@socketsecurity/cli-with-sentry 0.15.7 → 0.15.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.config/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/cli.js +47 -50
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/shadow-inject.js +38 -14
- package/dist/shadow-inject.js.map +1 -1
- package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/pnpm-fix.d.mts.map +1 -1
- package/dist/types/shadow/npm/arborist/lib/node.d.mts +7 -2
- package/dist/types/shadow/npm/arborist/lib/node.d.mts.map +1 -1
- package/dist/types/shadow/npm/arborist-helpers.d.mts.map +1 -1
- package/dist/types/utils/pnpm.d.mts +1 -15
- package/dist/types/utils/pnpm.d.mts.map +1 -1
- package/dist/types/utils/spec.d.mts +2 -1
- package/dist/types/utils/spec.d.mts.map +1 -1
- package/dist/utils.js +33 -84
- package/dist/utils.js.map +1 -1
- package/dist/vendor.js +4036 -23919
- package/dist/vendor.js.map +1 -1
- package/package.json +5 -3
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { SafeOverrideSet } from './override-set.mts'
|
|
2
2
|
import type { SafeEdge } from './edge.mts'
|
|
3
|
-
import type { Node as BaseNode
|
|
3
|
+
import type { Node as BaseNode } from '@npmcli/arborist'
|
|
4
4
|
type NodeClass = Omit<
|
|
5
5
|
BaseNode,
|
|
6
6
|
| 'addEdgeIn'
|
|
@@ -28,6 +28,7 @@ type NodeClass = Omit<
|
|
|
28
28
|
| 'resolve'
|
|
29
29
|
| 'resolveParent'
|
|
30
30
|
| 'root'
|
|
31
|
+
| 'target'
|
|
31
32
|
| 'updateOverridesEdgeInAdded'
|
|
32
33
|
| 'updateOverridesEdgeInRemoved'
|
|
33
34
|
| 'version'
|
|
@@ -35,7 +36,7 @@ type NodeClass = Omit<
|
|
|
35
36
|
> & {
|
|
36
37
|
name: string
|
|
37
38
|
version: string
|
|
38
|
-
children: Map<string, SafeNode |
|
|
39
|
+
children: Map<string, SafeNode | LinkClass>
|
|
39
40
|
edgesIn: Set<SafeEdge>
|
|
40
41
|
edgesOut: Map<string, SafeEdge>
|
|
41
42
|
from: SafeNode | null
|
|
@@ -47,6 +48,7 @@ type NodeClass = Omit<
|
|
|
47
48
|
addEdge(edge: SafeEdge): void
|
|
48
49
|
}
|
|
49
50
|
overrides: SafeOverrideSet | undefined
|
|
51
|
+
target: SafeNode
|
|
50
52
|
versions: string[]
|
|
51
53
|
get inDepBundle(): boolean
|
|
52
54
|
get packageName(): string | null
|
|
@@ -70,6 +72,9 @@ type NodeClass = Omit<
|
|
|
70
72
|
): boolean
|
|
71
73
|
updateOverridesEdgeInRemoved(otherOverrideSet: SafeOverrideSet): boolean
|
|
72
74
|
}
|
|
75
|
+
export type LinkClass = Omit<NodeClass, 'isLink'> & {
|
|
76
|
+
readonly isLink: true
|
|
77
|
+
}
|
|
73
78
|
declare const Node: NodeClass
|
|
74
79
|
export declare class SafeNode extends Node {
|
|
75
80
|
canDedupe(preferDedupe?: boolean): boolean
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"node.d.mts","sourceRoot":"","sources":["../../../../../../src/shadow/npm/arborist/lib/node.mts"],"names":[],"mappings":"AAIA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAIpD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,KAAK,EAAE,IAAI,IAAI,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"node.d.mts","sourceRoot":"","sources":["../../../../../../src/shadow/npm/arborist/lib/node.mts"],"names":[],"mappings":"AAIA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAIpD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,KAAK,EAAE,IAAI,IAAI,QAAQ,EAAE,MAAM,kBAAkB,CAAA;AAIxD,KAAK,SAAS,GAAG,IAAI,CACnB,QAAQ,EACN,WAAW,GACX,YAAY,GACZ,WAAW,GACX,YAAY,GACZ,gBAAgB,GAChB,UAAU,GACV,cAAc,GACd,SAAS,GACT,UAAU,GACV,MAAM,GACN,eAAe,GACf,aAAa,GACb,cAAc,GACd,WAAW,GACX,OAAO,GACP,SAAS,GACT,MAAM,GACN,MAAM,GACN,WAAW,GACX,aAAa,GACb,QAAQ,GACR,8BAA8B,GAC9B,SAAS,GACT,eAAe,GACf,MAAM,GACN,QAAQ,GACR,4BAA4B,GAC5B,8BAA8B,GAC9B,SAAS,GACT,UAAU,CACb,GAAG;IACF,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAC,CAAA;IAC3C,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;IACtB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC/B,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IACrB,aAAa,EAAE,OAAO,CAAA;IACtB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAA;IACjC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,KAAK,EAAE,OAAO,GAAG,SAAS,CAAA;IAC1B,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG;QACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;KAC9B,CAAA;IACD,SAAS,EAAE,eAAe,GAAG,SAAS,CAAA;IACtC,MAAM,EAAE,QAAQ,CAAA;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,IAAI,WAAW,IAAI,OAAO,CAAA;IAC1B,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAAA;IAChC,IAAI,MAAM,IAAI,QAAQ,GAAG,IAAI,CAAA;IAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,EAAC;IAClC,IAAI,aAAa,IAAI,QAAQ,GAAG,IAAI,CAAA;IACpC,IAAI,IAAI,IAAI,QAAQ,GAAG,IAAI,CAAA;IAC3B,IAAI,IAAI,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,EAAC;IAChC,KAAK,GAAG,IAAI,EAAE,GAAG,GAAG,SAAS,CAAA;IAC7B,SAAS,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IAC/B,UAAU,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IAChC,SAAS,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;IAC1C,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAC3D,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAC/D,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAA;IAClC,OAAO,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAA;IAChC,4BAA4B,IAAI,IAAI,CAAA;IACpC,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAA;IAC/B,0BAA0B,CACxB,gBAAgB,EAAE,eAAe,GAAG,SAAS,GAC5C,OAAO,CAAA;IACV,4BAA4B,CAAC,gBAAgB,EAAE,eAAe,GAAG,OAAO,CAAA;CACzE,CAAA;AAED,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,GAAG;IAClD,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAA;CACtB,CAAA;AAED,QAAA,MAAM,IAAI,EAAE,SAA+C,CAAA;AAI3D,qBAAa,QAAS,SAAQ,IAAI;IAIvB,SAAS,CAAC,YAAY,UAAQ;IAqD9B,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO;IA4C/D,YAAY,CAAC,IAAI,EAAE,QAAQ;IAQ3B,SAAS,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI;IAkBxC,IAAa,UAAU,YA4BtB;IAED,IAAa,MAAM,CAAC,SAAS,EAAE,QAAQ,EAqBtC;IAIQ,4BAA4B;IAWrC,IAAa,IAAI,CAAC,OAAO,EAAE,QAAQ,EAoBlC;IAgBQ,0BAA0B,CACjC,gBAAgB,EAAE,eAAe,GAAG,SAAS;IAsCtC,4BAA4B,CAAC,gBAAgB,EAAE,eAAe;CAgCxE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"arborist-helpers.d.mts","sourceRoot":"","sources":["../../../../src/shadow/npm/arborist-helpers.mts"],"names":[],"mappings":"AAKA,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAA;AAS7E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AACrE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mCAAmC,CAAA;AAE7D,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"arborist-helpers.d.mts","sourceRoot":"","sources":["../../../../src/shadow/npm/arborist-helpers.mts"],"names":[],"mappings":"AAKA,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAA;AAS7E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AACrE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mCAAmC,CAAA;AAE7D,OAAO,KAAK,EAAa,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAClE,OAAO,KAAK,EACV,kBAAkB,EAClB,aAAa,EACd,MAAM,sCAAsC,CAAA;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uCAAuC,CAAA;AAChF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAA;AAcnE,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,QAAQ,EACd,iBAAiB,EAAE,MAAM,EAAE,EAC3B,sBAAsB,CAAC,EAAE,MAAM,EAC/B,8BAA8B,CAAC,EAAE,MAAM,GAAG,SAAS,GAClD,MAAM,GAAG,IAAI,CAwBf;AAED,wBAAgB,eAAe,CAC7B,IAAI,EAAE,QAAQ,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,GAC3B,QAAQ,GAAG,SAAS,CA+BtB;AAED,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,QAAQ,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,GAC3B,QAAQ,EAAE,CAgCZ;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,WAAW,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IACjC,OAAO,CAAC,EAAE,kBAAkB,GAAG,SAAS,CAAA;IACxC,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CAC9B,CAAA;AAED,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,YAAY,EACjB,QAAQ,CAAC,EAAE,+BAA+B,GAAG,SAAS,GACrD,OAAO,CAAC,aAAa,CAAC,CA+CxB;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC/B,aAAa,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CACpC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,CAAC,EAAE,sBAAsB,GAAG,SAAS,CAAA;CAC7C,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,QAAQ,CAAA;IACd,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAA;CAChC,CAAA;AAED,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,IAAI,GAAG,IAAI,EAClB,OAAO,CAAC,EAAE,gBAAgB,GAAG,SAAS,GACrC,aAAa,EAAE,CA+EjB;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAElE;AAED,MAAM,MAAM,SAAS,GAAG,OAAO,CAC7B,OAAO,CAAC,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC,EACjD,IAAI,CACL,CAAA;AAED,wBAAgB,UAAU,CACxB,IAAI,EAAE,QAAQ,EACd,UAAU,EAAE,MAAM,EAClB,mBAAmB,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,GACjD,IAAI,CAsDN;AAED,wBAAgB,yBAAyB,CACvC,eAAe,EAAE,mBAAmB,EACpC,IAAI,EAAE,QAAQ,EACd,IAAI,EAAE,QAAQ,EACd,UAAU,EAAE,MAAM,EAClB,UAAU,CAAC,EAAE,UAAU,GAAG,SAAS,GAClC,OAAO,CA+BT"}
|
|
@@ -1,21 +1,7 @@
|
|
|
1
1
|
import type { LockfileObject } from '@pnpm/lockfile.fs'
|
|
2
2
|
import type { SemVer } from 'semver'
|
|
3
|
-
export declare function extractPurlsFromPnpmLockfileV6(
|
|
4
|
-
lockfile: LockfileObject
|
|
5
|
-
): string[]
|
|
6
|
-
export declare function extractPurlsFromPnpmLockfileV9(
|
|
7
|
-
lockfile: LockfileObject
|
|
8
|
-
): string[]
|
|
9
3
|
export declare function extractPurlsFromPnpmLockfile(
|
|
10
4
|
lockfile: LockfileObject
|
|
11
|
-
): string[]
|
|
5
|
+
): Promise<string[]>
|
|
12
6
|
export declare function parsePnpmLockfileVersion(version: string): SemVer
|
|
13
|
-
export declare function resolvePnpmPackageId(
|
|
14
|
-
alias: string,
|
|
15
|
-
ref: string
|
|
16
|
-
): string | null
|
|
17
|
-
export declare function resolvePnpmPackageIdFromPath(
|
|
18
|
-
ref: string,
|
|
19
|
-
alias: string
|
|
20
|
-
): string | null
|
|
21
7
|
//# sourceMappingURL=pnpm.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pnpm.d.mts","sourceRoot":"","sources":["../../../src/utils/pnpm.mts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pnpm.d.mts","sourceRoot":"","sources":["../../../src/utils/pnpm.mts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAmB,MAAM,mBAAmB,CAAA;AACxE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAEpC,wBAAsB,4BAA4B,CAChD,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,EAAE,CAAC,CA4BnB;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEhE"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PackageURL } from '@socketregistry/packageurl-js'
|
|
2
2
|
export declare function idToPurl(id: string): string
|
|
3
|
+
export declare function isDepPath(maybeDepPath: string): boolean
|
|
3
4
|
export declare function resolvePackageVersion(purlObj: PackageURL): string
|
|
4
|
-
export declare function stripLeadingSlash(
|
|
5
|
+
export declare function stripLeadingSlash(depPath: string): string
|
|
5
6
|
export declare function stripPeerSuffix(depPath: string): string
|
|
6
7
|
//# sourceMappingURL=spec.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"spec.d.mts","sourceRoot":"","sources":["../../../src/utils/spec.mts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAE1D,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAE3C;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAGjE;AAED,wBAAgB,iBAAiB,CAAC,
|
|
1
|
+
{"version":3,"file":"spec.d.mts","sourceRoot":"","sources":["../../../src/utils/spec.mts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAE1D,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAE3C;AAED,wBAAgB,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,CAGjE;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGvD"}
|
package/dist/utils.js
CHANGED
|
@@ -12,9 +12,9 @@ const prompts = require('../external/@socketsecurity/registry/lib/prompts')
|
|
|
12
12
|
const strings = require('../external/@socketsecurity/registry/lib/strings')
|
|
13
13
|
const promises = require('node:timers/promises')
|
|
14
14
|
const arrays = require('../external/@socketsecurity/registry/lib/arrays')
|
|
15
|
-
const packages = require('../external/@socketsecurity/registry/lib/packages')
|
|
16
15
|
const fs = require('node:fs')
|
|
17
16
|
const registry = require('../external/@socketsecurity/registry')
|
|
17
|
+
const packages = require('../external/@socketsecurity/registry/lib/packages')
|
|
18
18
|
const sorts = require('../external/@socketsecurity/registry/lib/sorts')
|
|
19
19
|
const Module = require('node:module')
|
|
20
20
|
const spawn = require('../external/@socketsecurity/registry/lib/spawn')
|
|
@@ -1977,18 +1977,15 @@ function getTranslations() {
|
|
|
1977
1977
|
function idToPurl(id) {
|
|
1978
1978
|
return `pkg:npm/${id}`
|
|
1979
1979
|
}
|
|
1980
|
-
function
|
|
1981
|
-
|
|
1982
|
-
return version
|
|
1983
|
-
? (vendor.semverExports.coerce(stripPeerSuffix(version))?.version ?? '')
|
|
1984
|
-
: ''
|
|
1980
|
+
function isDepPath(maybeDepPath) {
|
|
1981
|
+
return maybeDepPath.length > 0 && maybeDepPath.charCodeAt(0) === 47 /*'/'*/
|
|
1985
1982
|
}
|
|
1986
|
-
function stripLeadingSlash(
|
|
1987
|
-
return
|
|
1983
|
+
function stripLeadingSlash(depPath) {
|
|
1984
|
+
return isDepPath(depPath) ? depPath.slice(1) : depPath
|
|
1988
1985
|
}
|
|
1989
1986
|
function stripPeerSuffix(depPath) {
|
|
1990
|
-
const
|
|
1991
|
-
return
|
|
1987
|
+
const index = depPath.indexOf('(')
|
|
1988
|
+
return index === -1 ? depPath : depPath.slice(0, index)
|
|
1992
1989
|
}
|
|
1993
1990
|
|
|
1994
1991
|
const ALERT_SEVERITY_COLOR = createEnum({
|
|
@@ -2491,87 +2488,38 @@ function getMajor(version) {
|
|
|
2491
2488
|
return null
|
|
2492
2489
|
}
|
|
2493
2490
|
|
|
2494
|
-
function
|
|
2495
|
-
const
|
|
2496
|
-
|
|
2497
|
-
|
|
2498
|
-
|
|
2499
|
-
|
|
2500
|
-
)) {
|
|
2501
|
-
const id = resolvePnpmPackageId(alias, ref)
|
|
2502
|
-
if (id) {
|
|
2503
|
-
deps.add(idToPurl(id))
|
|
2504
|
-
}
|
|
2505
|
-
}
|
|
2491
|
+
async function extractPurlsFromPnpmLockfile(lockfile) {
|
|
2492
|
+
const packages = lockfile?.packages ?? {}
|
|
2493
|
+
const seen = new Set()
|
|
2494
|
+
const visit = pkgPath => {
|
|
2495
|
+
if (seen.has(pkgPath)) {
|
|
2496
|
+
return
|
|
2506
2497
|
}
|
|
2507
|
-
|
|
2508
|
-
|
|
2509
|
-
|
|
2510
|
-
)) {
|
|
2511
|
-
const id = resolvePnpmPackageId(alias, ref)
|
|
2512
|
-
if (id) {
|
|
2513
|
-
deps.add(idToPurl(id))
|
|
2514
|
-
}
|
|
2515
|
-
}
|
|
2498
|
+
const pkg = packages[pkgPath]
|
|
2499
|
+
if (!pkg) {
|
|
2500
|
+
return
|
|
2516
2501
|
}
|
|
2517
|
-
|
|
2518
|
-
|
|
2519
|
-
|
|
2520
|
-
|
|
2521
|
-
|
|
2522
|
-
|
|
2523
|
-
deps.add(idToPurl(id))
|
|
2524
|
-
}
|
|
2525
|
-
}
|
|
2502
|
+
seen.add(pkgPath)
|
|
2503
|
+
const deps = {
|
|
2504
|
+
__proto__: null,
|
|
2505
|
+
...pkg.dependencies,
|
|
2506
|
+
...pkg.optionalDependencies,
|
|
2507
|
+
...pkg.devDependencies
|
|
2526
2508
|
}
|
|
2527
|
-
|
|
2528
|
-
|
|
2529
|
-
|
|
2530
|
-
|
|
2531
|
-
if (id) {
|
|
2532
|
-
deps.add(idToPurl(id))
|
|
2533
|
-
}
|
|
2509
|
+
for (const depName in deps) {
|
|
2510
|
+
const ref = deps[depName]
|
|
2511
|
+
const subKey = isDepPath(ref) ? ref : `/${depName}@${ref}`
|
|
2512
|
+
visit(subKey)
|
|
2534
2513
|
}
|
|
2535
2514
|
}
|
|
2536
|
-
|
|
2537
|
-
|
|
2538
|
-
|
|
2539
|
-
|
|
2540
|
-
return Object.keys(depTypes).map(refId => {
|
|
2541
|
-
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
2542
|
-
idToPurl(refId)
|
|
2543
|
-
)
|
|
2544
|
-
const name = packages.resolvePackageName(purlObj)
|
|
2545
|
-
const version = resolvePackageVersion(purlObj)
|
|
2546
|
-
return idToPurl(`${name}@${version}`)
|
|
2547
|
-
})
|
|
2548
|
-
}
|
|
2549
|
-
function extractPurlsFromPnpmLockfile(lockfile) {
|
|
2550
|
-
return parsePnpmLockfileVersion(lockfile.lockfileVersion).major <= 6
|
|
2551
|
-
? extractPurlsFromPnpmLockfileV6(lockfile)
|
|
2552
|
-
: extractPurlsFromPnpmLockfileV9(lockfile)
|
|
2515
|
+
for (const pkgPath of Object.keys(packages)) {
|
|
2516
|
+
visit(pkgPath)
|
|
2517
|
+
}
|
|
2518
|
+
return [...seen].map(p => idToPurl(stripPeerSuffix(stripLeadingSlash(p))))
|
|
2553
2519
|
}
|
|
2554
2520
|
function parsePnpmLockfileVersion(version) {
|
|
2555
2521
|
return vendor.semverExports.coerce(version)
|
|
2556
2522
|
}
|
|
2557
|
-
function resolvePnpmPackageId(alias, ref) {
|
|
2558
|
-
return ref.startsWith('/')
|
|
2559
|
-
? resolvePnpmPackageIdFromPath(ref, alias)
|
|
2560
|
-
: `${alias}@${stripPeerSuffix(ref)}`
|
|
2561
|
-
}
|
|
2562
|
-
function resolvePnpmPackageIdFromPath(ref, alias) {
|
|
2563
|
-
const relative = vendor.libExports$3.refToRelative(ref, alias)
|
|
2564
|
-
if (relative) {
|
|
2565
|
-
const id = stripLeadingSlash(relative)
|
|
2566
|
-
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
2567
|
-
idToPurl(id)
|
|
2568
|
-
)
|
|
2569
|
-
const name = packages.resolvePackageName(purlObj)
|
|
2570
|
-
const version = resolvePackageVersion(purlObj)
|
|
2571
|
-
return `${name}@${version}`
|
|
2572
|
-
}
|
|
2573
|
-
return null
|
|
2574
|
-
}
|
|
2575
2523
|
|
|
2576
2524
|
async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
2577
2525
|
const options = {
|
|
@@ -2581,7 +2529,7 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
|
2581
2529
|
nothrow: false,
|
|
2582
2530
|
...options_
|
|
2583
2531
|
}
|
|
2584
|
-
const purls = extractPurlsFromPnpmLockfile(lockfile)
|
|
2532
|
+
const purls = await extractPurlsFromPnpmLockfile(lockfile)
|
|
2585
2533
|
return await getAlertsMapFromPurls(purls, {
|
|
2586
2534
|
overrides: lockfile.overrides,
|
|
2587
2535
|
...options
|
|
@@ -3277,6 +3225,7 @@ exports.outputFlags = outputFlags
|
|
|
3277
3225
|
exports.parsePnpmLockfileVersion = parsePnpmLockfileVersion
|
|
3278
3226
|
exports.queryApiSafeJson = queryApiSafeJson
|
|
3279
3227
|
exports.queryApiSafeText = queryApiSafeText
|
|
3228
|
+
exports.readFileUtf8 = readFileUtf8
|
|
3280
3229
|
exports.removeNodeModules = removeNodeModules
|
|
3281
3230
|
exports.runAgentInstall = runAgentInstall
|
|
3282
3231
|
exports.safeReadFile = safeReadFile
|
|
@@ -3288,5 +3237,5 @@ exports.supportedConfigKeys = supportedConfigKeys
|
|
|
3288
3237
|
exports.updateConfigValue = updateConfigValue
|
|
3289
3238
|
exports.validationFlags = validationFlags
|
|
3290
3239
|
exports.walkNestedMap = walkNestedMap
|
|
3291
|
-
//# debugId=
|
|
3240
|
+
//# debugId=e7aa1c94-3495-4b0b-9d64-bbe476ebf80c
|
|
3292
3241
|
//# sourceMappingURL=utils.js.map
|