@socketsecurity/cli-with-sentry 1.0.6 → 1.0.8

package/dist/constants.js

@@ -124,10 +124,10 @@ const LAZY_ENV = () => {
     INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(true),
     // Comp-time inlined Socket package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.6"),
+    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.8"),
     // Comp-time inlined Socket package version hash.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.6:29e0825:87fc254f:pub"),
+    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.8:7a37f5d:8329bc3c:pub"),
     // Comp-time inlined synp package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
     INLINED_SYNP_VERSION: envAsString("1.9.14"),
@@ -262,6 +262,9 @@ constants.WIN32 ? [] :
 // √ https://github.com/SBoudrias/Inquirer.js/pull/1683
 // √ https://github.com/pnpm/components/pull/23
 '--frozen-intrinsics', '--no-deprecation']);
+const lazyNpmNmNodeGypPath = () =>
+// Lazily access constants.npmRealExecPath.
+path.join(constants.npmRealExecPath, '../../node_modules/node-gyp/bin/node-gyp.js');
 const lazyRootPath = () => path.join(fs.realpathSync.native(__dirname$1), '..');
 const lazyShadowBinPath = () =>
 // Lazily access constants.rootPath.
@@ -381,6 +384,7 @@ const constants = createConstantsObject({
   minimumVersionByAgent: undefined,
   nmBinPath: undefined,
   nodeHardenFlags: undefined,
+  npmNmNodeGypPath: undefined,
   rootPath: undefined,
   shadowBinPath: undefined,
   shadowNpmInjectPath: undefined,
@@ -410,6 +414,7 @@ const constants = createConstantsObject({
     minimumVersionByAgent: lazyMinimumVersionByAgent,
     nmBinPath: lazyNmBinPath,
     nodeHardenFlags: lazyNodeHardenFlags,
+    npmNmNodeGypPath: lazyNpmNmNodeGypPath,
     rootPath: lazyRootPath,
     shadowBinPath: lazyShadowBinPath,
     shadowNpmBinPath: lazyShadowNpmBinPath,
@@ -436,5 +441,5 @@ const constants = createConstantsObject({
 });
 
 module.exports = constants;
-//# debugId=ed912b0a-ebdf-410a-852f-102212b04ab8
+//# debugId=1e166c49-1099-4234-b65f-86741f4575b2
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_BASE_REF: string\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_TOKEN: string\n      INLINED_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_API_BASE_URL: string\n      SOCKET_CLI_API_PROXY: string\n      SOCKET_CLI_API_TOKEN: string\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_GIT_USER_EMAIL: string\n      SOCKET_CLI_GIT_USER_NAME: string\n      SOCKET_CLI_GITHUB_TOKEN: string\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly ENV: ENV\n    readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SHADOW_NPM_BIN: 'shadow-npm-bin'\n    readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n    readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n    readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n    readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n    readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly WITH_SENTRY: 'with-sentry'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly binCliPath: string\n    readonly binPath: string\n    readonly blessedContribPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly blessedPath: string\n    readonly coanaBinPath: string\n    readonly coanaPath: string\n    readonly distCliPath: string\n    readonly distPath: string\n    readonly externalPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly instrumentWithSentryPath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly shadowNpmBinPath: string\n    readonly shadowNpmInjectPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly socketRegistryPath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_NPM_BIN = 'shadow-npm-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n  const {\n    envAsBoolean,\n    envAsString,\n  } = require('@socketsecurity/registry/lib/env')\n  const { env } = process\n  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag to disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // The name of the base ref or target branch of the pull request in a workflow\n    // run. This is only set when the event that triggers a workflow run is either\n    // pull_request or pull_request_target. For example, main.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_BASE_REF: envAsString(env['GITHUB_BASE_REF']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow\n    // run. This value matches the branch or tag name shown on GitHub. For example,\n    // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The GITHUB_TOKEN secret is a GitHub App installation access token.\n    // The token's permissions are limited to the repository that contains the\n    // workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN,\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n    INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n    // The location of the %localappdata% folder on Windows used to store user-specific,\n    // non-roaming application data, like temporary files, cached data, and program\n    // settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Flag to enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Flag to accepts risks of safe-npm and safe-npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Flag to change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_BASE_URL:\n      envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n    // Flag to set the proxy all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_PROXY:\n      envAsString(env['SOCKET_CLI_API_PROXY']) ||\n      envAsString(env['SOCKET_SECURITY_API_PROXY']),\n    // Flag to set the API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_CLI_API_TOKEN:\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']) ||\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_API_KEY']),\n    // Flag containing a JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // Flag to help debug Socket CLI.\n    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n    // The git config user.email used by Socket CLI.\n    SOCKET_CLI_GIT_USER_EMAIL:\n      envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n      'github-actions[bot]@users.noreply.github.com',\n    // The git config user.name used by Socket CLI.\n    SOCKET_CLI_GIT_USER_NAME:\n      envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n      envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n      'github-actions[bot]',\n    // A classic GitHub personal access token with the \"repo\" scope or a\n    // fine-grained access token with at least read/write permissions set for\n    // \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_CLI_GITHUB_TOKEN:\n      envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n      GITHUB_TOKEN,\n    // Flag to make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // Flag to view all risks of safe-npm and safe-npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n  // Lazily access constants.binPath.\n  path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyBlessedPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n  // Lazily access constants.coanaPath.\n  path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'shadow-bin')\n\nconst lazyShadowNpmBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyShadowNpmInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data folder:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    DOT_SOCKET_DOT_FACTS_JSON,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SHADOW_NPM_BIN,\n    SHADOW_NPM_INJECT,\n    SOCKET,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_BIN_NAME_ALIAS,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n    SOCKET_CLI_LEGACY_PACKAGE_NAME,\n    SOCKET_CLI_NPM_BIN_NAME,\n    SOCKET_CLI_NPX_BIN_NAME,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PACKAGE_NAME,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_SENTRY_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n    SOCKET_CLI_SENTRY_PACKAGE_NAME,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    WITH_SENTRY,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    binPath: undefined,\n    binCliPath: undefined,\n    blessedContribPath: undefined,\n    blessedOptions: undefined,\n    blessedPath: undefined,\n    coanaBinPath: undefined,\n    coanaPath: undefined,\n    distCliPath: undefined,\n    distPath: undefined,\n    externalPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    instrumentWithSentryPath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    shadowNpmInjectPath: undefined,\n    shadowNpmBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    socketRegistryPath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      binCliPath: lazyBinCliPath,\n      binPath: lazyBinPath,\n      blessedContribPath: lazyBlessedContribPath,\n      blessedOptions: lazyBlessedOptions,\n      blessedPath: lazyBlessedPath,\n      coanaBinPath: lazyCoanaBinPath,\n      coanaPath: lazyCoanaPath,\n      distCliPath: lazyDistCliPath,\n      distPath: lazyDistPath,\n      externalPath: lazyExternalPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      shadowNpmBinPath: lazyShadowNpmBinPath,\n      shadowNpmInjectPath: lazyShadowNpmInjectPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      socketRegistryPath: lazySocketRegistryPath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAoJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE1B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"ed912b0a-ebdf-410a-852f-102212b04ab8"}
+{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_BASE_REF: string\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_TOKEN: string\n      INLINED_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_API_BASE_URL: string\n      SOCKET_CLI_API_PROXY: string\n      SOCKET_CLI_API_TOKEN: string\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_GIT_USER_EMAIL: string\n      SOCKET_CLI_GIT_USER_NAME: string\n      SOCKET_CLI_GITHUB_TOKEN: string\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly ENV: ENV\n    readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SHADOW_NPM_BIN: 'shadow-npm-bin'\n    readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n    readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n    readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n    readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n    readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n    readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly WITH_SENTRY: 'with-sentry'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly binCliPath: string\n    readonly binPath: string\n    readonly blessedContribPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly blessedPath: string\n    readonly coanaBinPath: string\n    readonly coanaPath: string\n    readonly distCliPath: string\n    readonly distPath: string\n    readonly externalPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly instrumentWithSentryPath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly shadowNpmBinPath: string\n    readonly shadowNpmInjectPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly socketRegistryPath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SHADOW_NPM_BIN = 'shadow-npm-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = '@socketsecurity/cli'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = '@socketsecurity/cli-with-sentry'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n  const {\n    envAsBoolean,\n    envAsString,\n  } = require('@socketsecurity/registry/lib/env')\n  const { env } = process\n  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag to disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // The name of the base ref or target branch of the pull request in a workflow\n    // run. This is only set when the event that triggers a workflow run is either\n    // pull_request or pull_request_target. For example, main.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_BASE_REF: envAsString(env['GITHUB_BASE_REF']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow\n    // run. This value matches the branch or tag name shown on GitHub. For example,\n    // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The GITHUB_TOKEN secret is a GitHub App installation access token.\n    // The token's permissions are limited to the repository that contains the\n    // workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN,\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SYNP_VERSION']\".\n    INLINED_SYNP_VERSION: envAsString(process.env['INLINED_SYNP_VERSION']),\n    // The location of the %localappdata% folder on Windows used to store user-specific,\n    // non-roaming application data, like temporary files, cached data, and program\n    // settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Flag to enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Flag to accepts risks of safe-npm and safe-npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Flag to change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_BASE_URL:\n      envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']),\n    // Flag to set the proxy all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_PROXY:\n      envAsString(env['SOCKET_CLI_API_PROXY']) ||\n      envAsString(env['SOCKET_SECURITY_API_PROXY']),\n    // Flag to set the API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_CLI_API_TOKEN:\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']) ||\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_API_KEY']),\n    // Flag containing a JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // Flag to help debug Socket CLI.\n    SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n    // The git config user.email used by Socket CLI.\n    SOCKET_CLI_GIT_USER_EMAIL:\n      envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n      'github-actions[bot]@users.noreply.github.com',\n    // The git config user.name used by Socket CLI.\n    SOCKET_CLI_GIT_USER_NAME:\n      envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n      envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n      'github-actions[bot]',\n    // A classic GitHub personal access token with the \"repo\" scope or a\n    // fine-grained access token with at least read/write permissions set for\n    // \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_CLI_GITHUB_TOKEN:\n      envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n      GITHUB_TOKEN,\n    // Flag to make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // Flag to view all risks of safe-npm and safe-npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n  // Lazily access constants.binPath.\n  path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyBlessedPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n  // Lazily access constants.coanaPath.\n  path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyNpmNmNodeGypPath = () =>\n  // Lazily access constants.npmRealExecPath.\n  path.join(\n    constants.npmRealExecPath,\n    '../../node_modules/node-gyp/bin/node-gyp.js',\n  )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'shadow-bin')\n\nconst lazyShadowNpmBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyShadowNpmInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data folder:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    DOT_SOCKET_DOT_FACTS_JSON,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SHADOW_NPM_BIN,\n    SHADOW_NPM_INJECT,\n    SOCKET,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_BIN_NAME_ALIAS,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n    SOCKET_CLI_LEGACY_PACKAGE_NAME,\n    SOCKET_CLI_NPM_BIN_NAME,\n    SOCKET_CLI_NPX_BIN_NAME,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PACKAGE_NAME,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_SENTRY_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n    SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n    SOCKET_CLI_SENTRY_PACKAGE_NAME,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    WITH_SENTRY,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    binPath: undefined,\n    binCliPath: undefined,\n    blessedContribPath: undefined,\n    blessedOptions: undefined,\n    blessedPath: undefined,\n    coanaBinPath: undefined,\n    coanaPath: undefined,\n    distCliPath: undefined,\n    distPath: undefined,\n    externalPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    instrumentWithSentryPath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    npmNmNodeGypPath: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    shadowNpmInjectPath: undefined,\n    shadowNpmBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    socketRegistryPath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      binCliPath: lazyBinCliPath,\n      binPath: lazyBinPath,\n      blessedContribPath: lazyBlessedContribPath,\n      blessedOptions: lazyBlessedOptions,\n      blessedPath: lazyBlessedPath,\n      coanaBinPath: lazyCoanaBinPath,\n      coanaPath: lazyCoanaPath,\n      distCliPath: lazyDistCliPath,\n      distPath: lazyDistPath,\n      externalPath: lazyExternalPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      shadowNpmBinPath: lazyShadowNpmBinPath,\n      shadowNpmInjectPath: lazyShadowNpmInjectPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      socketRegistryPath: lazySocketRegistryPath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","envAsString","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_DEBUG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","npmNmNodeGypPath","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAWA,iBAAA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAoJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;;AAGIC;AACF;;AACQC;AAAI;;AAEZ;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAEA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AAGA;AACA;AACAC;AAKA;AACAC;AACA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAd;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;AACE;AACAc;AAKF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQI;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAnB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAc;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE3B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"1e166c49-1099-4234-b65f-86741f4575b2"}

package/dist/shadow-npm-bin.js

@@ -49,9 +49,9 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
   } = constants.ENV;
   const terminatorPos = args.indexOf('--');
   const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
-  const binArgs = rawBinArgs.filter(a => !npm.isProgressFlag(a) && !npm.isNodeOptionsFlag(a));
-  const nodeOptionsArg = rawBinArgs.findLast(npm.isNodeOptionsFlag);
-  const progressArg = rawBinArgs.findLast(npm.isProgressFlag) !== '--no-progress';
+  const binArgs = rawBinArgs.filter(a => !npm.isNpmProgressFlag(a) && !npm.isNpmNodeOptionsFlag(a));
+  const nodeOptionsArg = rawBinArgs.findLast(npm.isNpmNodeOptionsFlag);
+  const progressArg = rawBinArgs.findLast(npm.isNpmProgressFlag) !== '--no-progress';
   const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
   const permArgs = binName === 'npm' &&
   // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.
@@ -71,7 +71,7 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
   })() : [];
   const useDebug = debug.isDebug();
   const useNodeOptions = nodeOptionsArg || permArgs.length;
-  const isSilent = !useDebug && !binArgs.some(npm.isLoglevelFlag);
+  const isSilent = !useDebug && !binArgs.some(npm.isNpmLoglevelFlag);
   // The default value of loglevel is "notice". We default to "error" which is
   // two levels quieter.
   const logLevelArgs = isSilent ? ['--loglevel', 'error'] : [];
@@ -123,5 +123,5 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
 }
 
 module.exports = shadowBin;
-//# debugId=47ec8b9b-5e96-4483-8b12-7958ba842843
+//# debugId=e6e39039-bfc7-4f7a-9985-ed6ab414573e
 //# sourceMappingURL=shadow-npm-bin.js.map

package/dist/shadow-npm-bin.js.map

@@ -1 +1 @@
-{"version":3,"file":"shadow-npm-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx',\n): Promise<string> {\n  const isNpx = binName === 'npx'\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.distPath.\n        path.join(constants.distPath, `${binName}-cli.js`),\n        path.join(realBinPath, binName),\n      )\n    }\n    const { env } = process\n    env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n  }\n  return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n  isLoglevelFlag,\n  isNodeOptionsFlag,\n  isProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n  constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2),\n) {\n  process.exitCode = 1\n  // Lazily access constants.ENV.NODE_COMPILE_CACHE\n  const { NODE_COMPILE_CACHE } = constants.ENV\n  const terminatorPos = args.indexOf('--')\n  const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  const binArgs = rawBinArgs.filter(\n    a => !isProgressFlag(a) && !isNodeOptionsFlag(a),\n  )\n  const nodeOptionsArg = rawBinArgs.findLast(isNodeOptionsFlag)\n  const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const permArgs =\n    binName === 'npm' &&\n    // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n    constants.SUPPORTS_NODE_PERMISSION_FLAG\n      ? await (async () => {\n          const cwd = process.cwd()\n          const stdioPipeOptions: SpawnOptions = { cwd }\n          const globalPrefix = (\n            await spawn('npm', ['prefix', '-g'], stdioPipeOptions)\n          ).stdout.trim()\n          const npmCachePath = (\n            await spawn('npm', ['config', 'get', 'cache'], stdioPipeOptions)\n          ).stdout.trim()\n          return [\n            '--permission',\n            '--allow-child-process',\n            // '--allow-addons',\n            // '--allow-wasi',\n            // Allow all reads because npm walks up directories looking for config\n            // and package.json files.\n            '--allow-fs-read=*',\n            `--allow-fs-write=${cwd}/*`,\n            `--allow-fs-write=${globalPrefix}/*`,\n            `--allow-fs-write=${npmCachePath}/*`,\n          ]\n        })()\n      : []\n  const useDebug = isDebug()\n  const useNodeOptions = nodeOptionsArg || permArgs.length\n  const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n  // The default value of loglevel is \"notice\". We default to \"error\" which is\n  // two levels quieter.\n  const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeHardenFlags.\n      ...constants.nodeHardenFlags,\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n      ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n        ? [\n            '--require',\n            // Lazily access constants.instrumentWithSentryPath.\n            constants.instrumentWithSentryPath,\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.shadowNpmInjectPath.\n      constants.shadowNpmInjectPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n      ...(useNodeOptions\n        ? [\n            `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n          ]\n        : []),\n      // Add '--no-progress' to fix input being swallowed by the npm spinner.\n      '--no-progress',\n      // Add '--loglevel=error' if a loglevel flag is not provided and the\n      // SOCKET_CLI_DEBUG environment variable is not truthy.\n      ...logLevelArgs,\n      ...binArgs,\n      ...otherArgs,\n    ],\n    {\n      env: {\n        ...process.env,\n        ...(NODE_COMPILE_CACHE ? { NODE_COMPILE_CACHE } : undefined),\n      },\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc'],\n    },\n  )\n  // See https://nodejs.org/api/child_process.html#event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      // eslint-disable-next-line n/no-process-exit\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_BIN]: binName,\n      [SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n    },\n  })\n  await spawnPromise\n}\n"],"names":["WIN32","env","SOCKET_IPC_HANDSHAKE","NODE_COMPILE_CACHE","constants","cwd","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;ACzBA;;;AAAuDC;AAAqB;AAG7D;;AAKb;;AACQC;;AACR;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAEM;AACA;AAAyCC;;;;;AAUvC;AACA;AACA;AACA;AACA;;AAOV;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;AACA;AAGM;AACAD;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAH;;AAEE;AAA2BE;AAAmB;;AAEhD;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAG;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"47ec8b9b-5e96-4483-8b12-7958ba842843"}
+{"version":3,"file":"shadow-npm-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n  getNpmBinPath,\n  getNpxBinPath,\n  isNpmBinPathShadowed,\n  isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n  realBinPath: string,\n  binName: 'npm' | 'npx',\n): Promise<string> {\n  const isNpx = binName === 'npx'\n  // Find package manager being shadowed by this process.\n  const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  // TODO: Is this early exit needed?\n  if (WIN32 && binPath) {\n    return binPath\n  }\n  const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n  // Move our bin directory to front of PATH so its found first.\n  if (!shadowed) {\n    if (WIN32) {\n      await cmdShim(\n        // Lazily access constants.distPath.\n        path.join(constants.distPath, `${binName}-cli.js`),\n        path.join(realBinPath, binName),\n      )\n    }\n    const { env } = process\n    env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n  }\n  return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n  isNpmLoglevelFlag,\n  isNpmNodeOptionsFlag,\n  isNpmProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n  constants\n\nexport default async function shadowBin(\n  binName: 'npm' | 'npx',\n  args = process.argv.slice(2),\n) {\n  process.exitCode = 1\n  // Lazily access constants.ENV.NODE_COMPILE_CACHE\n  const { NODE_COMPILE_CACHE } = constants.ENV\n  const terminatorPos = args.indexOf('--')\n  const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n  const binArgs = rawBinArgs.filter(\n    a => !isNpmProgressFlag(a) && !isNpmNodeOptionsFlag(a),\n  )\n  const nodeOptionsArg = rawBinArgs.findLast(isNpmNodeOptionsFlag)\n  const progressArg = rawBinArgs.findLast(isNpmProgressFlag) !== '--no-progress'\n  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n  const permArgs =\n    binName === 'npm' &&\n    // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n    constants.SUPPORTS_NODE_PERMISSION_FLAG\n      ? await (async () => {\n          const cwd = process.cwd()\n          const stdioPipeOptions: SpawnOptions = { cwd }\n          const globalPrefix = (\n            await spawn('npm', ['prefix', '-g'], stdioPipeOptions)\n          ).stdout.trim()\n          const npmCachePath = (\n            await spawn('npm', ['config', 'get', 'cache'], stdioPipeOptions)\n          ).stdout.trim()\n          return [\n            '--permission',\n            '--allow-child-process',\n            // '--allow-addons',\n            // '--allow-wasi',\n            // Allow all reads because npm walks up directories looking for config\n            // and package.json files.\n            '--allow-fs-read=*',\n            `--allow-fs-write=${cwd}/*`,\n            `--allow-fs-write=${globalPrefix}/*`,\n            `--allow-fs-write=${npmCachePath}/*`,\n          ]\n        })()\n      : []\n  const useDebug = isDebug()\n  const useNodeOptions = nodeOptionsArg || permArgs.length\n  const isSilent = !useDebug && !binArgs.some(isNpmLoglevelFlag)\n  // The default value of loglevel is \"notice\". We default to \"error\" which is\n  // two levels quieter.\n  const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n  const spawnPromise = spawn(\n    // Lazily access constants.execPath.\n    constants.execPath,\n    [\n      // Lazily access constants.nodeHardenFlags.\n      ...constants.nodeHardenFlags,\n      // Lazily access constants.nodeNoWarningsFlags.\n      ...constants.nodeNoWarningsFlags,\n      // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n      ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n        ? [\n            '--require',\n            // Lazily access constants.instrumentWithSentryPath.\n            constants.instrumentWithSentryPath,\n          ]\n        : []),\n      '--require',\n      // Lazily access constants.shadowNpmInjectPath.\n      constants.shadowNpmInjectPath,\n      // Lazily access constants.shadowBinPath.\n      await installLinks(constants.shadowBinPath, binName),\n      ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n      ...(useNodeOptions\n        ? [\n            `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n          ]\n        : []),\n      // Add '--no-progress' to fix input being swallowed by the npm spinner.\n      '--no-progress',\n      // Add '--loglevel=error' if a loglevel flag is not provided and the\n      // SOCKET_CLI_DEBUG environment variable is not truthy.\n      ...logLevelArgs,\n      ...binArgs,\n      ...otherArgs,\n    ],\n    {\n      env: {\n        ...process.env,\n        ...(NODE_COMPILE_CACHE ? { NODE_COMPILE_CACHE } : undefined),\n      },\n      // 'inherit' + 'ipc'\n      stdio: [0, 1, 2, 'ipc'],\n    },\n  )\n  // See https://nodejs.org/api/child_process.html#event-exit.\n  spawnPromise.process.on('exit', (code, signalName) => {\n    if (signalName) {\n      process.kill(process.pid, signalName)\n    } else if (code !== null) {\n      // eslint-disable-next-line n/no-process-exit\n      process.exit(code)\n    }\n  })\n  spawnPromise.process.send({\n    [SOCKET_IPC_HANDSHAKE]: {\n      [SOCKET_CLI_SAFE_BIN]: binName,\n      [SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n    },\n  })\n  await spawnPromise\n}\n"],"names":["WIN32","env","SOCKET_IPC_HANDSHAKE","NODE_COMPILE_CACHE","constants","cwd","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;ACzBA;;;AAAuDC;AAAqB;AAG7D;;AAKb;;AACQC;;AACR;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAEM;AACA;AAAyCC;;;;;AAUvC;AACA;AACA;AACA;AACA;;AAOV;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;AACA;AAGM;AACAD;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAH;;AAEE;AAA2BE;AAAmB;;AAEhD;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAG;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"e6e39039-bfc7-4f7a-9985-ed6ab414573e"}

package/dist/shadow-npm-inject.js.map

@@ -1 +1 @@
-{"version":3,"file":"shadow-npm-inject.js","sources":["../src/shadow/npm/paths.mts","../src/shadow/npm/arborist/types.mts","../src/shadow/npm/arborist-helpers.mts","../src/shadow/npm/arborist/lib/arborist/index.mts","../src/shadow/npm/arborist/index.mts","../src/shadow/npm/inject.mts"],"sourcesContent":["import path from 'node:path'\n\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants.mts'\nimport { getNpmRequire } from '../../utils/npm-paths.mts'\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName),\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length,\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js',\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js',\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js',\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n","import { createEnum } from '../../../utils/objects.mts'\n\nimport type {\n  Options as ArboristOptions,\n  Advisory as BaseAdvisory,\n  Arborist as BaseArborist,\n  AuditReport as BaseAuditReport,\n  Diff as BaseDiff,\n  Edge as BaseEdge,\n  Node as BaseNode,\n  BaseOverrideSet,\n  BuildIdealTreeOptions,\n  ReifyOptions,\n} from '@npmcli/arborist'\n\nexport type ArboristClass = ArboristInstance & {\n  new (...args: any): ArboristInstance\n}\n\nexport type ArboristInstance = Omit<\n  typeof BaseArborist,\n  | 'actualTree'\n  | 'auditReport'\n  | 'buildIdealTree'\n  | 'diff'\n  | 'idealTree'\n  | 'loadActual'\n  | 'loadVirtual'\n  | 'reify'\n> & {\n  auditReport?: AuditReportInstance | null | undefined\n  actualTree?: NodeClass | null | undefined\n  diff: Diff | null\n  idealTree?: NodeClass | null | undefined\n  buildIdealTree(options?: BuildIdealTreeOptions): Promise<NodeClass>\n  loadActual(options?: ArboristOptions): Promise<NodeClass>\n  loadVirtual(options?: ArboristOptions): Promise<NodeClass>\n  reify(options?: ArboristReifyOptions): Promise<NodeClass>\n}\n\nexport type ArboristReifyOptions = ReifyOptions & ArboristOptions\n\nexport type AuditAdvisory = Omit<BaseAdvisory, 'id'> & {\n  id: number\n  cwe: string[]\n  cvss: {\n    score: number\n    vectorString: string\n  }\n  vulnerable_versions: string\n}\n\nexport type AuditReportInstance = Omit<BaseAuditReport, 'report'> & {\n  report: { [dependency: string]: AuditAdvisory[] }\n}\n\nexport const DiffAction = createEnum({\n  add: 'ADD',\n  change: 'CHANGE',\n  remove: 'REMOVE',\n})\n\nexport type Diff = Omit<\n  BaseDiff,\n  | 'actual'\n  | 'children'\n  | 'filterSet'\n  | 'ideal'\n  | 'leaves'\n  | 'removed'\n  | 'shrinkwrapInflated'\n  | 'unchanged'\n> & {\n  actual: NodeClass\n  children: Diff[]\n  filterSet: Set<NodeClass>\n  ideal: NodeClass\n  leaves: NodeClass[]\n  parent: Diff | null\n  removed: NodeClass[]\n  shrinkwrapInflated: Set<NodeClass>\n  unchanged: NodeClass[]\n}\n\nexport type EdgeClass = Omit<\n  BaseEdge,\n  | 'accept'\n  | 'detach'\n  | 'optional'\n  | 'overrides'\n  | 'peer'\n  | 'peerConflicted'\n  | 'rawSpec'\n  | 'reload'\n  | 'satisfiedBy'\n  | 'spec'\n  | 'to'\n> & {\n  optional: boolean\n  overrides: OverrideSetClass | undefined\n  peer: boolean\n  peerConflicted: boolean\n  rawSpec: string\n  get accept(): string | undefined\n  get spec(): string\n  get to(): NodeClass | null\n  new (...args: any): EdgeClass\n  detach(): void\n  reload(hard?: boolean): void\n  satisfiedBy(node: NodeClass): boolean\n}\n\nexport type LinkClass = Omit<NodeClass, 'isLink'> & {\n  readonly isLink: true\n}\n\nexport type NodeClass = Omit<\n  BaseNode,\n  | 'addEdgeIn'\n  | 'addEdgeOut'\n  | 'canDedupe'\n  | 'canReplace'\n  | 'canReplaceWith'\n  | 'children'\n  | 'deleteEdgeIn'\n  | 'edgesIn'\n  | 'edgesOut'\n  | 'from'\n  | 'hasShrinkwrap'\n  | 'inDepBundle'\n  | 'inShrinkwrap'\n  | 'integrity'\n  | 'isTop'\n  | 'matches'\n  | 'meta'\n  | 'name'\n  | 'overrides'\n  | 'packageName'\n  | 'parent'\n  | 'recalculateOutEdgesOverrides'\n  | 'resolve'\n  | 'resolveParent'\n  | 'root'\n  | 'target'\n  | 'updateOverridesEdgeInAdded'\n  | 'updateOverridesEdgeInRemoved'\n  | 'version'\n  | 'versions'\n> & {\n  name: string\n  version: string\n  children: Map<string, NodeClass | LinkClass>\n  edgesIn: Set<EdgeClass>\n  edgesOut: Map<string, EdgeClass>\n  from: NodeClass | null\n  hasShrinkwrap: boolean\n  inShrinkwrap: boolean | undefined\n  integrity?: string | null\n  isTop: boolean | undefined\n  meta: BaseNode['meta'] & {\n    addEdge(edge: EdgeClass): void\n  }\n  overrides: OverrideSetClass | undefined\n  target: NodeClass\n  versions: string[]\n  get inDepBundle(): boolean\n  get packageName(): string | null\n  get parent(): NodeClass | null\n  set parent(value: NodeClass | null)\n  get resolveParent(): NodeClass | null\n  get root(): NodeClass | null\n  set root(value: NodeClass | null)\n  new (...args: any): NodeClass\n  addEdgeIn(edge: EdgeClass): void\n  addEdgeOut(edge: EdgeClass): void\n  canDedupe(preferDedupe?: boolean): boolean\n  canReplace(node: NodeClass, ignorePeers?: string[]): boolean\n  canReplaceWith(node: NodeClass, ignorePeers?: string[]): boolean\n  deleteEdgeIn(edge: EdgeClass): void\n  matches(node: NodeClass): boolean\n  recalculateOutEdgesOverrides(): void\n  resolve(name: string): NodeClass\n  updateOverridesEdgeInAdded(\n    otherOverrideSet: OverrideSetClass | undefined,\n  ): boolean\n  updateOverridesEdgeInRemoved(otherOverrideSet: OverrideSetClass): boolean\n}\n\nexport interface OverrideSetClass\n  extends Omit<\n    BaseOverrideSet,\n    | 'ancestry'\n    | 'children'\n    | 'getEdgeRule'\n    | 'getMatchingRule'\n    | 'getNodeRule'\n    | 'parent'\n    | 'ruleset'\n  > {\n  children: Map<string, OverrideSetClass>\n  key: string | undefined\n  keySpec: string | undefined\n  name: string | undefined\n  parent: OverrideSetClass | undefined\n  value: string | undefined\n  version: string | undefined\n  // eslint-disable-next-line @typescript-eslint/no-misused-new\n  new (...args: any[]): OverrideSetClass\n  get isRoot(): boolean\n  get ruleset(): Map<string, OverrideSetClass>\n  ancestry(): Generator<OverrideSetClass>\n  childrenAreEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n  getEdgeRule(edge: EdgeClass): OverrideSetClass\n  getMatchingRule(node: NodeClass): OverrideSetClass | null\n  getNodeRule(node: NodeClass): OverrideSetClass\n  isEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n}\n","import semver from 'semver'\n\nimport { PackageURL } from '@socketregistry/packageurl-js'\nimport { getManifestData } from '@socketsecurity/registry'\nimport { debugFn } from '@socketsecurity/registry/lib/debug'\nimport { hasOwn } from '@socketsecurity/registry/lib/objects'\nimport { fetchPackagePackument } from '@socketsecurity/registry/lib/packages'\n\nimport constants from '../../constants.mts'\nimport { Edge } from './arborist/index.mts'\nimport { DiffAction } from './arborist/types.mts'\nimport { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'\nimport { type AliasResult, npa } from '../../utils/npm-package-arg.mts'\nimport { applyRange, getMajor, getMinVersion } from '../../utils/semver.mts'\nimport { idToNpmPurl } from '../../utils/spec.mts'\n\nimport type {\n  ArboristInstance,\n  Diff,\n  EdgeClass,\n  LinkClass,\n  NodeClass,\n} from './arborist/types.mts'\nimport type { RangeStyle } from '../../utils/semver.mts'\nimport type {\n  AlertIncludeFilter,\n  AlertsByPurl,\n} from '../../utils/socket-package-alert.mts'\nimport type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'\nimport type { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nconst { LOOP_SENTINEL, NPM, NPM_REGISTRY_URL } = constants\n\nfunction getUrlOrigin(input: string): string {\n  try {\n    // TODO: URL.parse is available in Node 22.1.0. We can use it when we drop Node 18.\n    // https://nodejs.org/docs/latest-v22.x/api/url.html#urlparseinput-base\n    // return URL.parse(input)?.origin ?? ''\n    return new URL(input).origin ?? ''\n  } catch {}\n  return ''\n}\n\nexport function findBestPatchVersion(\n  node: NodeClass,\n  availableVersions: string[],\n  vulnerableVersionRange?: string,\n): string | null {\n  const manifestData = getManifestData(NPM, node.name)\n  let eligibleVersions\n  if (manifestData && manifestData.name === manifestData.package) {\n    const major = getMajor(manifestData.version)\n    if (typeof major !== 'number') {\n      return null\n    }\n    eligibleVersions = availableVersions.filter(v => getMajor(v) === major)\n  } else {\n    const major = getMajor(node.version)\n    if (typeof major !== 'number') {\n      return null\n    }\n    eligibleVersions = availableVersions.filter(\n      v =>\n        // Filter for versions that are within the current major version and\n        // are NOT in the vulnerable range.\n        getMajor(v) === major &&\n        (!vulnerableVersionRange ||\n          !semver.satisfies(v, vulnerableVersionRange)),\n    )\n  }\n  return eligibleVersions ? semver.maxSatisfying(eligibleVersions, '*') : null\n}\n\nexport function findPackageNode(\n  tree: NodeClass,\n  name: string,\n  version?: string | undefined,\n): NodeClass | undefined {\n  const queue: Array<NodeClass | LinkClass> = [tree]\n  const visited = new Set<NodeClass>()\n  let sentinel = 0\n  while (queue.length) {\n    if (sentinel++ === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop in findPackageNode')\n    }\n    const nodeOrLink = queue.pop()!\n    const node = getTargetNode(nodeOrLink)\n    if (visited.has(node)) {\n      continue\n    }\n    visited.add(node)\n    if (\n      node.name === name &&\n      (typeof version !== 'string' || node.version === version)\n    ) {\n      return node\n    }\n    for (const child of node.children.values()) {\n      queue.push(child)\n    }\n    for (const edge of node.edgesOut.values()) {\n      const { to } = edge\n      if (to) {\n        queue.push(to)\n      }\n    }\n  }\n  return undefined\n}\n\nexport function findPackageNodes(\n  tree: NodeClass,\n  name: string,\n  version?: string | undefined,\n): NodeClass[] {\n  const matches: NodeClass[] = []\n  const queue: Array<NodeClass | LinkClass> = [tree]\n  const visited = new Set<NodeClass>()\n  let sentinel = 0\n  while (queue.length) {\n    if (sentinel++ === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop in findPackageNodes')\n    }\n    const nodeOrLink = queue.pop()!\n    const node = getTargetNode(nodeOrLink)\n    if (visited.has(node)) {\n      continue\n    }\n    visited.add(node)\n\n    const { version: targetVersion } = node\n    if (!targetVersion && Array.isArray(node.errors) && node.errors.length) {\n      debugFn(`miss: version for ${node.name} due to errors:\\n`, node.errors)\n    }\n    if (\n      node.name === name &&\n      (typeof version !== 'string' || node.version === version)\n    ) {\n      matches.push(node)\n    }\n    for (const child of node.children.values()) {\n      queue.push(child)\n    }\n    for (const edge of node.edgesOut.values()) {\n      const { to } = edge\n      if (to) {\n        queue.push(to)\n      }\n    }\n  }\n  return matches\n}\n\nexport type GetAlertsMapFromArboristOptions = {\n  consolidate?: boolean | undefined\n  include?: AlertIncludeFilter | undefined\n  nothrow?: boolean | undefined\n  spinner?: Spinner | undefined\n}\n\nexport async function getAlertsMapFromArborist(\n  arb: ArboristInstance,\n  options_?: GetAlertsMapFromArboristOptions | undefined,\n): Promise<AlertsByPurl> {\n  const options = {\n    __proto__: null,\n    consolidate: false,\n    include: undefined,\n    limit: Infinity,\n    nothrow: false,\n    ...options_,\n  } as GetAlertsMapFromArboristOptions\n\n  options.include = {\n    __proto__: null,\n    // Leave 'actions' unassigned so it can be given a default value in\n    // subsequent functions where `options` is passed.\n    // actions: undefined,\n    blocked: true,\n    critical: true,\n    cve: true,\n    existing: false,\n    unfixable: true,\n    upgradable: false,\n    ...options.include,\n  } as AlertIncludeFilter\n\n  const needInfoOn = getDetailsFromDiff(arb.diff, {\n    include: {\n      unchanged: options.include.existing,\n    },\n  })\n\n  const purls = needInfoOn.map(d => idToNpmPurl(d.node.pkgid))\n\n  let overrides: { [key: string]: string } | undefined\n  const overridesMap = (\n    arb.actualTree ??\n    arb.idealTree ??\n    (await arb.loadActual())\n  )?.overrides?.children\n  if (overridesMap) {\n    overrides = Object.fromEntries(\n      Array.from(overridesMap.entries()).map(([key, overrideSet]) => {\n        return [key, overrideSet.value!]\n      }),\n    )\n  }\n\n  return await getAlertsMapFromPurls(purls, {\n    overrides,\n    ...options,\n  })\n}\n\nexport type DiffQueryIncludeFilter = {\n  unchanged?: boolean | undefined\n  unknownOrigin?: boolean | undefined\n}\n\nexport type DiffQueryOptions = {\n  include?: DiffQueryIncludeFilter | undefined\n}\n\nexport type PackageDetail = {\n  node: NodeClass\n  existing?: NodeClass | undefined\n}\n\nexport function getDetailsFromDiff(\n  diff_: Diff | null,\n  options?: DiffQueryOptions | undefined,\n): PackageDetail[] {\n  const details: PackageDetail[] = []\n  // `diff_` is `null` when `npm install --package-lock-only` is passed.\n  if (!diff_) {\n    return details\n  }\n\n  const include = {\n    __proto__: null,\n    unchanged: false,\n    unknownOrigin: false,\n    ...({ __proto__: null, ...options } as DiffQueryOptions).include,\n  } as DiffQueryIncludeFilter\n\n  const queue: Diff[] = [...diff_.children]\n  let pos = 0\n  let { length: queueLength } = queue\n  while (pos < queueLength) {\n    if (pos === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop while walking Arborist diff')\n    }\n    const diff = queue[pos++]!\n    const { action } = diff\n    if (action) {\n      // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff\n      // action is 'REMOVE'\n      // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff\n      // action is 'ADD'.\n      const { actual: oldNode, ideal: pkgNode } = diff\n      let existing: NodeClass | undefined\n      let keep = false\n      if (action === DiffAction.change) {\n        if (pkgNode?.package.version !== oldNode?.package.version) {\n          keep = true\n          if (\n            oldNode?.package.name &&\n            oldNode.package.name === pkgNode?.package.name\n          ) {\n            existing = oldNode\n          }\n        } else {\n          // TODO: This debug log has too much information. We should narrow it down.\n          // debugFn('skip: meta change diff\\n', diff)\n        }\n      } else {\n        keep = action !== DiffAction.remove\n      }\n      if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {\n        if (\n          include.unknownOrigin ||\n          getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL\n        ) {\n          details.push({\n            node: pkgNode,\n            existing,\n          })\n        }\n      }\n    }\n    for (const child of diff.children) {\n      queue[queueLength++] = child\n    }\n  }\n  if (include.unchanged) {\n    const { unchanged } = diff_!\n    for (let i = 0, { length } = unchanged; i < length; i += 1) {\n      const pkgNode = unchanged[i]!\n      if (\n        include.unknownOrigin ||\n        getUrlOrigin(pkgNode.resolved!) === NPM_REGISTRY_URL\n      ) {\n        details.push({\n          node: pkgNode,\n          existing: pkgNode,\n        })\n      }\n    }\n  }\n  return details\n}\n\nexport function getTargetNode(nodeOrLink: NodeClass | LinkClass): NodeClass\nexport function getTargetNode<T>(nodeOrLink: T): NodeClass | null\nexport function getTargetNode(nodeOrLink: any): NodeClass | null {\n  return nodeOrLink?.isLink ? nodeOrLink.target : (nodeOrLink ?? null)\n}\n\nexport function isTopLevel(tree: NodeClass, node: NodeClass): boolean {\n  return getTargetNode(tree.children.get(node.name)) === node\n}\n\nexport type Packument = Exclude<\n  Awaited<ReturnType<typeof fetchPackagePackument>>,\n  null\n>\n\nexport function updateNode(\n  node: NodeClass,\n  newVersion: string,\n  newVersionPackument: Packument['versions'][number],\n): void {\n  // Object.defineProperty is needed to set the version property and replace\n  // the old value with newVersion.\n  Object.defineProperty(node, 'version', {\n    configurable: true,\n    enumerable: true,\n    get: () => newVersion,\n  })\n  // Update package.version associated with the node.\n  node.package.version = newVersion\n  // Update node.resolved.\n  const purlObj = PackageURL.fromString(idToNpmPurl(node.name))\n  node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${newVersion}.tgz`\n  // Update node.integrity with the targetPackument.dist.integrity value if available\n  // else delete node.integrity so a new value is resolved for the target version.\n  const { integrity } = newVersionPackument.dist\n  if (integrity) {\n    node.integrity = integrity\n  } else {\n    delete node.integrity\n  }\n  // Update node.package.deprecated based on targetPackument.deprecated.\n  if (hasOwn(newVersionPackument, 'deprecated')) {\n    node.package['deprecated'] = newVersionPackument.deprecated as string\n  } else {\n    delete node.package['deprecated']\n  }\n  // Update node.package.dependencies.\n  const newDeps = { ...newVersionPackument.dependencies }\n  const { dependencies: oldDeps } = node.package\n  node.package.dependencies = newDeps\n  if (oldDeps) {\n    for (const oldDepName of Object.keys(oldDeps)) {\n      if (!hasOwn(newDeps, oldDepName)) {\n        // Detach old edges for dependencies that don't exist on the updated\n        // node.package.dependencies.\n        node.edgesOut.get(oldDepName)?.detach()\n      }\n    }\n  }\n  for (const newDepName of Object.keys(newDeps)) {\n    if (!hasOwn(oldDeps, newDepName)) {\n      // Add new edges for dependencies that don't exist on the old\n      // node.package.dependencies.\n      node.addEdgeOut(\n        new Edge({\n          from: node,\n          name: newDepName,\n          spec: newDeps[newDepName],\n          type: 'prod',\n        }) as unknown as EdgeClass,\n      )\n    }\n  }\n}\n\nexport function updatePackageJsonFromNode(\n  editablePkgJson: EditablePackageJson,\n  tree: NodeClass,\n  node: NodeClass,\n  newVersion: string,\n  rangeStyle?: RangeStyle | undefined,\n): boolean {\n  let result = false\n  if (!isTopLevel(tree, node)) {\n    return result\n  }\n  const { name } = node\n  for (const depField of [\n    'dependencies',\n    'optionalDependencies',\n    'peerDependencies',\n  ]) {\n    const depObject = editablePkgJson.content[depField] as\n      | { [key: string]: string }\n      | undefined\n    const depValue = hasOwn(depObject, name) ? depObject[name] : undefined\n    if (typeof depValue !== 'string' || depValue.startsWith('catalog:')) {\n      continue\n    }\n    let oldRange = depValue\n    // Use npa if depValue looks like more than just a semver range.\n    if (depValue.includes(':')) {\n      const npaResult = npa(depValue)\n      if (!npaResult || (npaResult as AliasResult).subSpec) {\n        continue\n      }\n      oldRange = npaResult.rawSpec\n    }\n    const oldMin = getMinVersion(oldRange)\n    const newRange =\n      oldMin &&\n      // Ensure we're on the same major version...\n      getMajor(newVersion) === oldMin.major &&\n      // and not a downgrade.\n      semver.gte(newVersion, oldMin.version)\n        ? applyRange(oldRange, newVersion, rangeStyle)\n        : oldRange\n    if (oldRange !== newRange) {\n      result = true\n      editablePkgJson.update({\n        [depField]: {\n          ...depObject,\n          [name]: newRange,\n        },\n      })\n    }\n  }\n  return result\n}\n","// @ts-ignore\nimport UntypedArborist from '@npmcli/arborist/lib/arborist/index.js'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\nimport constants from '../../../../../constants.mts'\nimport { logAlertsMap } from '../../../../../utils/socket-package-alert.mts'\nimport { getAlertsMapFromArborist } from '../../../arborist-helpers.mts'\n\nimport type {\n  ArboristClass,\n  ArboristReifyOptions,\n  NodeClass,\n} from '../../types.mts'\n\nconst {\n  NPM,\n  NPX,\n  SOCKET_CLI_ACCEPT_RISKS,\n  SOCKET_CLI_SAFE_BIN,\n  SOCKET_CLI_SAFE_PROGRESS,\n  SOCKET_CLI_VIEW_ALL_RISKS,\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { getIpc },\n} = constants\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n  __proto__: null,\n  audit: false,\n  dryRun: true,\n  fund: false,\n  ignoreScripts: true,\n  progress: false,\n  save: false,\n  saveBundle: false,\n  silent: true,\n}\n\nexport const kCtorArgs = Symbol('ctorArgs')\n\nexport const kRiskyReify = Symbol('riskyReify')\n\nexport const Arborist: ArboristClass = UntypedArborist\n\n// Implementation code not related to our custom behavior is based on\n// https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/index.js:\nexport class SafeArborist extends Arborist {\n  constructor(...ctorArgs: ConstructorParameters<ArboristClass>) {\n    super(\n      {\n        path:\n          (ctorArgs.length ? ctorArgs[0]?.path : undefined) ?? process.cwd(),\n        ...(ctorArgs.length ? ctorArgs[0] : undefined),\n        ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n      },\n      ...ctorArgs.slice(1),\n    )\n    ;(this as any)[kCtorArgs] = ctorArgs\n  }\n\n  async [kRiskyReify](\n    ...args: Parameters<InstanceType<ArboristClass>['reify']>\n  ): Promise<NodeClass> {\n    const ctorArgs = (this as any)[kCtorArgs]\n    const arb = new Arborist(\n      {\n        ...(ctorArgs.length ? ctorArgs[0] : undefined),\n        progress: false,\n      },\n      ...ctorArgs.slice(1),\n    )\n    const ret = await (arb.reify as (...args: any[]) => Promise<NodeClass>)(\n      {\n        ...(args.length ? args[0] : undefined),\n        progress: false,\n      },\n      ...args.slice(1),\n    )\n    Object.assign(this, arb)\n    return ret\n  }\n\n  // @ts-ignore Incorrectly typed.\n  override async reify(\n    this: SafeArborist,\n    ...args: Parameters<InstanceType<ArboristClass>['reify']>\n  ): Promise<NodeClass> {\n    const options = {\n      __proto__: null,\n      ...(args.length ? args[0] : undefined),\n    } as ArboristReifyOptions\n    const ipc = await getIpc()\n    const binName = ipc[SOCKET_CLI_SAFE_BIN]\n    if (!binName) {\n      return await this[kRiskyReify](...args)\n    }\n    await super.reify(\n      {\n        ...options,\n        ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n        progress: false,\n      },\n      // @ts-ignore: TypeScript gets grumpy about rest parameters.\n      ...args.slice(1),\n    )\n    // Lazily access constants.ENV.SOCKET_CLI_ACCEPT_RISKS.\n    const acceptRisks = constants.ENV.SOCKET_CLI_ACCEPT_RISKS\n    const progress = ipc[SOCKET_CLI_SAFE_PROGRESS]\n    const spinner =\n      options['silent'] || !progress\n        ? undefined\n        : // Lazily access constants.spinner.\n          constants.spinner\n    const isSafeNpm = binName === NPM\n    const isSafeNpx = binName === NPX\n    const alertsMap = await getAlertsMapFromArborist(this, {\n      spinner,\n      include:\n        acceptRisks || options.dryRun || options['yes']\n          ? {\n              actions: ['error'],\n              blocked: true,\n              critical: false,\n              cve: false,\n              existing: true,\n              unfixable: false,\n            }\n          : {\n              existing: isSafeNpx,\n              unfixable: isSafeNpm,\n            },\n    })\n    if (alertsMap.size) {\n      process.exitCode = 1\n      // Lazily access constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS.\n      const viewAllRisks = constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS\n      logAlertsMap(alertsMap, {\n        hideAt: viewAllRisks ? 'none' : 'middle',\n        output: process.stderr,\n      })\n      throw new Error(\n        `\n          Socket ${binName} exiting due to risks.${\n            viewAllRisks\n              ? ''\n              : `\\nView all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.`\n          }${\n            acceptRisks\n              ? ''\n              : `\\nAccept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.`\n          }\n        `.trim(),\n      )\n    } else if (!options['silent']) {\n      logger.success(\n        `Socket ${binName} ${acceptRisks ? 'accepted' : 'found no'} risks`,\n      )\n      if (binName === NPX) {\n        logger.log(`Running ${options.add![0]}`)\n      }\n    }\n    return await this[kRiskyReify](...args)\n  }\n}\n","import { createRequire } from 'node:module'\n\n// @ts-ignore\nimport UntypedEdge from '@npmcli/arborist/lib/edge.js'\n// @ts-ignore\nimport UntypedNode from '@npmcli/arborist/lib/node.js'\n// @ts-ignore\nimport UntypedOverrideSet from '@npmcli/arborist/lib/override-set.js'\n\nimport {\n  getArboristClassPath,\n  getArboristEdgeClassPath,\n  getArboristNodeClassPath,\n  getArboristOverrideSetClassPath,\n} from '../paths.mts'\nimport { Arborist, SafeArborist } from './lib/arborist/index.mts'\n\nimport type { EdgeClass, NodeClass, OverrideSetClass } from './types.mts'\n\nconst require = createRequire(import.meta.url)\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n  __proto__: null,\n  audit: false,\n  dryRun: true,\n  fund: false,\n  ignoreScripts: true,\n  progress: false,\n  save: false,\n  saveBundle: false,\n  silent: true,\n}\n\nexport { Arborist, SafeArborist }\n\nexport const Edge: EdgeClass = UntypedEdge\n\nexport const Node: NodeClass = UntypedNode\n\nexport const OverrideSet: OverrideSetClass = UntypedOverrideSet\n\nexport function installSafeArborist() {\n  // Override '@npmcli/arborist' module exports with patched variants based on\n  // https://github.com/npm/cli/pull/8089.\n  const cache: { [key: string]: any } = require.cache\n  cache[getArboristClassPath()] = { exports: SafeArborist }\n  cache[getArboristEdgeClassPath()] = { exports: Edge }\n  cache[getArboristNodeClassPath()] = { exports: Node }\n  cache[getArboristOverrideSetClassPath()] = { exports: OverrideSet }\n}\n","import { installSafeArborist } from './arborist/index.mts'\n\ninstallSafeArborist()\n"],"names":["_arboristPkgPath","add","change","remove","NPM_REGISTRY_URL","eligibleVersions","getMajor","visited","queue","to","version","matches","__proto__","consolidate","include","limit","nothrow","blocked","critical","cve","existing","unfixable","upgradable","unchanged","unknownOrigin","length","action","actual","ideal","keep","node","name","semver","result","getIpc","audit","dryRun","fund","ignoreScripts","progress","save","saveBundle","silent","path","Object","constants","hideAt","logger","cache","exports","installSafeArborist"],"mappings":";;;;;;;;;;;;;;AAOA;AACO;;;AAGH;AAGA;AAIA;AACAA;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAaA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;ACjBO;AACLC;AACAC;AACAC;AACF;;AC7BA;;;AAA4BC;AAAiB;AAE7C;;AAEI;AACA;AACA;;;AAGF;AACF;AAEO;;AAML;;AAEE;AACA;AACE;AACF;AACAC;AACF;AACE;AACA;AACE;AACF;AACAA;AAEI;AACA;AACAC;AAIN;;AAEF;AAEO;AAKL;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAC;AACA;AAIE;AACF;;AAEEC;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AAEO;;AAML;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAD;;AAEQG;AAAuB;AAC/B;;AAEA;AACA;AAIEC;AACF;;AAEEH;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AASO;AAIL;AACEI;AACAC;AACAC;AACAC;AACAC;;;;AAKAJ;AACA;AACA;AACA;AACAK;AACAC;AACAC;AACAC;AACAC;AACAC;AACA;;AAGF;AACER;AACES;AACF;AACF;AAEA;AAEA;;AAMA;;AAGM;AACF;AAEJ;AAEA;;;AAGA;AACF;AAgBO;;AAKL;;AAEE;AACF;AAEA;AACEX;AACAW;AACAC;;AACMZ;;AAA4B;;AAGpC;;;AAEMa;AAAoB;;;AAGtB;AACF;AACA;;AACQC;AAAO;AACf;AACE;AACA;AACA;AACA;;AACQC;AAAiBC;AAAe;AACxC;;AAEA;;AAEIC;AACA;AAIET;AACF;AACF;AAIF;AACES;AACF;AACA;AACE;;AAKIC;AACAV;AACF;AACF;AACF;AACF;AACA;AACEZ;AACF;AACF;;;AAEUe;AAAU;AAClB;AAAkBE;;AAChB;AACA;;AAKIK;AACAV;AACF;AACF;AACF;AACF;AACA;AACF;AAIO;;AAEP;AAEO;AACL;AACF;AAmEO;;AAQL;AACE;AACF;;AACQW;AAAK;;AAMX;AAGA;;AAEE;AACF;;AAEA;AACA;AACE;AACA;AACE;AACF;;AAEF;AACA;;AAGE;AACAzB;AACA;AACA0B;;AAIAC;;AAEE;AACE;AACA;AACF;AACF;AACF;AACF;AACA;AACF;;ACzbA;AAeA;;;;;;;;AAQE;AAA+DC;AAAO;AACxE;AAEO;AACLtB;AACAuB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEO;AAEA;AAEA;;AAEP;AACA;AACO;;AAEH;AAEIC;;;;AAOF;AACJ;AAEA;AAGE;AACA;;AAGIJ;;AAIJ;;AAGIA;;AAIJK;AACA;AACF;;AAEA;AACA;AAIE;AACEhC;;;AAGF;AACA;;;AAGA;;AAGI;AACA;AACA2B;;AAEF;AACA;AAEF;AACA;AACA;;AAIM;AACAM;AACN;AACA;AACA;;;;AAMU5B;AACAC;AACAC;AACAC;AACAC;AACF;AAEED;AACAC;AACF;AACR;;;AAGE;AACA;;AAEEyB;;AAEF;;AAGN;AAQA;AAGI;AACEC;;;AAKA;AACF;;AAEF;AACF;;AChJA,iBAAA;AAEO;AACLnC;AACAuB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAIO;AAEA;AAEA;AAEA;AACL;AACA;AACA;AACAM;AAAkCC;;AAClCD;AAAsCC;;AACtCD;AAAsCC;;AACtCD;AAA6CC;;AAC/C;;AC/CAC;;;;;;;;","debugId":"22ee222a-71cf-4fc6-ad06-f9ae02287129"}
+{"version":3,"file":"shadow-npm-inject.js","sources":["../src/shadow/npm/paths.mts","../src/shadow/npm/arborist/types.mts","../src/shadow/npm/arborist-helpers.mts","../src/shadow/npm/arborist/lib/arborist/index.mts","../src/shadow/npm/arborist/index.mts","../src/shadow/npm/inject.mts"],"sourcesContent":["import path from 'node:path'\n\nimport { normalizePath } from '@socketsecurity/registry/lib/path'\n\nimport constants from '../../constants.mts'\nimport { getNpmRequire } from '../../utils/npm-paths.mts'\n\nlet _arboristPkgPath: string | undefined\nexport function getArboristPackagePath() {\n  if (_arboristPkgPath === undefined) {\n    const pkgName = '@npmcli/arborist'\n    const mainPathWithForwardSlashes = normalizePath(\n      getNpmRequire().resolve(pkgName),\n    )\n    const arboristPkgPathWithForwardSlashes = mainPathWithForwardSlashes.slice(\n      0,\n      mainPathWithForwardSlashes.lastIndexOf(pkgName) + pkgName.length,\n    )\n    // Lazily access constants.WIN32.\n    _arboristPkgPath = constants.WIN32\n      ? path.normalize(arboristPkgPathWithForwardSlashes)\n      : arboristPkgPathWithForwardSlashes\n  }\n  return _arboristPkgPath\n}\n\nlet _arboristClassPath: string | undefined\nexport function getArboristClassPath() {\n  if (_arboristClassPath === undefined) {\n    _arboristClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/arborist/index.js',\n    )\n  }\n  return _arboristClassPath\n}\n\nlet _arboristDepValidPath: string | undefined\nexport function getArboristDepValidPath() {\n  if (_arboristDepValidPath === undefined) {\n    _arboristDepValidPath = path.join(\n      getArboristPackagePath(),\n      'lib/dep-valid.js',\n    )\n  }\n  return _arboristDepValidPath\n}\n\nlet _arboristEdgeClassPath: string | undefined\nexport function getArboristEdgeClassPath() {\n  if (_arboristEdgeClassPath === undefined) {\n    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js')\n  }\n  return _arboristEdgeClassPath\n}\n\nlet _arboristNodeClassPath: string | undefined\nexport function getArboristNodeClassPath() {\n  if (_arboristNodeClassPath === undefined) {\n    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js')\n  }\n  return _arboristNodeClassPath\n}\n\nlet _arboristOverrideSetClassPath: string | undefined\nexport function getArboristOverrideSetClassPath() {\n  if (_arboristOverrideSetClassPath === undefined) {\n    _arboristOverrideSetClassPath = path.join(\n      getArboristPackagePath(),\n      'lib/override-set.js',\n    )\n  }\n  return _arboristOverrideSetClassPath\n}\n","import { createEnum } from '../../../utils/objects.mts'\n\nimport type {\n  Advisory as BaseAdvisory,\n  Arborist as BaseArborist,\n  Options as BaseArboristOptions,\n  AuditReport as BaseAuditReport,\n  Diff as BaseDiff,\n  Edge as BaseEdge,\n  Node as BaseNode,\n  BaseOverrideSet,\n  BuildIdealTreeOptions,\n  ReifyOptions,\n} from '@npmcli/arborist'\n\nexport type ArboristOptions = BaseArboristOptions & {\n  npmCommand?: string\n  npmVersion?: string\n}\n\nexport type ArboristClass = ArboristInstance & {\n  new (...args: any): ArboristInstance\n}\n\nexport type ArboristInstance = Omit<\n  typeof BaseArborist,\n  | 'actualTree'\n  | 'auditReport'\n  | 'buildIdealTree'\n  | 'diff'\n  | 'idealTree'\n  | 'loadActual'\n  | 'loadVirtual'\n  | 'reify'\n> & {\n  auditReport?: AuditReportInstance | null | undefined\n  actualTree?: NodeClass | null | undefined\n  diff: Diff | null\n  idealTree?: NodeClass | null | undefined\n  buildIdealTree(options?: BuildIdealTreeOptions): Promise<NodeClass>\n  loadActual(options?: ArboristOptions): Promise<NodeClass>\n  loadVirtual(options?: ArboristOptions): Promise<NodeClass>\n  reify(options?: ArboristReifyOptions): Promise<NodeClass>\n}\n\nexport type ArboristReifyOptions = ReifyOptions & ArboristOptions\n\nexport type AuditAdvisory = Omit<BaseAdvisory, 'id'> & {\n  id: number\n  cwe: string[]\n  cvss: {\n    score: number\n    vectorString: string\n  }\n  vulnerable_versions: string\n}\n\nexport type AuditReportInstance = Omit<BaseAuditReport, 'report'> & {\n  report: { [dependency: string]: AuditAdvisory[] }\n}\n\nexport const DiffAction = createEnum({\n  add: 'ADD',\n  change: 'CHANGE',\n  remove: 'REMOVE',\n})\n\nexport type Diff = Omit<\n  BaseDiff,\n  | 'actual'\n  | 'children'\n  | 'filterSet'\n  | 'ideal'\n  | 'leaves'\n  | 'removed'\n  | 'shrinkwrapInflated'\n  | 'unchanged'\n> & {\n  actual: NodeClass\n  children: Diff[]\n  filterSet: Set<NodeClass>\n  ideal: NodeClass\n  leaves: NodeClass[]\n  parent: Diff | null\n  removed: NodeClass[]\n  shrinkwrapInflated: Set<NodeClass>\n  unchanged: NodeClass[]\n}\n\nexport type EdgeClass = Omit<\n  BaseEdge,\n  | 'accept'\n  | 'detach'\n  | 'optional'\n  | 'overrides'\n  | 'peer'\n  | 'peerConflicted'\n  | 'rawSpec'\n  | 'reload'\n  | 'satisfiedBy'\n  | 'spec'\n  | 'to'\n> & {\n  optional: boolean\n  overrides: OverrideSetClass | undefined\n  peer: boolean\n  peerConflicted: boolean\n  rawSpec: string\n  get accept(): string | undefined\n  get spec(): string\n  get to(): NodeClass | null\n  new (...args: any): EdgeClass\n  detach(): void\n  reload(hard?: boolean): void\n  satisfiedBy(node: NodeClass): boolean\n}\n\nexport type LinkClass = Omit<NodeClass, 'isLink'> & {\n  readonly isLink: true\n}\n\nexport type NodeClass = Omit<\n  BaseNode,\n  | 'addEdgeIn'\n  | 'addEdgeOut'\n  | 'canDedupe'\n  | 'canReplace'\n  | 'canReplaceWith'\n  | 'children'\n  | 'deleteEdgeIn'\n  | 'edgesIn'\n  | 'edgesOut'\n  | 'from'\n  | 'hasShrinkwrap'\n  | 'inDepBundle'\n  | 'inShrinkwrap'\n  | 'integrity'\n  | 'isTop'\n  | 'matches'\n  | 'meta'\n  | 'name'\n  | 'overrides'\n  | 'packageName'\n  | 'parent'\n  | 'recalculateOutEdgesOverrides'\n  | 'resolve'\n  | 'resolveParent'\n  | 'root'\n  | 'target'\n  | 'updateOverridesEdgeInAdded'\n  | 'updateOverridesEdgeInRemoved'\n  | 'version'\n  | 'versions'\n> & {\n  name: string\n  version: string\n  children: Map<string, NodeClass | LinkClass>\n  edgesIn: Set<EdgeClass>\n  edgesOut: Map<string, EdgeClass>\n  from: NodeClass | null\n  hasShrinkwrap: boolean\n  inShrinkwrap: boolean | undefined\n  integrity?: string | null\n  isTop: boolean | undefined\n  meta: BaseNode['meta'] & {\n    addEdge(edge: EdgeClass): void\n  }\n  overrides: OverrideSetClass | undefined\n  target: NodeClass\n  versions: string[]\n  get inDepBundle(): boolean\n  get packageName(): string | null\n  get parent(): NodeClass | null\n  set parent(value: NodeClass | null)\n  get resolveParent(): NodeClass | null\n  get root(): NodeClass | null\n  set root(value: NodeClass | null)\n  new (...args: any): NodeClass\n  addEdgeIn(edge: EdgeClass): void\n  addEdgeOut(edge: EdgeClass): void\n  canDedupe(preferDedupe?: boolean): boolean\n  canReplace(node: NodeClass, ignorePeers?: string[]): boolean\n  canReplaceWith(node: NodeClass, ignorePeers?: string[]): boolean\n  deleteEdgeIn(edge: EdgeClass): void\n  matches(node: NodeClass): boolean\n  recalculateOutEdgesOverrides(): void\n  resolve(name: string): NodeClass\n  updateOverridesEdgeInAdded(\n    otherOverrideSet: OverrideSetClass | undefined,\n  ): boolean\n  updateOverridesEdgeInRemoved(otherOverrideSet: OverrideSetClass): boolean\n}\n\nexport interface OverrideSetClass\n  extends Omit<\n    BaseOverrideSet,\n    | 'ancestry'\n    | 'children'\n    | 'getEdgeRule'\n    | 'getMatchingRule'\n    | 'getNodeRule'\n    | 'parent'\n    | 'ruleset'\n  > {\n  children: Map<string, OverrideSetClass>\n  key: string | undefined\n  keySpec: string | undefined\n  name: string | undefined\n  parent: OverrideSetClass | undefined\n  value: string | undefined\n  version: string | undefined\n  // eslint-disable-next-line @typescript-eslint/no-misused-new\n  new (...args: any[]): OverrideSetClass\n  get isRoot(): boolean\n  get ruleset(): Map<string, OverrideSetClass>\n  ancestry(): Generator<OverrideSetClass>\n  childrenAreEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n  getEdgeRule(edge: EdgeClass): OverrideSetClass\n  getMatchingRule(node: NodeClass): OverrideSetClass | null\n  getNodeRule(node: NodeClass): OverrideSetClass\n  isEqual(otherOverrideSet: OverrideSetClass | undefined): boolean\n}\n","import semver from 'semver'\n\nimport { PackageURL } from '@socketregistry/packageurl-js'\nimport { getManifestData } from '@socketsecurity/registry'\nimport { debugFn } from '@socketsecurity/registry/lib/debug'\nimport { hasOwn } from '@socketsecurity/registry/lib/objects'\nimport { fetchPackagePackument } from '@socketsecurity/registry/lib/packages'\n\nimport constants from '../../constants.mts'\nimport { Edge } from './arborist/index.mts'\nimport { DiffAction } from './arborist/types.mts'\nimport { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'\nimport { type AliasResult, npa } from '../../utils/npm-package-arg.mts'\nimport { applyRange, getMajor, getMinVersion } from '../../utils/semver.mts'\nimport { idToNpmPurl } from '../../utils/spec.mts'\n\nimport type {\n  ArboristInstance,\n  Diff,\n  EdgeClass,\n  LinkClass,\n  NodeClass,\n} from './arborist/types.mts'\nimport type { RangeStyle } from '../../utils/semver.mts'\nimport type {\n  AlertIncludeFilter,\n  AlertsByPurl,\n} from '../../utils/socket-package-alert.mts'\nimport type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'\nimport type { Spinner } from '@socketsecurity/registry/lib/spinner'\n\nconst { LOOP_SENTINEL, NPM, NPM_REGISTRY_URL } = constants\n\nfunction getUrlOrigin(input: string): string {\n  try {\n    // TODO: URL.parse is available in Node 22.1.0. We can use it when we drop Node 18.\n    // https://nodejs.org/docs/latest-v22.x/api/url.html#urlparseinput-base\n    // return URL.parse(input)?.origin ?? ''\n    return new URL(input).origin ?? ''\n  } catch {}\n  return ''\n}\n\nexport function findBestPatchVersion(\n  node: NodeClass,\n  availableVersions: string[],\n  vulnerableVersionRange?: string,\n): string | null {\n  const manifestData = getManifestData(NPM, node.name)\n  let eligibleVersions\n  if (manifestData && manifestData.name === manifestData.package) {\n    const major = getMajor(manifestData.version)\n    if (typeof major !== 'number') {\n      return null\n    }\n    eligibleVersions = availableVersions.filter(v => getMajor(v) === major)\n  } else {\n    const major = getMajor(node.version)\n    if (typeof major !== 'number') {\n      return null\n    }\n    eligibleVersions = availableVersions.filter(\n      v =>\n        // Filter for versions that are within the current major version and\n        // are NOT in the vulnerable range.\n        getMajor(v) === major &&\n        (!vulnerableVersionRange ||\n          !semver.satisfies(v, vulnerableVersionRange)),\n    )\n  }\n  return eligibleVersions ? semver.maxSatisfying(eligibleVersions, '*') : null\n}\n\nexport function findPackageNode(\n  tree: NodeClass,\n  name: string,\n  version?: string | undefined,\n): NodeClass | undefined {\n  const queue: Array<NodeClass | LinkClass> = [tree]\n  const visited = new Set<NodeClass>()\n  let sentinel = 0\n  while (queue.length) {\n    if (sentinel++ === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop in findPackageNode')\n    }\n    const nodeOrLink = queue.pop()!\n    const node = getTargetNode(nodeOrLink)\n    if (visited.has(node)) {\n      continue\n    }\n    visited.add(node)\n    if (\n      node.name === name &&\n      (typeof version !== 'string' || node.version === version)\n    ) {\n      return node\n    }\n    for (const child of node.children.values()) {\n      queue.push(child)\n    }\n    for (const edge of node.edgesOut.values()) {\n      const { to } = edge\n      if (to) {\n        queue.push(to)\n      }\n    }\n  }\n  return undefined\n}\n\nexport function findPackageNodes(\n  tree: NodeClass,\n  name: string,\n  version?: string | undefined,\n): NodeClass[] {\n  const matches: NodeClass[] = []\n  const queue: Array<NodeClass | LinkClass> = [tree]\n  const visited = new Set<NodeClass>()\n  let sentinel = 0\n  while (queue.length) {\n    if (sentinel++ === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop in findPackageNodes')\n    }\n    const nodeOrLink = queue.pop()!\n    const node = getTargetNode(nodeOrLink)\n    if (visited.has(node)) {\n      continue\n    }\n    visited.add(node)\n\n    const { version: targetVersion } = node\n    if (!targetVersion && Array.isArray(node.errors) && node.errors.length) {\n      debugFn(`miss: version for ${node.name} due to errors:\\n`, node.errors)\n    }\n    if (\n      node.name === name &&\n      (typeof version !== 'string' || node.version === version)\n    ) {\n      matches.push(node)\n    }\n    for (const child of node.children.values()) {\n      queue.push(child)\n    }\n    for (const edge of node.edgesOut.values()) {\n      const { to } = edge\n      if (to) {\n        queue.push(to)\n      }\n    }\n  }\n  return matches\n}\n\nexport type GetAlertsMapFromArboristOptions = {\n  consolidate?: boolean | undefined\n  include?: AlertIncludeFilter | undefined\n  nothrow?: boolean | undefined\n  spinner?: Spinner | undefined\n}\n\nexport async function getAlertsMapFromArborist(\n  arb: ArboristInstance,\n  options_?: GetAlertsMapFromArboristOptions | undefined,\n): Promise<AlertsByPurl> {\n  const options = {\n    __proto__: null,\n    consolidate: false,\n    include: undefined,\n    limit: Infinity,\n    nothrow: false,\n    ...options_,\n  } as GetAlertsMapFromArboristOptions\n\n  options.include = {\n    __proto__: null,\n    // Leave 'actions' unassigned so it can be given a default value in\n    // subsequent functions where `options` is passed.\n    // actions: undefined,\n    blocked: true,\n    critical: true,\n    cve: true,\n    existing: false,\n    unfixable: true,\n    upgradable: false,\n    ...options.include,\n  } as AlertIncludeFilter\n\n  const needInfoOn = getDetailsFromDiff(arb.diff, {\n    include: {\n      unchanged: options.include.existing,\n    },\n  })\n\n  const purls = needInfoOn.map(d => idToNpmPurl(d.node.pkgid))\n\n  let overrides: { [key: string]: string } | undefined\n  const overridesMap = (\n    arb.actualTree ??\n    arb.idealTree ??\n    (await arb.loadActual())\n  )?.overrides?.children\n  if (overridesMap) {\n    overrides = Object.fromEntries(\n      Array.from(overridesMap.entries()).map(([key, overrideSet]) => {\n        return [key, overrideSet.value!]\n      }),\n    )\n  }\n\n  return await getAlertsMapFromPurls(purls, {\n    overrides,\n    ...options,\n  })\n}\n\nexport type DiffQueryIncludeFilter = {\n  unchanged?: boolean | undefined\n  unknownOrigin?: boolean | undefined\n}\n\nexport type DiffQueryOptions = {\n  include?: DiffQueryIncludeFilter | undefined\n}\n\nexport type PackageDetail = {\n  node: NodeClass\n  existing?: NodeClass | undefined\n}\n\nexport function getDetailsFromDiff(\n  diff_: Diff | null,\n  options?: DiffQueryOptions | undefined,\n): PackageDetail[] {\n  const details: PackageDetail[] = []\n  // `diff_` is `null` when `npm install --package-lock-only` is passed.\n  if (!diff_) {\n    return details\n  }\n\n  const include = {\n    __proto__: null,\n    unchanged: false,\n    unknownOrigin: false,\n    ...({ __proto__: null, ...options } as DiffQueryOptions).include,\n  } as DiffQueryIncludeFilter\n\n  const queue: Diff[] = [...diff_.children]\n  let pos = 0\n  let { length: queueLength } = queue\n  while (pos < queueLength) {\n    if (pos === LOOP_SENTINEL) {\n      throw new Error('Detected infinite loop while walking Arborist diff')\n    }\n    const diff = queue[pos++]!\n    const { action } = diff\n    if (action) {\n      // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff\n      // action is 'REMOVE'\n      // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff\n      // action is 'ADD'.\n      const { actual: oldNode, ideal: pkgNode } = diff\n      let existing: NodeClass | undefined\n      let keep = false\n      if (action === DiffAction.change) {\n        if (pkgNode?.package.version !== oldNode?.package.version) {\n          keep = true\n          if (\n            oldNode?.package.name &&\n            oldNode.package.name === pkgNode?.package.name\n          ) {\n            existing = oldNode\n          }\n        } else {\n          // TODO: This debug log has too much information. We should narrow it down.\n          // debugFn('skip: meta change diff\\n', diff)\n        }\n      } else {\n        keep = action !== DiffAction.remove\n      }\n      if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {\n        if (\n          include.unknownOrigin ||\n          getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL\n        ) {\n          details.push({\n            node: pkgNode,\n            existing,\n          })\n        }\n      }\n    }\n    for (const child of diff.children) {\n      queue[queueLength++] = child\n    }\n  }\n  if (include.unchanged) {\n    const { unchanged } = diff_!\n    for (let i = 0, { length } = unchanged; i < length; i += 1) {\n      const pkgNode = unchanged[i]!\n      if (\n        include.unknownOrigin ||\n        getUrlOrigin(pkgNode.resolved!) === NPM_REGISTRY_URL\n      ) {\n        details.push({\n          node: pkgNode,\n          existing: pkgNode,\n        })\n      }\n    }\n  }\n  return details\n}\n\nexport function getTargetNode(nodeOrLink: NodeClass | LinkClass): NodeClass\nexport function getTargetNode<T>(nodeOrLink: T): NodeClass | null\nexport function getTargetNode(nodeOrLink: any): NodeClass | null {\n  return nodeOrLink?.isLink ? nodeOrLink.target : (nodeOrLink ?? null)\n}\n\nexport function isTopLevel(tree: NodeClass, node: NodeClass): boolean {\n  return getTargetNode(tree.children.get(node.name)) === node\n}\n\nexport type Packument = Exclude<\n  Awaited<ReturnType<typeof fetchPackagePackument>>,\n  null\n>\n\nexport function updateNode(\n  node: NodeClass,\n  newVersion: string,\n  newVersionPackument: Packument['versions'][number],\n): void {\n  // Object.defineProperty is needed to set the version property and replace\n  // the old value with newVersion.\n  Object.defineProperty(node, 'version', {\n    configurable: true,\n    enumerable: true,\n    get: () => newVersion,\n  })\n  // Update package.version associated with the node.\n  node.package.version = newVersion\n  // Update node.resolved.\n  const purlObj = PackageURL.fromString(idToNpmPurl(node.name))\n  node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${newVersion}.tgz`\n  // Update node.integrity with the targetPackument.dist.integrity value if available\n  // else delete node.integrity so a new value is resolved for the target version.\n  const { integrity } = newVersionPackument.dist\n  if (integrity) {\n    node.integrity = integrity\n  } else {\n    delete node.integrity\n  }\n  // Update node.package.deprecated based on targetPackument.deprecated.\n  if (hasOwn(newVersionPackument, 'deprecated')) {\n    node.package['deprecated'] = newVersionPackument.deprecated as string\n  } else {\n    delete node.package['deprecated']\n  }\n  // Update node.package.dependencies.\n  const newDeps = { ...newVersionPackument.dependencies }\n  const { dependencies: oldDeps } = node.package\n  node.package.dependencies = newDeps\n  if (oldDeps) {\n    for (const oldDepName of Object.keys(oldDeps)) {\n      if (!hasOwn(newDeps, oldDepName)) {\n        // Detach old edges for dependencies that don't exist on the updated\n        // node.package.dependencies.\n        node.edgesOut.get(oldDepName)?.detach()\n      }\n    }\n  }\n  for (const newDepName of Object.keys(newDeps)) {\n    if (!hasOwn(oldDeps, newDepName)) {\n      // Add new edges for dependencies that don't exist on the old\n      // node.package.dependencies.\n      node.addEdgeOut(\n        new Edge({\n          from: node,\n          name: newDepName,\n          spec: newDeps[newDepName],\n          type: 'prod',\n        }) as unknown as EdgeClass,\n      )\n    }\n  }\n}\n\nexport function updatePackageJsonFromNode(\n  editablePkgJson: EditablePackageJson,\n  tree: NodeClass,\n  node: NodeClass,\n  newVersion: string,\n  rangeStyle?: RangeStyle | undefined,\n): boolean {\n  let result = false\n  if (!isTopLevel(tree, node)) {\n    return result\n  }\n  const { name } = node\n  for (const depField of [\n    'dependencies',\n    'optionalDependencies',\n    'peerDependencies',\n  ]) {\n    const depObject = editablePkgJson.content[depField] as\n      | { [key: string]: string }\n      | undefined\n    const depValue = hasOwn(depObject, name) ? depObject[name] : undefined\n    if (typeof depValue !== 'string' || depValue.startsWith('catalog:')) {\n      continue\n    }\n    let oldRange = depValue\n    // Use npa if depValue looks like more than just a semver range.\n    if (depValue.includes(':')) {\n      const npaResult = npa(depValue)\n      if (!npaResult || (npaResult as AliasResult).subSpec) {\n        continue\n      }\n      oldRange = npaResult.rawSpec\n    }\n    const oldMin = getMinVersion(oldRange)\n    const newRange =\n      oldMin &&\n      // Ensure we're on the same major version...\n      getMajor(newVersion) === oldMin.major &&\n      // and not a downgrade.\n      semver.gte(newVersion, oldMin.version)\n        ? applyRange(oldRange, newVersion, rangeStyle)\n        : oldRange\n    if (oldRange !== newRange) {\n      result = true\n      editablePkgJson.update({\n        [depField]: {\n          ...depObject,\n          [name]: newRange,\n        },\n      })\n    }\n  }\n  return result\n}\n","// @ts-ignore\nimport UntypedArborist from '@npmcli/arborist/lib/arborist/index.js'\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\nimport constants from '../../../../../constants.mts'\nimport { logAlertsMap } from '../../../../../utils/socket-package-alert.mts'\nimport { getAlertsMapFromArborist } from '../../../arborist-helpers.mts'\n\nimport type {\n  ArboristClass,\n  ArboristReifyOptions,\n  NodeClass,\n} from '../../types.mts'\n\nconst {\n  NPM,\n  NPX,\n  SOCKET_CLI_ACCEPT_RISKS,\n  SOCKET_CLI_SAFE_BIN,\n  SOCKET_CLI_SAFE_PROGRESS,\n  SOCKET_CLI_VIEW_ALL_RISKS,\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { getIpc },\n} = constants\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n  __proto__: null,\n  audit: false,\n  dryRun: true,\n  fund: false,\n  ignoreScripts: true,\n  progress: false,\n  save: false,\n  saveBundle: false,\n  silent: true,\n}\n\nexport const kCtorArgs = Symbol('ctorArgs')\n\nexport const kRiskyReify = Symbol('riskyReify')\n\nexport const Arborist: ArboristClass = UntypedArborist\n\n// Implementation code not related to our custom behavior is based on\n// https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/index.js:\nexport class SafeArborist extends Arborist {\n  constructor(...ctorArgs: ConstructorParameters<ArboristClass>) {\n    super(\n      {\n        path:\n          (ctorArgs.length ? ctorArgs[0]?.path : undefined) ?? process.cwd(),\n        ...(ctorArgs.length ? ctorArgs[0] : undefined),\n        ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n      },\n      ...ctorArgs.slice(1),\n    )\n    ;(this as any)[kCtorArgs] = ctorArgs\n  }\n\n  async [kRiskyReify](\n    ...args: Parameters<InstanceType<ArboristClass>['reify']>\n  ): Promise<NodeClass> {\n    const ctorArgs = (this as any)[kCtorArgs]\n    const arb = new Arborist(\n      {\n        ...(ctorArgs.length ? ctorArgs[0] : undefined),\n        progress: false,\n      },\n      ...ctorArgs.slice(1),\n    )\n    const ret = await (arb.reify as (...args: any[]) => Promise<NodeClass>)(\n      {\n        ...(args.length ? args[0] : undefined),\n        progress: false,\n      },\n      ...args.slice(1),\n    )\n    Object.assign(this, arb)\n    return ret\n  }\n\n  // @ts-ignore Incorrectly typed.\n  override async reify(\n    this: SafeArborist,\n    ...args: Parameters<InstanceType<ArboristClass>['reify']>\n  ): Promise<NodeClass> {\n    const options = {\n      __proto__: null,\n      ...(args.length ? args[0] : undefined),\n    } as ArboristReifyOptions\n    const ipc = await getIpc()\n    const binName = ipc[SOCKET_CLI_SAFE_BIN]\n    if (!binName) {\n      return await this[kRiskyReify](...args)\n    }\n    await super.reify(\n      {\n        ...options,\n        ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,\n        progress: false,\n      },\n      // @ts-ignore: TypeScript gets grumpy about rest parameters.\n      ...args.slice(1),\n    )\n    // Lazily access constants.ENV.SOCKET_CLI_ACCEPT_RISKS.\n    const acceptRisks = constants.ENV.SOCKET_CLI_ACCEPT_RISKS\n    const progress = ipc[SOCKET_CLI_SAFE_PROGRESS]\n    const spinner =\n      options['silent'] || !progress\n        ? undefined\n        : // Lazily access constants.spinner.\n          constants.spinner\n    const isSafeNpm = binName === NPM\n    const isSafeNpx = binName === NPX\n    const alertsMap = await getAlertsMapFromArborist(this, {\n      spinner,\n      include:\n        acceptRisks || options.dryRun || options['yes']\n          ? {\n              actions: ['error'],\n              blocked: true,\n              critical: false,\n              cve: false,\n              existing: true,\n              unfixable: false,\n            }\n          : {\n              existing: isSafeNpx,\n              unfixable: isSafeNpm,\n            },\n    })\n    if (alertsMap.size) {\n      process.exitCode = 1\n      // Lazily access constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS.\n      const viewAllRisks = constants.ENV.SOCKET_CLI_VIEW_ALL_RISKS\n      logAlertsMap(alertsMap, {\n        hideAt: viewAllRisks ? 'none' : 'middle',\n        output: process.stderr,\n      })\n      throw new Error(\n        `\n          Socket ${binName} exiting due to risks.${\n            viewAllRisks\n              ? ''\n              : `\\nView all risks - Rerun with environment variable ${SOCKET_CLI_VIEW_ALL_RISKS}=1.`\n          }${\n            acceptRisks\n              ? ''\n              : `\\nAccept risks - Rerun with environment variable ${SOCKET_CLI_ACCEPT_RISKS}=1.`\n          }\n        `.trim(),\n      )\n    } else if (!options['silent']) {\n      logger.success(\n        `Socket ${binName} ${acceptRisks ? 'accepted' : 'found no'} risks`,\n      )\n      if (binName === NPX) {\n        logger.log(`Running ${options.add![0]}`)\n      }\n    }\n    return await this[kRiskyReify](...args)\n  }\n}\n","import { createRequire } from 'node:module'\n\n// @ts-ignore\nimport UntypedEdge from '@npmcli/arborist/lib/edge.js'\n// @ts-ignore\nimport UntypedNode from '@npmcli/arborist/lib/node.js'\n// @ts-ignore\nimport UntypedOverrideSet from '@npmcli/arborist/lib/override-set.js'\n\nimport {\n  getArboristClassPath,\n  getArboristEdgeClassPath,\n  getArboristNodeClassPath,\n  getArboristOverrideSetClassPath,\n} from '../paths.mts'\nimport { Arborist, SafeArborist } from './lib/arborist/index.mts'\n\nimport type { EdgeClass, NodeClass, OverrideSetClass } from './types.mts'\n\nconst require = createRequire(import.meta.url)\n\nexport const SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES = {\n  __proto__: null,\n  audit: false,\n  dryRun: true,\n  fund: false,\n  ignoreScripts: true,\n  progress: false,\n  save: false,\n  saveBundle: false,\n  silent: true,\n}\n\nexport { Arborist, SafeArborist }\n\nexport const Edge: EdgeClass = UntypedEdge\n\nexport const Node: NodeClass = UntypedNode\n\nexport const OverrideSet: OverrideSetClass = UntypedOverrideSet\n\nexport function installSafeArborist() {\n  // Override '@npmcli/arborist' module exports with patched variants based on\n  // https://github.com/npm/cli/pull/8089.\n  const cache: { [key: string]: any } = require.cache\n  cache[getArboristClassPath()] = { exports: SafeArborist }\n  cache[getArboristEdgeClassPath()] = { exports: Edge }\n  cache[getArboristNodeClassPath()] = { exports: Node }\n  cache[getArboristOverrideSetClassPath()] = { exports: OverrideSet }\n}\n","import { installSafeArborist } from './arborist/index.mts'\n\ninstallSafeArborist()\n"],"names":["_arboristPkgPath","add","change","remove","NPM_REGISTRY_URL","eligibleVersions","getMajor","visited","queue","to","version","matches","__proto__","consolidate","include","limit","nothrow","blocked","critical","cve","existing","unfixable","upgradable","unchanged","unknownOrigin","length","action","actual","ideal","keep","node","name","semver","result","getIpc","audit","dryRun","fund","ignoreScripts","progress","save","saveBundle","silent","path","Object","constants","hideAt","logger","cache","exports","installSafeArborist"],"mappings":";;;;;;;;;;;;;;AAOA;AACO;;;AAGH;AAGA;AAIA;AACAA;AAGF;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;AAaA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAGL;AACA;AACF;AAEA;AACO;;;AAML;AACA;AACF;;ACZO;AACLC;AACAC;AACAC;AACF;;AClCA;;;AAA4BC;AAAiB;AAE7C;;AAEI;AACA;AACA;;;AAGF;AACF;AAEO;;AAML;;AAEE;AACA;AACE;AACF;AACAC;AACF;AACE;AACA;AACE;AACF;AACAA;AAEI;AACA;AACAC;AAIN;;AAEF;AAEO;AAKL;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAC;AACA;AAIE;AACF;;AAEEC;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AAEO;;AAML;AACA;;;AAGE;AACE;AACF;AACA;AACA;AACA;AACE;AACF;AACAD;;AAEQG;AAAuB;AAC/B;;AAEA;AACA;AAIEC;AACF;;AAEEH;AACF;;;AAEUC;AAAG;AACX;AACED;AACF;AACF;AACF;AACA;AACF;AASO;AAIL;AACEI;AACAC;AACAC;AACAC;AACAC;;;;AAKAJ;AACA;AACA;AACA;AACAK;AACAC;AACAC;AACAC;AACAC;AACAC;AACA;;AAGF;AACER;AACES;AACF;AACF;AAEA;AAEA;;AAMA;;AAGM;AACF;AAEJ;AAEA;;;AAGA;AACF;AAgBO;;AAKL;;AAEE;AACF;AAEA;AACEX;AACAW;AACAC;;AACMZ;;AAA4B;;AAGpC;;;AAEMa;AAAoB;;;AAGtB;AACF;AACA;;AACQC;AAAO;AACf;AACE;AACA;AACA;AACA;;AACQC;AAAiBC;AAAe;AACxC;;AAEA;;AAEIC;AACA;AAIET;AACF;AACF;AAIF;AACES;AACF;AACA;AACE;;AAKIC;AACAV;AACF;AACF;AACF;AACF;AACA;AACEZ;AACF;AACF;;;AAEUe;AAAU;AAClB;AAAkBE;;AAChB;AACA;;AAKIK;AACAV;AACF;AACF;AACF;AACF;AACA;AACF;AAIO;;AAEP;AAEO;AACL;AACF;AAmEO;;AAQL;AACE;AACF;;AACQW;AAAK;;AAMX;AAGA;;AAEE;AACF;;AAEA;AACA;AACE;AACA;AACE;AACF;;AAEF;AACA;;AAGE;AACAzB;AACA;AACA0B;;AAIAC;;AAEE;AACE;AACA;AACF;AACF;AACF;AACF;AACA;AACF;;ACzbA;AAeA;;;;;;;;AAQE;AAA+DC;AAAO;AACxE;AAEO;AACLtB;AACAuB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEO;AAEA;AAEA;;AAEP;AACA;AACO;;AAEH;AAEIC;;;;AAOF;AACJ;AAEA;AAGE;AACA;;AAGIJ;;AAIJ;;AAGIA;;AAIJK;AACA;AACF;;AAEA;AACA;AAIE;AACEhC;;;AAGF;AACA;;;AAGA;;AAGI;AACA;AACA2B;;AAEF;AACA;AAEF;AACA;AACA;;AAIM;AACAM;AACN;AACA;AACA;;;;AAMU5B;AACAC;AACAC;AACAC;AACAC;AACF;AAEED;AACAC;AACF;AACR;;;AAGE;AACA;;AAEEyB;;AAEF;;AAGN;AAQA;AAGI;AACEC;;;AAKA;AACF;;AAEF;AACF;;AChJA,iBAAA;AAEO;AACLnC;AACAuB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAIO;AAEA;AAEA;AAEA;AACL;AACA;AACA;AACAM;AAAkCC;;AAClCD;AAAsCC;;AACtCD;AAAsCC;;AACtCD;AAA6CC;;AAC/C;;AC/CAC;;;;;;;;","debugId":"22ee222a-71cf-4fc6-ad06-f9ae02287129"}

package/dist/socket-completion.bash

@@ -39,10 +39,10 @@ COMMANDS=(
     [optimize]=""
     [organization]="list quota policy"
     [organization list]=""
-    [organization quota]=""
     [organization policy]="license security"
     [organization policy license]=""
     [organization policy security]=""
+    [organization quota]=""
     [package]="score shallow"
     [package score]=""
     [package shallow]=""
@@ -53,16 +53,17 @@ COMMANDS=(
     [report view]=""
     [repos]="create view list del update"
     [repos create]=""
-    [repos view]=""
-    [repos list]=""
     [repos del]=""
+    [repos list]=""
     [repos update]=""
+    [repos view]=""
     [scan]="create list del diff metadata report view"
     [scan create]=""
-    [scan list]=""
     [scan del]=""
     [scan diff]=""
+    [scan list]=""
     [scan metadata]=""
+    [scan reach]=""
     [scan report]=""
     [scan view]=""
     [threat-feed]=""
@@ -78,20 +79,25 @@ FLAGS=(
     [audit-log]="--interactive --org --page --perPage --type"
     [cdxgen]="--api-key --author --auto-compositions --deep --evidence --exclude --exclude-type --fail-on-error --filter --generate-key-and-sign --include-crypto --include-formulation --install-deps --json-pretty --min-confidence --no-babel --only --output --parent-project-id --print --profile --project-group --project-name --project-id --project-version --recurse --required-only --resolve-class --server --server-host --server-port --server-url --skip-dt-tls-check --spec-version --standard --technique --type --validate"
     [ci]="--autoManifest"
+    [config]=""
     [config auto]="--json --markdown"
     [config get]="--json --markdown"
     [config list]="--full --json --markdown"
     [config set]="--json --markdown"
     [config unset]="--json --markdown"
     [dependencies]="--json --limit --markdown --offset"
+    [diff-scan]=""
     [diff-scan get]="--after --before --depth --file --json"
-    [fix]="--autoMerge --autopilot --limit --purl --rangeStyle --test --testScript"
+    [fix]="--autoMerge --autopilot --ghsa --limit --purl --rangeStyle --test --testScript"
     [info]="--all --strict"
+    [install]=""
     [install completion]=""
     [login]="--apiBaseUrl --apiProxy"
+    [logout]=""
+    [manifest]=""
     [manifest auto]="--cwd --verbose"
-    [manifest cdxgen]="--api-key --author --auto-compositions --deep --evidence --exclude --exclude-type --fail-on-error --filter --generate-key-and-sign --include-crypto --include-formulation --install-deps --json-pretty --min-confidence --no-babel --only --output --parent-project-id --print --profile --project-group --project-name --project-id --project-version --recurse --required-only --resolve-class --server --server-host --server-port --server-url --skip-dt-tls-check --spec-version --standard --technique --type --validate"
     [manifest conda]="--file --stdin --out --stdout --verbose"
+    [manifest cdxgen]="--api-key --author --auto-compositions --deep --evidence --exclude --exclude-type --fail-on-error --filter --generate-key-and-sign --include-crypto --include-formulation --install-deps --json-pretty --min-confidence --no-babel --only --output --parent-project-id --print --profile --project-group --project-name --project-id --project-version --recurse --required-only --resolve-class --server --server-host --server-port --server-url --skip-dt-tls-check --spec-version --standard --technique --type --validate"
     [manifest gradle]="--bin --gradleOpts --verbose"
     [manifest kotlin]="--bin --gradleOpts --verbose"
     [manifest scala]="--bin --out --sbtOpts --stdout --verbose"
@@ -100,33 +106,43 @@ FLAGS=(
     [npx]=""
     [oops]=""
     [optimize]="--pin --prod"
+    [organization]=""
     [organization list]=""
+    [organization policy]=""
     [organization policy license]="--interactive --org"
     [organization policy security]="--interactive --org"
     [organization quota]=""
+    [package]=""
     [package score]="--json --markdown"
     [package shallow]="--json --markdown"
     [raw-npm]=""
     [raw-npx]=""
+    [report]=""
+    [report create]=""
+    [report view]=""
+    [repos]=""
     [repos create]="--defaultBranch --homepage --interactive --org --repoDescription --repoName --visibility"
     [repos del]="--interactive --org"
     [repos list]="--all --direction --interactive --org --page --perPage --sort"
     [repos update]="--defaultBranch --homepage --interactive --org --repoDescription --repoName --visibility"
     [repos view]="--interactive --org --repoName"
+    [scan]=""
     [scan create]="--autoManifest --branch --commitHash --commitMessage --committers --cwd --defaultBranch --interactive --org --pullRequest --readOnly --repo --report --setAsAlertsPage --tmp"
     [scan del]="--interactive --org"
     [scan diff]="--depth --file --interactive --org"
     [scan list]="--branch --direction --fromTime --interactive --org --page --perPage --repo --sort --untilTime"
     [scan metadata]="--interactive --org"
+    [scan reach]=""
     [scan report]="--fold --interactive --license --org --reportLevel --short"
     [scan view]="--interactive --org --stream"
     [threat-feed]="--direction --eco --filter --interactive --json --markdown --org --page --perPage"
+    [uninstall]=""
     [uninstall completion]=""
     [wrapper]="--disable --enable"
 )
 
 _socket_completion_version() {
-  echo "SOCKET_VERSION_TOKEN" # replaced when installing
+  echo "%SOCKET_VERSION_TOKEN%" # replaced when installing
 }
 
 _socket_completion() {

package/dist/types/commands/fix/cmd-fix.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"cmd-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/cmd-fix.mts"],"names":[],"mappings":"AAyGA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAkEf"}
+{"version":3,"file":"cmd-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/cmd-fix.mts"],"names":[],"mappings":"AAyGA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAoEf"}

package/dist/types/commands/fix/handle-fix.d.mts

@@ -4,6 +4,7 @@ import type { Remap } from '@socketsecurity/registry/lib/objects';
 export type HandleFixOptions = Remap<FixOptions & {
     ghsas: string[];
     outputKind: OutputKind;
+    unknownFlags: string[];
 }>;
-export declare function handleFix(argv: string[] | readonly string[], { autoMerge, cwd, ghsas, limit, outputKind, purls, rangeStyle, test, testScript }: HandleFixOptions): Promise<void>;
+export declare function handleFix({ autoMerge, cwd, ghsas, limit, outputKind, purls, rangeStyle, test, testScript, unknownFlags }: HandleFixOptions): Promise<void>;
 //# sourceMappingURL=handle-fix.d.mts.map

package/dist/types/commands/fix/handle-fix.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"handle-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/handle-fix.mts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sCAAsC,CAAA;AAIjE,MAAM,MAAM,gBAAgB,GAAG,KAAK,CAClC,UAAU,GAAG;IACX,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,EAAE,UAAU,CAAA;CACvB,CACF,CAAA;AAED,wBAAsB,SAAS,CAC7B,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,EACE,SAAS,EACT,GAAG,EACH,KAAK,EACL,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,IAAI,EACJ,UAAU,EACX,EAAE,gBAAgB,iBAmHpB"}
+{"version":3,"file":"handle-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/handle-fix.mts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sCAAsC,CAAA;AAIjE,MAAM,MAAM,gBAAgB,GAAG,KAAK,CAClC,UAAU,GAAG;IACX,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,MAAM,EAAE,CAAA;CACvB,CACF,CAAA;AAED,wBAAsB,SAAS,CAAC,EAC9B,SAAS,EACT,GAAG,EACH,KAAK,EACL,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,IAAI,EACJ,UAAU,EACV,YAAY,EACb,EAAE,gBAAgB,iBAgIlB"}

package/dist/types/commands/fix/npm-fix.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"npm-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/npm-fix.mts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EAAE,UAAU,EAAkB,MAAM,iBAAiB,CAAA;AAEjE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAA;AAsBrE,wBAAsB,MAAM,CAC1B,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,CA2FtC"}
+{"version":3,"file":"npm-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/npm-fix.mts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EAAE,UAAU,EAAkB,MAAM,iBAAiB,CAAA;AAKjE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAA;AAsBrE,wBAAsB,MAAM,CAC1B,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,CAiGtC"}

package/dist/types/commands/install/setup-tab-completion.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"setup-tab-completion.d.mts","sourceRoot":"","sources":["../../../../src/commands/install/setup-tab-completion.mts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CACnE,OAAO,CAAC;IACN,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,OAAO,CAAA;IACtB,iBAAiB,EAAE,MAAM,CAAA;IACzB,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACnB,CAAC,CACH,CA0DA;AAiBD,wBAAgB,kCAAkC,CAChD,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,SAAS,CAAC,CAkBpB"}
+{"version":3,"file":"setup-tab-completion.d.mts","sourceRoot":"","sources":["../../../../src/commands/install/setup-tab-completion.mts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAE9C,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CACnE,OAAO,CAAC;IACN,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,OAAO,CAAA;IACtB,iBAAiB,EAAE,MAAM,CAAA;IACzB,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACnB,CAAC,CACH,CA0DA;AAiBD,wBAAgB,kCAAkC,CAChD,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,SAAS,CAAC,CAmBpB"}

package/dist/types/commands/manifest/cmd-manifest-cdxgen.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"cmd-manifest-cdxgen.d.mts","sourceRoot":"","sources":["../../../../src/commands/manifest/cmd-manifest-cdxgen.mts"],"names":[],"mappings":"AAoOA,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAsDf"}
+{"version":3,"file":"cmd-manifest-cdxgen.d.mts","sourceRoot":"","sources":["../../../../src/commands/manifest/cmd-manifest-cdxgen.mts"],"names":[],"mappings":"AAoOA,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAqDf"}

package/dist/types/commands/npm/cmd-npm.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"cmd-npm.d.mts","sourceRoot":"","sources":["../../../../src/commands/npm/cmd-npm.mts"],"names":[],"mappings":"AAwCA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAiBf"}
+{"version":3,"file":"cmd-npm.d.mts","sourceRoot":"","sources":["../../../../src/commands/npm/cmd-npm.mts"],"names":[],"mappings":"AAwCA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAgBf"}

package/dist/types/commands/npx/cmd-npx.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"cmd-npx.d.mts","sourceRoot":"","sources":["../../../../src/commands/npx/cmd-npx.mts"],"names":[],"mappings":"AAwCA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAiBf"}
+{"version":3,"file":"cmd-npx.d.mts","sourceRoot":"","sources":["../../../../src/commands/npx/cmd-npx.mts"],"names":[],"mappings":"AAwCA,eAAO,MAAM,MAAM;;;;CAIlB,CAAA;AAED,iBAAe,GAAG,CAChB,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EAClC,UAAU,EAAE,UAAU,EACtB,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC,IAAI,CAAC,CAgBf"}