@socketsecurity/cli-with-sentry 1.1.97 → 1.1.98

package/dist/types/commands/manifest/bazel/extract_bazel_to_maven.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"extract_bazel_to_maven.d.mts","sourceRoot":"","sources":["../../../../../src/commands/manifest/bazel/extract_bazel_to_maven.mts"],"names":[],"mappings":"AAiCA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAGjE,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACjC,EAAE,EAAE,OAAO,CAAA;CACZ,CAAA;AAiBD,KAAK,uBAAuB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,OAAO,EAAE;YAAE,GAAG,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACzE,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;CACxC,CAAA;AA2DD,wBAAgB,2BAA2B,CACzC,SAAS,EAAE,iBAAiB,EAAE,GAC7B,uBAAuB,CAqEzB;AAsGD,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,kBAAkB,CAAC,CA6J7B"}
+{"version":3,"file":"extract_bazel_to_maven.d.mts","sourceRoot":"","sources":["../../../../../src/commands/manifest/bazel/extract_bazel_to_maven.mts"],"names":[],"mappings":"AAiCA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAGjE,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,eAAe,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,GAAG,EAAE,MAAM,CAAA;IACX,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACjC,EAAE,EAAE,OAAO,CAAA;CACZ,CAAA;AAiBD,KAAK,uBAAuB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,OAAO,EAAE;YAAE,GAAG,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACzE,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;CACxC,CAAA;AA2DD,wBAAgB,2BAA2B,CACzC,SAAS,EAAE,iBAAiB,EAAE,GAC7B,uBAAuB,CAqEzB;AA6HD,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,kBAAkB,CAAC,CA6J7B"}

package/dist/types/commands/scan/handle-create-new-scan.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"handle-create-new-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-create-new-scan.mts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAA;AAC9E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC/C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sCAAsC,CAAA;AAqCjE,MAAM,MAAM,yBAAyB,GAAG;IACtC,YAAY,EAAE,OAAO,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,EAAE,OAAO,CAAA;IACtB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,OAAO,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,UAAU,CAAA;IACtB,KAAK,EAAE,KAAK,CACV,mBAAmB,GAAG;QACpB,uBAAuB,EAAE,OAAO,CAAA;KACjC,CACF,CAAA;IACD,QAAQ,EAAE,OAAO,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,OAAO,CAAA;IACf,WAAW,EAAE,YAAY,CAAA;IACzB,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,GAAG,EAAE,OAAO,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC/B,CAAA;AAED,wBAAsB,mBAAmB,CAAC,EACxC,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,EACb,UAAU,EACV,GAAG,EACH,aAAa,EACb,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,WAAW,EACX,OAAO,EACP,GAAG,EACH,SAAS,EACV,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqO3C"}
+{"version":3,"file":"handle-create-new-scan.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/handle-create-new-scan.mts"],"names":[],"mappings":"AAyBA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAA;AAC9E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC/C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sCAAsC,CAAA;AAqCjE,MAAM,MAAM,yBAAyB,GAAG;IACtC,YAAY,EAAE,OAAO,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,EAAE,OAAO,CAAA;IACtB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,OAAO,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,UAAU,CAAA;IACtB,KAAK,EAAE,KAAK,CACV,mBAAmB,GAAG;QACpB,uBAAuB,EAAE,OAAO,CAAA;KACjC,CACF,CAAA;IACD,QAAQ,EAAE,OAAO,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,OAAO,CAAA;IACf,WAAW,EAAE,YAAY,CAAA;IACzB,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,GAAG,EAAE,OAAO,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC/B,CAAA;AAED,wBAAsB,mBAAmB,CAAC,EACxC,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,EACb,UAAU,EACV,GAAG,EACH,aAAa,EACb,WAAW,EACX,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,WAAW,EACX,OAAO,EACP,GAAG,EACH,SAAS,EACV,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiP3C"}

package/dist/types/utils/api.d.mts

@@ -1,9 +1,11 @@
 import type { CResult } from '../types.mts';
 import type { Spinner } from '@socketsecurity/registry/lib/spinner';
 import type { SocketSdkOperations, SocketSdkResult, SocketSdkSuccessResult } from '@socketsecurity/sdk';
-// Wrapper around fetch that supports extra CA certificates via SSL_CERT_FILE.
-// Uses node:https.request with a custom agent when extra CA certs are needed,
-// falling back to regular fetch() otherwise. Follows redirects like fetch().
+// All outbound API requests use node:https.request rather than global fetch.
+// This ensures no body timeout is applied — large streaming ND-JSON responses
+// (e.g. full scan results) can transfer without a hard deadline. When
+// SSL_CERT_FILE is configured, a custom HttpsAgent carrying the extra CA
+// certificates is passed; otherwise the default agent is used.
 export type ApiFetchInit = {
     body?: string | undefined;
     headers?: Record<string, string> | undefined;

package/dist/types/utils/api.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"api.d.mts","sourceRoot":"","sources":["../../../src/utils/api.mts"],"names":[],"mappings":"AA2CA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAA;AACnE,OAAO,KAAK,EAEV,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACvB,MAAM,qBAAqB,CAAA;AAwB5B,8EAA8E;AAC9E,8EAA8E;AAC9E,6EAA6E;AAC7E,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;IAC5C,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC5B,CAAA;AAuGD,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,MAAM,EACX,IAAI,GAAE,YAAiB,GACtB,OAAO,CAAC,QAAQ,CAAC,CAMnB;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IAClC,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC3B,CAAA;AAiCD,4DAA4D;AAC5D,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,SAAS,CASzD;AAED;;GAEG;AACH,wBAAsB,gCAAgC,CAAC,IAAI,EAAE,MAAM,mBAiBlE;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,mBAAmB,IAAI,OAAO,CAChE,sBAAsB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAClC,CAAA;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,CAAC,SAAS,mBAAmB,EAC/D,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAClC,OAAO,CAAC,EAAE,oBAAoB,GAAG,SAAS,GACzC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAuF3B;AAED,wBAAsB,sBAAsB,CAAC,CAAC,SAAS,mBAAmB,EACxE,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAoDrD;AAkBD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,EAChC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,GAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CA6F1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,IAAI,EAAE,MAAM,EACZ,WAAW,SAAK,GACf,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAmBrB;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAA;IACtB,IAAI,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC,CAAA;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,CAAC,EACpC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,qBAAqB,GAAG,SAAS,GAC1C,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAyGrB"}
+{"version":3,"file":"api.d.mts","sourceRoot":"","sources":["../../../src/utils/api.mts"],"names":[],"mappings":"AA4CA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAA;AACnE,OAAO,KAAK,EAEV,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACvB,MAAM,qBAAqB,CAAA;AAwB5B,6EAA6E;AAC7E,gFAA8E;AAC9E,sEAAsE;AACtE,yEAAyE;AACzE,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;IAC5C,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC5B,CAAA;AAsHD,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,MAAM,EACX,IAAI,GAAE,YAAiB,GACtB,OAAO,CAAC,QAAQ,CAAC,CAEnB;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IAClC,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC3B,CAAA;AAiCD,4DAA4D;AAC5D,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,SAAS,CASzD;AAED;;GAEG;AACH,wBAAsB,gCAAgC,CAAC,IAAI,EAAE,MAAM,mBAiBlE;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,mBAAmB,IAAI,OAAO,CAChE,sBAAsB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAClC,CAAA;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,CAAC,SAAS,mBAAmB,EAC/D,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAClC,OAAO,CAAC,EAAE,oBAAoB,GAAG,SAAS,GACzC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAuF3B;AAED,wBAAsB,sBAAsB,CAAC,CAAC,SAAS,mBAAmB,EACxE,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAClC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAoDrD;AAkBD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,EAChC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,GAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CA6F1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,IAAI,EAAE,MAAM,EACZ,WAAW,SAAK,GACf,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAmBrB;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAA;IACtB,IAAI,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC,CAAA;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,CAAC,EACpC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,qBAAqB,GAAG,SAAS,GAC1C,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAyGrB"}

package/dist/types/utils/coana.d.mts

@@ -1,3 +1,38 @@
+export type CompressedScanPaths = {
+    paths: string[];
+    cleanup: () => Promise<void>;
+};
+/**
+ * For each `.socket.facts.json` in `scanPaths`, stream-brotli-compress a
+ * sibling `.socket.facts.json.br` next to the original file and swap its
+ * path in. Other paths pass through unchanged. Missing files also pass
+ * through unchanged (the upload will fail downstream with the same error
+ * it would have).
+ *
+ * Streaming + worker-thread compression keeps the event loop responsive:
+ * default brotli quality (11) on a 60+MB facts file takes multiple seconds
+ * of CPU, which would otherwise freeze the spinner / signal handlers /
+ * any concurrent work.
+ *
+ * The `.br` lives next to the source rather than under the OS temp dir
+ * because depscan's multipart ingest (`addStreamEntry`) rejects entries
+ * whose names contain `..` traversal segments. The SDK computes the
+ * multipart entry name via `path.relative(cwd, brPath)`, so an OS-tmpdir
+ * temp path turns into `../../../var/folders/...` and gets dropped as
+ * `unmatchedFiles`. Sibling-write keeps the relative path inside cwd, and
+ * keeps the directory shape symmetric with the plain `.socket.facts.json`
+ * upload (depscan strips only the `.br` suffix at ingest, so
+ * `<dir>/.socket.facts.json.br` and `<dir>/.socket.facts.json` resolve to
+ * the same storage path).
+ *
+ * Concurrent scans against the same source directory are already racy on
+ * `.socket.facts.json` itself (coana writes to a single path), so the
+ * sibling `.br` doesn't introduce a new race.
+ *
+ * Caller MUST `await cleanup()` (typically in a `finally` block) once the
+ * upload completes — successful or not — to remove the sibling files.
+ */
+export declare function compressSocketFactsForUpload(scanPaths: string[]): Promise<CompressedScanPaths>;
 export type ReachabilityError = {
     componentName: string;
     componentVersion: string;

package/dist/types/utils/coana.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"coana.d.mts","sourceRoot":"","sources":["../../../src/utils/coana.mts"],"names":[],"mappings":"AAeA,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,MAAM,CAAA;IACrB,gBAAgB,EAAE,MAAM,CAAA;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,wBAAgB,yBAAyB,CACvC,eAAe,EAAE,MAAM,GACtB,iBAAiB,EAAE,CA0CrB;AAED,wBAAgB,8BAA8B,CAC5C,eAAe,EAAE,MAAM,GACtB,MAAM,GAAG,SAAS,CAQpB"}
+{"version":3,"file":"coana.d.mts","sourceRoot":"","sources":["../../../src/utils/coana.mts"],"names":[],"mappings":"AA8BA,MAAM,MAAM,mBAAmB,GAAG;IAChC,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,4BAA4B,CAChD,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC,mBAAmB,CAAC,CAgD9B;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,MAAM,CAAA;IACrB,gBAAgB,EAAE,MAAM,CAAA;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,wBAAgB,yBAAyB,CACvC,eAAe,EAAE,MAAM,GACtB,iBAAiB,EAAE,CA0CrB;AAED,wBAAgB,8BAA8B,CAC5C,eAAe,EAAE,MAAM,GACtB,MAAM,GAAG,SAAS,CAQpB"}

package/dist/utils.js

@@ -16,10 +16,14 @@ var path = require('node:path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
+var fs = require('node:fs');
+var fs$2 = require('node:fs/promises');
+var promises$1 = require('node:stream/promises');
+var node_zlib = require('node:zlib');
 var fs$1 = require('../external/@socketsecurity/registry/lib/fs');
 var require$$5 = require('node:module');
 var require$$3 = require('node:https');
-var fs = require('node:fs');
+var web = require('node:stream/web');
 var require$$13 = require('../external/@socketsecurity/registry/lib/url');
 var agent = require('../external/@socketsecurity/registry/lib/agent');
 var bin = require('../external/@socketsecurity/registry/lib/bin');
@@ -2051,9 +2055,11 @@ function getHttpsAgent() {
   return _httpsAgent;
 }
 
-// Wrapper around fetch that supports extra CA certificates via SSL_CERT_FILE.
-// Uses node:https.request with a custom agent when extra CA certs are needed,
-// falling back to regular fetch() otherwise. Follows redirects like fetch().
+// All outbound API requests use node:https.request rather than global fetch.
+// This ensures no body timeout is applied — large streaming ND-JSON responses
+// (e.g. full scan results) can transfer without a hard deadline. When
+// SSL_CERT_FILE is configured, a custom HttpsAgent carrying the extra CA
+// certificates is passed; otherwise the default agent is used.
 
 // Internal httpsRequest-based fetch with redirect support.
 function _httpsRequestFetch(url, init, agent, redirectCount) {
@@ -2109,27 +2115,42 @@ function _httpsRequestFetch(url, init, agent, redirectCount) {
         }, agent, redirectCount + 1));
         return;
       }
-      const chunks = [];
-      res.on('data', chunk => chunks.push(chunk));
-      res.on('end', () => {
-        const body = Buffer.concat(chunks);
-        const responseHeaders = new Headers();
-        for (const [key, value] of Object.entries(res.headers)) {
-          if (typeof value === 'string') {
-            responseHeaders.set(key, value);
-          } else if (Array.isArray(value)) {
-            for (const v of value) {
-              responseHeaders.append(key, v);
-            }
+      // Build response headers immediately on receipt.
+      const responseHeaders = new Headers();
+      for (const [key, value] of Object.entries(res.headers)) {
+        if (typeof value === 'string') {
+          responseHeaders.set(key, value);
+        } else if (Array.isArray(value)) {
+          for (const v of value) {
+            responseHeaders.append(key, v);
           }
         }
-        resolve(new Response(body, {
-          status: statusCode ?? 0,
-          statusText: res.statusMessage ?? '',
-          headers: responseHeaders
-        }));
+      }
+      // Resolve with a streaming body as soon as headers are available,
+      // matching fetch() semantics. Callers that pipe response.body (e.g.
+      // streamDownloadWithFetch) receive a live ReadableStream rather than
+      // a fully-buffered Buffer.
+      const body = new web.ReadableStream({
+        start(controller) {
+          res.on('data', chunk => {
+            controller.enqueue(chunk);
+          });
+          res.on('end', () => {
+            controller.close();
+          });
+          res.on('error', err => {
+            controller.error(err);
+          });
+        },
+        cancel() {
+          res.destroy();
+        }
       });
-      res.on('error', reject);
+      resolve(new Response(body, {
+        status: statusCode ?? 0,
+        statusText: res.statusMessage ?? '',
+        headers: responseHeaders
+      }));
     });
     if (init.body) {
       req.write(init.body);
@@ -2139,11 +2160,7 @@ function _httpsRequestFetch(url, init, agent, redirectCount) {
   });
 }
 async function apiFetch(url, init = {}) {
-  const agent = getHttpsAgent();
-  if (!agent) {
-    return await fetch(url, init);
-  }
-  return await _httpsRequestFetch(url, init, agent, 0);
+  return await _httpsRequestFetch(url, init, getHttpsAgent(), 0);
 }
 /**
  * Get command requirements from requirements.json based on command path.
@@ -4724,6 +4741,11 @@ function* walkNestedMap(map, keys = []) {
  * Manages reachability analysis via Coana tech CLI.
  *
  * Key Functions:
+ * - compressSocketFactsForUpload: Brotli-compress any .socket.facts.json
+ *   entries in scanPaths just before upload, returning swapped paths plus a
+ *   cleanup callback. Coana keeps writing plain JSON; the on-the-wire form
+ *   to depscan is brotli (api-v0 decodes at the multipart boundary).
+ * - extractReachabilityErrors: Extract per-component reachability errors
  * - extractTier1ReachabilityScanId: Extract scan ID from socket facts file
  *
  * Integration:
@@ -4732,6 +4754,86 @@ function* walkNestedMap(map, keys = []) {
  * - Extracts tier 1 reachability scan identifiers
  */
 
+const {
+  DOT_SOCKET_DOT_FACTS_JSON
+} = constants.default;
+/**
+ * For each `.socket.facts.json` in `scanPaths`, stream-brotli-compress a
+ * sibling `.socket.facts.json.br` next to the original file and swap its
+ * path in. Other paths pass through unchanged. Missing files also pass
+ * through unchanged (the upload will fail downstream with the same error
+ * it would have).
+ *
+ * Streaming + worker-thread compression keeps the event loop responsive:
+ * default brotli quality (11) on a 60+MB facts file takes multiple seconds
+ * of CPU, which would otherwise freeze the spinner / signal handlers /
+ * any concurrent work.
+ *
+ * The `.br` lives next to the source rather than under the OS temp dir
+ * because depscan's multipart ingest (`addStreamEntry`) rejects entries
+ * whose names contain `..` traversal segments. The SDK computes the
+ * multipart entry name via `path.relative(cwd, brPath)`, so an OS-tmpdir
+ * temp path turns into `../../../var/folders/...` and gets dropped as
+ * `unmatchedFiles`. Sibling-write keeps the relative path inside cwd, and
+ * keeps the directory shape symmetric with the plain `.socket.facts.json`
+ * upload (depscan strips only the `.br` suffix at ingest, so
+ * `<dir>/.socket.facts.json.br` and `<dir>/.socket.facts.json` resolve to
+ * the same storage path).
+ *
+ * Concurrent scans against the same source directory are already racy on
+ * `.socket.facts.json` itself (coana writes to a single path), so the
+ * sibling `.br` doesn't introduce a new race.
+ *
+ * Caller MUST `await cleanup()` (typically in a `finally` block) once the
+ * upload completes — successful or not — to remove the sibling files.
+ */
+async function compressSocketFactsForUpload(scanPaths) {
+  const brPaths = [];
+  const cleanup = async () => {
+    const targets = brPaths.splice(0);
+    // `recursive: true` defends against the (defensive) case where a sibling
+    // path was somehow created as a directory — `rm` would otherwise throw
+    // on the first such entry and skip the rest. `force: true` no-ops on
+    // missing paths so the function stays idempotent.
+    await Promise.all(targets.map(t => fs$2.rm(t, {
+      recursive: true,
+      force: true
+    })));
+  };
+  // Use `allSettled` (not `all`) so a failure in one entry doesn't leak the
+  // others' in-flight pipelines past our `catch`. If we used `all`, the
+  // first rejection would bubble out while sibling pipelines were still
+  // writing bytes — `cleanup()` would race with those writes and could
+  // remove a `.br` only to have it re-created after we returned.
+  const results = await Promise.allSettled(scanPaths.map(async p => {
+    if (path.basename(p) !== DOT_SOCKET_DOT_FACTS_JSON) {
+      return p;
+    }
+    if (!fs.existsSync(p)) {
+      return p;
+    }
+    const brPath = `${p}.br`;
+    // Track the sibling path BEFORE the pipeline starts so a
+    // partially-written `.br` is removed even if the pipeline rejects.
+    // `rm({ force: true })` no-ops on missing files, so tracking before
+    // creation is safe.
+    brPaths.push(brPath);
+    await promises$1.pipeline(fs.createReadStream(p), node_zlib.createBrotliCompress(), fs.createWriteStream(brPath));
+    return brPath;
+  }));
+  const failure = results.find(r => r.status === 'rejected');
+  if (failure) {
+    // All pipelines have settled, so cleanup() can safely remove every
+    // `.br` we tracked (succeeded or partial) without racing live writes.
+    await cleanup();
+    throw failure.reason;
+  }
+  const paths = results.map(r => r.value);
+  return {
+    paths,
+    cleanup
+  };
+}
 function extractReachabilityErrors(socketFactsFile) {
   const json = fs$1.readJsonSync(socketFactsFile, {
     throws: false
@@ -7822,6 +7924,7 @@ exports.checkCommandInput = checkCommandInput;
 exports.cmdFlagValueToArray = cmdFlagValueToArray;
 exports.cmdFlagsToString = cmdFlagsToString;
 exports.cmdPrefixMessage = cmdPrefixMessage;
+exports.compressSocketFactsForUpload = compressSocketFactsForUpload;
 exports.convertCveToGhsa = convertCveToGhsa;
 exports.convertPurlToGhsas = convertPurlToGhsas;
 exports.createEnum = createEnum;
@@ -7946,5 +8049,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=2070e850-060e-4077-8aaa-c4564f5f74e5
+//# debugId=e3aec7ef-9385-4b5c-be2e-ba11a8c6f580
 //# sourceMappingURL=utils.js.map