@socketsecurity/cli-with-sentry 1.0.90 → 1.0.92

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs

@@ -9234,7 +9234,7 @@ var require_pipeline = __commonJS({
       if (typeof streams[streams.length - 1] !== "function") return noop4;
       return streams.pop();
     }
-    function pipeline() {
+    function pipeline2() {
       for (var _len = arguments.length, streams = new Array(_len), _key = 0; _key < _len; _key++) {
         streams[_key] = arguments[_key];
       }
@@ -9257,7 +9257,7 @@ var require_pipeline = __commonJS({
       });
       return streams.reduce(pipe);
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -11444,7 +11444,7 @@ var require_file = __commonJS({
     var fs12 = __require("fs");
     var path9 = __require("path");
     var asyncSeries = require_series();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var { MESSAGE } = require_triple_beam();
     var { Stream: Stream2, PassThrough } = require_readable();
     var TransportStream = require_winston_transport();
@@ -12013,7 +12013,7 @@ var require_file = __commonJS({
           if (err) {
             return callback();
           }
-          var gzip = zlib2.createGzip();
+          var gzip = zlib3.createGzip();
           var inp = fs12.createReadStream(src);
           var out = fs12.createWriteStream(dest);
           out.on("finish", () => {
@@ -43748,7 +43748,7 @@ var require_client = __commonJS({
     var assert9 = __require("assert");
     var net = __require("net");
     var http2 = __require("http");
-    var { pipeline } = __require("stream");
+    var { pipeline: pipeline2 } = __require("stream");
     var util6 = require_util2();
     var timers = require_timers();
     var Request2 = require_request();
@@ -45166,7 +45166,7 @@ upgrade: ${upgrade}\r
         let onPipeData = function(chunk2) {
           request.onBodySent(chunk2);
         };
-        const pipe = pipeline(
+        const pipe = pipeline2(
           body,
           h2stream,
           (err) => {
@@ -46926,7 +46926,7 @@ var require_api_pipeline = __commonJS({
         util6.destroy(ret, err);
       }
     };
-    function pipeline(opts, handler) {
+    function pipeline2(opts, handler) {
       try {
         const pipelineHandler = new PipelineHandler(opts, handler);
         this.dispatch({ ...opts, body: pipelineHandler.req }, pipelineHandler);
@@ -46935,7 +46935,7 @@ var require_api_pipeline = __commonJS({
         return new PassThrough().destroy(err);
       }
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -49832,7 +49832,7 @@ var require_fetch = __commonJS({
     } = require_response();
     var { Headers } = require_headers();
     var { Request: Request2, makeRequest } = require_request2();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var {
       bytesMatch,
       makePolicyContainer,
@@ -49876,7 +49876,7 @@ var require_fetch = __commonJS({
     } = require_constants3();
     var { kHeadersList } = require_symbols();
     var EE3 = __require("events");
-    var { Readable: Readable2, pipeline } = __require("stream");
+    var { Readable: Readable2, pipeline: pipeline2 } = __require("stream");
     var { addAbortListener, isErrored, isReadable: isReadable2, nodeMajor, nodeMinor } = require_util2();
     var { dataURLProcessor, serializeAMimeType } = require_dataURL();
     var { TransformStream } = __require("stream/web");
@@ -50773,18 +50773,18 @@ var require_fetch = __commonJS({
               if (request.method !== "HEAD" && request.method !== "CONNECT" && !nullBodyStatus.includes(status) && !willFollow) {
                 for (const coding of codings) {
                   if (coding === "x-gzip" || coding === "gzip") {
-                    decoders.push(zlib2.createGunzip({
+                    decoders.push(zlib3.createGunzip({
                       // Be less strict when decoding compressed responses, since sometimes
                       // servers send slightly invalid responses that are still accepted
                       // by common browsers.
                       // Always using Z_SYNC_FLUSH is what cURL does.
-                      flush: zlib2.constants.Z_SYNC_FLUSH,
-                      finishFlush: zlib2.constants.Z_SYNC_FLUSH
+                      flush: zlib3.constants.Z_SYNC_FLUSH,
+                      finishFlush: zlib3.constants.Z_SYNC_FLUSH
                     }));
                   } else if (coding === "deflate") {
-                    decoders.push(zlib2.createInflate());
+                    decoders.push(zlib3.createInflate());
                   } else if (coding === "br") {
-                    decoders.push(zlib2.createBrotliDecompress());
+                    decoders.push(zlib3.createBrotliDecompress());
                   } else {
                     decoders.length = 0;
                     break;
@@ -50795,7 +50795,7 @@ var require_fetch = __commonJS({
                 status,
                 statusText,
                 headersList: headers[kHeadersList],
-                body: decoders.length ? pipeline(this.body, ...decoders, () => {
+                body: decoders.length ? pipeline2(this.body, ...decoders, () => {
                 }) : this.body.on("error", () => {
                 })
               });
@@ -59413,7 +59413,7 @@ var require_upload_gzip = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.createGZipFileInBuffer = exports.createGZipFileOnDisk = void 0;
     var fs12 = __importStar(__require("fs"));
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var util_1 = __require("util");
     var stat3 = (0, util_1.promisify)(fs12.stat);
     var gzipExemptFileExtensions = [
@@ -59449,7 +59449,7 @@ var require_upload_gzip = __commonJS({
         }
         return new Promise((resolve17, reject) => {
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           const outputStream = fs12.createWriteStream(tempFilePath);
           inputStream.pipe(gzip).pipe(outputStream);
           outputStream.on("finish", () => __awaiter(this, void 0, void 0, function* () {
@@ -59469,7 +59469,7 @@ var require_upload_gzip = __commonJS({
         return new Promise((resolve17) => __awaiter(this, void 0, void 0, function* () {
           var _a2, e_1, _b, _c;
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           inputStream.pipe(gzip);
           const chunks = [];
           try {
@@ -60071,7 +60071,7 @@ var require_download_http_client = __commonJS({
     exports.DownloadHttpClient = void 0;
     var fs12 = __importStar(__require("fs"));
     var core = __importStar(require_core());
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var utils_1 = require_utils3();
     var url_1 = __require("url");
     var status_reporter_1 = require_status_reporter();
@@ -60249,7 +60249,7 @@ var require_download_http_client = __commonJS({
         return __awaiter(this, void 0, void 0, function* () {
           yield new Promise((resolve17, reject) => {
             if (isGzip) {
-              const gunzip = zlib2.createGunzip();
+              const gunzip = zlib3.createGunzip();
               response.message.on("error", (error) => {
                 core.info(`An error occurred while attempting to read the response stream`);
                 gunzip.close();
@@ -66504,14 +66504,14 @@ var require_headers2 = __commonJS({
 var require_deflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/deflater.js"(exports, module) {
     module.exports = function(inbuf) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       var opts = { chunkSize: (parseInt(inbuf.length / 1024) + 1) * 1024 };
       return {
         deflate: function() {
-          return zlib2.deflateRawSync(inbuf, opts);
+          return zlib3.deflateRawSync(inbuf, opts);
         },
         deflateAsync: function(callback) {
-          var tmp = zlib2.createDeflateRaw(opts), parts = [], total = 0;
+          var tmp = zlib3.createDeflateRaw(opts), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -66538,14 +66538,14 @@ var require_inflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/inflater.js"(exports, module) {
     var version3 = +(process.versions ? process.versions.node : "").split(".")[0] || 0;
     module.exports = function(inbuf, expectedLength) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       const option = version3 >= 15 && expectedLength > 0 ? { maxOutputLength: expectedLength } : {};
       return {
         inflate: function() {
-          return zlib2.inflateRawSync(inbuf, option);
+          return zlib3.inflateRawSync(inbuf, option);
         },
         inflateAsync: function(callback) {
-          var tmp = zlib2.createInflateRaw(option), parts = [], total = 0;
+          var tmp = zlib3.createInflateRaw(option), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -94983,32 +94983,48 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 // dist/whole-program-code-aware-vulnerability-scanner/go/go-code-aware-vulnerability-scanner.js
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert4 from "assert";
-import { existsSync as existsSync9 } from "fs";
+import { existsSync as existsSync9, createReadStream, createWriteStream as createWriteStream2 } from "fs";
 import { readFile as readFile7, rm as rm4, cp as cp4 } from "fs/promises";
+import zlib2 from "zlib";
 import { join as join13, resolve as resolve10, sep } from "path";
+import { pipeline } from "stream/promises";
 var { uniq: uniq5 } = import_lodash11.default;
 var GoCodeAwareVulnerabilityScanner = class {
   projectDir;
-  timeoutInSeconds;
+  options;
   name = "GOANA";
-  constructor(projectDir, timeoutInSeconds) {
+  constructor(projectDir, options = {}) {
     this.projectDir = projectDir;
-    this.timeoutInSeconds = timeoutInSeconds;
+    this.options = options;
+  }
+  get compressedGoanaBinaryName() {
+    const { platform: platform6, arch } = process;
+    const rarch = arch === "arm" ? "arm64" : arch === "x64" ? "amd64" : arch;
+    return `goana-${platform6}-${rarch}.gz`;
   }
   async runAnalysis(vulns, heuristic, _analyzesAllVulns) {
     logger.info("Started instantiating Go code-aware analysis");
     if (!existsSync9(join13(this.projectDir, "go.mod")))
       throw new Error("go.mod file not found in the project directory");
+    const { timeoutInSeconds, memoryLimitInMB } = this.options;
     const tmpDir = await createTmpDirectory("goana-output");
     const vulnsOutputFile = join13(tmpDir, "vulns.json");
     const diagnosticsOutputFile = join13(tmpDir, "diagnostics.json");
     try {
+      const binaryName = this.compressedGoanaBinaryName;
+      const binaryPath = join13(COANA_REPOS_PATH(), "goana/bin", binaryName);
+      if (!await exists(binaryPath))
+        throw new Error(`goana binary '${binaryName}' not found`);
+      await pipeline(createReadStream(binaryPath), zlib2.createGunzip(), createWriteStream2(join13(tmpDir, "goana"), { mode: 493 }));
       const vulnAccPaths = uniq5(vulns.flatMap((v) => v.vulnerabilityAccessPaths));
-      const { error, stderr } = await execNeverFail(cmdt`${COANA_REPOS_PATH()}/goana/goana
+      const { error, stderr } = await execNeverFail(cmdt`${join13(tmpDir, "goana")}
           -output-vulnerabilities ${vulnsOutputFile}
           -output-diagnostics ${diagnosticsOutputFile}
           -topk=4 ${heuristic.includeTests && "-tests"}
-          ${this.projectDir} ${vulnAccPaths}`, void 0, { timeout: this.timeoutInSeconds ? this.timeoutInSeconds * 1e3 : void 0 });
+          ${this.projectDir} ${vulnAccPaths}`, void 0, {
+        timeout: timeoutInSeconds ? timeoutInSeconds * 1e3 : void 0,
+        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0
+      });
       if (error) {
         logger.error("Error running Go code-aware analysis", error);
         const timeout = !!error.killed;
@@ -95045,7 +95061,7 @@ ${stderr}`);
       await rm4(tmpDir, { recursive: true, force: true });
     }
   }
-  static async runOnDependencyChain([first2, ...rest], vuln, timeoutInSeconds) {
+  static async runOnDependencyChain([first2, ...rest], vuln, options = {}) {
     assert4(first2.version);
     const { Dir, GoMod } = JSON.parse(await runCommandResolveStdOut(cmdt`go mod download -json ${first2.packageName}@v${first2.version}`));
     const projectDir = await createTmpDirectory("go-run-on-dependency-chain-");
@@ -95062,7 +95078,7 @@ ${stderr}`);
         await runGoModTidy(projectDir);
       }
       const heuristic = GoanaHeuristics.NO_TESTS;
-      const result = await new this(projectDir, timeoutInSeconds).runAnalysis([vuln], heuristic, true);
+      const result = await new this(projectDir, options).runAnalysis([vuln], heuristic, true);
       if (result.type === "error")
         return {
           error: result.message,
@@ -95078,7 +95094,7 @@ ${stderr}`);
       await rm4(projectDir, { recursive: true, force: true });
     }
   }
-  static async runOnAlreadyDownloadedPackages(packages, vuln, timeoutInSeconds) {
+  static async runOnAlreadyDownloadedPackages(packages, vuln, options = {}) {
     for (const pkg of packages)
       assert4(existsSync9(join13(pkg, "go.mod")), `${pkg} does not contain a go.mod file`);
     const [app, ...dependencies] = packages;
@@ -95095,7 +95111,7 @@ ${stderr}`);
         await runGoModTidy(projectDir);
       }
       const heuristic = GoanaHeuristics.NO_TESTS;
-      const result = await new this(projectDir, timeoutInSeconds).runAnalysis([vuln], heuristic, true);
+      const result = await new this(projectDir, options).runAnalysis([vuln], heuristic, true);
       if (result.type === "error")
         return {
           error: result.message,
@@ -96170,7 +96186,10 @@ async function analyzePackages(ecosystem, packages, vulnerability, options) {
       break;
     case "GO":
       analysisName = "Goana";
-      result = await GoCodeAwareVulnerabilityScanner.runOnDependencyChain(packages, vulnerability, options?.timeoutInSeconds ?? 60);
+      result = await GoCodeAwareVulnerabilityScanner.runOnDependencyChain(packages, vulnerability, {
+        timeoutInSeconds: options?.timeoutInSeconds ?? 60,
+        memoryLimitInMB: options?.memoryLimitInMB ?? 16384
+      });
       break;
     case "RUST":
       analysisName = "Rustica";
@@ -96215,7 +96234,10 @@ async function analyzeAlreadyInstalledPackages(ecosystem, packages, vulnerabilit
       break;
     case "GO":
       analysisName = "Goana";
-      result = await GoCodeAwareVulnerabilityScanner.runOnAlreadyDownloadedPackages(packages, vulnerability, options?.timeoutInSeconds ?? 60);
+      result = await GoCodeAwareVulnerabilityScanner.runOnAlreadyDownloadedPackages(packages, vulnerability, {
+        timeoutInSeconds: options?.timeoutInSeconds ?? 60,
+        memoryLimitInMB: options?.memoryLimitInMB ?? 16384
+      });
       break;
     case "RUST":
       analysisName = "Rustica";
@@ -96270,7 +96292,7 @@ async function getVersion(analysisName) {
 // dist/whole-program-code-aware-vulnerability-scanner/python/python-code-aware-vulnerability-scanner.js
 var import_semver2 = __toESM(require_semver2(), 1);
 var { omit, once: once3, pick, sortedUniq, uniqBy } = import_lodash14.default;
-var PythonCodeAwareVulnerabilityScanner = class _PythonCodeAwareVulnerabilityScanner {
+var PythonCodeAwareVulnerabilityScanner = class {
   state;
   projectDir;
   name = "MAMBALADE";
@@ -96295,9 +96317,7 @@ var PythonCodeAwareVulnerabilityScanner = class _PythonCodeAwareVulnerabilitySca
   async runAnalysis(vulns, heuristic, analyzesAllVulns) {
     if (!this.virtualEnvInfo)
       throw new Error("Virtual environment not set up");
-    if (!this.mambaladeVenvPath) {
-      await this.setupMambalade();
-    }
+    this.mambaladeVenvPath ??= await setupMambalade();
     logger.info("Started instantiating Python code-aware analysis");
     logger.debug(`Trying to find files to analyze from projectDir: ${this.projectDir}`);
     const { rootWorkingDir, reachabilityAnalysisOptions } = this.state;
@@ -96429,7 +96449,7 @@ ${msg}`;
       logger.info(`Copying ${app} to ${projectDir}`);
       await cp5(app, projectDir, { recursive: true });
       fileMappings.set(projectDir, app);
-      const scanner = new _PythonCodeAwareVulnerabilityScanner({
+      const scanner = new this({
         rootWorkingDir: projectTmpDir,
         reachabilityAnalysisOptions: options
       }, projectTmpDir);
@@ -96608,22 +96628,6 @@ ${msg}`;
   getVirtualEnvInfo() {
     return this.virtualEnvInfo;
   }
-  async setupMambalade() {
-    const venvDir = await createTmpDirectory("mambalade-venv");
-    logger.info("Creating Mambalade virtual environment");
-    const pythonInterpreter = await getPythonInterpreter();
-    await exec(cmdt`${pythonInterpreter} -SIm venv ${venvDir}`);
-    const mambaladeWheelsPath = join15(COANA_REPOS_PATH(), "mambalade", "dist");
-    const wheelFiles = await readdir3(mambaladeWheelsPath);
-    const mambaladeWheels = wheelFiles.filter((f2) => f2.endsWith(".whl")).map((f2) => join15(mambaladeWheelsPath, f2));
-    if (mambaladeWheels.length === 0) {
-      throw new Error(`No mambalade wheel files found in ${mambaladeWheelsPath}`);
-    }
-    logger.info(`Installing mambalade wheels: ${mambaladeWheels.join(", ")}`);
-    await exec(cmdt`${venvDir}/bin/pip install --no-deps ${mambaladeWheels}`);
-    this.mambaladeVenvPath = venvDir;
-    logger.info("Mambalade virtual environment setup complete");
-  }
   // async [Symbol.asyncDispose]() {
   async cleanup() {
     if (this.virtualEnvInfo?.temporary) {
@@ -96684,6 +96688,21 @@ async function getPythonInterpreter() {
     return "python3";
   throw new Error(`No Python ${pythonVersionRequired} interpreter found`);
 }
+async function setupMambalade() {
+  const venvDir = await createTmpDirectory("mambalade-venv");
+  logger.info("Creating Mambalade virtual environment");
+  const pythonInterpreter = await getPythonInterpreter();
+  await exec(cmdt`${pythonInterpreter} -SIm venv ${venvDir}`);
+  const mambaladeWheelsPath = join15(COANA_REPOS_PATH(), "mambalade", "dist");
+  const wheelFiles = await readdir3(mambaladeWheelsPath);
+  const mambaladeWheels = wheelFiles.filter((f2) => f2.endsWith(".whl")).map((f2) => join15(mambaladeWheelsPath, f2));
+  if (!mambaladeWheels.length)
+    throw new Error(`No mambalade wheel files found in ${mambaladeWheelsPath}`);
+  logger.info(`Installing mambalade wheels: ${mambaladeWheels.join(", ")}`);
+  await exec(cmdt`${venvDir}/bin/pip install --no-deps ${mambaladeWheels}`);
+  logger.info("Mambalade virtual environment setup complete");
+  return venvDir;
+}
 
 // dist/whole-program-code-aware-vulnerability-scanner/python/phantom-deps.js
 var { uniq: uniq8 } = import_lodash15.default;
@@ -97208,7 +97227,7 @@ var GoAnalyzer = class {
     const vulnerablePackages = uniq9(vulns.flatMap((v) => v.vulnerabilityAccessPaths.map((vap) => vap.split(":")[0])));
     const irrelevantPackages = new Set(await getIrrelevantPackages(this.projectDir, vulnerablePackages));
     const [unreachableVulns, otherVulns] = partition2(vulns, (v) => v.vulnerabilityAccessPaths.every((vap) => irrelevantPackages.has(vap.split(":")[0])));
-    const res = otherVulns.length ? await analyzeWithHeuristics(this.state, otherVulns, [GoanaHeuristics.DEFAULT], false, new GoCodeAwareVulnerabilityScanner(this.projectDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds), analysisMetadataCollector, statusUpdater) : [];
+    const res = otherVulns.length ? await analyzeWithHeuristics(this.state, otherVulns, [GoanaHeuristics.DEFAULT], false, new GoCodeAwareVulnerabilityScanner(this.projectDir, this.state.reachabilityAnalysisOptions), analysisMetadataCollector, statusUpdater) : [];
     if (unreachableVulns.length) {
       const heuristicName = GoanaHeuristics.IMPORT_REACHABILITY.name;
       const detectedOccurrences = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.90",
+  "version": "1.0.92",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -85,8 +85,8 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.3",
     "@biomejs/biome": "2.2.0",
-    "@coana-tech/cli": "14.11.11",
-    "@cyclonedx/cdxgen": "11.5.0",
+    "@coana-tech/cli": "14.11.14",
+    "@cyclonedx/cdxgen": "11.6.0",
     "@dotenvx/dotenvx": "1.48.4",
     "@eslint/compat": "1.3.2",
     "@eslint/js": "9.33.0",
@@ -126,7 +126,7 @@
     "@types/semver": "7.7.0",
     "@types/which": "3.0.4",
     "@types/yargs-parser": "21.0.3",
-    "@typescript-eslint/parser": "8.39.1",
+    "@typescript-eslint/parser": "8.40.0",
     "@typescript/native-preview": "7.0.0-dev.20250529.1",
     "@vitest/coverage-v8": "3.2.4",
     "blessed": "0.1.81",
@@ -159,18 +159,18 @@
     "npm-package-arg": "13.0.0",
     "npm-run-all2": "8.0.4",
     "open": "10.2.0",
-    "oxlint": "1.11.2",
+    "oxlint": "1.12.0",
     "pony-cause": "2.1.11",
     "registry-auth-token": "5.1.0",
     "registry-url": "7.2.0",
-    "rollup": "4.46.2",
+    "rollup": "4.46.3",
     "semver": "7.7.2",
     "synp": "1.9.14",
     "terminal-link": "2.1.1",
     "tiny-updater": "3.5.3",
     "trash": "9.0.0",
     "type-coverage": "2.29.7",
-    "typescript-eslint": "8.39.1",
+    "typescript-eslint": "8.40.0",
     "unplugin-purge-polyfills": "0.1.0",
     "vitest": "3.2.4",
     "which": "5.0.0",

package/translations.json

@@ -169,7 +169,7 @@
       "emoji": "🎈"
     },
     "gitDependency": {
-      "description": "Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.",
+      "description": "Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.",
       "suggestion": "Publish the git dependency to npm or a private package repository and consume it from there.",
       "title": "Git dependency",
       "emoji": "🍣"
@@ -212,7 +212,7 @@
     },
     "highEntropyStrings": {
       "description": "Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.",
-      "suggestion": "Please inspect these strings to check if these strings are benign. Maintainers should clarify the purpose and existence of high entropy strings if there is a legitimate purpose.",
+      "suggestion": "Please inspect these strings to check if they are benign. Maintainers should clarify the purpose and existence of high entropy strings if there is a legitimate purpose.",
       "title": "High entropy strings",
       "emoji": "⚠️"
     },
@@ -277,7 +277,7 @@
       "emoji": "⚠️"
     },
     "malware": {
-      "description": "This package is malware. We have asked the package registry to remove it.",
+      "description": "This package is identified as malware. It has been flagged either by Socket's AI scanner and confirmed by our threat research team, or is listed as malicious in security databases and other sources.",
       "title": "Known malware",
       "suggestion": "It is strongly recommended that malware is removed from your codebase.",
       "emoji": "☠️"
@@ -391,7 +391,7 @@
       "emoji": "⚠️"
     },
     "noV1": {
-      "description": "Package is not semver >=1. This means it is not stable and does not support ^ ranges.",
+      "description": "Package is not semver \u003E=1. This means it is not stable and does not support ^ ranges.",
       "suggestion": "If the package sees any general use, it should begin releasing at version 1.0.0 or later to benefit from semver.",
       "title": "No v1",
       "emoji": "⚠️"
@@ -488,7 +488,7 @@
     },
     "suspiciousString": {
       "description": "This package contains suspicious text patterns which are commonly associated with bad behavior.",
-      "suggestion": "The package code should be reviewed before installing",
+      "suggestion": "The package code should be reviewed before installing.",
       "title": "Suspicious strings",
       "emoji": "⚠️"
     },
@@ -560,7 +560,7 @@
     },
     "unstableOwnership": {
       "description": "A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.",
-      "suggestion": "Try to reduce the amount of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.",
+      "suggestion": "Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.",
       "title": "Unstable ownership",
       "emoji": "⚠️"
     },
@@ -571,8 +571,8 @@
       "emoji": "⚠️"
     },
     "urlStrings": {
-      "description": "Package contains fragments of external URLs or IP addresses, which may indicate that it covertly exfiltrates data.",
-      "suggestion": "Avoid using packages that make connections to the network, since this helps to leak data.",
+      "description": "Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.",
+      "suggestion": "Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.",
       "title": "URL strings",
       "emoji": "⚠️"
     },
@@ -587,6 +587,30 @@
       "suggestion": "Packages should remove unnecessary zero width unicode characters and use their visible counterparts.",
       "title": "Zero width unicode chars",
       "emoji": "⚠️"
+    },
+    "chromePermission": {
+      "description": "This Chrome extension uses the '{permission}' permission.",
+      "suggestion": "Does this extensions need these permissions? Read more about what they mean at https://developer.chrome.com/docs/extensions/reference/permissions-list",
+      "title": "Chrome Extension Permission",
+      "emoji": "⚠️"
+    },
+    "chromeHostPermission": {
+      "description": "This Chrome extension requests access to '{host}'.",
+      "suggestion": "Review the host permission request and ensure it's necessary for the extension's functionality. Consider if the extension could work with more restrictive host permissions.",
+      "title": "Chrome Extension Host Permission",
+      "emoji": "⚠️"
+    },
+    "chromeWildcardHostPermission": {
+      "description": "This Chrome extension requests broad access to websites with the pattern '{host}'.",
+      "suggestion": "Wildcard host permissions like '*://*/*' give the extension access to all websites. This is a significant security risk and should be carefully reviewed. Consider if the extension could work with more restrictive host permissions.",
+      "title": "Chrome Extension Wildcard Host Permission",
+      "emoji": "⚠️"
+    },
+    "chromeContentScript": {
+      "description": "This Chrome extension includes a content script '{scriptFile}' that runs on websites matching '{matches}'.",
+      "suggestion": "Content scripts can modify web pages and access page content. Review the content script code to understand what it does on the websites it targets.",
+      "title": "Chrome Extension Content Script",
+      "emoji": "⚠️"
     }
   }
 }