@socketsecurity/cli-with-sentry 1.0.96 → 1.0.97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/cli.js +164 -164
  2. package/dist/cli.js.map +1 -1
  3. package/dist/constants.js +3 -3
  4. package/dist/constants.js.map +1 -1
  5. package/dist/shadow-npm-bin.js +3 -3
  6. package/dist/shadow-npm-bin.js.map +1 -1
  7. package/dist/shadow-npm-inject.js +29 -49
  8. package/dist/shadow-npm-inject.js.map +1 -1
  9. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  10. package/dist/types/commands/fix/shared.d.mts +2 -1
  11. package/dist/types/commands/fix/shared.d.mts.map +1 -1
  12. package/dist/types/shadow/npm/arborist/lib/arborist/index.d.mts.map +1 -1
  13. package/dist/types/shadow/npm/arborist-helpers.d.mts +5 -5
  14. package/dist/types/shadow/npm/arborist-helpers.d.mts.map +1 -1
  15. package/dist/types/utils/alert/severity.d.mts.map +1 -1
  16. package/dist/types/utils/alerts-map.d.mts +4 -3
  17. package/dist/types/utils/alerts-map.d.mts.map +1 -1
  18. package/dist/types/utils/config.d.mts +5 -4
  19. package/dist/types/utils/config.d.mts.map +1 -1
  20. package/dist/types/utils/filter-config.d.mts +5 -0
  21. package/dist/types/utils/filter-config.d.mts.map +1 -0
  22. package/dist/types/utils/sdk.d.mts +3 -3
  23. package/dist/types/utils/sdk.d.mts.map +1 -1
  24. package/dist/types/utils/socket-package-alert.d.mts +7 -5
  25. package/dist/types/utils/socket-package-alert.d.mts.map +1 -1
  26. package/dist/utils.js +207 -207
  27. package/dist/utils.js.map +1 -1
  28. package/dist/vendor.js +38 -36
  29. package/external/@coana-tech/cli/cli-wrapper.mjs +1 -0
  30. package/external/@coana-tech/cli/cli.mjs +281 -172
  31. package/external/@coana-tech/cli/reachability-analyzers-cli.mjs +134 -63
  32. package/external/@coana-tech/cli/repos/coana-tech/alucard/alucard.jar +0 -0
  33. package/external/@coana-tech/cli/repos/coana-tech/class-graph-analysis/dist/bundle/class-graph-analysis-cli.mjs +2337 -2821
  34. package/external/@coana-tech/cli/repos/coana-tech/cocoa/release/Coana.Cocoa.dll +0 -0
  35. package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  36. package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  37. package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  38. package/external/@coana-tech/cli/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
  39. package/external/@socketsecurity/registry/lib/objects.js +16 -0
  40. package/package.json +7 -7
  41. package/dist/types/utils/strings.d.mts +0 -2
  42. package/dist/types/utils/strings.d.mts.map +0 -1
package/dist/constants.js CHANGED
@@ -140,10 +140,10 @@ const LAZY_ENV = () => {
140
140
  INLINED_SOCKET_CLI_SYNP_VERSION: envAsString("1.9.14"),
141
141
  // Comp-time inlined Socket package version.
142
142
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
143
- INLINED_SOCKET_CLI_VERSION: envAsString("1.0.96"),
143
+ INLINED_SOCKET_CLI_VERSION: envAsString("1.0.97"),
144
144
  // Comp-time inlined Socket package version hash.
145
145
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
146
- INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.96:5a6aa85:7916371e:pub"),
146
+ INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.97:88ad932:a5d7b5a5:pub"),
147
147
  // The absolute location of the %localappdata% folder on Windows used to store
148
148
  // user-specific, non-roaming application data, like temporary files, cached
149
149
  // data, and program settings, that are specific to the current machine and user.
@@ -520,5 +520,5 @@ const constants = createConstantsObject({
520
520
  });
521
521
 
522
522
  module.exports = constants;
523
- //# debugId=1a3c0ac5-3503-4f9f-ab41-7175c8911ce6
523
+ //# debugId=da592c8f-3dc1-48d6-b74a-093ed3e5cbda
524
524
  //# sourceMappingURL=constants.js.map
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_API_URL: string\n GITHUB_BASE_REF: string\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_SERVER_URL: string\n GITHUB_TOKEN: string\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SOCKET_CLI_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n NODE_EXTRA_CA_CERTS: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TIMEOUT: number\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_NPM_PATH: string\n SOCKET_CLI_ORG_SLUG: string\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype ProcessEnv = {\n [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly nodeMemoryFlags: string[]\n readonly npmCachePath: string\n readonly npmGlobalPrefix: string\n readonly npmNmNodeGypPath: string\n readonly processEnv: ProcessEnv\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions | undefined\nfunction getNpmStdioPipeOptions() {\n if (_npmStdioPipeOptions === undefined) {\n _npmStdioPipeOptions = {\n cwd: process.cwd(),\n // Lazily access constants.WIN32.\n shell: constants.WIN32,\n }\n }\n return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n const { env: processEnv } = process\n const envHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/env')\n const utils = /*@__PURE__*/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/utils.js'),\n )\n const envAsBoolean = envHelpers.envAsBoolean\n const envAsNumber = envHelpers.envAsNumber\n const envAsString = envHelpers.envAsString\n const getConfigValueOrUndef = utils.getConfigValueOrUndef\n const readOrDefaultSocketJson = utils.readOrDefaultSocketJson\n const GITHUB_TOKEN = envAsString(processEnv['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(processEnv['DISABLE_GITHUB_CACHE']),\n // The API URL. For example, https://api.github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_API_URL:\n envAsString(processEnv['GITHUB_API_URL']) || 'https://api.github.com',\n // The name of the base ref or target branch of the pull request in a workflow\n // run. This is only set when the event that triggers a workflow run is either\n // pull_request or pull_request_target. For example, main.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_BASE_REF: envAsString(processEnv['GITHUB_BASE_REF']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_NAME: envAsString(processEnv['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_TYPE: envAsString(processEnv['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REPOSITORY: envAsString(processEnv['GITHUB_REPOSITORY']),\n // The URL of the GitHub server. For example, https://github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_SERVER_URL:\n envAsString(processEnv['GITHUB_SERVER_URL']) || 'https://github.com',\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // The absolute location of the %localappdata% folder on Windows used to store\n // user-specific, non-roaming application data, like temporary files, cached\n // data, and program settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(processEnv[LOCALAPPDATA]),\n // Enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n // certificates in file. The file should consist of one or more trusted\n // certificates in PEM format.\n // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n NODE_EXTRA_CA_CERTS:\n envAsString(processEnv['NODE_EXTRA_CA_CERTS']) ||\n // Commonly used environment variable to specify the path to a single\n // PEM-encoded certificate file.\n envAsString(processEnv['SSL_CERT_FILE']),\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(processEnv['PATH']),\n // Accept risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(processEnv[SOCKET_CLI_ACCEPT_RISKS]),\n // Change the base URL for Socket API calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(processEnv['SOCKET_CLI_API_BASE_URL']) ||\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_BASE_URL']) ||\n getConfigValueOrUndef('apiBaseUrl') ||\n 'https://api.socket.dev/v0/',\n // Set the proxy that all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(processEnv['SOCKET_CLI_API_PROXY']) ||\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_PROXY']) ||\n // Commonly used environment variables to specify routing requests through\n // a proxy server.\n envAsString(processEnv['HTTPS_PROXY']) ||\n envAsString(processEnv['https_proxy']) ||\n envAsString(processEnv['HTTP_PROXY']) ||\n envAsString(processEnv['http_proxy']),\n // Set the timeout in milliseconds for Socket API requests.\n // https://nodejs.org/api/http.html#httprequesturl-options-callback\n SOCKET_CLI_API_TIMEOUT: envAsNumber(processEnv['SOCKET_CLI_API_TOKEN']),\n // Set the Socket API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(processEnv['SOCKET_CLI_API_TOKEN']) ||\n // TODO: Remove legacy environment variable names.\n envAsString(processEnv['SOCKET_CLI_API_KEY']) ||\n envAsString(processEnv['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(processEnv['SOCKET_SECURITY_API_KEY']),\n // A JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(processEnv['SOCKET_CLI_CONFIG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_EMAIL']) ||\n 'github-actions[bot]@users.noreply.github.com',\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(processEnv['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // Change the base URL for GitHub REST API calls.\n // https://docs.github.com/en/rest\n SOCKET_CLI_GITHUB_API_URL:\n envAsString(processEnv['SOCKET_CLI_GITHUB_API_URL']) ||\n readOrDefaultSocketJson(process.cwd())?.defaults?.scan?.github\n ?.githubApiUrl ||\n 'https://api.github.com',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(processEnv['SOCKET_CLI_GITHUB_TOKEN']) ||\n // TODO: Remove undocumented legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(\n processEnv['SOCKET_CLI_NO_API_TOKEN'],\n ),\n // The absolute location of the npm directory.\n SOCKET_CLI_NPM_PATH: envAsString(processEnv['SOCKET_CLI_NPM_PATH']),\n // Specify the Socket organization slug.\n SOCKET_CLI_ORG_SLUG:\n envAsString(processEnv['SOCKET_CLI_ORG_SLUG']) ||\n // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n envAsString(processEnv['SOCKET_ORG_SLUG']),\n // View all risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(\n processEnv[SOCKET_CLI_VIEW_ALL_RISKS],\n ),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(processEnv['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(processEnv['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli-wrapper.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyNodeMemoryFlags = () => {\n const flags = /*@__PURE__*/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/flags.js'),\n )\n const getMaxOldSpaceSizeFlag = flags.getMaxOldSpaceSizeFlag\n const getMaxSemiSpaceSizeFlag = flags.getMaxSemiSpaceSizeFlag\n return Object.freeze([\n `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n ])\n}\n\nconst lazyNpmCachePath = () => {\n const spawnHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['config', 'get', 'cache'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n const spawnHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['prefix', '-g'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n path.join(\n // Lazily access constants.npmRealExecPath.\n constants.npmRealExecPath,\n '../../node_modules/node-gyp/bin/node-gyp.js',\n )\n\nconst lazyProcessEnv = () =>\n // Lazily access constants.ENV.\n Object.setPrototypeOf(\n Object.fromEntries(\n Object.entries(constants.ENV).reduce(\n (entries, entry) => {\n const { 0: key, 1: value } = entry\n if (key.startsWith('INLINED_SOCKET_CLI_')) {\n return entries\n }\n if (typeof value === 'string') {\n if (value) {\n entries.push(entry as [string, string])\n }\n } else if (typeof value === 'boolean' && value) {\n entries.push([key, '1'])\n }\n return entries\n },\n [] as Array<[string, string]>,\n ),\n ),\n null,\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data directory:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = /*@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_DEFAULT_BRANCH,\n SOCKET_DEFAULT_REPOSITORY,\n SOCKET_WEBSITE_URL,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n nodeMemoryFlags: undefined,\n npmCachePath: undefined,\n npmGlobalPrefix: undefined,\n npmNmNodeGypPath: undefined,\n processEnv: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n nodeMemoryFlags: lazyNodeMemoryFlags,\n npmCachePath: lazyNpmCachePath,\n npmGlobalPrefix: lazyNpmGlobalPrefix,\n npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n processEnv: lazyProcessEnv,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","envAsString","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TIMEOUT","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAsJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAgB;AACxB;;AAEE;;AAGF;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACAH;AAGF;AACA;AACAI;AAEE;AACAJ;AACA;AACA;AACAA;AAIF;AACA;AACAK;AACA;AACA;AACAC;AAEE;;AAIF;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;;AAMA;AACA;AACA;AACA;AACAC;AAEE;AACAT;AAEF;AACAU;AAGA;AACAC;AACA;AACAC;AAEE;AACAZ;AACF;AACAa;AAGA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAlB;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;AAEI;;AAGF;AACA;AACA;AAIF;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAsB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAL;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQM;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAzB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAkB;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIQ;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"1a3c0ac5-3503-4f9f-ab41-7175c8911ce6"}
1
+ {"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n attributes: registryConstantsAttribs,\n createConstantsObject,\n getIpc,\n },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined,\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n DISABLE_GITHUB_CACHE: boolean\n GITHUB_API_URL: string\n GITHUB_BASE_REF: string\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n GITHUB_SERVER_URL: string\n GITHUB_TOKEN: string\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n INLINED_SOCKET_CLI_HOMEPAGE: string\n INLINED_SOCKET_CLI_LEGACY_BUILD: string\n INLINED_SOCKET_CLI_NAME: string\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n INLINED_SOCKET_CLI_SENTRY_BUILD: string\n INLINED_SOCKET_CLI_VERSION: string\n INLINED_SOCKET_CLI_VERSION_HASH: string\n INLINED_SOCKET_CLI_SYNP_VERSION: string\n LOCALAPPDATA: string\n NODE_COMPILE_CACHE: string\n NODE_EXTRA_CA_CERTS: string\n PATH: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_API_BASE_URL: string\n SOCKET_CLI_API_PROXY: string\n SOCKET_CLI_API_TIMEOUT: number\n SOCKET_CLI_API_TOKEN: string\n SOCKET_CLI_CONFIG: string\n SOCKET_CLI_GIT_USER_EMAIL: string\n SOCKET_CLI_GIT_USER_NAME: string\n SOCKET_CLI_GITHUB_TOKEN: string\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_NPM_PATH: string\n SOCKET_CLI_ORG_SLUG: string\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype ProcessEnv = {\n [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly ENV: ENV\n readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly binCliPath: string\n readonly binPath: string\n readonly blessedContribPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly blessedPath: string\n readonly coanaBinPath: string\n readonly coanaPath: string\n readonly distCliPath: string\n readonly distPath: string\n readonly externalPath: string\n readonly githubCachePath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly nodeMemoryFlags: string[]\n readonly npmCachePath: string\n readonly npmGlobalPrefix: string\n readonly npmNmNodeGypPath: string\n readonly processEnv: ProcessEnv\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly shadowNpmBinPath: string\n readonly shadowNpmInjectPath: string\n readonly socketAppDataPath: string\n readonly socketCachePath: string\n readonly socketRegistryPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions | undefined\nfunction getNpmStdioPipeOptions() {\n if (_npmStdioPipeOptions === undefined) {\n _npmStdioPipeOptions = {\n cwd: process.cwd(),\n // Lazily access constants.WIN32.\n shell: constants.WIN32,\n }\n }\n return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n const { env: processEnv } = process\n const envHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/env')\n const utils = /*@__PURE__*/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/utils.js'),\n )\n const envAsBoolean = envHelpers.envAsBoolean\n const envAsNumber = envHelpers.envAsNumber\n const envAsString = envHelpers.envAsString\n const getConfigValueOrUndef = utils.getConfigValueOrUndef\n const readOrDefaultSocketJson = utils.readOrDefaultSocketJson\n const GITHUB_TOKEN = envAsString(processEnv['GITHUB_TOKEN'])\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n __proto__: null,\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Disable using GitHub's workflow actions/cache.\n // https://github.com/actions/cache\n DISABLE_GITHUB_CACHE: envAsBoolean(processEnv['DISABLE_GITHUB_CACHE']),\n // The API URL. For example, https://api.github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_API_URL:\n envAsString(processEnv['GITHUB_API_URL']) || 'https://api.github.com',\n // The name of the base ref or target branch of the pull request in a workflow\n // run. This is only set when the event that triggers a workflow run is either\n // pull_request or pull_request_target. For example, main.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_BASE_REF: envAsString(processEnv['GITHUB_BASE_REF']),\n // The short ref name of the branch or tag that triggered the GitHub workflow\n // run. This value matches the branch or tag name shown on GitHub. For example,\n // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_NAME: envAsString(processEnv['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REF_TYPE: envAsString(processEnv['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_REPOSITORY: envAsString(processEnv['GITHUB_REPOSITORY']),\n // The URL of the GitHub server. For example, https://github.com.\n // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n GITHUB_SERVER_URL:\n envAsString(processEnv['GITHUB_SERVER_URL']) || 'https://github.com',\n // The GITHUB_TOKEN secret is a GitHub App installation access token.\n // The token's permissions are limited to the repository that contains the\n // workflow.\n // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n GITHUB_TOKEN,\n // Comp-time inlined @cyclonedx/cdxgen package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n ),\n // Comp-time inlined Socket package homepage.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n ),\n // Comp-time inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n ),\n // Comp-time inlined Socket package name.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n INLINED_SOCKET_CLI_NAME: envAsString(\n process.env['INLINED_SOCKET_CLI_NAME'],\n ),\n // Comp-time inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n ),\n // Comp-time inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n ),\n // Comp-time inlined synp package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n ),\n // Comp-time inlined Socket package version.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n INLINED_SOCKET_CLI_VERSION: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION'],\n ),\n // Comp-time inlined Socket package version hash.\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n ),\n // The absolute location of the %localappdata% folder on Windows used to store\n // user-specific, non-roaming application data, like temporary files, cached\n // data, and program settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(processEnv[LOCALAPPDATA]),\n // Enable the module compile cache for the Node.js instance.\n // https://nodejs.org/api/cli.html#node_compile_cachedir\n NODE_COMPILE_CACHE:\n // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n ? // Lazily access constants.socketCachePath.\n constants.socketCachePath\n : '',\n // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n // certificates in file. The file should consist of one or more trusted\n // certificates in PEM format.\n // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n NODE_EXTRA_CA_CERTS:\n envAsString(processEnv['NODE_EXTRA_CA_CERTS']) ||\n // Commonly used environment variable to specify the path to a single\n // PEM-encoded certificate file.\n envAsString(processEnv['SSL_CERT_FILE']),\n // PATH is an environment variable that lists directories where executable\n // programs are located. When a command is run, the system searches these\n // directories to find the executable.\n PATH: envAsString(processEnv['PATH']),\n // Accept risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(processEnv[SOCKET_CLI_ACCEPT_RISKS]),\n // Change the base URL for Socket API calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_BASE_URL:\n envAsString(processEnv['SOCKET_CLI_API_BASE_URL']) ||\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_BASE_URL']) ||\n getConfigValueOrUndef('apiBaseUrl') ||\n 'https://api.socket.dev/v0/',\n // Set the proxy that all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_CLI_API_PROXY:\n envAsString(processEnv['SOCKET_CLI_API_PROXY']) ||\n // TODO: Remove legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_API_PROXY']) ||\n // Commonly used environment variables to specify routing requests through\n // a proxy server.\n envAsString(processEnv['HTTPS_PROXY']) ||\n envAsString(processEnv['https_proxy']) ||\n envAsString(processEnv['HTTP_PROXY']) ||\n envAsString(processEnv['http_proxy']),\n // Set the timeout in milliseconds for Socket API requests.\n // https://nodejs.org/api/http.html#httprequesturl-options-callback\n SOCKET_CLI_API_TIMEOUT: envAsNumber(processEnv['SOCKET_CLI_API_TOKEN']),\n // Set the Socket API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_CLI_API_TOKEN:\n envAsString(processEnv['SOCKET_CLI_API_TOKEN']) ||\n // TODO: Remove legacy environment variable names.\n envAsString(processEnv['SOCKET_CLI_API_KEY']) ||\n envAsString(processEnv['SOCKET_SECURITY_API_TOKEN']) ||\n envAsString(processEnv['SOCKET_SECURITY_API_KEY']),\n // A JSON stringified Socket configuration object.\n SOCKET_CLI_CONFIG: envAsString(processEnv['SOCKET_CLI_CONFIG']),\n // The git config user.email used by Socket CLI.\n SOCKET_CLI_GIT_USER_EMAIL:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_EMAIL']) ||\n 'github-actions[bot]@users.noreply.github.com',\n // The git config user.name used by Socket CLI.\n SOCKET_CLI_GIT_USER_NAME:\n envAsString(processEnv['SOCKET_CLI_GIT_USER_NAME']) ||\n envAsString(processEnv['SOCKET_CLI_GIT_USERNAME']) ||\n 'github-actions[bot]',\n // Change the base URL for GitHub REST API calls.\n // https://docs.github.com/en/rest\n SOCKET_CLI_GITHUB_API_URL:\n envAsString(processEnv['SOCKET_CLI_GITHUB_API_URL']) ||\n readOrDefaultSocketJson(process.cwd())?.defaults?.scan?.github\n ?.githubApiUrl ||\n 'https://api.github.com',\n // A classic GitHub personal access token with the \"repo\" scope or a\n // fine-grained access token with at least read/write permissions set for\n // \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_CLI_GITHUB_TOKEN:\n envAsString(processEnv['SOCKET_CLI_GITHUB_TOKEN']) ||\n // TODO: Remove undocumented legacy environment variable name.\n envAsString(processEnv['SOCKET_SECURITY_GITHUB_PAT']) ||\n GITHUB_TOKEN,\n // Make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(\n processEnv['SOCKET_CLI_NO_API_TOKEN'],\n ),\n // The absolute location of the npm directory.\n SOCKET_CLI_NPM_PATH: envAsString(processEnv['SOCKET_CLI_NPM_PATH']),\n // Specify the Socket organization slug.\n SOCKET_CLI_ORG_SLUG:\n envAsString(processEnv['SOCKET_CLI_ORG_SLUG']) ||\n // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n envAsString(processEnv['SOCKET_ORG_SLUG']),\n // View all risks of a Socket wrapped npm/npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(\n processEnv[SOCKET_CLI_VIEW_ALL_RISKS],\n ),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(processEnv['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(processEnv['XDG_DATA_HOME']),\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n // Lazily access constants.binPath.\n path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true,\n })\n\nconst lazyBlessedPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n // Lazily access constants.coanaPath.\n path.join(constants.coanaPath, 'cli-wrapper.mjs')\n\nconst lazyCoanaPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n // Lazily access constants.socketCachePath.\n path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n ['npm', '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.7'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*'],\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n Object.freeze(\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n '--disable-proto',\n 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n '--frozen-intrinsics',\n '--no-deprecation',\n ],\n )\n\nconst lazyNodeMemoryFlags = () => {\n const flags = /*@__PURE__*/ require(\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist/flags.js'),\n )\n const getMaxOldSpaceSizeFlag = flags.getMaxOldSpaceSizeFlag\n const getMaxSemiSpaceSizeFlag = flags.getMaxSemiSpaceSizeFlag\n return Object.freeze([\n `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n ])\n}\n\nconst lazyNpmCachePath = () => {\n const spawnHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['config', 'get', 'cache'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n const spawnHelpers = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n const spawnSync = spawnHelpers.spawnSync\n return spawnSync(\n // Lazily access constants.npmExecPath.\n constants.npmExecPath,\n ['prefix', '-g'],\n getNpmStdioPipeOptions(),\n ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n path.join(\n // Lazily access constants.npmRealExecPath.\n constants.npmRealExecPath,\n '../../node_modules/node-gyp/bin/node-gyp.js',\n )\n\nconst lazyProcessEnv = () =>\n // Lazily access constants.ENV.\n Object.setPrototypeOf(\n Object.fromEntries(\n Object.entries(constants.ENV).reduce(\n (entries, entry) => {\n const { 0: key, 1: value } = entry\n if (key.startsWith('INLINED_SOCKET_CLI_')) {\n return entries\n }\n if (typeof value === 'string') {\n if (value) {\n entries.push(entry as [string, string])\n }\n } else if (typeof value === 'boolean' && value) {\n entries.push([key, '1'])\n }\n return entries\n },\n [] as Array<[string, string]>,\n ),\n ),\n null,\n )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n // Get the OS app data directory:\n // - Win: %LOCALAPPDATA% or fail?\n // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n // On most systems that path is: $HOME/.local/share\n // Then append `socket/settings`, so:\n // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n let dataHome: string | undefined = WIN32\n ? // Lazily access constants.ENV.LOCALAPPDATA\n constants.ENV.LOCALAPPDATA\n : // Lazily access constants.ENV.XDG_DATA_HOME\n constants.ENV.XDG_DATA_HOME\n if (!dataHome) {\n if (WIN32) {\n const logger = /*@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n logger.warn(`Missing %${LOCALAPPDATA}%`)\n } else {\n dataHome = path.join(\n // Lazily access constants.homePath.\n constants.homePath,\n // Lazily access constants.DARWIN.\n constants.DARWIN ? 'Library/Application Support' : '.local/share',\n )\n }\n }\n return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n // Lazily access constants.externalPath.\n path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ...registryConstantsAttribs.props,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n DOT_SOCKET_DOT_FACTS_JSON,\n DRY_RUN_LABEL,\n DRY_RUN_BAILING_NOW,\n DRY_RUN_NOT_SAVING,\n ENV: undefined,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_DEFAULT_BRANCH,\n SOCKET_DEFAULT_REPOSITORY,\n SOCKET_WEBSITE_URL,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n binPath: undefined,\n binCliPath: undefined,\n blessedContribPath: undefined,\n blessedOptions: undefined,\n blessedPath: undefined,\n coanaBinPath: undefined,\n coanaPath: undefined,\n distCliPath: undefined,\n distPath: undefined,\n externalPath: undefined,\n githubCachePath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n nodeMemoryFlags: undefined,\n npmCachePath: undefined,\n npmGlobalPrefix: undefined,\n npmNmNodeGypPath: undefined,\n processEnv: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n shadowNpmInjectPath: undefined,\n shadowNpmBinPath: undefined,\n socketAppDataPath: undefined,\n socketCachePath: undefined,\n socketRegistryPath: undefined,\n zshRcPath: undefined,\n },\n {\n getters: {\n ...registryConstantsAttribs.getters,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n binCliPath: lazyBinCliPath,\n binPath: lazyBinPath,\n blessedContribPath: lazyBlessedContribPath,\n blessedOptions: lazyBlessedOptions,\n blessedPath: lazyBlessedPath,\n coanaBinPath: lazyCoanaBinPath,\n coanaPath: lazyCoanaPath,\n distCliPath: lazyDistCliPath,\n distPath: lazyDistPath,\n externalPath: lazyExternalPath,\n githubCachePath: lazyGithubCachePath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n nodeMemoryFlags: lazyNodeMemoryFlags,\n npmCachePath: lazyNpmCachePath,\n npmGlobalPrefix: lazyNpmGlobalPrefix,\n npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n processEnv: lazyProcessEnv,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n shadowNpmBinPath: lazyShadowNpmBinPath,\n shadowNpmInjectPath: lazyShadowNpmInjectPath,\n socketAppDataPath: lazySocketAppDataPath,\n socketCachePath: lazySocketCachePath,\n socketRegistryPath: lazySocketRegistryPath,\n zshRcPath: lazyZshRcPath,\n },\n internals: {\n ...registryConstantsAttribs.internals,\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n },\n },\n },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","envAsString","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_BASE_URL","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TIMEOUT","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAsJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAgB;AACxB;;AAEE;;AAGF;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACAH;AAGF;AACA;AACAI;AAEE;AACAJ;AACA;AACA;AACAA;AAIF;AACA;AACAK;AACA;AACA;AACAC;AAEE;;AAIF;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;;AAMA;AACA;AACA;AACA;AACAC;AAEE;AACAT;AAEF;AACAU;AAGA;AACAC;AACA;AACAC;AAEE;AACAZ;AACF;AACAa;AAGA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAlB;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;AAEI;;AAGF;AACA;AACA;AAIF;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AACE;AACA;AACA;AACE;AACAA;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAsB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAL;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQM;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAzB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAkB;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIQ;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"da592c8f-3dc1-48d6-b74a-093ed3e5cbda"}
package/dist/shadow-npm-bin.js CHANGED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var require$$6 = require('../external/@socketsecurity/registry/lib/debug');
3
+ var require$$8 = require('../external/@socketsecurity/registry/lib/debug');
4
4
  var npm = require('../external/@socketsecurity/registry/lib/npm');
5
5
  var spawn = require('../external/@socketsecurity/registry/lib/spawn');
6
6
  var path = require('node:path');
@@ -56,7 +56,7 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
56
56
  `--allow-fs-write=${constants.npmGlobalPrefix}/*`,
57
57
  // Lazily access constants.npmGlobalPrefix.
58
58
  `--allow-fs-write=${constants.npmCachePath}/*`] : [];
59
- const useDebug = require$$6.isDebug('stdio');
59
+ const useDebug = require$$8.isDebug('stdio');
60
60
  const useNodeOptions = nodeOptionsArg || permArgs.length;
61
61
  const isSilent = !useDebug && !binArgs.some(npm.isNpmLoglevelFlag);
62
62
  // The default value of loglevel is "notice". We default to "error" which is
@@ -114,5 +114,5 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
114
114
  }
115
115
 
116
116
  module.exports = shadowBin;
117
- //# debugId=b57e835e-8355-4791-a897-fd329a01d7a8
117
+ //# debugId=b299bbd7-65b3-425f-a5ed-0099d0030251
118
118
  //# sourceMappingURL=shadow-npm-bin.js.map
package/dist/shadow-npm-bin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"shadow-npm-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx',\n): Promise<string> {\n const isNpx = binName === 'npx'\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${binName}-cli.js`),\n path.join(realBinPath, binName),\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isNpmLoglevelFlag,\n isNpmNodeOptionsFlag,\n isNpmProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2),\n) {\n process.exitCode = 1\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const binArgs = rawBinArgs.filter(\n a => !isNpmProgressFlag(a) && !isNpmNodeOptionsFlag(a),\n )\n const nodeOptionsArg = rawBinArgs.findLast(isNpmNodeOptionsFlag)\n const progressArg = rawBinArgs.findLast(isNpmProgressFlag) !== '--no-progress'\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const permArgs =\n binName === 'npm' &&\n // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n constants.SUPPORTS_NODE_PERMISSION_FLAG\n ? [\n '--permission',\n '--allow-child-process',\n // '--allow-addons',\n // '--allow-wasi',\n // Allow all reads because npm walks up directories looking for config\n // and package.json files.\n '--allow-fs-read=*',\n `--allow-fs-write=${process.cwd()}/*`,\n // Lazily access constants.npmGlobalPrefix.\n `--allow-fs-write=${constants.npmGlobalPrefix}/*`,\n // Lazily access constants.npmGlobalPrefix.\n `--allow-fs-write=${constants.npmCachePath}/*`,\n ]\n : []\n const useDebug = isDebug('stdio')\n const useNodeOptions = nodeOptionsArg || permArgs.length\n const isSilent = !useDebug && !binArgs.some(isNpmLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeMemoryFlags.\n ...constants.nodeMemoryFlags,\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n ? [\n '--require',\n // Lazily access constants.instrumentWithSentryPath.\n constants.instrumentWithSentryPath,\n ]\n : []),\n '--require',\n // Lazily access constants.shadowNpmInjectPath.\n constants.shadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n ...(useNodeOptions\n ? [\n `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n ]\n : []),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs,\n ],\n {\n env: {\n ...process.env,\n // Lazily access constants.processEnv.\n ...constants.processEnv,\n },\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc'],\n },\n )\n // See https://nodejs.org/api/child_process.html#event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n\n spawnPromise.process.send({\n // Lazily access constants.SOCKET_IPC_HANDSHAKE.\n [constants.SOCKET_IPC_HANDSHAKE]: {\n // Lazily access constants.SOCKET_CLI_SAFE_BIN.\n [constants.SOCKET_CLI_SAFE_BIN]: binName,\n // Lazily access constants.SOCKET_CLI_SAFE_PROGRESS.\n [constants.SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n },\n })\n await spawnPromise\n}\n"],"names":["WIN32","env","constants","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;AC3Be;;AAKb;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAIM;AACA;AACA;AACA;AACA;AAEA;;AAEA;AACA;AAGR;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AAEA;AACA;AAGM;AACAA;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAD;;AAEE;AACA;;AAEF;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAE;AACF;AACF;AAEAC;AACE;;AAEE;AACA;AACA;;AAEF;AACF;AACA;AACF;;","debugId":"b57e835e-8355-4791-a897-fd329a01d7a8"}
1
+ {"version":3,"file":"shadow-npm-bin.js","sources":["../src/shadow/npm/link.mts","../src/shadow/npm/bin.mts"],"sourcesContent":["import path from 'node:path'\n\nimport cmdShim from 'cmd-shim'\n\nimport constants from '../../constants.mts'\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed,\n} from '../../utils/npm-paths.mts'\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx',\n): Promise<string> {\n const isNpx = binName === 'npx'\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${binName}-cli.js`),\n path.join(realBinPath, binName),\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isNpmLoglevelFlag,\n isNpmNodeOptionsFlag,\n isNpmProgressFlag,\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link.mts'\nimport constants from '../../constants.mts'\nimport { cmdFlagsToString } from '../../utils/cmd.mts'\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2),\n) {\n process.exitCode = 1\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const binArgs = rawBinArgs.filter(\n a => !isNpmProgressFlag(a) && !isNpmNodeOptionsFlag(a),\n )\n const nodeOptionsArg = rawBinArgs.findLast(isNpmNodeOptionsFlag)\n const progressArg = rawBinArgs.findLast(isNpmProgressFlag) !== '--no-progress'\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const permArgs =\n binName === 'npm' &&\n // Lazily access constants.SUPPORTS_NODE_PERMISSION_FLAG.\n constants.SUPPORTS_NODE_PERMISSION_FLAG\n ? [\n '--permission',\n '--allow-child-process',\n // '--allow-addons',\n // '--allow-wasi',\n // Allow all reads because npm walks up directories looking for config\n // and package.json files.\n '--allow-fs-read=*',\n `--allow-fs-write=${process.cwd()}/*`,\n // Lazily access constants.npmGlobalPrefix.\n `--allow-fs-write=${constants.npmGlobalPrefix}/*`,\n // Lazily access constants.npmGlobalPrefix.\n `--allow-fs-write=${constants.npmCachePath}/*`,\n ]\n : []\n const useDebug = isDebug('stdio')\n const useNodeOptions = nodeOptionsArg || permArgs.length\n const isSilent = !useDebug && !binArgs.some(isNpmLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeMemoryFlags.\n ...constants.nodeMemoryFlags,\n // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD\n ? [\n '--require',\n // Lazily access constants.instrumentWithSentryPath.\n constants.instrumentWithSentryPath,\n ]\n : []),\n '--require',\n // Lazily access constants.shadowNpmInjectPath.\n constants.shadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n ...(useDebug ? ['--trace-uncaught', '--trace-warnings'] : []),\n ...(useNodeOptions\n ? [\n `--node-options='${nodeOptionsArg ? nodeOptionsArg.slice(15) : ''}${cmdFlagsToString(permArgs)}'`,\n ]\n : []),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs,\n ],\n {\n env: {\n ...process.env,\n // Lazily access constants.processEnv.\n ...constants.processEnv,\n },\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc'],\n },\n )\n // See https://nodejs.org/api/child_process.html#event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n\n spawnPromise.process.send({\n // Lazily access constants.SOCKET_IPC_HANDSHAKE.\n [constants.SOCKET_IPC_HANDSHAKE]: {\n // Lazily access constants.SOCKET_CLI_SAFE_BIN.\n [constants.SOCKET_CLI_SAFE_BIN]: binName,\n // Lazily access constants.SOCKET_CLI_SAFE_PROGRESS.\n [constants.SOCKET_CLI_SAFE_PROGRESS]: progressArg,\n },\n })\n await spawnPromise\n}\n"],"names":["WIN32","env","constants","process","spawnPromise"],"mappings":";;;;;;;;;;AAYO;AAIL;AACA;;AAEA;;AACQA;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;AC3Be;;AAKb;AACA;AACA;AAGA;;AAEA;AACA;AAEE;AACAC;AAIM;AACA;AACA;AACA;AACA;AAEA;;AAEA;AACA;AAGR;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AAEA;AACA;AAGM;AACAA;AAIN;AACAA;AACA;;AAQA;;AAEA;AACA;;AAMAD;;AAEE;AACA;;AAEF;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAE;AACF;AACF;AAEAC;AACE;;AAEE;AACA;AACA;;AAEF;AACF;AACA;AACF;;","debugId":"b299bbd7-65b3-425f-a5ed-0099d0030251"}
package/dist/shadow-npm-inject.js CHANGED
@@ -8,8 +8,8 @@ var constants = require('./constants.js');
8
8
  var utils = require('./utils.js');
9
9
  var logger = require('../external/@socketsecurity/registry/lib/logger');
10
10
  var registry = require('../external/@socketsecurity/registry');
11
- var require$$6 = require('../external/@socketsecurity/registry/lib/debug');
12
- var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
11
+ var require$$8 = require('../external/@socketsecurity/registry/lib/debug');
12
+ var require$$9 = require('../external/@socketsecurity/registry/lib/objects');
13
13
 
14
14
  var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
15
15
  let _arboristPkgPath;
@@ -60,7 +60,7 @@ const DiffAction = utils.createEnum({
60
60
 
61
61
  const {
62
62
  LOOP_SENTINEL,
63
- NPM: NPM$1,
63
+ NPM,
64
64
  NPM_REGISTRY_URL
65
65
  } = constants;
66
66
  function getUrlOrigin(input) {
@@ -80,7 +80,7 @@ function findBestPatchVersion(node, availableVersions, options) {
80
80
  __proto__: null,
81
81
  ...options
82
82
  };
83
- const manifestData = registry.getManifestData(NPM$1, node.name);
83
+ const manifestData = registry.getManifestData(NPM, node.name);
84
84
  let eligibleVersions;
85
85
  if (manifestData && manifestData.name === manifestData.package) {
86
86
  const major = utils.getMajor(manifestData.version);
@@ -154,7 +154,7 @@ function findPackageNodes(tree, name, version) {
154
154
  version: targetVersion
155
155
  } = node;
156
156
  if (!targetVersion && Array.isArray(node.errors) && node.errors.length) {
157
- require$$6.debugFn('notice', `miss: version for ${node.name} due to errors:\n`, node.errors);
157
+ require$$8.debugFn('notice', `miss: version for ${node.name} due to errors:\n`, node.errors);
158
158
  }
159
159
  if (node.name === name && ("undefined" !== 'string')) {
160
160
  matches.push(node);
@@ -176,25 +176,14 @@ function findPackageNodes(tree, name, version) {
176
176
  async function getAlertsMapFromArborist(arb, options) {
177
177
  const opts = {
178
178
  __proto__: null,
179
- include: undefined,
180
- ...options
181
- };
182
- opts.include = {
183
- __proto__: null,
184
- // Leave 'actions' unassigned so it can be given a default value in
185
- // subsequent functions where `options` is passed.
186
- // actions: undefined,
187
- blocked: true,
188
- critical: true,
189
- cve: true,
190
- existing: false,
191
- unfixable: true,
192
- upgradable: false,
193
- ...opts.include
179
+ consolidate: false,
180
+ nothrow: false,
181
+ ...options,
182
+ filter: utils.toFilterConfig(require$$9.getOwn(options, 'filter'))
194
183
  };
195
184
  const needInfoOn = getDetailsFromDiff(arb.diff, {
196
- include: {
197
- unchanged: opts.include.existing
185
+ filter: {
186
+ existing: opts.filter.existing
198
187
  }
199
188
  });
200
189
  const purls = needInfoOn.map(d => utils.idToNpmPurl(d.node.pkgid));
@@ -207,25 +196,21 @@ async function getAlertsMapFromArborist(arb, options) {
207
196
  }
208
197
  return await utils.getAlertsMapFromPurls(purls, {
209
198
  overrides,
210
- ...options
199
+ ...opts
211
200
  });
212
201
  }
213
202
  function getDetailsFromDiff(diff, options) {
214
203
  const details = [];
215
204
  // `diff` is `null` when `npm install --package-lock-only` is passed.
216
205
  if (!diff) {
217
- require$$6.debugFn('notice', `miss: diff is ${diff}`);
206
+ require$$8.debugFn('notice', `miss: diff is ${diff}`);
218
207
  return details;
219
208
  }
220
- const include = {
221
- __proto__: null,
222
- unchanged: false,
209
+ const filterConfig = utils.toFilterConfig({
210
+ existing: false,
223
211
  unknownOrigin: true,
224
- ...{
225
- __proto__: null,
226
- ...options
227
- }.include
228
- };
212
+ ...require$$9.getOwn(options, 'filter')
213
+ });
229
214
  const queue = [...diff.children];
230
215
  let pos = 0;
231
216
  let {
@@ -261,7 +246,7 @@ function getDetailsFromDiff(diff, options) {
261
246
  keep = action !== DiffAction.remove;
262
247
  }
263
248
  if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {
264
- if (include.unknownOrigin || getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL) {
249
+ if (filterConfig.unknownOrigin || getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL) {
265
250
  details.push({
266
251
  node: pkgNode,
267
252
  existing
@@ -273,7 +258,7 @@ function getDetailsFromDiff(diff, options) {
273
258
  queue[queueLength++] = child;
274
259
  }
275
260
  }
276
- if (include.unchanged) {
261
+ if (filterConfig.existing) {
277
262
  const {
278
263
  unchanged
279
264
  } = diff;
@@ -281,7 +266,7 @@ function getDetailsFromDiff(diff, options) {
281
266
  length
282
267
  } = unchanged; i < length; i += 1) {
283
268
  const pkgNode = unchanged[i];
284
- if (include.unknownOrigin || getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL) {
269
+ if (filterConfig.unknownOrigin || getUrlOrigin(pkgNode.resolved) === NPM_REGISTRY_URL) {
285
270
  details.push({
286
271
  node: pkgNode,
287
272
  existing: pkgNode
@@ -321,7 +306,7 @@ function updateNode(node, newVersion, newVersionPackument) {
321
306
  delete node.integrity;
322
307
  }
323
308
  // Update node.package.deprecated based on targetPackument.deprecated.
324
- if (require$$7.hasOwn(newVersionPackument, 'deprecated')) {
309
+ if (require$$9.hasOwn(newVersionPackument, 'deprecated')) {
325
310
  node.package['deprecated'] = newVersionPackument.deprecated;
326
311
  } else {
327
312
  delete node.package['deprecated'];
@@ -336,7 +321,7 @@ function updateNode(node, newVersion, newVersionPackument) {
336
321
  node.package.dependencies = newDeps;
337
322
  if (oldDeps) {
338
323
  for (const oldDepName of Object.keys(oldDeps)) {
339
- if (!require$$7.hasOwn(newDeps, oldDepName)) {
324
+ if (!require$$9.hasOwn(newDeps, oldDepName)) {
340
325
  // Detach old edges for dependencies that don't exist on the updated
341
326
  // node.package.dependencies.
342
327
  node.edgesOut.get(oldDepName)?.detach();
@@ -344,7 +329,7 @@ function updateNode(node, newVersion, newVersionPackument) {
344
329
  }
345
330
  }
346
331
  for (const newDepName of Object.keys(newDeps)) {
347
- if (!require$$7.hasOwn(oldDeps, newDepName)) {
332
+ if (!require$$9.hasOwn(oldDeps, newDepName)) {
348
333
  // Add new edges for dependencies that don't exist on the old
349
334
  // node.package.dependencies.
350
335
  node.addEdgeOut(new Edge({
@@ -366,7 +351,7 @@ function updatePackageJsonFromNode(editablePkgJson, tree, node, newVersion, rang
366
351
  } = node;
367
352
  for (const depField of ['dependencies', 'optionalDependencies', 'peerDependencies']) {
368
353
  const depObject = editablePkgJson.content[depField];
369
- const depValue = require$$7.hasOwn(depObject, name) ? depObject[name] : undefined;
354
+ const depValue = require$$9.hasOwn(depObject, name) ? depObject[name] : undefined;
370
355
  if (typeof depValue !== 'string' || depValue.startsWith('catalog:')) {
371
356
  continue;
372
357
  }
@@ -400,7 +385,6 @@ function updatePackageJsonFromNode(editablePkgJson, tree, node, newVersion, rang
400
385
 
401
386
  // @ts-ignore
402
387
  const {
403
- NPM,
404
388
  NPX,
405
389
  SOCKET_CLI_ACCEPT_RISKS,
406
390
  SOCKET_CLI_SAFE_BIN,
@@ -482,20 +466,16 @@ class SafeArborist extends Arborist {
482
466
  const spinner = options['silent'] || !progress ? undefined :
483
467
  // Lazily access constants.spinner.
484
468
  constants.spinner;
485
- const isSafeNpm = binName === NPM;
486
469
  const isSafeNpx = binName === NPX;
487
470
  const alertsMap = await getAlertsMapFromArborist(this, {
488
471
  spinner,
489
- include: acceptRisks || options.dryRun || options['yes'] ? {
472
+ filter: acceptRisks || options.dryRun || options['yes'] ? {
490
473
  actions: ['error'],
491
474
  blocked: true,
492
- critical: false,
493
- cve: false,
494
- existing: true,
495
- unfixable: false
475
+ existing: true
496
476
  } : {
497
- existing: isSafeNpx,
498
- unfixable: isSafeNpm
477
+ // actions: ['error', 'monitor', 'warn'],
478
+ existing: isSafeNpx
499
479
  }
500
480
  });
501
481
  if (alertsMap.size) {
@@ -552,5 +532,5 @@ exports.findPackageNodes = findPackageNodes;
552
532
  exports.getAlertsMapFromArborist = getAlertsMapFromArborist;
553
533
  exports.updateNode = updateNode;
554
534
  exports.updatePackageJsonFromNode = updatePackageJsonFromNode;
555
- //# debugId=bfd47197-3803-45f5-b7bf-b12f906816a9
535
+ //# debugId=d1fb5709-ccd6-4012-b4c0-a0735838b4d5
556
536
  //# sourceMappingURL=shadow-npm-inject.js.map