@socketsecurity/cli-with-sentry 1.1.21 → 1.1.23

package/dist/utils.js

@@ -1270,7 +1270,7 @@ function socketDashboardLink(dashPath, text) {
  * @returns A terminal link to Socket.dev
  */
 function socketDevLink(text, urlPath) {
-  return vendor.terminalLinkExports(text ?? 'Socket.dev', `${constants.SOCKET_WEBSITE_URL}${urlPath || ''}`);
+  return vendor.terminalLinkExports(text, `${constants.SOCKET_WEBSITE_URL}${urlPath}`);
 }
 
 /**
@@ -1585,9 +1585,9 @@ function getAsciiHeader(command, orgFlag, compactMode = false) {
   const versionHash = constants.default.ENV.INLINED_SOCKET_CLI_VERSION_HASH;
   const cliVersion = redacting ? REDACTED : require$$9.isDebug() ? versionHash : `v${fullVersion}`;
   const nodeVersion = redacting ? REDACTED : process.version;
-  const showNodeVersion = require$$9.isDebug();
+  const showNodeVersion = !redacting && require$$9.isDebug();
   const defaultOrg = getConfigValueOrUndef(constants.CONFIG_KEY_DEFAULT_ORG);
-  const readOnlyConfig = isConfigFromFlag() ? '*' : '.';
+  const configFromFlagDot = isConfigFromFlag() ? '*' : '.';
 
   // Token display with origin indicator.
   const tokenPrefix = getVisibleTokenPrefix();
@@ -1610,8 +1610,8 @@ function getAsciiHeader(command, orgFlag, compactMode = false) {
   //       portability and paste-ability. "simple" ascii chars just work.
   const body = `
    _____         _       _        /---------------
-  |   __|___ ___| |_ ___| |_      | ${socketDevLink()} CLI: ${cliVersion}
-  |__   | ${readOnlyConfig} |  _| '_| -_|  _|     | ${showNodeVersion ? `Node: ${nodeVersion}, ` : ''}token: ${shownToken}, ${orgPart}
+  |   __|___ ___| |_ ___| |_      | CLI: ${cliVersion}
+  |__   | ${configFromFlagDot} |  _| '_| -_|  _|     | ${showNodeVersion ? `Node: ${nodeVersion}, ` : ''}token: ${shownToken}, ${orgPart}
   |_____|___|___|_,_|___|_|.dev   | Command: \`${command}\`, cwd: ${relCwd}
   `.trim();
   // Note: logger will auto-append a newline.
@@ -1868,7 +1868,7 @@ async function meowWithSubcommands(config, options) {
   }
   const lines = ['', 'Usage', `  $ ${name} <command>`];
   if (isRootCommand) {
-    lines.push(`  $ ${name} scan create${constants.FLAG_JSON}`, `  $ ${name} package score ${constants.NPM} lodash ${constants.FLAG_MARKDOWN}`);
+    lines.push(`  $ ${name} scan create ${constants.FLAG_JSON}`, `  $ ${name} package score ${constants.NPM} lodash ${constants.FLAG_MARKDOWN}`);
   }
   lines.push('');
   if (isRootCommand) {
@@ -1896,7 +1896,7 @@ async function meowWithSubcommands(config, options) {
       // test snapshots we use joinAnd.
       arrays.joinAnd(Array.from(commands).sort(sorts.naturalCompare).map(c => `'${c}'`)));
     }
-    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands[constants.NPM])}`, `  npx                         ${description(subcommands[constants.NPX])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
+    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket fix                  ${description(subcommands['fix'])}`, `  socket optimize             ${description(subcommands['optimize'])}`, `  socket cdxgen               ${description(subcommands['cdxgen'])}`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands[constants.NPM])}`, `  npx                         ${description(subcommands[constants.NPX])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
   } else {
     lines.push('Commands');
     lines.push(`  ${getHelpListOutput({
@@ -2317,6 +2317,45 @@ async function getDefaultOrgSlug() {
   };
 }
 
+/**
+ * Sanitizes a name to comply with repository naming constraints.
+ * Constraints: 100 or less A-Za-z0-9 characters only with non-repeating,
+ * non-leading or trailing ., _ or - only.
+ *
+ * @param name - The name to sanitize
+ * @returns Sanitized name that complies with repository naming rules, or empty string if no valid characters
+ */
+function sanitizeName(name) {
+  if (!name) {
+    return '';
+  }
+
+  // Replace sequences of illegal characters with underscores.
+  const sanitized = name
+  // Replace any sequence of non-alphanumeric characters (except ., _, -) with underscore.
+  .replace(/[^A-Za-z0-9._-]+/g, '_')
+  // Replace sequences of multiple allowed special chars with single underscore.
+  .replace(/[._-]{2,}/g, '_')
+  // Remove leading special characters.
+  .replace(/^[._-]+/, '')
+  // Remove trailing special characters.
+  .replace(/[._-]+$/, '')
+  // Truncate to 100 characters max.
+  .slice(0, 100);
+  return sanitized;
+}
+
+/**
+ * Extracts and sanitizes a repository name.
+ *
+ * @param name - The repository name to extract and sanitize
+ * @returns Sanitized repository name, or default repository name if empty
+ */
+function extractName(name) {
+  const sanitized = sanitizeName(name);
+  return sanitized || constants.default.SOCKET_DEFAULT_REPOSITORY;
+}
+
 /**
  * Git utilities for Socket CLI.
  * Provides git operations for repository management, branch handling, and commits.
@@ -2409,7 +2448,7 @@ async function getRepoInfo(cwd = process.cwd()) {
 }
 async function getRepoName(cwd = process.cwd()) {
   const repoInfo = await getRepoInfo(cwd);
-  return repoInfo?.repo ?? constants.default.SOCKET_DEFAULT_REPOSITORY;
+  return repoInfo?.repo ? extractName(repoInfo.repo) : constants.default.SOCKET_DEFAULT_REPOSITORY;
 }
 async function gitBranch(cwd = process.cwd()) {
   const stdioPipeOptions = {
@@ -3313,8 +3352,8 @@ function isYarnBerry() {
   if (_isYarnBerry === undefined) {
     try {
       const yarnBinPath = getYarnBinPath();
-      const result = spawn.spawnSync(yarnBinPath, ['--version'], {
-        encoding: 'utf8',
+      const result = spawn.spawnSync(yarnBinPath, [constants.FLAG_VERSION], {
+        encoding: constants.UTF8,
         // On Windows, yarn is often a .cmd file that requires shell execution.
         // The spawn function from @socketsecurity/registry will handle this properly
         // when shell is true.
@@ -3425,10 +3464,6 @@ async function spawnDlx(packageSpec, args, options, spawnExtra) {
           npm_config_dlx_cache_max_age: '0'
         }
       };
-      // Add --ignore-scripts for extra security.
-      // While pnpm dlx allows the executed package's scripts by default,
-      // we disable them since coana/cdxgen/synp don't need postinstall scripts.
-      spawnArgs.push('--ignore-scripts');
     }
     if (silent) {
       spawnArgs.push(constants.FLAG_SILENT);
@@ -3955,6 +3990,19 @@ async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()
 
 const helpFlags = new Set([constants.FLAG_HELP, '-h']);
 
+/**
+ * Convert flag values to array format for processing.
+ */
+function cmdFlagValueToArray(value) {
+  if (typeof value === 'string') {
+    return value.trim().split(/, */).filter(Boolean);
+  }
+  if (Array.isArray(value)) {
+    return value.flatMap(cmdFlagValueToArray);
+  }
+  return [];
+}
+
 /**
  * Convert command arguments to a properly formatted string representation.
  */
@@ -3981,19 +4029,6 @@ function cmdFlagsToString(args) {
   return result.join(' ');
 }
 
-/**
- * Convert flag values to array format for processing.
- */
-function cmdFlagValueToArray(value) {
-  if (typeof value === 'string') {
-    return value.trim().split(/, */).filter(Boolean);
-  }
-  if (Array.isArray(value)) {
-    return value.flatMap(cmdFlagValueToArray);
-  }
-  return [];
-}
-
 /**
  * Add command name prefix to message text.
  */
@@ -4065,6 +4100,15 @@ function filterFlags(argv, flagsToFilter, exceptions) {
   return filtered;
 }
 
+/**
+ * Check if command is an add command (adds new dependencies).
+ * Supported by: pnpm, yarn.
+ * Note: npm uses 'install' with package names instead of 'add'.
+ */
+function isAddCommand(command) {
+  return command === 'add';
+}
+
 /**
  * Check if argument is a help flag.
  */
@@ -4072,6 +4116,14 @@ function isHelpFlag(cmdArg) {
   return helpFlags.has(cmdArg);
 }
 
+/**
+ * Check if pnpm command requires lockfile scanning.
+ * pnpm uses: install, i, update, up
+ */
+function isPnpmLockfileScanCommand(command) {
+  return command === 'install' || command === 'i' || command === 'update' || command === 'up';
+}
+
 /**
  * Converts CVE IDs to GHSA IDs using GitHub API.
  */
@@ -4345,7 +4397,7 @@ function shadowNpmInstall(options) {
   const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
   const progressArg = rawBinArgs.findLast(agent.isNpmProgressFlag) !== '--no-progress';
   const isSilent = !useDebug && !binArgs.some(agent.isNpmLoglevelFlag);
-  const logLevelArgs = isSilent ? ['--loglevel', 'silent'] : [];
+  const logLevelArgs = isSilent ? [constants.FLAG_LOGLEVEL, 'silent'] : [];
   const useIpc = require$$11.isObject(ipc);
 
   // Include 'ipc' in the spawnOpts.stdio when an options.ipc object is provided.
@@ -4366,7 +4418,7 @@ function shadowNpmInstall(options) {
   '--no-audit', '--no-fund',
   // Add '--no-progress' to fix input being swallowed by the npm spinner.
   '--no-progress',
-  // Add '--loglevel=silent' if a loglevel flag is not provided and the
+  // Add 'FLAG_LOGLEVEL silent' if a loglevel flag is not provided and the
   // SOCKET_CLI_DEBUG environment variable is not truthy.
   ...logLevelArgs, ...binArgs, ...otherArgs], {
     ...spawnOpts,
@@ -4435,8 +4487,8 @@ function runAgentInstall(pkgEnvDetails, options) {
   const skipNodeHardenFlags = isPnpm && pkgEnvDetails.agentVersion.major < 11;
   // In CI mode, pnpm uses --frozen-lockfile by default, which prevents lockfile updates.
   // We need to explicitly disable it when updating the lockfile with overrides.
-  const isCi = constants.default.ENV['CI'];
-  const installArgs = isPnpm && isCi ? ['install', '--no-frozen-lockfile', ...args] : ['install', ...args];
+  // Also add --config.confirmModulesPurge=false to avoid interactive prompts.
+  const installArgs = isPnpm ? ['install', '--config.confirmModulesPurge=false', '--no-frozen-lockfile', ...args] : ['install', ...args];
   return spawn.spawn(agentExecPath, installArgs, {
     cwd: pkgPath,
     // On Windows, package managers are often .cmd files that require shell execution.
@@ -4449,6 +4501,10 @@ function runAgentInstall(pkgEnvDetails, options) {
     env: {
       ...process.env,
       ...constants.default.processEnv,
+      // Set CI for pnpm to ensure non-interactive mode and consistent behavior.
+      ...(isPnpm ? {
+        CI: '1'
+      } : {}),
       NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.default.nodeHardenFlags), ...constants.default.nodeNoWarningsFlags]),
       ...require$$11.getOwn(spawnOpts, 'env')
     }
@@ -6016,8 +6072,10 @@ exports.installNpmLinks = installNpmLinks;
 exports.installNpxLinks = installNpxLinks;
 exports.installPnpmLinks = installPnpmLinks;
 exports.installYarnLinks = installYarnLinks;
+exports.isAddCommand = isAddCommand;
 exports.isConfigFromFlag = isConfigFromFlag;
 exports.isHelpFlag = isHelpFlag;
+exports.isPnpmLockfileScanCommand = isPnpmLockfileScanCommand;
 exports.isReportSupportedFile = isReportSupportedFile;
 exports.isSensitiveConfigKey = isSensitiveConfigKey;
 exports.isSupportedConfigKey = isSupportedConfigKey;
@@ -6060,5 +6118,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=aca3fb2c-1435-481e-a911-c0547052c313
+//# debugId=4869ae24-405b-42c5-8d8a-e03b6c950c8e
 //# sourceMappingURL=utils.js.map