@socketsecurity/cli-with-sentry 1.0.71 → 1.0.73

package/bin/npm-cli.js

@@ -6,5 +6,5 @@ const path = require('node:path')
 const rootPath = path.join(__dirname, '..')
 Module.enableCompileCache?.(path.join(rootPath, '.cache'))
 
-const shadowBin = require(path.join(rootPath, 'dist/shadow-bin.js'))
+const shadowBin = require(path.join(rootPath, 'dist/shadow-npm-bin.js'))
 shadowBin('npm')

package/bin/npx-cli.js

@@ -6,5 +6,5 @@ const path = require('node:path')
 const rootPath = path.join(__dirname, '..')
 Module.enableCompileCache?.(path.join(rootPath, '.cache'))
 
-const shadowBin = require(path.join(rootPath, 'dist/shadow-bin.js'))
+const shadowBin = require(path.join(rootPath, 'dist/shadow-npm-bin.js'))
 shadowBin('npx')

package/dist/cli.js

@@ -30,6 +30,7 @@ var require$$1 = require('node:util');
 var os = require('node:os');
 var promises = require('node:stream/promises');
 
+var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 async function fetchOrgAnalyticsData(time, options) {
   const {
     sdkOptions
@@ -66,7 +67,7 @@ async function fetchRepoAnalyticsData(repo, time, options) {
 
 // Note: Widgets does not seem to actually work as code :'(
 
-const require$5 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$5 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 
 // Note: This maps `new Date(date).getMonth()` to English three letters
@@ -498,7 +499,7 @@ async function fetchAuditLog(config, options) {
   });
 }
 
-const require$4 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$4 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const {
   REDACTED
 } = constants;
@@ -4327,6 +4328,7 @@ async function npmFix(pkgEnvDetails, fixConfig) {
   return await agentFix(pkgEnvDetails, actualTree, alertsMap, install$1, {
     async beforeInstall(editablePkgJson) {
       revertData = {
+        // Track existing dependencies in the root package.json to revert to later.
         ...(editablePkgJson.content.dependencies && {
           dependencies: {
             ...editablePkgJson.content.dependencies
@@ -4345,24 +4347,34 @@ async function npmFix(pkgEnvDetails, fixConfig) {
       };
     },
     async afterUpdate(editablePkgJson, packument, oldVersion, newVersion) {
-      const isWorkspaceRoot = editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename;
-      if (isWorkspaceRoot) {
-        const arb = new shadowNpmInject.Arborist({
-          path: pkgEnvDetails.pkgPath,
-          ...flatConfig,
-          ...shadowNpmInject.SAFE_WITH_SAVE_ARBORIST_REIFY_OPTIONS_OVERRIDES
-        });
-        const idealTree = await arb.buildIdealTree();
-        const node = shadowNpmInject.findPackageNode(idealTree, packument.name, oldVersion);
-        if (node) {
-          shadowNpmInject.updateNode(node, newVersion, packument.versions[newVersion]);
-          await arb.reify();
-        }
+      // Exit early if not the root workspace.
+      if (editablePkgJson.filename !== pkgEnvDetails.editablePkgJson.filename) {
+        return;
+      }
+      // Update package-lock.json using @npmcli/arborist.
+      const arb = new shadowNpmInject.Arborist({
+        path: pkgEnvDetails.pkgPath,
+        ...flatConfig,
+        ...shadowNpmInject.SAFE_WITH_SAVE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+      });
+      // Build the ideal tree of nodes that are used to generated the saved
+      // package-lock.json
+      const idealTree = await arb.buildIdealTree();
+      const node = shadowNpmInject.findPackageNode(idealTree, packument.name, oldVersion);
+      if (node) {
+        // Update the ideal tree node.
+        shadowNpmInject.updateNode(node, newVersion, packument.versions[newVersion]);
+        // Save package-lock.json lockfile.
+        await arb.reify();
       }
     },
     async revertInstall(editablePkgJson) {
       if (revertData) {
+        // Revert package.json.
         editablePkgJson.update(revertData);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
       }
     }
   }, fixConfig);
@@ -4459,8 +4471,12 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
       cwd,
       spinner
     });
-    lockSrc = maybeActualTree ? await utils.readLockfile(pkgEnvDetails.lockPath) : null;
-    if (lockSrc && maybeActualTree) {
+    if (maybeActualTree) {
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+    } else {
+      lockSrc = '';
+    }
+    if (lockSrc) {
       actualTree = maybeActualTree;
       lockfile = utils.parsePnpmLockfile(lockSrc);
     } else {
@@ -4498,25 +4514,29 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
   let revertOverridesSrc = '';
   return await agentFix(pkgEnvDetails, actualTree, alertsMap, install, {
     async beforeInstall(editablePkgJson, packument, oldVersion, newVersion, vulnerableVersionRange, options) {
-      const isWorkspaceRoot = editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename;
-      // Get current overrides for revert logic.
-      const {
-        overrides: oldOverrides
-      } = getOverridesDataPnpm(pkgEnvDetails, editablePkgJson.content);
-      const oldPnpmSection = editablePkgJson.content[PNPM$6];
-      const overrideKey = `${packument.name}@${vulnerableVersionRange}`;
-      lockSrc = await utils.readLockfile(pkgEnvDetails.lockPath);
-      revertOverrides = undefined;
-      revertOverridesSrc = utils.extractOverridesFromPnpmLockSrc(lockSrc);
-      if (isWorkspaceRoot) {
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+
+      // Update overrides for the root workspace.
+      if (editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename) {
+        const {
+          overrides: oldOverrides
+        } = getOverridesDataPnpm(pkgEnvDetails, editablePkgJson.content);
+        const oldPnpmSection = editablePkgJson.content[PNPM$6];
+        const overrideKey = `${packument.name}@${vulnerableVersionRange}`;
+        revertOverridesSrc = utils.extractOverridesFromPnpmLockSrc(lockSrc);
+        // Track existing overrides in the root package.json to revert to later.
         revertOverrides = {
           [PNPM$6]: oldPnpmSection ? {
             ...oldPnpmSection,
             [OVERRIDES$1]: require$$7.hasKeys(oldOverrides) ? {
               ...oldOverrides,
               [overrideKey]: undefined
-            } : undefined
-          } : undefined
+            } :
+            // Properties with undefined values are deleted when saved as JSON.
+            undefined
+          } :
+          // Properties with undefined values are deleted when saved as JSON.
+          undefined
         };
         // Update overrides in the root package.json so that when `pnpm install`
         // generates pnpm-lock.yaml it updates transitive dependencies too.
@@ -4529,9 +4549,15 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
             }
           }
         });
+      } else {
+        revertOverrides = undefined;
+        revertOverridesSrc = '';
       }
       revertData = {
+        // If "pnpm" or "pnpm.overrides" fields are undefined they will be
+        // deleted when saved.
         ...revertOverrides,
+        // Track existing dependencies in the root package.json to revert to later.
         ...(editablePkgJson.content.dependencies && {
           dependencies: {
             ...editablePkgJson.content.dependencies
@@ -4554,20 +4580,32 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
         // Revert overrides metadata in package.json now that pnpm-lock.yaml
         // has been updated.
         editablePkgJson.update(revertOverrides);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
       }
-      await editablePkgJson.save({
-        ignoreWhitespace: true
-      });
-      lockSrc = await utils.readLockfile(pkgEnvDetails.lockPath);
-      const updatedOverridesContent = utils.extractOverridesFromPnpmLockSrc(lockSrc);
-      if (updatedOverridesContent) {
-        lockSrc = lockSrc.replace(updatedOverridesContent, revertOverridesSrc);
-        await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+      // Remove "overrides" block from pnpm-lock.yaml lockfile when processing
+      // the root workspace.
+      if (editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename) {
+        const updatedOverridesContent = utils.extractOverridesFromPnpmLockSrc(lockSrc);
+        if (updatedOverridesContent) {
+          // Remove "overrides" block from pnpm-lock.yaml lockfile.
+          lockSrc = lockSrc.replace(updatedOverridesContent, revertOverridesSrc);
+          // Save pnpm-lock.yaml lockfile.
+          await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
+        }
       }
     },
     async revertInstall(editablePkgJson) {
       if (revertData) {
+        // Revert package.json.
         editablePkgJson.update(revertData);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
+        // Revert pnpm-lock.yaml lockfile to be on the safe side.
+        await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
       }
     }
   }, fixConfig);
@@ -4618,6 +4656,9 @@ async function handleFix({
     }, outputKind);
     return;
   }
+  debug.debugDir('inspect', {
+    pkgEnvDetails
+  });
 
   // Lazily access constants.
   const {
@@ -4929,7 +4970,7 @@ async function setupTabCompletion(targetName) {
   };
 }
 function getTabCompletionScriptRaw() {
-  const sourceDir = path.dirname(require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href));
+  const sourceDir = path.dirname(require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href))));
   const sourcePath = path.join(sourceDir, 'socket-completion.bash');
   if (!fs$1.existsSync(sourcePath)) {
     return {
@@ -6966,7 +7007,7 @@ async function run$v(argv, importMeta, {
   });
 }
 
-const require$3 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$3 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
 } = constants;
@@ -7019,7 +7060,7 @@ async function run$u(argv, importMeta, {
   await shadowBin('npm', argv);
 }
 
-const require$2 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$2 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
 } = constants;
@@ -7479,7 +7520,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
           }
         });
       } else {
-        // Properties with undefined values are omitted when saved as JSON.
+        // Properties with undefined values are deleted when saved as JSON.
         editablePkgJson.update(require$$7.hasKeys(oldValue) ? {
           [field]: {
             ...(isPnpmObj ? oldValue : {}),
@@ -7490,7 +7531,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
         });
       }
     } else if (field === OVERRIDES || field === RESOLUTIONS) {
-      // Properties with undefined values are omitted when saved as JSON.
+      // Properties with undefined values are deleted when saved as JSON.
       editablePkgJson.update({
         [field]: require$$7.hasKeys(value) ? value : undefined
       });
@@ -13616,7 +13657,7 @@ async function fetchThreatFeed({
   return await utils.queryApiSafeJson(`orgs/${orgSlug}/threat-feed?${queryParams}`, 'the Threat Feed data');
 }
 
-const require$1 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$1 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 async function outputThreatFeed(result, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
@@ -14398,17 +14439,15 @@ async function run(argv, importMeta, {
   }
 }
 
-const __filename$1 = require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href);
-const {
-  SOCKET_CLI_BIN_NAME
-} = constants;
+const __filename$1 = require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 void (async () => {
   const registryUrl = vendor.registryUrl();
   await vendor.updater({
     authInfo: vendor.registryAuthTokenExports(registryUrl, {
       recursive: true
     }),
-    name: SOCKET_CLI_BIN_NAME,
+    // Lazily access constants.SOCKET_CLI_BIN_NAME.
+    name: constants.SOCKET_CLI_BIN_NAME,
     registryUrl,
     ttl: 86_400_000 /* 24 hours in milliseconds */,
 
@@ -14417,6 +14456,8 @@ void (async () => {
   });
   try {
     await utils.meowWithSubcommands({
+      analytics: cmdAnalytics,
+      'audit-log': cmdAuditLog,
       ci: cmdCI,
       config: cmdConfig,
       fix: cmdFix,
@@ -14430,16 +14471,14 @@ void (async () => {
       optimize: cmdOptimize,
       organization: cmdOrganization,
       package: cmdPackage,
+      manifest: cmdManifest,
+      scan: cmdScan,
       'raw-npm': cmdRawNpm,
       'raw-npx': cmdRawNpx,
-      wrapper: cmdWrapper,
-      scan: cmdScan,
-      'audit-log': cmdAuditLog,
       repos: cmdRepository,
-      analytics: cmdAnalytics,
       'threat-feed': cmdThreatFeed,
-      manifest: cmdManifest,
-      uninstall: cmdUninstall
+      uninstall: cmdUninstall,
+      wrapper: cmdWrapper
     }, {
       aliases: {
         audit: {
@@ -14534,7 +14573,8 @@ void (async () => {
         }
       },
       argv: process.argv.slice(2),
-      name: SOCKET_CLI_BIN_NAME,
+      // Lazily access constants.SOCKET_CLI_BIN_NAME.
+      name: constants.SOCKET_CLI_BIN_NAME,
       importMeta: {
         url: `${require$$0.pathToFileURL(__filename$1)}`
       }
@@ -14594,5 +14634,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=6e0fd7c6-a2c8-49d0-90ec-61ff85e89df9
+//# debugId=ba4215ca-3cc8-45b8-8900-a36e38e6cc4a
 //# sourceMappingURL=cli.js.map