@socketsecurity/cli-with-sentry 1.0.108 → 1.0.109

package/external/@socketsecurity/registry/lib/constants/env.js

@@ -25,9 +25,9 @@ module.exports = ObjectFreeze({
   NODE_AUTH_TOKEN: envAsString(env.NODE_AUTH_TOKEN),
   // NODE_ENV is a recognized convention, but not a built-in Node.js feature.
   NODE_ENV:
-    envAsString(env.NODE_ENV).toLowerCase() === 'development'
-      ? 'development'
-      : 'production',
+    envAsString(env.NODE_ENV).toLowerCase() === 'production'
+      ? 'production'
+      : 'development',
   // A space-separated list of command-line options. `options...` are interpreted
   // before command-line options, so command-line options will override or compound
   // after anything in `options...`. Node.js will exit with an error if an option

package/external/@socketsecurity/registry/lib/constants/node-harden-flags.js

@@ -5,15 +5,23 @@ const { freeze: ObjectFreeze } = Object
 const WIN32 = require('./win32')
 
 module.exports = ObjectFreeze(
+  // Harden Node security.
+  // https://nodejs.org/en/learn/getting-started/security-best-practices
   WIN32
-    ? ['--disallow-code-generation-from-strings']
+    ? [
+        // https://nodejs.org/api/cli.html#--disallow-code-generation-from-strings
+        '--disallow-code-generation-from-strings'
+      ]
     : [
+        '--disallow-code-generation-from-strings',
         // https://nodejs.org/api/cli.html#--disable-protomode
         '--disable-proto',
         'throw',
-        // https://nodejs.org/api/cli.html#--disallow-code-generation-from-strings
-        '--disallow-code-generation-from-strings',
         // https://nodejs.org/api/cli.html#--frozen-intrinsics
+        // We have contributed the following patches to our dependencies to make
+        // Node's --frozen-intrinsics workable.
+        // √ https://github.com/SBoudrias/Inquirer.js/pull/1683
+        // √ https://github.com/pnpm/components/pull/23
         '--frozen-intrinsics',
         // https://nodejs.org/api/cli.html#--no-deprecation
         '--no-deprecation'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.108",
+  "version": "1.0.109",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -113,7 +113,7 @@
     "@socketregistry/is-interactive": "1.0.6",
     "@socketregistry/packageurl-js": "1.0.9",
     "@socketsecurity/config": "3.0.1",
-    "@socketsecurity/registry": "1.0.278",
+    "@socketsecurity/registry": "1.0.279",
     "@socketsecurity/sdk": "1.4.83",
     "@types/blessed": "0.1.25",
     "@types/cmd-shim": "5.0.2",
@@ -124,7 +124,7 @@
     "@types/npmcli__arborist": "6.3.1",
     "@types/npmcli__config": "6.0.3",
     "@types/proc-log": "3.0.4",
-    "@types/semver": "7.7.0",
+    "@types/semver": "7.7.1",
     "@types/which": "3.0.4",
     "@types/yargs-parser": "21.0.3",
     "@typescript-eslint/parser": "8.42.0",
@@ -241,6 +241,6 @@
     "strict": true
   },
   "dependencies": {
-    "@sentry/node": "10.8.0"
+    "@sentry/node": "10.9.0"
   }
 }