@socketsecurity/cli-with-sentry 1.1.14 → 1.1.17

package/external/@socketsecurity/registry/external/spdx-correct.js

@@ -46,12 +46,15 @@ const require$$1$1 = [
   'Artistic-1.0-Perl',
   'Artistic-1.0-cl8',
   'Artistic-2.0',
+  'Artistic-dist',
+  'Aspell-RU',
   'BSD-1-Clause',
   'BSD-2-Clause',
   'BSD-2-Clause-Darwin',
   'BSD-2-Clause-Patent',
   'BSD-2-Clause-Views',
   'BSD-2-Clause-first-lines',
+  'BSD-2-Clause-pkgconf-disclaimer',
   'BSD-3-Clause',
   'BSD-3-Clause-Attribution',
   'BSD-3-Clause-Clear',
@@ -192,6 +195,7 @@ const require$$1$1 = [
   'Cornell-Lossless-JPEG',
   'Cronyx',
   'Crossword',
+  'CryptoSwift',
   'CrystalStacker',
   'Cube',
   'D-FSL-1.0',
@@ -202,6 +206,7 @@ const require$$1$1 = [
   'DRL-1.0',
   'DRL-1.1',
   'DSDP',
+  'DocBook-DTD',
   'DocBook-Schema',
   'DocBook-Stylesheet',
   'DocBook-XML',
@@ -227,7 +232,10 @@ const require$$1$1 = [
   'FSFAP-no-warranty-disclaimer',
   'FSFUL',
   'FSFULLR',
+  'FSFULLRSD',
   'FSFULLRWD',
+  'FSL-1.1-ALv2',
+  'FSL-1.1-MIT',
   'FTL',
   'Fair',
   'Ferguson-Twofish',
@@ -263,11 +271,13 @@ const require$$1$1 = [
   'GPL-2.0-or-later',
   'GPL-3.0-only',
   'GPL-3.0-or-later',
+  'Game-Programming-Gems',
   'Giftware',
   'Glide',
   'Glulxe',
   'Graphics-Gems',
   'Gutmann',
+  'HDF5',
   'HIDAPI',
   'HP-1986',
   'HP-1989',
@@ -413,6 +423,7 @@ const require$$1$1 = [
   'NPL-1.1',
   'NPOSL-3.0',
   'NRL',
+  'NTIA-PD',
   'NTP',
   'NTP-0',
   'Naumen',
@@ -515,11 +526,13 @@ const require$$1$1 = [
   'SMLNJ',
   'SMPPL',
   'SNIA',
+  'SOFA',
   'SPL-1.0',
   'SSH-OpenSSH',
   'SSH-short',
   'SSLeay-standalone',
   'SSPL-1.0',
+  'SUL-1.0',
   'SWL',
   'Saxpath',
   'SchemeReport',
@@ -565,6 +578,8 @@ const require$$1$1 = [
   'Unicode-TOU',
   'UnixCrypt',
   'Unlicense',
+  'Unlicense-libtelnet',
+  'Unlicense-libwhirlpool',
   'VOSTROM',
   'VSL-1.0',
   'Vim',
@@ -618,6 +633,8 @@ const require$$1$1 = [
   'gtkbook',
   'hdparm',
   'iMatix',
+  'jove',
+  'libpng-1.6.35',
   'libpng-2.0',
   'libselinux-1.0',
   'libtiff',
@@ -625,10 +642,12 @@ const require$$1$1 = [
   'lsof',
   'magaz',
   'mailprio',
+  'man2html',
   'metamail',
   'mpi-permissive',
   'mpich2',
   'mplus',
+  'ngrep',
   'pkgconf',
   'pnmstitch',
   'psfrag',

package/external/@socketsecurity/registry/external/spdx-expression-parse.js

@@ -46,12 +46,15 @@ const require$$0 = [
   'Artistic-1.0-Perl',
   'Artistic-1.0-cl8',
   'Artistic-2.0',
+  'Artistic-dist',
+  'Aspell-RU',
   'BSD-1-Clause',
   'BSD-2-Clause',
   'BSD-2-Clause-Darwin',
   'BSD-2-Clause-Patent',
   'BSD-2-Clause-Views',
   'BSD-2-Clause-first-lines',
+  'BSD-2-Clause-pkgconf-disclaimer',
   'BSD-3-Clause',
   'BSD-3-Clause-Attribution',
   'BSD-3-Clause-Clear',
@@ -192,6 +195,7 @@ const require$$0 = [
   'Cornell-Lossless-JPEG',
   'Cronyx',
   'Crossword',
+  'CryptoSwift',
   'CrystalStacker',
   'Cube',
   'D-FSL-1.0',
@@ -202,6 +206,7 @@ const require$$0 = [
   'DRL-1.0',
   'DRL-1.1',
   'DSDP',
+  'DocBook-DTD',
   'DocBook-Schema',
   'DocBook-Stylesheet',
   'DocBook-XML',
@@ -227,7 +232,10 @@ const require$$0 = [
   'FSFAP-no-warranty-disclaimer',
   'FSFUL',
   'FSFULLR',
+  'FSFULLRSD',
   'FSFULLRWD',
+  'FSL-1.1-ALv2',
+  'FSL-1.1-MIT',
   'FTL',
   'Fair',
   'Ferguson-Twofish',
@@ -263,11 +271,13 @@ const require$$0 = [
   'GPL-2.0-or-later',
   'GPL-3.0-only',
   'GPL-3.0-or-later',
+  'Game-Programming-Gems',
   'Giftware',
   'Glide',
   'Glulxe',
   'Graphics-Gems',
   'Gutmann',
+  'HDF5',
   'HIDAPI',
   'HP-1986',
   'HP-1989',
@@ -413,6 +423,7 @@ const require$$0 = [
   'NPL-1.1',
   'NPOSL-3.0',
   'NRL',
+  'NTIA-PD',
   'NTP',
   'NTP-0',
   'Naumen',
@@ -515,11 +526,13 @@ const require$$0 = [
   'SMLNJ',
   'SMPPL',
   'SNIA',
+  'SOFA',
   'SPL-1.0',
   'SSH-OpenSSH',
   'SSH-short',
   'SSLeay-standalone',
   'SSPL-1.0',
+  'SUL-1.0',
   'SWL',
   'Saxpath',
   'SchemeReport',
@@ -565,6 +578,8 @@ const require$$0 = [
   'Unicode-TOU',
   'UnixCrypt',
   'Unlicense',
+  'Unlicense-libtelnet',
+  'Unlicense-libwhirlpool',
   'VOSTROM',
   'VSL-1.0',
   'Vim',
@@ -618,6 +633,8 @@ const require$$0 = [
   'gtkbook',
   'hdparm',
   'iMatix',
+  'jove',
+  'libpng-1.6.35',
   'libpng-2.0',
   'libselinux-1.0',
   'libtiff',
@@ -625,10 +642,12 @@ const require$$0 = [
   'lsof',
   'magaz',
   'mailprio',
+  'man2html',
   'metamail',
   'mpi-permissive',
   'mpich2',
   'mplus',
+  'ngrep',
   'pkgconf',
   'pnmstitch',
   'psfrag',

package/external/@socketsecurity/registry/lib/agent.js

@@ -0,0 +1,390 @@
+'use strict'
+
+const {
+  execBin,
+  resolveBinPathSync,
+  whichBin,
+  whichBinSync
+} = /*@__PURE__*/ require('./bin')
+const { isDebug } = /*@__PURE__*/ require('./debug')
+const { findUpSync } = /*@__PURE__*/ require('./fs')
+const { getOwn } = /*@__PURE__*/ require('./objects')
+const { spawn } = /*@__PURE__*/ require('./spawn')
+
+const npmAuditFlags = new Set(['--audit', '--no-audit'])
+
+const npmFundFlags = new Set(['--fund', '--no-fund'])
+
+const npmLogFlags = new Set([
+  // --loglevel has several aliases:
+  // https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
+  '--loglevel',
+  '-d',
+  '--dd',
+  '--ddd',
+  '-q',
+  '--quiet',
+  '-s',
+  '--silent'
+])
+
+const npmProgressFlags = new Set(['--progress', '--no-progress'])
+
+const pnpmIgnoreScriptsFlags = new Set([
+  '--ignore-scripts',
+  '--no-ignore-scripts'
+])
+
+const pnpmFrozenLockfileFlags = new Set([
+  '--frozen-lockfile',
+  '--no-frozen-lockfile'
+])
+
+const pnpmInstallCommands = new Set(['install', 'i'])
+
+// Commands that support --ignore-scripts flag in pnpm:
+// Installation-related: install, add, update, remove, link, unlink, import, rebuild.
+const pnpmInstallLikeCommands = new Set([
+  'install',
+  'i',
+  'add',
+  'update',
+  'up',
+  'remove',
+  'rm',
+  'link',
+  'ln',
+  'unlink',
+  'import',
+  'rebuild',
+  'rb'
+])
+
+// Commands that support --ignore-scripts flag in yarn:
+// Similar to npm/pnpm: installation-related commands.
+const yarnInstallLikeCommands = new Set([
+  'install',
+  'add',
+  'upgrade',
+  'remove',
+  'link',
+  'unlink',
+  'import'
+])
+
+/**
+ * Execute npm commands with optimized flags and settings.
+ * @param {string[] | readonly string[]} args - Command arguments to pass to npm.
+ * @param {import('./spawn').SpawnOptions} [options] - Spawn options.
+ * @returns {Promise<{ stdout: string; stderr: string }>} Command output.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function execNpm(args, options) {
+  const useDebug = isDebug()
+  const terminatorPos = args.indexOf('--')
+  const npmArgs = (
+    terminatorPos === -1 ? args : args.slice(0, terminatorPos)
+  ).filter(
+    a => !isNpmAuditFlag(a) && !isNpmFundFlag(a) && !isNpmProgressFlag(a)
+  )
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)
+  const logLevelArgs =
+    // The default value of loglevel is "notice". We default to "warn" which is
+    // one level quieter.
+    useDebug || npmArgs.some(isNpmLoglevelFlag) ? [] : ['--loglevel', 'warn']
+  return spawn(
+    /*@__PURE__*/ require('./constants/exec-path'),
+    [
+      .../*@__PURE__*/ require('./constants/node-harden-flags'),
+      .../*@__PURE__*/ require('./constants/node-no-warnings-flags'),
+      /*@__PURE__*/ require('./constants/npm-real-exec-path'),
+      // Even though '--loglevel=error' is passed npm will still run through
+      // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+      // flags are passed.
+      '--no-audit',
+      '--no-fund',
+      // Add `--no-progress` and `--silent` flags to fix input being swallowed
+      // by the spinner when running the command with recent versions of npm.
+      '--no-progress',
+      // Add '--loglevel=error' if a loglevel flag is not provided and the
+      // SOCKET_CLI_DEBUG environment variable is not truthy.
+      ...logLevelArgs,
+      ...npmArgs,
+      ...otherArgs
+    ],
+    {
+      __proto__: null,
+      ...options
+    }
+  )
+}
+
+/**
+ * Execute pnpm commands with optimized flags and settings.
+ * @param {string[] | readonly string[]} args - Command arguments to pass to pnpm.
+ * @param {import('./spawn').SpawnOptions} [options] - Spawn options.
+ * @returns {Promise<{ stdout: string; stderr: string }>} Command output.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function execPnpm(args, options) {
+  const { allowLockfileUpdate, ...extBinOpts } = { __proto__: null, ...options }
+  const useDebug = isDebug()
+  const terminatorPos = args.indexOf('--')
+  const pnpmArgs = (
+    terminatorPos === -1 ? args : args.slice(0, terminatorPos)
+  ).filter(a => !isNpmProgressFlag(a))
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)
+
+  const firstArg = pnpmArgs[0]
+  const supportsIgnoreScripts = pnpmInstallLikeCommands.has(firstArg)
+
+  // pnpm uses --loglevel for all commands.
+  const logLevelArgs =
+    useDebug || pnpmArgs.some(isPnpmLoglevelFlag) ? [] : ['--loglevel', 'warn']
+
+  // Only add --ignore-scripts for commands that support it.
+  const hasIgnoreScriptsFlag = pnpmArgs.some(isPnpmIgnoreScriptsFlag)
+  const ignoreScriptsArgs =
+    !supportsIgnoreScripts || hasIgnoreScriptsFlag ? [] : ['--ignore-scripts']
+
+  // In CI environments, pnpm uses --frozen-lockfile by default which prevents lockfile updates.
+  // For commands that need to update the lockfile (like install with new packages/overrides),
+  // we need to explicitly add --no-frozen-lockfile in CI mode if not already present.
+  const ENV = /*@__PURE__*/ require('./constants/env')
+  const frozenLockfileArgs = []
+  if (
+    ENV.CI &&
+    allowLockfileUpdate &&
+    isPnpmInstallCommand(firstArg) &&
+    !pnpmArgs.some(isPnpmFrozenLockfileFlag)
+  ) {
+    frozenLockfileArgs.push('--no-frozen-lockfile')
+  }
+
+  // Note: pnpm doesn't have a --no-progress flag. It uses --reporter instead.
+  // We removed --no-progress as it causes "Unknown option" errors with pnpm.
+
+  return execBin(
+    'pnpm',
+    [
+      // Add '--loglevel=warn' if a loglevel flag is not provided and debug is off.
+      ...logLevelArgs,
+      // Add '--ignore-scripts' by default for security (only for installation commands).
+      ...ignoreScriptsArgs,
+      // Add '--no-frozen-lockfile' in CI when lockfile updates are needed.
+      ...frozenLockfileArgs,
+      ...pnpmArgs,
+      ...otherArgs
+    ],
+    extBinOpts
+  )
+}
+
+/*@__NO_SIDE_EFFECTS__*/
+function execYarn(args, options) {
+  const useDebug = isDebug()
+  const terminatorPos = args.indexOf('--')
+  const yarnArgs = (
+    terminatorPos === -1 ? args : args.slice(0, terminatorPos)
+  ).filter(a => !isNpmProgressFlag(a))
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)
+
+  const firstArg = yarnArgs[0]
+  const supportsIgnoreScripts = yarnInstallLikeCommands.has(firstArg)
+
+  // Yarn uses --silent flag for quieter output.
+  const logLevelArgs =
+    useDebug || yarnArgs.some(isNpmLoglevelFlag) ? [] : ['--silent']
+
+  // Only add --ignore-scripts for commands that support it.
+  const hasIgnoreScriptsFlag = yarnArgs.some(isPnpmIgnoreScriptsFlag)
+  const ignoreScriptsArgs =
+    !supportsIgnoreScripts || hasIgnoreScriptsFlag ? [] : ['--ignore-scripts']
+
+  return execBin(
+    'yarn',
+    [
+      // Add '--silent' if a loglevel flag is not provided and debug is off.
+      ...logLevelArgs,
+      // Add '--ignore-scripts' by default for security (only for installation commands).
+      ...ignoreScriptsArgs,
+      ...yarnArgs,
+      ...otherArgs
+    ],
+    {
+      __proto__: null,
+      /**
+       * Check if a command argument is an npm audit flag.
+       * @param {string} cmdArg - The command argument to check.
+       * @returns {boolean} True if the argument is an audit flag.
+       */
+      ...options
+    }
+  )
+}
+
+/**
+ * Check if a command argument is an npm fund flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a fund flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isNpmAuditFlag(cmdArg) {
+  return npmAuditFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is an npm loglevel flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a loglevel flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isNpmFundFlag(cmdArg) {
+  return npmFundFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is an npm loglevel flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a loglevel flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isNpmLoglevelFlag(cmdArg) {
+  // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels
+  return cmdArg.startsWith('--loglevel=') || npmLogFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is an npm node-options flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a node-options flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isNpmNodeOptionsFlag(cmdArg) {
+  // https://docs.npmjs.com/cli/v9/using-npm/config#node-options
+  return cmdArg.startsWith('--node-options=')
+}
+
+/**
+ * Check if a command argument is an npm progress flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a progress flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isNpmProgressFlag(cmdArg) {
+  return npmProgressFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is a pnpm ignore-scripts flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is an ignore-scripts flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isPnpmIgnoreScriptsFlag(cmdArg) {
+  return pnpmIgnoreScriptsFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is a pnpm frozen-lockfile flag.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a frozen-lockfile flag.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isPnpmFrozenLockfileFlag(cmdArg) {
+  return pnpmFrozenLockfileFlags.has(cmdArg)
+}
+
+/**
+ * Check if a command argument is a pnpm install command.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is an install command.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function isPnpmInstallCommand(cmdArg) {
+  return pnpmInstallCommands.has(cmdArg)
+}
+
+/**
+ * Alias for isNpmLoglevelFlag for pnpm usage.
+ * @param {string} cmdArg - The command argument to check.
+ * @returns {boolean} True if the argument is a loglevel flag.
+ */
+const isPnpmLoglevelFlag = isNpmLoglevelFlag
+
+/**
+ * Execute a package.json script using the appropriate package manager.
+ * Automatically detects pnpm, yarn, or npm based on lockfiles.
+ * @param {string} scriptName - The name of the script to run.
+ * @param {string[] | readonly string[]} args - Additional arguments to pass to the script.
+ * @param {ExecScriptOptions} [options] - Spawn options with optional prepost flag.
+ * @returns {Promise<{ stdout: string; stderr: string }>} Command output.
+ * @typedef {import('./objects').Remap<import('./spawn').SpawnOptions & {prepost?: boolean}>} ExecScriptOptions
+ */
+/*@__NO_SIDE_EFFECTS__*/
+function execScript(scriptName, args, options) {
+  const { prepost, ...spawnOptions } = { __proto__: null, ...options }
+  const useNodeRun =
+    !prepost && /*@__PURE__*/ require('./constants/supports-node-run')
+
+  // Detect package manager based on lockfile by traversing up from current directory.
+  const cwd = getOwn(spawnOptions, 'cwd') ?? process.cwd()
+
+  // Check for pnpm-lock.yaml.
+  const PNPM_LOCK_YAML = /*@__PURE__*/ require('./constants/pnpm-lock-yaml')
+  const pnpmLockPath = findUpSync(PNPM_LOCK_YAML, { cwd })
+  if (pnpmLockPath) {
+    return execPnpm(['run', scriptName, ...args], spawnOptions)
+  }
+
+  // Check for package-lock.json.
+  // When in an npm workspace, use npm run to ensure workspace binaries are available.
+  const PACKAGE_LOCK = /*@__PURE__*/ require('./constants/package-lock-json')
+  const packageLockPath = findUpSync(PACKAGE_LOCK, { cwd })
+  if (packageLockPath) {
+    return execNpm(['run', scriptName, ...args], spawnOptions)
+  }
+
+  // Check for yarn.lock.
+  const YARN_LOCK = /*@__PURE__*/ require('./constants/yarn-lock')
+  const yarnLockPath = findUpSync(YARN_LOCK, { cwd })
+  if (yarnLockPath) {
+    return execYarn(['run', scriptName, ...args], spawnOptions)
+  }
+
+  return spawn(
+    /*@__PURE__*/ require('./constants/exec-path'),
+    [
+      .../*@__PURE__*/ require('./constants/node-no-warnings-flags'),
+      ...(useNodeRun
+        ? ['--run']
+        : [/*@__PURE__*/ require('./constants/npm-real-exec-path'), 'run']),
+      scriptName,
+      ...args
+    ],
+    {
+      __proto__: null,
+      ...spawnOptions
+    }
+  )
+}
+
+module.exports = {
+  execBin,
+  execNpm,
+  execPnpm,
+  execScript,
+  execYarn,
+  isNpmAuditFlag,
+  isNpmFundFlag,
+  isNpmLoglevelFlag,
+  isNpmNodeOptionsFlag,
+  isNpmProgressFlag,
+  isPnpmFrozenLockfileFlag,
+  isPnpmIgnoreScriptsFlag,
+  isPnpmInstallCommand,
+  isPnpmLoglevelFlag,
+  resolveBinPathSync,
+  whichBin,
+  whichBinSync
+}

package/external/@socketsecurity/registry/lib/arrays.js

@@ -1,6 +1,11 @@
 'use strict'
 
 let _conjunctionFormatter
+/**
+ * Get a cached Intl.ListFormat instance for conjunction (and) formatting.
+ * @returns {Intl.ListFormat} The conjunction formatter.
+ * @private
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function getConjunctionFormatter() {
   if (_conjunctionFormatter === undefined) {
@@ -13,6 +18,11 @@ function getConjunctionFormatter() {
 }
 
 let _disjunctionFormatter
+/**
+ * Get a cached Intl.ListFormat instance for disjunction (or) formatting.
+ * @returns {Intl.ListFormat} The disjunction formatter.
+ * @private
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function getDisjunctionFormatter() {
   if (_disjunctionFormatter === undefined) {
@@ -24,6 +34,12 @@ function getDisjunctionFormatter() {
   return _disjunctionFormatter
 }
 
+/**
+ * Split an array into chunks of a specified size.
+ * @param {any[]} arr - The array to chunk.
+ * @param {number} [size=2] - The size of each chunk.
+ * @returns {any[][]} Array of chunked arrays.
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function arrayChunk(arr, size = 2) {
   const { length } = arr
@@ -35,16 +51,31 @@ function arrayChunk(arr, size = 2) {
   return chunks
 }
 
+/**
+ * Get unique values from an array.
+ * @param {any[]} arr - The array to deduplicate.
+ * @returns {any[]} Array with unique values.
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function arrayUnique(arr) {
   return [...new Set(arr)]
 }
 
+/**
+ * Join array elements with proper "and" conjunction formatting.
+ * @param {string[]} arr - The array to join.
+ * @returns {string} The formatted string with "and" conjunction.
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function joinAnd(arr) {
   return getConjunctionFormatter().format(arr)
 }
 
+/**
+ * Join array elements with proper "or" disjunction formatting.
+ * @param {string[]} arr - The array to join.
+ * @returns {string} The formatted string with "or" disjunction.
+ */
 /*@__NO_SIDE_EFFECTS__*/
 function joinOr(arr) {
   return getDisjunctionFormatter().format(arr)