npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.1.66 → 1.1.68 - Mend

@socketsecurity/cli-with-sentry 1.1.66 → 1.1.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +12 -1
package/README.md +32 -0
package/dist/cli.js +54 -15
package/dist/cli.js.map +1 -1
package/dist/constants.js +4 -4
package/dist/constants.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/patch/cmd-patch.d.mts.map +1 -1
package/dist/vendor.js +915 -15026
package/package.json +6 -6

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+## [1.1.68](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.68) - 2026-03-09
+### Changed
+- Updated the Coana CLI to v `14.12.191`.
+## [1.1.67](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.67) - 2026-03-06
+### Changed
+- Updated `@socketsecurity/socket-patch` to v2.0.0, now powered by a native Rust binary for faster patch operations
+- The `socket patch` command now directly invokes the platform-specific Rust binary instead of a Node.js wrapper
+- Enhanced `socket patch` documentation with a complete subcommand reference and quick-start guide
 ## [1.1.66](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.66) - 2026-03-02
 ### Changed
@@ -52,7 +64,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Deprecated `--reach-disable-analysis-splitting` flag (now a no-op for backwards compatibility).
 - Updated the Coana CLI to v `14.12.154`.
 ## [1.1.57](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.57) - 2026-01-10
 ### Changed

package/README.md CHANGED Viewed

@@ -22,6 +22,38 @@ socket --help
 - `socket cdxgen [command]` - Run [cdxgen](https://cyclonedx.github.io/cdxgen/#/?id=getting-started) for SBOM generation
+- `socket patch <command>` - Apply, manage, and rollback Socket security patches for vulnerable dependencies
+### Patch subcommands
+| Command | Description |
+|---------|-------------|
+| `socket patch scan` | Scan installed packages for available security patches |
+| `socket patch get <uuid> --org <slug>` | Download a patch by UUID and store it locally |
+| `socket patch apply` | Apply downloaded patches to `node_modules` |
+| `socket patch rollback [purl\|uuid]` | Rollback patches and restore original files |
+| `socket patch list [--json]` | List all patches in the local manifest |
+| `socket patch remove <purl\|uuid>` | Remove a patch from the manifest (rolls back by default) |
+| `socket patch setup [--yes]` | Add `socket patch apply` to `postinstall` scripts |
+| `socket patch repair` | Download missing blobs and clean up unused blobs |
+**Quick start:**
+```bash
+# Scan for available patches, download, and apply.
+socket patch scan
+socket patch apply
+# Or download a specific patch by UUID.
+socket patch get <uuid> --org <org-slug>
+socket patch apply
+# Add to postinstall so patches reapply on npm install.
+socket patch setup --yes
+```
+Free patches work without authentication. For paid patches, set `SOCKET_CLI_API_TOKEN` and `SOCKET_CLI_ORG_SLUG`.
 ## Aliases
 All aliases support the flags and arguments of the commands they alias.

package/dist/cli.js CHANGED Viewed

@@ -25,6 +25,7 @@ var registry = require('../external/@socketsecurity/registry');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var require$$12 = require('../external/@socketsecurity/registry/lib/promises');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
+var childProcess = require('node:child_process');
 var require$$1 = require('node:util');
 var promises = require('node:stream/promises');
@@ -9620,47 +9621,85 @@ const cmdPackage = {
   }
 };
-const description$k = 'Manage CVE patches for dependencies';
+const description$k = 'Apply, manage, and rollback Socket security patches for vulnerable dependencies';
 const hidden$h = false;
 const cmdPatch = {
   description: description$k,
   hidden: hidden$h,
   run: run$m
 };
+// Resolve the path to the socket-patch binary.
+// The @socketsecurity/socket-patch package registers a bin entry that pnpm
+// links into node_modules/.bin/socket-patch. This launcher script finds and
+// executes the platform-specific Rust binary from the optionalDependencies.
+function resolveSocketPatchBin() {
+  // Walk up from this file (or dist/) to find the closest node_modules/.bin.
+  let dir = __dirname;
+  for (let i = 0; i < 10; i += 1) {
+    const candidate = path.join(dir, 'node_modules', '.bin', 'socket-patch');
+    if (fs$1.existsSync(candidate)) {
+      return candidate;
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) {
+      break;
+    }
+    dir = parent;
+  }
+  // Fallback: assume socket-patch is on PATH.
+  return 'socket-patch';
+}
 async function run$m(argv, _importMeta, _context) {
   const {
     ENV
   } = constants.default;
-  // Map socket-cli environment to socket-patch options.
-  // Only include properties with defined values (exactOptionalPropertyTypes).
-  const options = {};
+  // Build environment variables for the socket-patch binary.
+  const spawnEnv = {
+    ...process.env
+  };
+  // Map socket-cli environment to socket-patch environment variables.
   // Strip /v0/ suffix from API URL if present.
   const apiUrl = ENV.SOCKET_CLI_API_BASE_URL?.replace(/\/v0\/?$/, '');
   if (apiUrl) {
-    options.apiUrl = apiUrl;
+    spawnEnv['SOCKET_API_URL'] = apiUrl;
   }
   if (ENV.SOCKET_CLI_API_TOKEN) {
-    options.apiToken = ENV.SOCKET_CLI_API_TOKEN;
+    spawnEnv['SOCKET_API_TOKEN'] = ENV.SOCKET_CLI_API_TOKEN;
   }
   if (ENV.SOCKET_CLI_ORG_SLUG) {
-    options.orgSlug = ENV.SOCKET_CLI_ORG_SLUG;
+    spawnEnv['SOCKET_ORG_SLUG'] = ENV.SOCKET_CLI_ORG_SLUG;
   }
   if (ENV.SOCKET_PATCH_PROXY_URL) {
-    options.patchProxyUrl = ENV.SOCKET_PATCH_PROXY_URL;
+    spawnEnv['SOCKET_PATCH_PROXY_URL'] = ENV.SOCKET_PATCH_PROXY_URL;
   }
   if (ENV.SOCKET_CLI_API_PROXY) {
-    options.httpProxy = ENV.SOCKET_CLI_API_PROXY;
+    spawnEnv['HTTPS_PROXY'] = ENV.SOCKET_CLI_API_PROXY;
   }
   if (ENV.SOCKET_CLI_DEBUG) {
-    options.debug = ENV.SOCKET_CLI_DEBUG;
+    spawnEnv['SOCKET_PATCH_DEBUG'] = '1';
   }
-  // Forward all arguments to socket-patch.
-  const exitCode = await vendor.runExports.runPatch([...argv], options);
-  if (exitCode !== 0) {
-    process.exitCode = exitCode;
+  // Resolve and spawn the socket-patch Rust binary.
+  // On Windows, node_modules/.bin shims are .cmd scripts that require shell.
+  const binPath = resolveSocketPatchBin();
+  const result = childProcess.spawnSync(binPath, [...argv], {
+    stdio: 'inherit',
+    env: spawnEnv,
+    shell: constants.default.WIN32
+  });
+  if (result.error) {
+    throw result.error;
+  }
+  // Propagate signal if the child was killed (e.g. SIGTERM, SIGINT).
+  if (result.signal) {
+    process.kill(process.pid, result.signal);
+    return;
+  }
+  if (result.status !== null && result.status !== 0) {
+    process.exitCode = result.status;
   }
 }
@@ -15397,5 +15436,5 @@ process.on('unhandledRejection', async (reason, promise) => {
   // eslint-disable-next-line n/no-process-exit
   process.exit(1);
 });
-//# debugId=cd9a03d7-376e-442c-bd72-438395900ecb
+//# debugId=d5e3e146-9020-4771-aa72-2774939df8c7
 //# sourceMappingURL=cli.js.map