist/vendor.js
CHANGED
|
@@ -32895,7 +32895,7 @@ var isInteractiveExports = /*@__PURE__*/ requireIsInteractive();
|
|
|
32895
32895
|
var dist$e = {};
|
|
32896
32896
|
|
|
32897
32897
|
var name$2 = "@socketsecurity/sdk";
|
|
32898
|
-
var version$5 = "1.4.
|
|
32898
|
+
var version$5 = "1.4.42";
|
|
32899
32899
|
var license = "MIT";
|
|
32900
32900
|
var description = "SDK for the Socket API client";
|
|
32901
32901
|
var author = {
|
|
@@ -32978,36 +32978,36 @@ var scripts = {
|
|
|
32978
32978
|
"update:deps": "npx --yes npm-check-updates"
|
|
32979
32979
|
};
|
|
32980
32980
|
var dependencies = {
|
|
32981
|
-
"@socketsecurity/registry": "1.0.
|
|
32981
|
+
"@socketsecurity/registry": "1.0.205"
|
|
32982
32982
|
};
|
|
32983
32983
|
var devDependencies = {
|
|
32984
32984
|
"@biomejs/biome": "1.9.4",
|
|
32985
32985
|
"@dotenvx/dotenvx": "1.44.1",
|
|
32986
32986
|
"@eslint/compat": "1.2.9",
|
|
32987
32987
|
"@eslint/js": "9.28.0",
|
|
32988
|
-
"@types/node": "22.15.
|
|
32989
|
-
"@typescript-eslint/parser": "8.33.
|
|
32990
|
-
"@vitest/coverage-v8": "3.
|
|
32988
|
+
"@types/node": "22.15.30",
|
|
32989
|
+
"@typescript-eslint/parser": "8.33.1",
|
|
32990
|
+
"@vitest/coverage-v8": "3.2.2",
|
|
32991
32991
|
"del-cli": "6.0.0",
|
|
32992
32992
|
eslint: "9.28.0",
|
|
32993
|
-
"eslint-import-resolver-typescript": "4.4.
|
|
32994
|
-
"eslint-plugin-import-x": "4.15.
|
|
32995
|
-
"eslint-plugin-jsdoc": "50.
|
|
32996
|
-
"eslint-plugin-n": "17.
|
|
32993
|
+
"eslint-import-resolver-typescript": "4.4.3",
|
|
32994
|
+
"eslint-plugin-import-x": "4.15.1",
|
|
32995
|
+
"eslint-plugin-jsdoc": "50.7.1",
|
|
32996
|
+
"eslint-plugin-n": "17.19.0",
|
|
32997
32997
|
"eslint-plugin-sort-destructure-keys": "2.0.0",
|
|
32998
32998
|
"eslint-plugin-unicorn": "56.0.1",
|
|
32999
32999
|
globals: "16.2.0",
|
|
33000
33000
|
husky: "9.1.7",
|
|
33001
|
-
knip: "5.
|
|
33001
|
+
knip: "5.60.2",
|
|
33002
33002
|
"lint-staged": "16.1.0",
|
|
33003
33003
|
nock: "14.0.5",
|
|
33004
33004
|
"npm-run-all2": "8.0.4",
|
|
33005
33005
|
"openapi-typescript": "6.7.6",
|
|
33006
|
-
oxlint: "0.
|
|
33006
|
+
oxlint: "0.18.0",
|
|
33007
33007
|
"type-coverage": "2.29.7",
|
|
33008
33008
|
typescript: "~5.8.3",
|
|
33009
|
-
"typescript-eslint": "8.33.
|
|
33010
|
-
vitest: "3.
|
|
33009
|
+
"typescript-eslint": "8.33.1",
|
|
33010
|
+
vitest: "3.2.2"
|
|
33011
33011
|
};
|
|
33012
33012
|
var overrides = {
|
|
33013
33013
|
vite: "6.3.5"
|
|
@@ -58768,7 +58768,7 @@ function requireAst() {
|
|
|
58768
58768
|
return [s, (0, unescape_js_1.unescape)(this.toString()), false, false];
|
|
58769
58769
|
}
|
|
58770
58770
|
// XXX abstract out this map method
|
|
58771
|
-
let bodyDotAllowed = !repeated || allowDot || dot ||
|
|
58771
|
+
let bodyDotAllowed = !repeated || allowDot || dot || !startNoDot ? '' : this.#partsToRegExp(true);
|
|
58772
58772
|
if (bodyDotAllowed === body) {
|
|
58773
58773
|
bodyDotAllowed = '';
|
|
58774
58774
|
}
|
|
@@ -62505,7 +62505,7 @@ function requireCommonjs$c() {
|
|
|
62505
62505
|
const IFSOCK = 0b1100;
|
|
62506
62506
|
const IFMT = 0b1111;
|
|
62507
62507
|
// mask to unset low 4 bits
|
|
62508
|
-
const IFMT_UNKNOWN =
|
|
62508
|
+
const IFMT_UNKNOWN = ~IFMT;
|
|
62509
62509
|
// set after successfully calling readdir() and getting entries.
|
|
62510
62510
|
const READDIR_CALLED = 0b0000_0001_0000;
|
|
62511
62511
|
// set after a successful lstat()
|
|
@@ -62808,7 +62808,7 @@ function requireCommonjs$c() {
|
|
|
62808
62808
|
provisional: 0
|
|
62809
62809
|
});
|
|
62810
62810
|
this.#children.set(this, children);
|
|
62811
|
-
this.#type &=
|
|
62811
|
+
this.#type &= ~READDIR_CALLED;
|
|
62812
62812
|
return children;
|
|
62813
62813
|
}
|
|
62814
62814
|
/**
|
|
@@ -77525,7 +77525,7 @@ function requireCommonjs$8() {
|
|
|
77525
77525
|
const IFSOCK = 0b1100;
|
|
77526
77526
|
const IFMT = 0b1111;
|
|
77527
77527
|
// mask to unset low 4 bits
|
|
77528
|
-
const IFMT_UNKNOWN =
|
|
77528
|
+
const IFMT_UNKNOWN = ~IFMT;
|
|
77529
77529
|
// set after successfully calling readdir() and getting entries.
|
|
77530
77530
|
const READDIR_CALLED = 0b0000_0001_0000;
|
|
77531
77531
|
// set after a successful lstat()
|
|
@@ -77828,7 +77828,7 @@ function requireCommonjs$8() {
|
|
|
77828
77828
|
provisional: 0
|
|
77829
77829
|
});
|
|
77830
77830
|
this.#children.set(this, children);
|
|
77831
|
-
this.#type &=
|
|
77831
|
+
this.#type &= ~READDIR_CALLED;
|
|
77832
77832
|
return children;
|
|
77833
77833
|
}
|
|
77834
77834
|
/**
|
|
@@ -134545,7 +134545,7 @@ function requireCommonjs$3() {
|
|
|
134545
134545
|
const IFSOCK = 0b1100;
|
|
134546
134546
|
const IFMT = 0b1111;
|
|
134547
134547
|
// mask to unset low 4 bits
|
|
134548
|
-
const IFMT_UNKNOWN =
|
|
134548
|
+
const IFMT_UNKNOWN = ~IFMT;
|
|
134549
134549
|
// set after successfully calling readdir() and getting entries.
|
|
134550
134550
|
const READDIR_CALLED = 0b0000_0001_0000;
|
|
134551
134551
|
// set after a successful lstat()
|
|
@@ -134848,7 +134848,7 @@ function requireCommonjs$3() {
|
|
|
134848
134848
|
provisional: 0
|
|
134849
134849
|
});
|
|
134850
134850
|
this.#children.set(this, children);
|
|
134851
|
-
this.#type &=
|
|
134851
|
+
this.#type &= ~READDIR_CALLED;
|
|
134852
134852
|
return children;
|
|
134853
134853
|
}
|
|
134854
134854
|
/**
|
|
@@ -164963,5 +164963,5 @@ exports.terminalLinkExports = terminalLinkExports;
|
|
|
164963
164963
|
exports.updater = updater$1;
|
|
164964
164964
|
exports.yargsParser = yargsParser;
|
|
164965
164965
|
exports.yoctocolorsCjsExports = yoctocolorsCjsExports;
|
|
164966
|
-
//# debugId=
|
|
164966
|
+
//# debugId=3979c328-ebb2-4cf5-bbd9-17c0bacec526
|
|
164967
164967
|
//# sourceMappingURL=vendor.js.map
|
|
@@ -212320,7 +212320,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
212320
212320
|
}
|
|
212321
212321
|
|
|
212322
212322
|
// dist/version.js
|
|
212323
|
-
var version2 = "14.9.
|
|
212323
|
+
var version2 = "14.9.22";
|
|
212324
212324
|
|
|
212325
212325
|
// ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
|
|
212326
212326
|
function bind2(fn2, thisArg) {
|
|
@@ -215986,7 +215986,7 @@ var CliCore = class {
|
|
|
215986
215986
|
}
|
|
215987
215987
|
}
|
|
215988
215988
|
}
|
|
215989
|
-
if (!this.options.repoUrl && !this.options.projectName && !this.options.disableReportSubmission && !this.options.offlineDatabase) {
|
|
215989
|
+
if (!this.options.repoUrl && !this.options.projectName && !this.options.disableReportSubmission && !this.options.offlineDatabase && !this.options.socketMode) {
|
|
215990
215990
|
throw new Error("Either --repo-url or --project-name is required for dashboard integration. Use --disable-report-submission to skip report submission.");
|
|
215991
215991
|
}
|
|
215992
215992
|
if ((this.options.disableReportSubmission || this.options.offlineDatabase) && !this.options.outputDir && !this.options.printReport) {
|
|
@@ -4561,7 +4561,9 @@ function requireAst() {
|
|
|
4561
4561
|
}
|
|
4562
4562
|
// XXX abstract out this map method
|
|
4563
4563
|
let bodyDotAllowed =
|
|
4564
|
-
!repeated || allowDot || dot ||
|
|
4564
|
+
!repeated || allowDot || dot || !startNoDot
|
|
4565
|
+
? ''
|
|
4566
|
+
: this.#partsToRegExp(true)
|
|
4565
4567
|
if (bodyDotAllowed === body) {
|
|
4566
4568
|
bodyDotAllowed = ''
|
|
4567
4569
|
}
|
|
@@ -7078,7 +7080,7 @@ function requireCommonjs$1() {
|
|
|
7078
7080
|
const IFSOCK = 0b1100
|
|
7079
7081
|
const IFMT = 0b1111
|
|
7080
7082
|
// mask to unset low 4 bits
|
|
7081
|
-
const IFMT_UNKNOWN =
|
|
7083
|
+
const IFMT_UNKNOWN = ~IFMT
|
|
7082
7084
|
// set after successfully calling readdir() and getting entries.
|
|
7083
7085
|
const READDIR_CALLED = 0b0000_0001_0000
|
|
7084
7086
|
// set after a successful lstat()
|
|
@@ -7406,7 +7408,7 @@ function requireCommonjs$1() {
|
|
|
7406
7408
|
provisional: 0
|
|
7407
7409
|
})
|
|
7408
7410
|
this.#children.set(this, children)
|
|
7409
|
-
this.#type &=
|
|
7411
|
+
this.#type &= ~READDIR_CALLED
|
|
7410
7412
|
return children
|
|
7411
7413
|
}
|
|
7412
7414
|
/**
|
|
@@ -14379,7 +14381,7 @@ function requireLib$5() {
|
|
|
14379
14381
|
if (!name.length) {
|
|
14380
14382
|
errors.push('name length must be greater than zero')
|
|
14381
14383
|
}
|
|
14382
|
-
if (name.
|
|
14384
|
+
if (name.startsWith('.')) {
|
|
14383
14385
|
errors.push('name cannot start with a period')
|
|
14384
14386
|
}
|
|
14385
14387
|
if (name.match(/^_/)) {
|
|
@@ -14419,6 +14421,9 @@ function requireLib$5() {
|
|
|
14419
14421
|
if (nameMatch) {
|
|
14420
14422
|
const user = nameMatch[1]
|
|
14421
14423
|
const pkg = nameMatch[2]
|
|
14424
|
+
if (pkg.startsWith('.')) {
|
|
14425
|
+
errors.push('name cannot start with a period')
|
|
14426
|
+
}
|
|
14422
14427
|
if (
|
|
14423
14428
|
encodeURIComponent(user) === user &&
|
|
14424
14429
|
encodeURIComponent(pkg) === pkg
|