npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.0.103 → 1.0.104 - Mend

@socketsecurity/cli-with-sentry 1.0.103 → 1.0.104

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/constants.js CHANGED Viewed

@@ -140,10 +140,10 @@ const LAZY_ENV = () => {
     INLINED_SOCKET_CLI_SYNP_VERSION: envAsString("1.9.14"),
     // Comp-time inlined Socket package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.103"),
+    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.104"),
     // Comp-time inlined Socket package version hash.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.103:1c630a5:9cfe3a94:pub"),
+    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.104:fd6c9d6:ab2aa67c:pub"),
     // The absolute location of the %localappdata% folder on Windows used to store
     // user-specific, non-roaming application data, like temporary files, cached
     // data, and program settings, that are specific to the current machine and user.
@@ -520,5 +520,5 @@ const constants = createConstantsObject({
 });
 module.exports = constants;
-//# debugId=bf5a2729-ef60-498a-8444-5a342f484ecc
+//# debugId=3a15bbf6-5987-4b46-af3d-dfe40feb9334
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC \| undefined>(\n key?: K \| undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_API_URL: string\n GITHUB_BASE_REF: string\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_SERVER_URL: string\n GITHUB_TOKEN: string\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SOCKET_CLI_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n NODE_EXTRA_CA_CERTS: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TIMEOUT: number\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_NPM_PATH: string\n SOCKET_CLI_ORG_SLUG: string\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype ProcessEnv = {\n [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string \| undefined\n SOCKET_CLI_OPTIMIZE?: boolean \| undefined\n SOCKET_CLI_SAFE_BIN?: string \| undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean \| undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' \| 'ENV' \| 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly nodeMemoryFlags: string[]\n readonly npmCachePath: string\n readonly npmGlobalPrefix: string\n readonly npmNmNodeGypPath: string\n readonly processEnv: ProcessEnv\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions \| undefined\nfunction getNpmStdioPipeOptions() {\n if (_npmStdioPipeOptions === undefined) {\n _npmStdioPipeOptions = {\n cwd: process.cwd(),\n // Lazily access constants.WIN32.\n shell: constants.WIN32,\n }\n }\n return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n const { env: processEnv } = process\n const envHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/env')\n const utils = /@__PURE__/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/utils.js'),\n )\n const envAsBoolean = envHelpers.envAsBoolean\n const envAsNumber = envHelpers.envAsNumber\n const envAsString = envHelpers.envAsString\n const getConfigValueOrUndef = utils.getConfigValueOrUndef\n const readOrDefaultSocketJson = utils.readOrDefaultSocketJson\n const GITHUB_TOKEN = envAsString(processEnv['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(processEnv['DISABLE_GITHUB_CACHE']),\n // The API URL. For example, https://api.github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_API_URL:\n envAsString(processEnv['GITHUB_API_URL']) \|\| 'https://api.github.com',\n // The name of the base ref or target branch of the pull request in a workflow\n // run. This is only set when the event that triggers a workflow run is either\n // pull_request or pull_request_target. For example, main.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_BASE_REF: envAsString(processEnv['GITHUB_BASE_REF']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_NAME: envAsString(processEnv['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_TYPE: envAsString(processEnv['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REPOSITORY: envAsString(processEnv['GITHUB_REPOSITORY']),\n // The URL of the GitHub server. For example, https://github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_SERVER_URL:\n envAsString(processEnv['GITHUB_SERVER_URL']) \|\| 'https://github.com',\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // The absolute location of the %localappdata% folder on Windows used to store\n // user-specific, non-roaming application data, like temporary files, cached\n // data, and program settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(processEnv[LOCALAPPDATA]),\n // Enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n // certificates in file. The file should consist of one or more trusted\n // certificates in PEM format.\n // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n NODE_EXTRA_CA_CERTS:\n envAsString(processEnv['NODE_EXTRA_CA_CERTS']) \|\|\n // Commonly used environment variable to specify the path to a single\n // PEM-encoded certificate file.\n envAsString(processEnv['SSL_CERT_FILE']),\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(processEnv['PATH']),\n // Accept risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(processEnv[SOCKET_CLI_ACCEPT_RISKS]),\n // Change the base URL for Socket API calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(processEnv['SOCKET_CLI_API_BASE_URL']) \|\|\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_BASE_URL']) \|\|\n getConfigValueOrUndef('apiBaseUrl') \|\|\n 'https://api.socket.dev/v0/',\n // Set the proxy that all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(processEnv['SOCKET_CLI_API_PROXY']) \|\|\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_PROXY']) \|\|\n // Commonly used environment variables to specify routing requests through\n // a proxy server.\n envAsString(processEnv['HTTPS_PROXY']) \|\|\n envAsString(processEnv['https_proxy']) \|\|\n envAsString(processEnv['HTTP_PROXY']) \|\|\n envAsString(processEnv['http_proxy']),\n // Set the timeout in milliseconds for Socket API requests.\n // https://nodejs.org/api/http.html#httprequesturl-options-callback\n SOCKET_CLI_API_TIMEOUT: envAsNumber(processEnv['SOCKET_CLI_API_TOKEN']),\n // Set the Socket API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(processEnv['SOCKET_CLI_API_TOKEN']) \|\|\n // TODO: Remove legacy environment variable names.\n envAsString(processEnv['SOCKET_CLI_API_KEY']) \|\|\n envAsString(processEnv['SOCKET_SECURITY_API_TOKEN']) \|\|\n envAsString(processEnv['SOCKET_SECURITY_API_KEY']),\n // A JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(processEnv['SOCKET_CLI_CONFIG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_EMAIL']) \|\|\n 'github-actions[bot]@users.noreply.github.com',\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_NAME']) \|\|\n envAsString(processEnv['SOCKET_CLI_GIT_USERNAME']) \|\|\n 'github-actions[bot]',\n // Change the base URL for GitHub REST API calls.\n // https://docs.github.com/en/rest\n SOCKET_CLI_GITHUB_API_URL:\n envAsString(processEnv['SOCKET_CLI_GITHUB_API_URL']) \|\|\n readOrDefaultSocketJson(process.cwd())?.defaults?.scan?.github\n ?.githubApiUrl \|\|\n 'https://api.github.com',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(processEnv['SOCKET_CLI_GITHUB_TOKEN']) \|\|\n // TODO: Remove undocumented legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_GITHUB_PAT']) \|\|\n GITHUB_TOKEN,\n // Make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(\n processEnv['SOCKET_CLI_NO_API_TOKEN'],\n ),\n // The absolute location of the npm directory.\n SOCKET_CLI_NPM_PATH: envAsString(processEnv['SOCKET_CLI_NPM_PATH']),\n // Specify the Socket organization slug.\n SOCKET_CLI_ORG_SLUG:\n envAsString(processEnv['SOCKET_CLI_ORG_SLUG']) \|\|\n // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n envAsString(processEnv['SOCKET_ORG_SLUG']),\n // View all risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(\n processEnv[SOCKET_CLI_VIEW_ALL_RISKS],\n ),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(processEnv['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(processEnv['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli-wrapper.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, ''],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD \|\|\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyNodeMemoryFlags = () => {\n const flags = /@__PURE__/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/flags.js'),\n )\n const getMaxOldSpaceSizeFlag = flags.getMaxOldSpaceSizeFlag\n const getMaxSemiSpaceSizeFlag = flags.getMaxSemiSpaceSizeFlag\n return Object.freeze([\n `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n ])\n}\n\nconst lazyNpmCachePath = () => {\n const spawnHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['config', 'get', 'cache'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n const spawnHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['prefix', '-g'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n path.join(\n // Lazily access constants.npmRealExecPath.\n constants.npmRealExecPath,\n '../../node_modules/node-gyp/bin/node-gyp.js',\n )\n\nconst lazyProcessEnv = () =>\n // Lazily access constants.ENV.\n Object.setPrototypeOf(\n Object.fromEntries(\n Object.entries(constants.ENV).reduce(\n (entries, entry) => {\n const { 0: key, 1: value } = entry\n if (key.startsWith('INLINED_SOCKET_CLI_')) {\n return entries\n }\n if (typeof value === 'string') {\n if (value) {\n entries.push(entry as [string, string])\n }\n } else if (typeof value === 'boolean' && value) {\n entries.push([key, '1'])\n }\n return entries\n },\n [] as Array<[string, string]>,\n ),\n ),\n null,\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string \| undefined => {\n // Get the OS app data directory:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string \| undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = /@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_DEFAULT_BRANCH,\n SOCKET_DEFAULT_REPOSITORY,\n SOCKET_WEBSITE_URL,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n nodeMemoryFlags: undefined,\n npmCachePath: undefined,\n npmGlobalPrefix: undefined,\n npmNmNodeGypPath: undefined,\n processEnv: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n nodeMemoryFlags: lazyNodeMemoryFlags,\n npmCachePath: lazyNpmCachePath,\n npmGlobalPrefix: lazyNpmGlobalPrefix,\n npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n processEnv: lazyProcessEnv,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","envAsString","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TIMEOUT","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAsJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAgB;AACxB;;AAEE;;AAGF;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACAH;AAGF;AACA;AACAI;AAEE;AACAJ;AACA;AACA;AACAA;AAIF;AACA;AACAK;AACA;AACA;AACAC;AAEE;;AAIF;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;;AAMA;AACA;AACA;AACA;AACAC;AAEE;AACAT;AAEF;AACAU;AAGA;AACAC;AACA;AACAC;AAEE;AACAZ;AACF;AACAa;AAGA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAlB;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;AAEI;;AAGF;AACA;AACA;AAIF;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAsB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAL;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQM;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAzB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAkB;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIQ;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"bf5a2729-ef60-498a-8444-5a342f484ecc"}
1	+ {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC \| undefined>(\n key?: K \| undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_API_URL: string\n GITHUB_BASE_REF: string\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_SERVER_URL: string\n GITHUB_TOKEN: string\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SOCKET_CLI_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n NODE_EXTRA_CA_CERTS: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TIMEOUT: number\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_NPM_PATH: string\n SOCKET_CLI_ORG_SLUG: string\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype ProcessEnv = {\n [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string \| undefined\n SOCKET_CLI_OPTIMIZE?: boolean \| undefined\n SOCKET_CLI_SAFE_BIN?: string \| undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean \| undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' \| 'ENV' \| 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly nodeMemoryFlags: string[]\n readonly npmCachePath: string\n readonly npmGlobalPrefix: string\n readonly npmNmNodeGypPath: string\n readonly processEnv: ProcessEnv\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions \| undefined\nfunction getNpmStdioPipeOptions() {\n if (_npmStdioPipeOptions === undefined) {\n _npmStdioPipeOptions = {\n cwd: process.cwd(),\n // Lazily access constants.WIN32.\n shell: constants.WIN32,\n }\n }\n return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n const { env: processEnv } = process\n const envHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/env')\n const utils = /@__PURE__/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/utils.js'),\n )\n const envAsBoolean = envHelpers.envAsBoolean\n const envAsNumber = envHelpers.envAsNumber\n const envAsString = envHelpers.envAsString\n const getConfigValueOrUndef = utils.getConfigValueOrUndef\n const readOrDefaultSocketJson = utils.readOrDefaultSocketJson\n const GITHUB_TOKEN = envAsString(processEnv['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(processEnv['DISABLE_GITHUB_CACHE']),\n // The API URL. For example, https://api.github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_API_URL:\n envAsString(processEnv['GITHUB_API_URL']) \|\| 'https://api.github.com',\n // The name of the base ref or target branch of the pull request in a workflow\n // run. This is only set when the event that triggers a workflow run is either\n // pull_request or pull_request_target. For example, main.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_BASE_REF: envAsString(processEnv['GITHUB_BASE_REF']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_NAME: envAsString(processEnv['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_TYPE: envAsString(processEnv['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REPOSITORY: envAsString(processEnv['GITHUB_REPOSITORY']),\n // The URL of the GitHub server. For example, https://github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_SERVER_URL:\n envAsString(processEnv['GITHUB_SERVER_URL']) \|\| 'https://github.com',\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // The absolute location of the %localappdata% folder on Windows used to store\n // user-specific, non-roaming application data, like temporary files, cached\n // data, and program settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(processEnv[LOCALAPPDATA]),\n // Enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n // certificates in file. The file should consist of one or more trusted\n // certificates in PEM format.\n // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n NODE_EXTRA_CA_CERTS:\n envAsString(processEnv['NODE_EXTRA_CA_CERTS']) \|\|\n // Commonly used environment variable to specify the path to a single\n // PEM-encoded certificate file.\n envAsString(processEnv['SSL_CERT_FILE']),\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(processEnv['PATH']),\n // Accept risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(processEnv[SOCKET_CLI_ACCEPT_RISKS]),\n // Change the base URL for Socket API calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(processEnv['SOCKET_CLI_API_BASE_URL']) \|\|\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_BASE_URL']) \|\|\n getConfigValueOrUndef('apiBaseUrl') \|\|\n 'https://api.socket.dev/v0/',\n // Set the proxy that all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(processEnv['SOCKET_CLI_API_PROXY']) \|\|\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_PROXY']) \|\|\n // Commonly used environment variables to specify routing requests through\n // a proxy server.\n envAsString(processEnv['HTTPS_PROXY']) \|\|\n envAsString(processEnv['https_proxy']) \|\|\n envAsString(processEnv['HTTP_PROXY']) \|\|\n envAsString(processEnv['http_proxy']),\n // Set the timeout in milliseconds for Socket API requests.\n // https://nodejs.org/api/http.html#httprequesturl-options-callback\n SOCKET_CLI_API_TIMEOUT: envAsNumber(processEnv['SOCKET_CLI_API_TOKEN']),\n // Set the Socket API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(processEnv['SOCKET_CLI_API_TOKEN']) \|\|\n // TODO: Remove legacy environment variable names.\n envAsString(processEnv['SOCKET_CLI_API_KEY']) \|\|\n envAsString(processEnv['SOCKET_SECURITY_API_TOKEN']) \|\|\n envAsString(processEnv['SOCKET_SECURITY_API_KEY']),\n // A JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(processEnv['SOCKET_CLI_CONFIG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_EMAIL']) \|\|\n 'github-actions[bot]@users.noreply.github.com',\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_NAME']) \|\|\n envAsString(processEnv['SOCKET_CLI_GIT_USERNAME']) \|\|\n 'github-actions[bot]',\n // Change the base URL for GitHub REST API calls.\n // https://docs.github.com/en/rest\n SOCKET_CLI_GITHUB_API_URL:\n envAsString(processEnv['SOCKET_CLI_GITHUB_API_URL']) \|\|\n readOrDefaultSocketJson(process.cwd())?.defaults?.scan?.github\n ?.githubApiUrl \|\|\n 'https://api.github.com',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(processEnv['SOCKET_CLI_GITHUB_TOKEN']) \|\|\n // TODO: Remove undocumented legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_GITHUB_PAT']) \|\|\n GITHUB_TOKEN,\n // Make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(\n processEnv['SOCKET_CLI_NO_API_TOKEN'],\n ),\n // The absolute location of the npm directory.\n SOCKET_CLI_NPM_PATH: envAsString(processEnv['SOCKET_CLI_NPM_PATH']),\n // Specify the Socket organization slug.\n SOCKET_CLI_ORG_SLUG:\n envAsString(processEnv['SOCKET_CLI_ORG_SLUG']) \|\|\n // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n envAsString(processEnv['SOCKET_ORG_SLUG']),\n // View all risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(\n processEnv[SOCKET_CLI_VIEW_ALL_RISKS],\n ),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(processEnv['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(processEnv['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli-wrapper.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, ''],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD \|\|\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyNodeMemoryFlags = () => {\n const flags = /@__PURE__/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/flags.js'),\n )\n const getMaxOldSpaceSizeFlag = flags.getMaxOldSpaceSizeFlag\n const getMaxSemiSpaceSizeFlag = flags.getMaxSemiSpaceSizeFlag\n return Object.freeze([\n `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n ])\n}\n\nconst lazyNpmCachePath = () => {\n const spawnHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['config', 'get', 'cache'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n const spawnHelpers = /@__PURE__/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['prefix', '-g'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n path.join(\n // Lazily access constants.npmRealExecPath.\n constants.npmRealExecPath,\n '../../node_modules/node-gyp/bin/node-gyp.js',\n )\n\nconst lazyProcessEnv = () =>\n // Lazily access constants.ENV.\n Object.setPrototypeOf(\n Object.fromEntries(\n Object.entries(constants.ENV).reduce(\n (entries, entry) => {\n const { 0: key, 1: value } = entry\n if (key.startsWith('INLINED_SOCKET_CLI_')) {\n return entries\n }\n if (typeof value === 'string') {\n if (value) {\n entries.push(entry as [string, string])\n }\n } else if (typeof value === 'boolean' && value) {\n entries.push([key, '1'])\n }\n return entries\n },\n [] as Array<[string, string]>,\n ),\n ),\n null,\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string \| undefined => {\n // Get the OS app data directory:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string \| undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = /@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_DEFAULT_BRANCH,\n SOCKET_DEFAULT_REPOSITORY,\n SOCKET_WEBSITE_URL,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n nodeMemoryFlags: undefined,\n npmCachePath: undefined,\n npmGlobalPrefix: undefined,\n npmNmNodeGypPath: undefined,\n processEnv: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n nodeMemoryFlags: lazyNodeMemoryFlags,\n npmCachePath: lazyNpmCachePath,\n npmGlobalPrefix: lazyNpmGlobalPrefix,\n npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n processEnv: lazyProcessEnv,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","envAsString","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TIMEOUT","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAsJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAgB;AACxB;;AAEE;;AAGF;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACAH;AAGF;AACA;AACAI;AAEE;AACAJ;AACA;AACA;AACAA;AAIF;AACA;AACAK;AACA;AACA;AACAC;AAEE;;AAIF;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;;AAMA;AACA;AACA;AACA;AACAC;AAEE;AACAT;AAEF;AACAU;AAGA;AACAC;AACA;AACAC;AAEE;AACAZ;AACF;AACAa;AAGA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAlB;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;AAEI;;AAGF;AACA;AACA;AAIF;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAsB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAL;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQM;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAzB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAkB;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIQ;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"3a15bbf6-5987-4b46-af3d-dfe40feb9334"}

package/external/@coana-tech/cli/cli.mjs CHANGED Viewed

@@ -190952,25 +190952,25 @@ var Spinner = class _Spinner {
 };
 // ../utils/src/command-utils.ts
-async function execAndLogOnFailure(cmd, dir, options) {
+async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail(cmd, dir, options);
-  if (result.error) logCommandOutput(result, cmd, dir);
+  if (result.error) logCommandOutput(result, cmd, dir, logLevel);
   return !result.error;
 }
 async function execPipeAndLogOnFailure(cmd, dir, options) {
   return execAndLogOnFailure(cmd, dir, { ...options, pipe: true });
 }
-function logCommandOutput(cmdResult, cmd, dir) {
+function logCommandOutput(cmdResult, cmd, dir, logLevel = "info") {
   const { error, stdout, stderr } = cmdResult;
-  logger.info(error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
-  logger.info(`Directory: ${dir}`);
+  logger[logLevel](error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
+  logger[logLevel](`Directory: ${dir}`);
   if (error) {
     const em = error.message;
-    logger.info(`Error: ${em?.endsWith?.(`
+    logger[logLevel](`Error: ${em?.endsWith?.(`
 ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   }
-  logger.info(`stdout: ${stdout}`);
-  logger.info(`stderr: ${stderr}`);
+  logger[logLevel](`stdout: ${stdout}`);
+  logger[logLevel](`stderr: ${stderr}`);
 }
 async function execNeverFail(cmd, dir, options) {
   return new Promise((resolve24) => {
@@ -197761,6 +197761,14 @@ function parseSocketResponse(responseData) {
     throw new Error(`Unexpected response type from Socket API: ${typeof responseData}`);
   }
 }
+function parseComputeArtifactsResponse(responseData) {
+  const response = parseSocketResponse(responseData);
+  return {
+    artifacts: response.filter((r2) => r2.type === "artifact").map((r2) => r2.value),
+    metadata: response.filter((r2) => r2.type === "metadata").flatMap((r2) => r2.value)
+    // There should always only be one metadata object
+  };
+}
 async function createSocketTier1Scan(cliOptions, coanaCliVersion) {
   try {
     const url2 = getSocketApiUrl("tier1-reachability-scan");
@@ -197948,7 +197956,7 @@ async function fetchArtifactsFromManifestsTarHash(manifestsTarHash) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?tarHash=${manifestsTarHash}`);
     const responseData = (await axios2.post(url2, {}, { headers: getAuthHeaders() })).data;
-    return parseSocketResponse(responseData);
+    return parseComputeArtifactsResponse(responseData);
   } catch (e) {
     if (e instanceof AxiosError2) {
       prettyPrintAxiosError(e);
@@ -197975,12 +197983,7 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
     if (!uploadData.tarHash) {
       throw new Error("No tarHash received from upload-manifest-files response");
     }
-    const computeUrl = getSocketApiUrl(
-      `orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?tarHash=${uploadData.tarHash}`
-    );
-    const computeResponse = await axios2.post(computeUrl, {}, { headers: getAuthHeaders() });
-    const responseData = computeResponse.data;
-    return parseSocketResponse(responseData);
+    return (await fetchArtifactsFromManifestsTarHash(uploadData.tarHash)).artifacts;
   } catch (error) {
     logger.warn("Failed to compute socket fact artifacts", error);
     return void 0;
@@ -205296,23 +205299,23 @@ var Spinner2 = class _Spinner {
 };
 // ../utils/dist/command-utils.js
-async function execAndLogOnFailure2(cmd, dir, options) {
+async function execAndLogOnFailure2(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail2(cmd, dir, options);
   if (result.error)
-    logCommandOutput2(result, cmd, dir);
+    logCommandOutput2(result, cmd, dir, logLevel);
   return !result.error;
 }
-function logCommandOutput2(cmdResult, cmd, dir) {
+function logCommandOutput2(cmdResult, cmd, dir, logLevel = "info") {
   const { error, stdout, stderr } = cmdResult;
-  logger.info(error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
-  logger.info(`Directory: ${dir}`);
+  logger[logLevel](error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
+  logger[logLevel](`Directory: ${dir}`);
   if (error) {
     const em = error.message;
-    logger.info(`Error: ${em?.endsWith?.(`
+    logger[logLevel](`Error: ${em?.endsWith?.(`
 ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   }
-  logger.info(`stdout: ${stdout}`);
-  logger.info(`stderr: ${stderr}`);
+  logger[logLevel](`stdout: ${stdout}`);
+  logger[logLevel](`stderr: ${stderr}`);
 }
 async function execNeverFail2(cmd, dir, options) {
   return new Promise((resolve24) => {
@@ -206483,18 +206486,19 @@ import { access as access2, cp, readdir as readdir3, stat as stat2 } from "fs/pr
 import { basename as basename4, join as join11, relative as relative6, resolve as resolve13 } from "path";
 var { uniq } = import_lodash5.default;
 var { isMatch } = import_micromatch.default;
-function findParent(dir, predicate, wholePath) {
-  let curr = dir;
-  let last2 = dir;
+function* parents(dir) {
+  let [curr, last2] = [dir, dir];
   do {
-    const name = wholePath ? curr : basename4(curr);
-    if (predicate(name))
-      return curr;
-    last2 = curr;
-    curr = resolve13(curr, "..");
+    yield curr;
+    [last2, curr] = [curr, resolve13(curr, "..")];
   } while (curr !== last2);
   return void 0;
 }
+function findParent(dir, predicate, wholePath) {
+  for (const parent2 of parents(dir))
+    if (predicate(wholePath ? parent2 : basename4(parent2)))
+      return parent2;
+}
 // ../utils/dist/constants.js
 var { once: once2 } = import_lodash6.default;
@@ -207378,17 +207382,18 @@ import { access as access3, cp as cp2, readdir as readdir4, stat as stat3 } from
 import { basename as basename5, join as join16, relative as relative7, resolve as resolve15 } from "path";
 var { uniq: uniq2 } = import_lodash8.default;
 var { isMatch: isMatch2 } = import_micromatch2.default;
-function findParent2(dir, predicate, wholePath) {
-  let curr = dir;
-  let last2 = dir;
+function* parents2(dir) {
+  let [curr, last2] = [dir, dir];
   do {
-    const name = wholePath ? curr : basename5(curr);
-    if (predicate(name)) return curr;
-    last2 = curr;
-    curr = resolve15(curr, "..");
+    yield curr;
+    [last2, curr] = [curr, resolve15(curr, "..")];
   } while (curr !== last2);
   return void 0;
 }
+function findParent2(dir, predicate, wholePath) {
+  for (const parent2 of parents2(dir))
+    if (predicate(wholePath ? parent2 : basename5(parent2))) return parent2;
+}
 async function getFilesRelative(dir, excludeDirs) {
   async function helper(subDir, arrayOfFiles) {
     for (const item of await readdir4(join16(dir, subDir), { withFileTypes: true })) {
@@ -209354,6 +209359,7 @@ import { join as join20, resolve as resolve18 } from "path";
 import util3 from "util";
 var { once: once7 } = import_lodash13.default;
 var systemPython = once7(() => execFileSync2("which", ["python"], { encoding: "utf8" }).trim());
+var hasPyenv = once7(async () => !(await execNeverFail("which pyenv")).error);
 // ../utils/src/pip-utils.ts
 async function isSetupPySetuptools(file) {
@@ -210102,8 +210108,8 @@ function getVulnerabilityDependencyType(vulnChainDetails, directDependencies, af
         finalDepType = depType;
       }
     }
-    const parents2 = vcd.parentsMap.get(devIdentifier);
-    for (const p3 of parents2 ?? []) {
+    const parents4 = vcd.parentsMap.get(devIdentifier);
+    for (const p3 of parents4 ?? []) {
       if (p3 === ROOT_NODE_STR) continue;
       const parentNode = vcd.transitiveDependencies[p3];
       if (afd && !afd.has(parentNode)) continue;
@@ -210225,17 +210231,17 @@ function computeVulnChainDetails(dependencyTree, dependencyIdentifier, parentsMa
   function addNode(currentIdentifier, childIdentifier, visited) {
     if (visited.has(currentIdentifier))
       return;
-    const parents2 = parentsMap.get(currentIdentifier);
+    const parents4 = parentsMap.get(currentIdentifier);
     const newCurrentNode = transformToVulnChainNode(dependencyTree.transitiveDependencies[currentIdentifier]);
     res.transitiveDependencies[currentIdentifier] = newCurrentNode;
     if (childIdentifier && !newCurrentNode.children.includes(childIdentifier))
       newCurrentNode.children.push(childIdentifier);
     if (!childIdentifier)
       newCurrentNode.vulnerable = true;
-    if (!parents2)
+    if (!parents4)
       return res;
     visited.add(currentIdentifier);
-    for (const parent2 of parents2) {
+    for (const parent2 of parents4) {
       if (parent2 === ROOT_IDENTIFIER)
         res.children.push(currentIdentifier);
       else
@@ -210339,8 +210345,14 @@ function getAllToplevelAncestors(artifactMap, artifactId) {
 async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash) {
   logger.info("Fetching artifacts from Socket backend using manifests tar hash", manifestsTarHash);
   try {
-    const artifacts = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
+    const { artifacts } = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
     const properPythonProjects = [];
+    const pipArtifactToRepresentativeManifest = {};
+    for (const artifact of artifacts) {
+      if (artifact.type === "pypi" && artifact.manifestFiles) {
+        pipArtifactToRepresentativeManifest[simplePurl(artifact.type, artifact.namespace ?? "", artifact.name, artifact.version ?? "")] = artifact;
+      }
+    }
     const venvExcludes = [
       "venv",
       ".venv",
@@ -210392,6 +210404,13 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
           manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch2.default)("{*.csproj,packages.lock.json}")(basename7(file))));
           break;
         }
+        case "PIP": {
+          const sPurl = simplePurl(artifact.type, artifact.namespace ?? "", artifact.name, artifact.version ?? "");
+          if (pipArtifactToRepresentativeManifest[sPurl]) {
+            manifestFiles.push(...(pipArtifactToRepresentativeManifest[sPurl].manifestFiles ?? []).map((ref) => ref.file));
+          }
+          break;
+        }
         default: {
           artifact.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file));
           const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact.id);
@@ -210493,7 +210512,7 @@ function computeVulnChainDetails2(artifacts, vulnerableArtifactId) {
     const currentArtifact = artifactMap.get(currentId);
     if (!currentArtifact)
       return;
-    const parents2 = parentsMap.get(currentId);
+    const parents4 = parentsMap.get(currentId);
     const newCurrentNode = {
       packageName: getNameFromNamespaceAndName(currentArtifact.type, currentArtifact.namespace, currentArtifact.name),
       version: currentArtifact.version ?? void 0,
@@ -210512,8 +210531,8 @@ function computeVulnChainDetails2(artifacts, vulnerableArtifactId) {
       }
     }
     visited.add(currentId);
-    if (parents2) {
-      for (const parentId of parents2) {
+    if (parents4) {
+      for (const parentId of parents4) {
         addNode(parentId, currentId, visited);
       }
     }
@@ -213022,7 +213041,7 @@ __export(traversing_exports, {
   nextUntil: () => nextUntil,
   not: () => not,
   parent: () => parent,
-  parents: () => parents,
+  parents: () => parents3,
   parentsUntil: () => parentsUntil,
   prev: () => prev,
   prevAll: () => prevAll,
@@ -214284,7 +214303,7 @@ function _removeDuplicates(elems) {
   return Array.from(new Set(elems));
 }
 var parent = _singleMatcher(({ parent: parent2 }) => parent2 && !isDocument(parent2) ? parent2 : null, _removeDuplicates);
-var parents = _matcher((elem) => {
+var parents3 = _matcher((elem) => {
   const matched = [];
   while (elem.parent && !isDocument(elem.parent)) {
     matched.push(elem.parent);
@@ -225028,10 +225047,10 @@ var FixesTask = class {
           return;
         }
       }
-      const parents2 = this.getParents(pId, vulnChainDetails);
+      const parents4 = this.getParents(pId, vulnChainDetails);
       let allowedVersionsForCId = potentialVersionsForFix[cId] ? [...potentialVersionsForFix[cId]] : await this.getSafeVersionsOfPackage(vulnChainDetails.transitiveDependencies[cId].packageName);
-      if (parents2.length !== 0) {
-        for (const parent2 of parents2) {
+      if (parents4.length !== 0) {
+        for (const parent2 of parents4) {
           await computeFix(parent2, pId, [key, ...visited]);
           if (res[pId])
             allowedVersionsForCId = await this.filterVersionsAllowedByParent(pId, res[pId], cId, allowedVersionsForCId);
@@ -225060,11 +225079,11 @@ var FixesTask = class {
     const deps = vulnChainDetails.transitiveDependencies;
     const vulnerablePackageIdentifiers = Object.entries(deps ?? []).filter(([_identifier, node]) => node.vulnerable).map(([identifier, _node]) => identifier);
     for (const pId of vulnerablePackageIdentifiers) {
-      const parents2 = this.getParents(pId, vulnChainDetails);
-      if (parents2.length === 0) {
+      const parents4 = this.getParents(pId, vulnChainDetails);
+      if (parents4.length === 0) {
         pickVersionWrapper(pId, [...potentialVersionsForFix[pId]]);
       } else {
-        for (const parent2 of parents2) {
+        for (const parent2 of parents4) {
           await computeFix(parent2, pId, []);
         }
       }
@@ -225125,9 +225144,9 @@ var FixesTask = class {
           safeVersionsForC
         );
         const vs = await filterVersions(pId, versionsOfPAllowingSomeSafeVersions);
-        const parents2 = this.getParents(pId, vuln.vulnChainDetails);
-        if (parents2.length !== 0) {
-          for (const parent2 of parents2) {
+        const parents4 = this.getParents(pId, vuln.vulnChainDetails);
+        if (parents4.length !== 0) {
+          for (const parent2 of parents4) {
             await computePotentialVersionsForFixWithCache(parent2, pId, vs);
           }
         } else {
@@ -225139,17 +225158,17 @@ var FixesTask = class {
     const deps = vuln.vulnChainDetails?.transitiveDependencies;
     const vulnerablePackageIdentifiers = Object.entries(deps ?? []).filter(([_identifier, node]) => node.vulnerable).map(([identifier, _node]) => identifier);
     for (const pId of vulnerablePackageIdentifiers) {
-      const parents2 = this.getParents(pId, vuln.vulnChainDetails);
+      const parents4 = this.getParents(pId, vuln.vulnChainDetails);
       const safeVersionsForVulnerablePackage = await safeVersions(pId);
       const { upgrades, downgrades } = this.groupVersionsInUpgradesAndDowngrades(
         assertDefined(this.packageStructure.transitiveDependencies[pId].version),
         safeVersionsForVulnerablePackage
       );
-      if (parents2.length === 0) {
+      if (parents4.length === 0) {
         if (upgrades.length > 0) res[pId] = upgrades;
         else if (downgrades.length > 0) res[pId] = downgrades;
       } else {
-        for (const parent2 of parents2) {
+        for (const parent2 of parents4) {
           const resClone = { ...res };
           const alreadyComputedCacheClone = new Map(alreadyComputedCache);
           try {
@@ -225583,7 +225602,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version2 = "14.12.3";
+var version2 = "14.12.6";
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -73587,22 +73587,22 @@ import { join as join3 } from "path";
 // ../utils/src/command-utils.ts
 import assert from "assert";
 import { execFile } from "child_process";
-async function execAndLogOnFailure(cmd, dir, options) {
+async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail(cmd, dir, options);
-  if (result.error) logCommandOutput(result, cmd, dir);
+  if (result.error) logCommandOutput(result, cmd, dir, logLevel);
   return !result.error;
 }
-function logCommandOutput(cmdResult, cmd, dir) {
+function logCommandOutput(cmdResult, cmd, dir, logLevel = "info") {
   const { error, stdout, stderr } = cmdResult;
-  logger.info(error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
-  logger.info(`Directory: ${dir}`);
+  logger[logLevel](error ? `Error running command: ${cmd}` : `Result of running command: ${cmd}`);
+  logger[logLevel](`Directory: ${dir}`);
   if (error) {
     const em = error.message;
-    logger.info(`Error: ${em?.endsWith?.(`
+    logger[logLevel](`Error: ${em?.endsWith?.(`
 ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   }
-  logger.info(`stdout: ${stdout}`);
-  logger.info(`stderr: ${stderr}`);
+  logger[logLevel](`stdout: ${stdout}`);
+  logger[logLevel](`stderr: ${stderr}`);
 }
 async function execNeverFail(cmd, dir, options) {
   return new Promise((resolve16) => {
@@ -73747,17 +73747,18 @@ function excludeFiles(excludedDirsRoot, filesRoot, files, excludeDirs) {
     )
   ).map((f2) => relative(filesRoot, f2));
 }
-function findParent(dir, predicate, wholePath) {
-  let curr = dir;
-  let last2 = dir;
+function* parents(dir) {
+  let [curr, last2] = [dir, dir];
   do {
-    const name2 = wholePath ? curr : basename(curr);
-    if (predicate(name2)) return curr;
-    last2 = curr;
-    curr = resolve(curr, "..");
+    yield curr;
+    [last2, curr] = [curr, resolve(curr, "..")];
   } while (curr !== last2);
   return void 0;
 }
+function findParent(dir, predicate, wholePath) {
+  for (const parent2 of parents(dir))
+    if (predicate(wholePath ? parent2 : basename(parent2))) return parent2;
+}
 async function getFiles(dir, excludeDirs) {
   async function helper(currDir, arrayOfFiles) {
     for (const item of await readdir(currDir, { withFileTypes: true })) {
@@ -74201,6 +74202,7 @@ import { join as join4, resolve as resolve2 } from "path";
 import util3 from "util";
 var { once } = import_lodash4.default;
 var systemPython = once(() => execFileSync("which", ["python"], { encoding: "utf8" }).trim());
+var hasPyenv = once(async () => !(await execNeverFail("which pyenv")).error);
 async function getPythonVersion(executable) {
   return runCommandResolveStdOut([executable, "-SIc", `import sys; print(*sys.version_info[:3], sep='.')`]);
 }
@@ -74231,11 +74233,9 @@ var PythonVersionsManager = class _PythonVersionsManager {
   // Extracts the python version specifier from the workspace and returns it as an array of semver parts.
   async getPythonSpecifier(workspacePath, checkPyProject = true) {
     const absPath = resolve2(this.projectDir, workspacePath);
-    const pyenvOrigin = await runCommandResolveStdOut("pyenv version-origin", absPath);
-    const pyenvRoot = process.env.PYENV_ROOT ?? await runCommandResolveStdOut("pyenv root");
-    if (pyenvOrigin !== join4(pyenvRoot, "version"))
+    for (const parent2 of parents(absPath))
       try {
-        return [(await readFile3(pyenvOrigin, "utf-8")).split("\n")[0].trim()];
+        return [(await readFile3(join4(parent2, ".python-version"), "utf-8")).split("\n")[0].trim()];
       } catch (e) {
         if (e.code !== "ENOENT") logger.warn("Failed to read python version file with error", e);
       }
@@ -74283,7 +74283,12 @@ var PythonVersionsManager = class _PythonVersionsManager {
     if (semVerSpec) {
       const systemVer = await getPythonVersion(systemPython());
       if (versionMatchesSemverParts(systemVer, semVerSpec)) return systemPython();
-    }
+      if (!await hasPyenv())
+        throw Error(
+          `System Python (${systemVer}) does not satisfy the specifier '${semVerSpec.join(", ")}'. A matching interpreter can automatically be installed if 'pyenv' is available.`
+        );
+    } else if (!await hasPyenv() || _PythonVersionsManager.getGlobalPythonVersion() === "system")
+      return systemPython();
     return resolve2(await _PythonVersionsManager.getPythonPrefixMatchingSpecifier(semVerSpec), "bin", "python");
   }
   // Throws an error if the python version is not installed.
@@ -77166,7 +77171,7 @@ __export(traversing_exports, {
   nextUntil: () => nextUntil,
   not: () => not,
   parent: () => parent,
-  parents: () => parents,
+  parents: () => parents2,
   parentsUntil: () => parentsUntil,
   prev: () => prev,
   prevAll: () => prevAll,
@@ -78428,7 +78433,7 @@ function _removeDuplicates(elems) {
   return Array.from(new Set(elems));
 }
 var parent = _singleMatcher(({ parent: parent2 }) => parent2 && !isDocument(parent2) ? parent2 : null, _removeDuplicates);
-var parents = _matcher((elem) => {
+var parents2 = _matcher((elem) => {
   const matched = [];
   while (elem.parent && !isDocument(elem.parent)) {
     matched.push(elem.parent);
@@ -96448,9 +96453,9 @@ var PythonCodeAwareVulnerabilityScanner = class {
     const packagesToExclude = heuristic.getPackagesToExcludeFromAnalysis?.(vulns);
     const packagesToInstall = uniqBy(preInstalledDepInfos.filter((n) => !packagesToExclude?.has(n.packageName)), "packageName");
     if (!await this.tryUsingPreinstalledVirtualEnv(packagesToInstall)) {
-      logger.info("Setting up virtual environment");
+      logger.info(`Setting up virtual environment`);
       await this.prepareVirtualEnv(packagesToInstall);
-      logger.debug("Done setting up virtual environment");
+      logger.info("Done setting up virtual environment");
     }
   }
   async runAnalysis(vulns, heuristic, analyzesAllVulns) {
@@ -96512,7 +96517,7 @@ runpy.run_module("mambalade", alter_sys=True)
       "--",
       ...filesToAnalyze
     ];
-    logger.info(`Running mambalade on ${filesToAnalyze.length} files for vulnerabilities:
+    logger.debug(`Running mambalade on ${filesToAnalyze.length} files for vulnerabilities:
 ${vulnAccPaths.join("\n")}`);
     logger.debug(`Running python executable: ${pythonExecutable}`);
     logger.debug(`With args: ${mambaladeArgs.slice(1).join(" ")}`);
@@ -96521,7 +96526,7 @@ ${vulnAccPaths.join("\n")}`);
       logger.debug("Done running mambalade");
       const errors = stderr.split("\n").filter((line) => line.startsWith("ERROR:") && !/^ERROR: Excluded distribution/.test(line));
       if (errors.length > 0)
-        logger.info(`Error messages from mambalade:
+        logger.debug(`Error messages from mambalade:
 ${errors.join("\n")}`);
       const result = JSON.parse(await readFile10(vulnsOutputFile, "utf-8"));
       logger.debug("Analysis result:", JSON.stringify(result, null, 2));
@@ -96546,8 +96551,8 @@ ${errors.join("\n")}`);
         packageInstallationStats: this.virtualEnvInfo.packageInstallationStats
         // Including stats in all analysis diagnostics since we might discard the first one that actually installs it due to analysis timeout.
       };
-      logger.info("Analysis diagnostics:");
-      logger.info(JSON.stringify(omit(diagnostics, this.numberAnalysesRun === 0 ? [] : ["packageInstallationStats"]), null, 2));
+      logger.debug("Analysis diagnostics:");
+      logger.debug(JSON.stringify(omit(diagnostics, this.numberAnalysesRun === 0 ? [] : ["packageInstallationStats"]), null, 2));
       return {
         type: "success",
         diagnostics,
@@ -96592,21 +96597,25 @@ ${msg}`;
         rootWorkingDir: projectTmpDir,
         reachabilityAnalysisOptions: options
       }, projectTmpDir);
-      await scanner.prepareVirtualEnv([]);
-      const sitePackagesDir = scanner.virtualEnvInfo.virtualEnvPathToSitePackages;
-      for (const dep of dependencies) {
-        const dependencyDir = join20(sitePackagesDir, basename9(dep));
-        logger.info(`Copying ${dep} to ${dependencyDir}`);
-        await cp5(dep, dependencyDir, { recursive: true });
-        fileMappings.set(dependencyDir, dep);
-      }
-      const result = await scanner.runAnalysis([vuln], MambaladeHeuristics.ALL_PACKAGES, false);
-      if (result.type === "error")
-        return { error: result.message, terminatedEarly: true };
-      return {
-        detectedOccurrences: transformSourceLocations2(app, fileMappings, result.computeDetectedOccurrences({ ...vuln, url: "" })),
-        terminatedEarly: result.terminatedEarly
-      };
+      try {
+        await scanner.prepareVirtualEnv([]);
+        const sitePackagesDir = scanner.virtualEnvInfo.virtualEnvPathToSitePackages;
+        for (const dep of dependencies) {
+          const dependencyDir = join20(sitePackagesDir, basename9(dep));
+          logger.info(`Copying ${dep} to ${dependencyDir}`);
+          await cp5(dep, dependencyDir, { recursive: true });
+          fileMappings.set(dependencyDir, dep);
+        }
+        const result = await scanner.runAnalysis([vuln], MambaladeHeuristics.ALL_PACKAGES, false);
+        if (result.type === "error")
+          return { error: result.message, terminatedEarly: true };
+        return {
+          detectedOccurrences: transformSourceLocations2(app, fileMappings, result.computeDetectedOccurrences({ ...vuln, url: "" })),
+          terminatedEarly: result.terminatedEarly
+        };
+      } finally {
+        await scanner.cleanup();
+      }
     });
   }
   static async runOnDependencyChain(chain, vuln, options) {
@@ -96628,7 +96637,7 @@ ${msg}`;
             const candidate = findBestWheel(packageName, version3, meta);
             if (candidate) {
               const filename = candidate.url.split("/").at(-1);
-              if (await downloadFile(candidate.url, join20(tmpDir, filename)) && await execAndLogOnFailure(["unzip", filename], tmpDir))
+              if (await downloadFile(candidate.url, join20(tmpDir, filename)) && await execAndLogOnFailure(["unzip", filename], tmpDir, void 0, "debug"))
                 return;
             }
             await exec(cmdt`uv pip install --python-platform ${uvPythonPlatform} --target ${tmpDir} --no-deps ${packageName}==${version3}`);
@@ -96677,6 +96686,8 @@ ${msg}`;
   }
   // public for testing only
   async prepareVirtualEnv(packages) {
+    if (!await hasUv())
+      throw new Error("uv (https://docs.astral.sh/uv/) is missing, but is required for Python analysis");
     const tmpDir = await createTmpDirectory("coana-python-analysis-venv");
     const virtualEnvFolder = join20(tmpDir, ".venv");
     const pythonExecutable = await this.vm.getPythonExecutableForWorkspace(this.projectDir, false);
@@ -96709,12 +96720,12 @@ ${msg}`;
           return true;
         const filename = candidate.url.split("/").at(-1);
         if (await downloadFile(candidate.url, join20(tmpDir, filename)) && await execAndLogOnFailure(cmdt`${uvTool(pythonExecutable)} --from installer==0.7.0 python -m installer
-                --no-compile-bytecode --prefix .venv ${filename}`, tmpDir)) {
+                --no-compile-bytecode --prefix .venv ${filename}`, tmpDir, void 0, "debug")) {
           installStats.installedUsingSpecializedInstallCommand.push(packageName);
           return false;
         }
       } catch (e) {
-        logger.info(`Failed to construct specialized install command for ${packageName}==${version3}`, e);
+        logger.debug(`Failed to construct specialized install command for ${packageName}==${version3}`, e);
       }
       return true;
     }, 4);
@@ -96723,13 +96734,7 @@ ${msg}`;
       const installPipDeps = once3(async () => exec([...uvInstallBase, "pip", "wheel"]));
       for (const { packageName, version: version3, requirement } of failingPackages) {
         const requirementToInstall = requirement ?? `${packageName}==${version3}`;
-        let success = await execAndLogOnFailure([
-          ...uvInstallBase,
-          "--no-deps",
-          "--no-binary",
-          packageName,
-          requirementToInstall
-        ]);
+        let success = await execAndLogOnFailure([...uvInstallBase, "--no-deps", "--no-binary", packageName, requirementToInstall], void 0, void 0, "debug");
         if (!success) {
           await installPipDeps();
           success = await execAndLogOnFailure(
@@ -96738,7 +96743,9 @@ ${msg}`;
             cmdt`.venv/bin/python -m pip
               --no-input --require-virtualenv --disable-pip-version-check --no-cache-dir --isolated install
               --no-deps --ignore-requires-python --no-compile --no-binary ${packageName} ${requirementToInstall}`,
-            tmpDir
+            tmpDir,
+            void 0,
+            "debug"
           );
         }
         (success ? installStats.installedWithoutOnlyBinary : installStats.failedToInstall).push(packageName);
@@ -96829,7 +96836,7 @@ async function getPythonInterpreter() {
 }
 async function setupMambalade() {
   const venvDir = await createTmpDirectory("mambalade-venv");
-  logger.info("Creating Mambalade virtual environment");
+  logger.debug("Creating Mambalade virtual environment");
   const pythonInterpreter = await getPythonInterpreter();
   await exec(cmdt`${pythonInterpreter} -SIm venv ${venvDir}`);
   const mambaladeWheelsPath = join20(COANA_REPOS_PATH(), "mambalade", "dist");
@@ -96837,11 +96844,12 @@ async function setupMambalade() {
   const mambaladeWheels = wheelFiles.filter((f2) => f2.endsWith(".whl")).map((f2) => join20(mambaladeWheelsPath, f2));
   if (!mambaladeWheels.length)
     throw new Error(`No mambalade wheel files found in ${mambaladeWheelsPath}`);
-  logger.info(`Installing mambalade wheels: ${mambaladeWheels.join(", ")}`);
+  logger.debug(`Installing mambalade wheels: ${mambaladeWheels.join(", ")}`);
   await exec(cmdt`${venvDir}/bin/pip install --no-deps ${mambaladeWheels}`);
-  logger.info("Mambalade virtual environment setup complete");
+  logger.debug("Mambalade virtual environment setup complete");
   return venvDir;
 }
+var hasUv = once3(async () => !(await execNeverFail("which uv")).error);
 // dist/whole-program-code-aware-vulnerability-scanner/python/phantom-deps.js
 var { uniq: uniq8 } = import_lodash15.default;
@@ -96937,8 +96945,7 @@ var PipAnalyzer = class {
     this.heuristic = MambaladeHeuristics.createOnlyVulnPathPackagesHeuristic(this.preInstalledDepInfos);
   }
   prepareScanner = once4(async () => {
-    const { vulnerabilities } = this.state;
-    await this.scanner.prepareDependencies(this.preInstalledDepInfos, vulnerabilities.filter((v) => Array.isArray(v.vulnerabilityAccessPaths)), this.heuristic);
+    await this.scanner.prepareDependencies(this.preInstalledDepInfos, this.state.vulnerabilities.filter((v) => Array.isArray(v.vulnerabilityAccessPaths)), this.heuristic);
     return this.scanner;
   });
   async runPhantomDependencyAnalysis() {
@@ -96970,14 +96977,13 @@ function getPreInstalledDepInfos(workspaceData) {
     }));
   } else {
     workspaceData.type;
-    const artifactsWithVersion = workspaceData.data.artifacts.filter((a2) => {
+    return workspaceData.data.artifacts.filter((a2) => {
       if (!a2.version) {
         logger.warn(`Artifact ${a2.name} has no version information`);
         return false;
       }
       return true;
-    });
-    return artifactsWithVersion.map((a2) => ({ packageName: a2.name, version: a2.version }));
+    }).map(({ name: name2, version: version3 }) => ({ packageName: name2, version: version3 }));
   }
 }
@@ -97168,6 +97174,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
           const enqueueWithoutSplitting = !allowSplitInBuckets && initialBucketContainingAllVulns && !state.reachabilityAnalysisOptions.timeoutInSeconds;
           await sendErrorAnalysisMetadata(result.message, !allowSplitInBuckets && isLastHeuristic(bucket.heuristic.name) && !enqueueWithoutSplitting, !allowSplitInBuckets);
           if (enqueueWithoutSplitting) {
+            logger.info("Analysis failed, retrying different configuration.");
             enqueueBucket(vulnDepIdentifiers);
             return;
           }
@@ -97177,6 +97184,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
           }
         }
         if (allowSplitInBuckets) {
+          logger.info("Analysis failed, rerunning analysis multiple times with fewer vulnerabilities per run.");
           const middle = Math.floor(vulnDepIdentifiers.length / 2);
           enqueueBucket(vulnDepIdentifiers.slice(0, middle));
           enqueueBucket(vulnDepIdentifiers.slice(middle));
@@ -97279,9 +97287,6 @@ function getHeuristicFromName(state, heuristicName, ecosystem) {
   if (ecosystem === "NPM") {
     return heuristics[heuristicName];
   } else if (ecosystem === "PIP") {
-    if (state.workspaceData.type !== "coana") {
-      throw new Error("MambaladeHeuristics only supports Coana data for analysis");
-    }
     if (heuristicName in MambaladeHeuristics)
       return MambaladeHeuristics[heuristicName];
     else if (heuristicName === "ONLY_VULN_PATH_PACKAGES") {
@@ -97517,16 +97522,16 @@ function canDismissVulnerability(phantomDependencies, vulnChainDetails) {
   const recHelper = (nodeIdentifier, depth) => {
     if (depth === 0)
       return void 0;
-    const parents2 = parentsMap.get(nodeIdentifier).filter((parent2) => parent2 !== ROOT_NODE_STR);
+    const parents3 = parentsMap.get(nodeIdentifier).filter((parent2) => parent2 !== ROOT_NODE_STR);
     const thisReachabilityPrecomp = nodeIdentifier === vulnNodeIdentifier ? "Reachable" : vulnChainDetails.transitiveDependencies[nodeIdentifier].reachabilityPrecomp;
     if (!thisReachabilityPrecomp)
       return void 0;
     const thisMayReachVulnerableNode = ["Reachable", "Unknown"].includes(thisReachabilityPrecomp);
-    if (parents2.length === 0 && thisMayReachVulnerableNode) {
+    if (parents3.length === 0 && thisMayReachVulnerableNode) {
       canDismiss = false;
     }
-    if (parents2) {
-      const parentsReachabilityPrecomp = parents2.map((p) => recHelper(p, depth - 1));
+    if (parents3) {
+      const parentsReachabilityPrecomp = parents3.map((p) => recHelper(p, depth - 1));
       if (parentsReachabilityPrecomp.some((reachabilityPrecomp) => !reachabilityPrecomp) && thisMayReachVulnerableNode) {
         canDismiss = false;
       }
@@ -97555,6 +97560,7 @@ var dashboardAPI2 = new DashboardAPI(process.env.SOCKET_MODE === "true", process
 async function runReachabilityAnalysis(state) {
   const projectDir = resolve15(state.subprojectDir, state.workspacePath);
   const ecosystem = state.workspaceData.data.type;
+  logger.info(`Preparing for running reachability analysis for project at "${relative6(state.rootWorkingDir, projectDir) || "."}" (${ecosystem})`);
   const constructor = ecosystemAnalyzer[ecosystem];
   if (!constructor)
     throw Error(`No analyzer associated with ecosystem ${ecosystem}`);

package/external/@coana-tech/cli/repos/coana-tech/alucard/alucard.jar CHANGED Viewed

Binary file

package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/external/@coana-tech/cli/repos/coana-tech/mambalade/dist/mambalade-0.3.11-py3-none-any.whl CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.103",
+  "version": "1.0.104",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -86,7 +86,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.2",
-    "@coana-tech/cli": "14.12.3",
+    "@coana-tech/cli": "14.12.6",
     "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",