@socketsecurity/cli-with-sentry 1.0.11 → 1.0.13

package/dist/vendor.js

@@ -17,6 +17,7 @@ var require$$0$e = require('node:url');
 var require$$1$8 = require('node:http');
 var require$$0$f = require('node:os');
 var fs$2 = require('node:fs/promises');
+var signalExit = require('../external/@socketsecurity/registry/external/signal-exit');
 var require$$0$g = require('node:process');
 var require$$0$h = require('node:buffer');
 var require$$0$i = require('node:tty');
@@ -11363,72 +11364,6 @@ const colors = {
   bgGray: wrap(100, 49)
 };
 
-/* IMPORT */
-/* MAIN */
-const IS_LINUX = process$2.platform === 'linux';
-const IS_WINDOWS = process$2.platform === 'win32';
-
-/* IMPORT */
-/* MAIN */
-//URL: https://github.com/tapjs/signal-exit/blob/03dd77a96caa309c6a02c59274d58c812a2dce45/signals.js
-const Signals = ['SIGABRT', 'SIGALRM', 'SIGHUP', 'SIGINT', 'SIGTERM'];
-if (!IS_WINDOWS) {
-  Signals.push('SIGVTALRM', 'SIGXCPU', 'SIGXFSZ', 'SIGUSR2', 'SIGTRAP', 'SIGSYS', 'SIGQUIT', 'SIGIOT');
-}
-if (IS_LINUX) {
-  Signals.push('SIGIO', 'SIGPOLL', 'SIGPWR', 'SIGSTKFLT', 'SIGUNUSED');
-}
-
-/* IMPORT */
-/* MAIN */
-class Interceptor {
-  /* CONSTRUCTOR */
-  constructor() {
-    /* VARIABLES */
-    this.callbacks = new Set();
-    this.exited = false;
-    /* API */
-    this.exit = signal => {
-      if (this.exited) return;
-      this.exited = true;
-      for (const callback of this.callbacks) {
-        callback();
-      }
-      if (signal) {
-        if (IS_WINDOWS && signal !== 'SIGINT' && signal !== 'SIGTERM' && signal !== 'SIGKILL') {
-          // Windows doesn't support POSIX signals, but Node emulates these 3 signals for us
-          process$2.kill(process$2.pid, 'SIGTERM');
-        } else {
-          process$2.kill(process$2.pid, signal);
-        }
-      }
-    };
-    this.hook = () => {
-      process$2.once('exit', () => this.exit());
-      for (const signal of Signals) {
-        try {
-          process$2.once(signal, () => this.exit(signal));
-        } catch {
-          // Sometimes "process.once" can throw...
-        }
-      }
-    };
-    this.register = callback => {
-      this.callbacks.add(callback);
-      return () => {
-        this.callbacks.delete(callback);
-      };
-    };
-    this.hook();
-  }
-}
-/* EXPORT */
-var Interceptor$1 = new Interceptor();
-
-/* IMPORT */
-/* MAIN */
-const whenExit = Interceptor$1.register;
-
 /**
  * This software is released under the MIT license:
  *
@@ -11492,7 +11427,7 @@ const Utils = {
   },
   getExitSignal: () => {
     const aborter = new AbortController();
-    whenExit(() => aborter.abort());
+    signalExit.onExit(() => aborter.abort());
     return aborter.signal;
   },
   getLatestVersion: async (name, options = {}) => {
@@ -11525,7 +11460,7 @@ const Utils = {
   notify: (name, version, latest) => {
     if (!globalThis.process?.stdout?.isTTY) return; // Probably piping stdout
     const log = () => console.log(`\n\n📦 Update available for ${colors.cyan(name)}: ${colors.gray(version)} → ${colors.green(latest)}`);
-    whenExit(log);
+    signalExit.onExit(log);
   }
 };
 
@@ -172598,5 +172533,5 @@ exports.terminalLinkExports = terminalLinkExports;
 exports.updater = updater$1;
 exports.yargsParser = yargsParser;
 exports.yoctocolorsCjsExports = yoctocolorsCjsExports;
-//# debugId=d7210c67-fab3-4cc3-8e6c-db0dd8a99646
+//# debugId=63ff0e3c-5d51-43e6-ac89-5757a73f5d2c
 //# sourceMappingURL=vendor.js.map

package/external/@coana-tech/cli/cli.mjs

@@ -221973,7 +221973,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.9.33";
+var version2 = "14.9.34";
 
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind2(fn2, thisArg) {
@@ -226497,9 +226497,21 @@ async function computeFixesAndUpgradePurls(path2, options) {
     ...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []
   ]);
   const computedFix = await useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas);
-  if (computedFix.type !== "fix_found") {
+  if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
   }
+  if (computedFix.failedArtifacts) {
+    const ghsasFailedToFix = options.applyFixesTo.filter((ghsa) => {
+      const artifactIds = vulnerableArtifactIdsPerVulnerability.get(ghsa);
+      if (!artifactIds)
+        return false;
+      return Array.from(artifactIds).some((vuln) => computedFix.failedArtifacts?.includes(vuln));
+    });
+    logger.info("Failed to compute fixes for the following vulnerabilities:");
+    for (const ghsa of ghsasFailedToFix) {
+      logger.info(`  - ${ghsa} (${Array.from(vulnerableArtifactIdsPerVulnerability.get(ghsa)).map((id) => simplePurl(artifacts[id].type, artifacts[id].namespace ?? null, artifacts[id].name, artifacts[id].version ?? null)).join(", ")})`);
+    }
+  }
   if (options.dryRun) {
     logger.info("Fixes found:");
     for (const fix of computedFix.fixes) {
@@ -226608,9 +226620,8 @@ async function useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGh
   } catch (error) {
     logger.error("Request to compute fixes failed:", error);
     return {
-      type: "error during computation",
-      message: "Error during computation",
-      fixes: []
+      type: "error",
+      message: "Error during computation"
     };
   }
 }

package/external/@socketsecurity/registry/lib/spawn.js

@@ -28,6 +28,7 @@ function getSpawn() {
 function isStdioType(stdio, type) {
   return (
     stdio === type ||
+    (!stdio && type === 'pipe') ||
     (Array.isArray(stdio) &&
       stdio.length > 2 &&
       stdio[0] === type &&
@@ -60,9 +61,10 @@ function spawn(cmd, args, options, extra) {
   const { env, stdio, stdioString = true } = spawnOptions
   // The stdio option can be a string or an array.
   // https://nodejs.org/api/child_process.html#optionsstdio
-  const shouldPauseSpinner =
+  const shouldStopSpinner =
     isSpinning && !isStdioType(stdio, 'ignore') && !isStdioType(stdio, 'pipe')
-  if (shouldPauseSpinner) {
+  const shouldRestartSpinner = shouldStopSpinner
+  if (shouldStopSpinner) {
     spinner.stop()
   }
   let spawnPromise = spawn(
@@ -90,7 +92,7 @@ function spawn(cmd, args, options, extra) {
       throw stripAnsiFromSpawnResult(error)
     })
   }
-  if (shouldPauseSpinner) {
+  if (shouldRestartSpinner) {
     spawnPromise = spawnPromise.finally(() => {
       spinner.start()
     })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.11",
+  "version": "1.0.13",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -85,7 +85,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.27.6",
     "@biomejs/biome": "2.0.6",
-    "@coana-tech/cli": "14.9.33",
+    "@coana-tech/cli": "14.9.34",
     "@cyclonedx/cdxgen": "11.4.1",
     "@dotenvx/dotenvx": "1.45.1",
     "@eslint/compat": "1.3.1",
@@ -112,7 +112,7 @@
     "@socketregistry/is-interactive": "1.0.6",
     "@socketregistry/packageurl-js": "1.0.8",
     "@socketsecurity/config": "3.0.1",
-    "@socketsecurity/registry": "1.0.219",
+    "@socketsecurity/registry": "1.0.220",
     "@socketsecurity/sdk": "1.4.51",
     "@types/blessed": "0.1.25",
     "@types/cmd-shim": "5.0.2",
@@ -127,7 +127,7 @@
     "@types/which": "3.0.4",
     "@types/yargs-parser": "21.0.3",
     "@typescript-eslint/parser": "8.35.0",
-    "@typescript/native-preview": "7.0.0-dev.20250629.1",
+    "@typescript/native-preview": "7.0.0-dev.20250630.1",
     "@vitest/coverage-v8": "3.2.4",
     "blessed": "0.1.81",
     "blessed-contrib": "4.11.0",
@@ -158,7 +158,7 @@
     "npm-package-arg": "12.0.2",
     "npm-run-all2": "8.0.4",
     "open": "10.1.2",
-    "oxlint": "1.3.0",
+    "oxlint": "1.4.0",
     "pony-cause": "2.1.11",
     "registry-auth-token": "5.1.0",
     "registry-url": "7.2.0",