npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.1.19 → 1.1.20 - Mend

@socketsecurity/cli-with-sentry 1.1.19 → 1.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/CHANGELOG.md +3 -0
package/dist/cli.js +48 -24
package/dist/cli.js.map +1 -1
package/dist/constants.js +6 -3
package/dist/constants.js.map +1 -1
package/dist/shadow-pnpm-bin2.js +6 -2
package/dist/shadow-pnpm-bin2.js.map +1 -1
package/dist/shadow-yarn-bin.js +6 -2
package/dist/shadow-yarn-bin.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/analytics/cmd-analytics.d.mts.map +1 -1
package/dist/types/commands/analytics/output-analytics.d.mts.map +1 -1
package/dist/types/commands/audit-log/cmd-audit-log.d.mts.map +1 -1
package/dist/types/commands/login/attempt-login.d.mts.map +1 -1
package/dist/types/commands/optimize/ls-by-agent.d.mts.map +1 -1
package/dist/types/commands/raw-npm/run-raw-npm.d.mts.map +1 -1
package/dist/types/commands/raw-npx/run-raw-npx.d.mts.map +1 -1
package/dist/types/commands/repository/cmd-repository-create.d.mts.map +1 -1
package/dist/types/commands/repository/cmd-repository-del.d.mts.map +1 -1
package/dist/types/commands/repository/cmd-repository-update.d.mts.map +1 -1
package/dist/types/commands/repository/cmd-repository-view.d.mts.map +1 -1
package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
package/dist/types/commands/scan/cmd-scan-list.d.mts.map +1 -1
package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +1 -1
package/dist/types/commands/scan/output-diff-scan.d.mts.map +1 -1
package/dist/types/commands/scan/output-scan-view.d.mts.map +1 -1
package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts.map +1 -1
package/dist/types/constants.d.mts.map +1 -1
package/dist/types/shadow/pnpm/bin.d.mts.map +1 -1
package/dist/types/shadow/yarn/bin.d.mts.map +1 -1
package/dist/types/utils/agent.d.mts.map +1 -1
package/dist/types/utils/determine-org-slug.d.mts.map +1 -1
package/dist/types/utils/package-environment.d.mts.map +1 -1
package/dist/types/utils/terminal-link.d.mts +45 -0
package/dist/types/utils/terminal-link.d.mts.map +1 -0
package/dist/types/utils/yarn-version.d.mts.map +1 -1
package/dist/utils.js +98 -4
package/dist/utils.js.map +1 -1
package/dist/vendor.js +372 -372
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -10,6 +10,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Testing infrastructure for malware detection with mock fixtures and API response utilities
 - Test fixtures for packages flagged with both `malware` and `gptMalware` alerts
+### Fixed
+- Resolved Windows spawn errors for package managers by enabling shell execution for .cmd files
 ## [1.1.18](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.18) - 2025-09-18
 ### Fixed

package/dist/cli.js CHANGED Viewed

@@ -95,7 +95,7 @@ async function outputAnalytics(result, {
       try {
         await fs.writeFile(filepath, serialized, 'utf8');
         utils.debugFileOp('write', filepath);
-        logger.logger.success(`Data successfully written to ${filepath}`);
+        logger.logger.success(`Data successfully written to ${utils.fileLink(filepath)}`);
       } catch (e) {
         utils.debugFileOp('write', filepath, e);
         process.exitCode = 1;
@@ -119,7 +119,7 @@ async function outputAnalytics(result, {
       try {
         await fs.writeFile(filepath, serialized, 'utf8');
         utils.debugFileOp('write', filepath);
-        logger.logger.success(`Data successfully written to ${filepath}`);
+        logger.logger.success(`Data successfully written to ${utils.fileLink(filepath)}`);
       } catch (e) {
         utils.debugFileOp('write', filepath, e);
         logger.logger.error(e);
@@ -418,7 +418,7 @@ async function run$S(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -793,7 +793,7 @@ async function run$R(argv, importMeta, {
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME$x}`)}
     This feature requires an Enterprise Plan. To learn more about getting access
-    to this feature and many more, please visit ${constants.default.SOCKET_WEBSITE_URL}/pricing
+    to this feature and many more, please visit the ${utils.webLink(`${constants.default.SOCKET_WEBSITE_URL}/pricing`, 'Socket pricing page')}.
     The type FILTER arg is an enum. Defaults to any. It should be one of these:
       associateLabel, cancelInvitation, changeMemberRole, changePlanSubscriptionSeats,
@@ -841,7 +841,7 @@ async function run$R(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -2214,7 +2214,7 @@ async function handleCreateNewScan({
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: packagePaths.length > 0,
-    fail: `found no eligible files to scan. See supported manifest files at ${vendor.terminalLinkExports('docs.socket.dev', 'https://docs.socket.dev/docs/manifest-file-detection-in-socket')}`,
+    fail: `found no eligible files to scan. See supported manifest files at ${utils.socketDocsLink('/docs/manifest-file-detection-in-socket', 'docs.socket.dev')}`,
     message: 'TARGET (file/dir) must contain matching / supported file types for a scan'
   });
   if (!wasValidInput) {
@@ -4427,7 +4427,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   apiBaseUrl ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_BASE_URL) ?? undefined;
   apiProxy ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_PROXY) ?? undefined;
   const apiTokenInput = await prompts.password({
-    message: `Enter your ${vendor.terminalLinkExports('Socket.dev API token', 'https://docs.socket.dev/docs/api-keys')} (leave blank to use a limited public token)`
+    message: `Enter your ${utils.socketDocsLink('/docs/api-keys', 'Socket.dev API token')} (leave blank to use a limited public token)`
   });
   if (apiTokenInput === undefined) {
     logger.logger.fail('Canceled by user');
@@ -4685,7 +4685,7 @@ const {
   YARN_LOCK
 } = constants.default;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', constants.NPM, constants.PNPM, 'ts', 'tsx', 'typescript']);
-function argvToArray(argvObj) {
+function argvObjectToArray(argvObj) {
   if (argvObj['help']) {
     return [constants.FLAG_HELP];
   }
@@ -4733,7 +4733,7 @@ async function runCdxgen(argvObj) {
     stdio: 'inherit'
   };
-  // Detect package manager based on lockfiles
+  // Detect package manager based on lockfiles.
   const pnpmLockPath = await utils.findUp(PNPM_LOCK_YAML, {
     onlyFiles: true
   });
@@ -4745,7 +4745,7 @@ async function runCdxgen(argvObj) {
   });
   const agent = pnpmLockPath ? constants.PNPM : yarnLockPath && utils.isYarnBerry() ? constants.YARN : constants.NPM;
   let cleanupPackageLock = false;
-  if (argvMutable['type'] !== constants.YARN && nodejsPlatformTypes.has(argvMutable['type']) && yarnLockPath) {
+  if (yarnLockPath && argvMutable['type'] !== constants.YARN && nodejsPlatformTypes.has(argvMutable['type'])) {
     if (npmLockPath) {
       argvMutable['type'] = constants.NPM;
     } else {
@@ -4763,8 +4763,8 @@ async function runCdxgen(argvObj) {
     }
   }
-  // Use appropriate package manager for cdxgen
-  const shadowResult = await utils.spawnCdxgenDlx(argvToArray(argvMutable), {
+  // Use appropriate package manager for cdxgen.
+  const shadowResult = await utils.spawnCdxgenDlx(argvObjectToArray(argvMutable), {
     ...shadowOpts,
     agent
   });
@@ -6785,6 +6785,9 @@ async function npmQuery(npmExecPath, cwd) {
   try {
     stdout = (await spawn.spawn(npmExecPath, ['query', ':not(.dev)'], {
       cwd,
+      // On Windows, npm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6802,6 +6805,9 @@ async function lsBun(pkgEnvDetails, options) {
     // https://github.com/oven-sh/bun/issues/8283
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['pm', 'ls', '--all'], {
       cwd,
+      // On Windows, bun is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6837,6 +6843,9 @@ async function lsPnpm(pkgEnvDetails, options) {
     // https://en.wiktionary.org/wiki/parsable
     ['ls', '--parseable', constants.FLAG_PROD, '--depth', 'Infinity'], {
       cwd,
+      // On Windows, pnpm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6854,6 +6863,9 @@ async function lsVlt(pkgEnvDetails, options) {
     // See https://docs.vlt.sh/cli/commands/list#options.
     stdout = (await spawn.spawn(pkgEnvDetails.agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
       cwd,
+      // On Windows, pnpm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6871,6 +6883,9 @@ async function lsYarnBerry(pkgEnvDetails, options) {
     // https://github.com/yarnpkg/berry/issues/5117
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['info', '--recursive', '--name-only'], {
       cwd,
+      // On Windows, yarn is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6890,6 +6905,9 @@ async function lsYarnClassic(pkgEnvDetails, options) {
     //   environment is production
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['list', constants.FLAG_PROD], {
       cwd,
+      // On Windows, yarn is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -9542,6 +9560,9 @@ async function run$l(argv, importMeta, context) {
 async function runRawNpm(argv) {
   process.exitCode = 1;
   const spawnPromise = spawn.spawn(utils.getNpmBinPath(), argv, {
+    // On Windows, npm is often a .cmd file that requires shell execution.
+    // The spawn function from @socketsecurity/registry will handle this properly
+    // when shell is true.
     shell: constants.default.WIN32,
     stdio: 'inherit'
   });
@@ -9605,6 +9626,9 @@ async function run$k(argv, importMeta, {
 async function runRawNpx(argv) {
   process.exitCode = 1;
   const spawnPromise = spawn.spawn(utils.getNpxBinPath(), argv, {
+    // On Windows, npx is often a .cmd file that requires shell execution.
+    // The spawn function from @socketsecurity/registry will handle this properly
+    // when shell is true.
     shell: constants.default.WIN32,
     stdio: 'inherit'
   });
@@ -9840,7 +9864,7 @@ async function run$i(argv, importMeta, {
   }, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     test: !!repoName,
@@ -9971,7 +9995,7 @@ async function run$h(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10462,7 +10486,7 @@ async function run$f(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10624,7 +10648,7 @@ async function run$e(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10876,7 +10900,7 @@ async function run$d(argv, importMeta, {
     Note: for a first run you probably want to set --default-branch to indicate
           the default branch name, like "main" or "master".
-    The "alerts page" (https://socket.dev/dashboard/org/YOURORG/alerts) will show
+    The ${utils.socketDashboardLink('/org/YOURORG/alerts', '"alerts page"')} will show
     the results from the last scan designated as the "pending head" on the branch
     configured on Socket to be the "default branch". When creating a scan the
     --set-as-alerts-page flag will default to true to update this. You can prevent
@@ -11299,7 +11323,7 @@ async function handleJson(data, file, dashboardMessage) {
         logger.logger.fail(`Writing to \`${file}\` failed...`);
         logger.logger.error(err);
       } else {
-        logger.logger.success(`Data successfully written to \`${file}\``);
+        logger.logger.success(`Data successfully written to \`${utils.fileLink(file)}\``);
       }
       logger.logger.error(dashboardMessage);
     });
@@ -12641,7 +12665,7 @@ async function run$9(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -13613,7 +13637,7 @@ async function outputScanView(result, orgSlug, scanId, filePath, outputKind) {
       logger.logger.info('Writing json results to', filePath);
       try {
         await fs.writeFile(filePath, json, 'utf8');
-        logger.logger.info(`Data successfully written to ${filePath}`);
+        logger.logger.info(`Data successfully written to ${utils.fileLink(filePath)}`);
       } catch (e) {
         process.exitCode = 1;
         logger.logger.fail('There was an error trying to write the markdown to disk');
@@ -13654,7 +13678,7 @@ View this report at: ${constants.default.SOCKET_WEBSITE_URL}/dashboard/org/${org
   if (filePath && filePath !== '-') {
     try {
       await fs.writeFile(filePath, report, 'utf8');
-      logger.logger.log(`Data successfully written to ${filePath}`);
+      logger.logger.log(`Data successfully written to ${utils.fileLink(filePath)}`);
     } catch (e) {
       process.exitCode = 1;
       logger.logger.fail('There was an error trying to write the markdown to disk');
@@ -14090,7 +14114,7 @@ async function run$3(argv, importMeta, {
       - Special access
     This feature requires a Threat Feed license. Please contact
-    sales@socket.dev if you are interested in purchasing this access.
+    ${utils.mailtoLink('sales@socket.dev')} if you are interested in purchasing this access.
     Options
       ${utils.getFlagListOutput(config.flags)}
@@ -14811,7 +14835,7 @@ void (async () => {
     version: constants.default.ENV.INLINED_SOCKET_CLI_VERSION,
     logCallback: (name, version, latest) => {
       logger.logger.log(`\n\n📦 Update available for ${vendor.yoctocolorsCjsExports.cyan(name)}: ${vendor.yoctocolorsCjsExports.gray(version)} → ${vendor.yoctocolorsCjsExports.green(latest)}`);
-      logger.logger.log(`📝 ${vendor.terminalLinkExports('View changelog', `https://socket.dev/npm/package/${name}/files/${latest}/CHANGELOG.md`)}`);
+      logger.logger.log(`📝 ${utils.socketPackageLink('npm', name, `files/${latest}/CHANGELOG.md`, 'View changelog')}`);
     }
   });
   try {
@@ -14878,5 +14902,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=6d9d1b81-f05f-4bdf-ae16-71ba7e848b55
+//# debugId=c2710cf0-3d3a-46a7-8ead-88053b9e55be
 //# sourceMappingURL=cli.js.map