@socketsecurity/cli 0.13.0 → 0.14.1

package/dist/npm-injection2.js

@@ -1,899 +0,0 @@
-'use strict';
-
-var vendor = require('./vendor.js');
-var require$$0$3 = require('node:events');
-var require$$0$1 = require('node:fs');
-var require$$4 = require('node:https');
-var require$$1 = require('node:path');
-var require$$3 = require('node:readline');
-var require$$0$2 = require('node:stream');
-var require$$0$4 = require('node:timers/promises');
-var require$$3$1 = require('@socketsecurity/config');
-var link = require('./link.js');
-var require$$1$1 = require('node:net');
-var require$$0 = require('node:os');
-var require$$6 = require('../package.json');
-var sdk = require('./sdk.js');
-var require$$20 = require('pacote');
-
-var npmInjection = {};
-
-var ttyServer$1 = {};
-
-var typeHelpers = {};
-
-Object.defineProperty(typeHelpers, "__esModule", {
-  value: true
-});
-typeHelpers.isErrnoException = isErrnoException;
-function isErrnoException(value) {
-  if (!(value instanceof Error)) {
-    return false;
-  }
-  return value.code !== undefined;
-}
-
-Object.defineProperty(ttyServer$1, "__esModule", {
-  value: true
-});
-ttyServer$1.createTTYServer = createTTYServer;
-var _nodeFs$1 = require$$0$1;
-var _nodeNet = require$$1$1;
-var _nodeOs = require$$0;
-var _nodePath$1 = require$$1;
-var _nodeReadline$1 = require$$3;
-var _nodeStream$1 = require$$0$2;
-var _package = require$$6;
-var _typeHelpers$1 = typeHelpers;
-const NEWLINE_CHAR_CODE = 10; /*'\n'*/
-
-const TTY_IPC = process.env['SOCKET_SECURITY_TTY_IPC'];
-const sock = _nodePath$1.join(_nodeOs.tmpdir(), `socket-security-tty-${process.pid}.sock`);
-process.env['SOCKET_SECURITY_TTY_IPC'] = sock;
-function createNonStandardTTYServer() {
-  return {
-    async captureTTY(mutexFn) {
-      return await new Promise((resolve, reject) => {
-        const conn = _nodeNet.createConnection({
-          path: TTY_IPC
-        }).on('error', reject);
-        let captured = false;
-        const buffs = [];
-        conn.on('data', function awaitCapture(chunk) {
-          buffs.push(chunk);
-          let lineBuff = Buffer.concat(buffs);
-          if (captured) return;
-          try {
-            const eolIndex = lineBuff.indexOf(NEWLINE_CHAR_CODE);
-            if (eolIndex !== -1) {
-              conn.removeListener('data', awaitCapture);
-              conn.push(lineBuff.slice(eolIndex + 1));
-              const {
-                ipc_version: remote_ipc_version,
-                capabilities: {
-                  input: hasInput,
-                  output: hasOutput,
-                  colorLevel: ipcColorLevel
-                }
-              } = JSON.parse(lineBuff.slice(0, eolIndex).toString('utf-8'));
-              lineBuff = null;
-              captured = true;
-              if (remote_ipc_version !== _package.version) {
-                throw new Error('Mismatched STDIO tunnel IPC version, ensure you only have 1 version of socket CLI being called.');
-              }
-              const input = hasInput ? new _nodeStream$1.PassThrough() : null;
-              input?.pause();
-              if (input) conn.pipe(input);
-              const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
-              if (output) {
-                output.pipe(conn)
-                // Make ora happy
-                ;
-                output.isTTY = true;
-                output.cursorTo = function cursorTo(x, y, callback) {
-                  _nodeReadline$1.cursorTo(this, x, y, callback);
-                };
-                output.clearLine = function clearLine(dir, callback) {
-                  _nodeReadline$1.clearLine(this, dir, callback);
-                };
-              }
-              mutexFn(ipcColorLevel, hasInput ? input : undefined, hasOutput ? output : undefined).then(resolve, reject).finally(() => {
-                conn.unref();
-                conn.end();
-                input?.end();
-                output?.end();
-                // process.exit(13)
-              });
-            }
-          } catch (e) {
-            reject(e);
-          }
-        });
-      });
-    }
-  };
-}
-function createIPCServer(colorLevel, captureState,
-// eslint-disable-next-line @typescript-eslint/consistent-type-imports
-npmlog) {
-  const input = process.stdin;
-  const output = process.stderr;
-  return new Promise((resolve, reject) => {
-    const server = _nodeNet
-    // eslint-disable-next-line @typescript-eslint/no-misused-promises
-    .createServer(async conn => {
-      if (captureState.captured) {
-        await new Promise(resolve => {
-          captureState.pendingCaptures.push({
-            resolve() {
-              resolve();
-            }
-          });
-        });
-      } else {
-        captureState.captured = true;
-      }
-      const wasProgressEnabled = npmlog.progressEnabled;
-      npmlog.pause();
-      if (wasProgressEnabled) {
-        npmlog.disableProgress();
-      }
-      conn.write(`${JSON.stringify({
-        ipc_version: _package.version,
-        capabilities: {
-          input: Boolean(input),
-          output: true,
-          colorLevel
-        }
-      })}\n`);
-      conn.on('data', data => {
-        output.write(data);
-      }).on('error', e => {
-        output.write(`there was an error prompting from a sub shell (${e?.message}), socket npm closing`);
-        process.exit(1);
-      });
-      input.on('data', data => {
-        conn.write(data);
-      }).on('end', () => {
-        conn.unref();
-        conn.end();
-        if (wasProgressEnabled) {
-          npmlog.enableProgress();
-        }
-        npmlog.resume();
-        captureState.nextCapture();
-      });
-    }).listen(sock, () => resolve(server)).on('error', reject).unref();
-    process.on('exit', () => {
-      server.close();
-      tryUnlinkSync(sock);
-    });
-    resolve(server);
-  });
-}
-function createStandardTTYServer(colorLevel, isInteractive,
-// eslint-disable-next-line @typescript-eslint/consistent-type-imports
-npmlog) {
-  const captureState = {
-    captured: false,
-    nextCapture: () => {
-      if (captureState.pendingCaptures.length > 0) {
-        const pendingCapture = captureState.pendingCaptures.shift();
-        pendingCapture?.resolve();
-      } else {
-        captureState.captured = false;
-      }
-    },
-    pendingCaptures: []
-  };
-  tryUnlinkSync(sock);
-  const input = isInteractive ? process.stdin : undefined;
-  const output = process.stderr;
-  let ipcServerPromise;
-  if (input) {
-    ipcServerPromise = createIPCServer(colorLevel, captureState, npmlog);
-  }
-  return {
-    async captureTTY(mutexFn) {
-      await ipcServerPromise;
-      if (captureState.captured) {
-        const captured = new Promise(resolve => {
-          captureState.pendingCaptures.push({
-            resolve() {
-              resolve();
-            }
-          });
-        });
-        await captured;
-      } else {
-        captureState.captured = true;
-      }
-      const wasProgressEnabled = npmlog.progressEnabled;
-      try {
-        npmlog.pause();
-        if (wasProgressEnabled) {
-          npmlog.disableProgress();
-        }
-        return await mutexFn(colorLevel, input, output);
-      } finally {
-        if (wasProgressEnabled) {
-          npmlog.enableProgress();
-        }
-        npmlog.resume();
-        captureState.nextCapture();
-      }
-    }
-  };
-}
-function tryUnlinkSync(filepath) {
-  try {
-    (0, _nodeFs$1.unlinkSync)(filepath);
-  } catch (e) {
-    if ((0, _typeHelpers$1.isErrnoException)(e) && e.code !== 'ENOENT') {
-      throw e;
-    }
-  }
-}
-function createTTYServer(colorLevel, isInteractive, npmlog) {
-  return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(colorLevel, isInteractive, npmlog);
-}
-
-var issueRules = {};
-
-Object.defineProperty(issueRules, "__esModule", {
-  value: true
-});
-issueRules.createIssueUXLookup = createIssueUXLookup;
-//#region UX Constants
-
-const IGNORE_UX = {
-  block: false,
-  display: false
-};
-const WARN_UX = {
-  block: false,
-  display: true
-};
-const ERROR_UX = {
-  block: true,
-  display: true
-};
-//#endregion
-//#region utils
-
-/**
- * Iterates over all entries with ordered issue rule for deferral
- * Iterates over all issue rules and finds the first defined value that does not defer otherwise uses the defaultValue
- * Takes the value and converts into a UX workflow
- *
- * @param {Iterable<Iterable<NonNormalizedIssueRule>>} entriesOrderedIssueRules
- * @param {NonNormalizedResolvedIssueRule} defaultValue
- * @returns {RuleActionUX}
- */
-function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
-  if (defaultValue === true || defaultValue == null) {
-    defaultValue = {
-      action: 'error'
-    };
-  } else if (defaultValue === false) {
-    defaultValue = {
-      action: 'ignore'
-    };
-  }
-  let block = false;
-  let display = false;
-  let needDefault = true;
-  iterate_entries: for (const issueRuleArr of entriesOrderedIssueRules) {
-    for (const rule of issueRuleArr) {
-      if (issueRuleValueDoesNotDefer(rule)) {
-        needDefault = false;
-        const narrowingFilter = uxForDefinedNonDeferValue(rule);
-        block = block || narrowingFilter.block;
-        display = display || narrowingFilter.display;
-        continue iterate_entries;
-      }
-    }
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
-    block = block || narrowingFilter.block;
-    display = display || narrowingFilter.display;
-  }
-  if (needDefault) {
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
-    block = block || narrowingFilter.block;
-    display = display || narrowingFilter.display;
-  }
-  return {
-    block,
-    display
-  };
-}
-
-/**
- * Negative form because it is narrowing the type
- */
-function issueRuleValueDoesNotDefer(issueRule) {
-  if (issueRule === undefined) {
-    return false;
-  } else if (typeof issueRule === 'object' && issueRule) {
-    const {
-      action
-    } = issueRule;
-    if (action === undefined || action === 'defer') {
-      return false;
-    }
-  }
-  return true;
-}
-
-/**
- * Handles booleans for backwards compatibility
-
- */
-function uxForDefinedNonDeferValue(issueRuleValue) {
-  if (typeof issueRuleValue === 'boolean') {
-    return issueRuleValue ? ERROR_UX : IGNORE_UX;
-  }
-  const {
-    action
-  } = issueRuleValue;
-  if (action === 'warn') {
-    return WARN_UX;
-  } else if (action === 'ignore') {
-    return IGNORE_UX;
-  }
-  return ERROR_UX;
-}
-//#endregion
-
-//#region exports
-
-function createIssueUXLookup(settings) {
-  const cachedUX = new Map();
-  return context => {
-    const key = context.issue.type;
-    let ux = cachedUX.get(key);
-    if (ux) {
-      return ux;
-    }
-    const entriesOrderedIssueRules = [];
-    for (const settingsEntry of settings.entries) {
-      const orderedIssueRules = [];
-      let target = settingsEntry.start;
-      while (target !== null) {
-        const resolvedTarget = settingsEntry.settings[target];
-        if (!resolvedTarget) {
-          break;
-        }
-        const issueRuleValue = resolvedTarget.issueRules?.[key];
-        if (typeof issueRuleValue !== 'undefined') {
-          orderedIssueRules.push(issueRuleValue);
-        }
-        target = resolvedTarget.deferTo ?? null;
-      }
-      entriesOrderedIssueRules.push(orderedIssueRules);
-    }
-    const defaultValue = settings.defaults.issueRules[key];
-    let resolvedDefaultValue = {
-      action: 'error'
-    };
-    if (defaultValue === false) {
-      resolvedDefaultValue = {
-        action: 'ignore'
-      };
-    } else if (defaultValue && defaultValue !== true) {
-      resolvedDefaultValue = {
-        action: defaultValue.action ?? 'error'
-      };
-    }
-    ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
-    cachedUX.set(key, ux);
-    return ux;
-  };
-}
-
-var _interopRequireWildcard = vendor.interopRequireWildcard.default;
-var _interopRequireDefault = vendor.interopRequireDefault.default;
-Object.defineProperty(npmInjection, "__esModule", {
-  value: true
-});
-npmInjection.findRoot = findRoot;
-var _nodeEvents = require$$0$3;
-var _nodeFs = require$$0$1;
-var _nodeHttps = require$$4;
-var _nodePath = require$$1;
-var _nodeReadline = require$$3;
-var _nodeStream = require$$0$2;
-var _promises = require$$0$4;
-var _config = require$$3$1;
-var _chalk = _interopRequireDefault(vendor.source);
-var _isInteractive = _interopRequireDefault(vendor.isInteractive);
-var _ora = _interopRequireWildcard(vendor.ora);
-var _link = link.link;
-var _ttyServer = ttyServer$1;
-var _chalkMarkdown = sdk.chalkMarkdown;
-var _issueRules = issueRules;
-var _sdk = sdk.sdk;
-var _settings = sdk.settings;
-var _typeHelpers = typeHelpers;
-const LOOP_SENTINEL = 1_000_000;
-const distPath = __dirname;
-const rootPath = _nodePath.resolve(distPath, '..');
-const binPath = _nodePath.join(rootPath, 'bin');
-const npmEntrypoint = (0, _nodeFs.realpathSync)(`${process.argv[1]}`);
-const npmRootPath = findRoot(_nodePath.dirname(npmEntrypoint));
-const POTENTIALLY_BUG_ERROR_SNIPPET = 'this is potentially a bug with socket-npm caused by changes to the npm cli';
-const abortController = new AbortController();
-const {
-  signal: abortSignal
-} = abortController;
-const translations = require(_nodePath.join(rootPath, 'translations.json'));
-if (npmRootPath === undefined) {
-  console.error(`Unable to find npm cli install directory, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
-  console.error(`Searched parent directories of ${npmEntrypoint}`);
-  process.exit(127);
-}
-const npmDepPath = _nodePath.join(npmRootPath, 'node_modules');
-const arboristClassPath = _nodePath.join(npmDepPath, '@npmcli/arborist/lib/arborist/index.js');
-const Arborist = require(arboristClassPath);
-
-// eslint-disable-next-line @typescript-eslint/consistent-type-imports
-let tarball;
-try {
-  tarball = require(_nodePath.join(npmDepPath, 'pacote')).tarball;
-} catch {
-  tarball = require$$20.tarball;
-}
-
-// eslint-disable-next-line @typescript-eslint/consistent-type-imports
-let npmlog;
-try {
-  npmlog = require(_nodePath.join(npmDepPath, 'proc-log/lib/index.js')).log;
-} catch {}
-if (npmlog === undefined) {
-  try {
-    npmlog = require(_nodePath.join(npmDepPath, 'npmlog/lib/log.js'));
-  } catch {}
-}
-if (npmlog === undefined) {
-  console.error(`Unable to integrate with npm cli logging infrastructure, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
-  process.exit(127);
-}
-const kCtorArgs = Symbol('ctorArgs');
-const kRiskyReify = Symbol('riskyReify');
-const formatter = new _chalkMarkdown.ChalkOrMarkdown(false);
-const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
-const ttyServer = (0, _ttyServer.createTTYServer)(_chalk.default.level, (0, _isInteractive.default)({
-  stream: process.stdin
-}), npmlog);
-let _uxLookup;
-async function uxLookup(settings) {
-  // eslint-disable-next-line no-unmodified-loop-condition
-  while (_uxLookup === undefined) {
-    await (0, _promises.setTimeout)(1, {
-      signal: abortSignal
-    });
-  }
-  return _uxLookup(settings);
-}
-async function* batchScan(pkgIds) {
-  const query = {
-    packages: pkgIds.map(pkgid => {
-      const {
-        name,
-        version
-      } = pkgidParts(pkgid);
-      return {
-        eco: 'npm',
-        pkg: name,
-        ver: version,
-        top: true
-      };
-    })
-  };
-  // TODO: migrate to SDK
-  const pkgDataReq = _nodeHttps.request('https://api.socket.dev/v0/scan/batch', {
-    method: 'POST',
-    headers: {
-      Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
-    },
-    signal: abortSignal
-  }).end(JSON.stringify(query));
-  const {
-    0: res
-  } = await _nodeEvents.once(pkgDataReq, 'response');
-  const ok = res.statusCode >= 200 && res.statusCode <= 299;
-  if (!ok) {
-    throw new Error(`Socket API Error: ${res.statusCode}`);
-  }
-  const rli = _nodeReadline.createInterface(res);
-  for await (const line of rli) {
-    yield JSON.parse(line);
-  }
-}
-function findRoot(filepath) {
-  let curPath = filepath;
-  while (true) {
-    if (_nodePath.basename(curPath) === 'npm') {
-      return curPath;
-    }
-    const parent = _nodePath.dirname(curPath);
-    if (parent === curPath) {
-      return undefined;
-    }
-    curPath = parent;
-  }
-}
-function findSocketYML() {
-  let prevDir = null;
-  let dir = process.cwd();
-  while (dir !== prevDir) {
-    let ymlPath = _nodePath.join(dir, 'socket.yml');
-    let yml = maybeReadfileSync(ymlPath);
-    if (yml === undefined) {
-      ymlPath = _nodePath.join(dir, 'socket.yaml');
-      yml = maybeReadfileSync(ymlPath);
-    }
-    if (typeof yml === 'string') {
-      try {
-        return {
-          path: ymlPath,
-          parsed: _config.parseSocketConfig(yml)
-        };
-      } catch {
-        throw new Error(`Found file but was unable to parse ${ymlPath}`);
-      }
-    }
-    prevDir = dir;
-    dir = _nodePath.join(dir, '..');
-  }
-  return null;
-}
-function maybeReadfileSync(filepath) {
-  try {
-    return (0, _nodeFs.existsSync)(filepath) ? (0, _nodeFs.readFileSync)(filepath, 'utf8') : undefined;
-  } catch {}
-  return undefined;
-}
-async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
-  let result = false;
-  let remaining = pkgs.length;
-  if (!remaining) {
-    (0, _ora.default)('').succeed('No changes detected');
-    return result;
-  }
-  const getText = () => `Looking up data for ${remaining} packages`;
-  const spinner = (0, _ora.default)({
-    color: 'cyan',
-    stream: output,
-    isEnabled: true,
-    isSilent: false,
-    hideCursor: true,
-    discardStdin: true,
-    spinner: _ora.spinners.dots
-  }).start(getText());
-  try {
-    for await (const pkgData of batchScan(pkgs.map(pkg => pkg.pkgid))) {
-      let failures = [];
-      let displayWarning = false;
-      const name = pkgData.pkg;
-      const version = pkgData.ver;
-      const id = `${name}@${version}`;
-      if (pkgData.type === 'missing') {
-        result = true;
-        failures.push({
-          type: 'missingDependency'
-        });
-      } else {
-        let blocked = false;
-        for (const failure of pkgData.value.issues) {
-          const ux = await uxLookup({
-            package: {
-              name,
-              version
-            },
-            issue: {
-              type: failure.type
-            }
-          });
-          if (ux.display || ux.block) {
-            failures.push({
-              raw: failure,
-              block: ux.block
-            });
-            // before we ask about problematic issues, check to see if they
-            // already existed in the old version if they did, be quiet
-            const pkg = pkgs.find(pkg => pkg.pkgid === id && pkg.existing?.startsWith(`${name}@`));
-            if (pkg?.existing) {
-              for await (const oldPkgData of batchScan([pkg.existing])) {
-                if (oldPkgData.type === 'success') {
-                  failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.raw.type) == null);
-                }
-              }
-            }
-          }
-          if (ux.block) {
-            result = true;
-            blocked = true;
-          }
-          if (ux.display) {
-            displayWarning = true;
-          }
-        }
-        if (!blocked) {
-          const pkg = pkgs.find(pkg => pkg.pkgid === id);
-          if (pkg) {
-            await tarball.stream(id, stream => {
-              stream.resume();
-              return stream.promise();
-            }, {
-              ...safeArb[kCtorArgs][0]
-            });
-          }
-        }
-      }
-      if (displayWarning) {
-        spinner.stop();
-        output?.write(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:\n`);
-        failures.sort((a, b) => a.raw.type < b.raw.type ? -1 : 1);
-        const lines = new Set();
-        for (const failure of failures) {
-          const type = failure.raw.type;
-          if (type) {
-            const issueTypeTranslation = translations.issues[type];
-            // TODO: emoji seems to mis-align terminals sometimes
-            lines.add(`  ${issueTypeTranslation?.title ?? type}${failure.block ? '' : ' (non-blocking)'} - ${issueTypeTranslation?.description ?? ''}\n`);
-          }
-        }
-        for (const line of lines) {
-          output?.write(line);
-        }
-        spinner.start();
-      }
-      remaining--;
-      spinner.text = remaining > 0 ? getText() : '';
-    }
-    return result;
-  } finally {
-    if (spinner.isSpinning) {
-      spinner.stop();
-    }
-  }
-}
-function pkgidParts(pkgid) {
-  const delimiter = pkgid.lastIndexOf('@');
-  const name = pkgid.slice(0, delimiter);
-  const version = pkgid.slice(delimiter + 1);
-  return {
-    name,
-    version
-  };
-}
-function toPURL(pkgid, resolved) {
-  const repo = resolved.replace(/#[\s\S]*$/u, '').replace(/\?[\s\S]*$/u, '').replace(/\/[^/]*\/-\/[\s\S]*$/u, '');
-  const {
-    name,
-    version
-  } = pkgidParts(pkgid);
-  return {
-    type: 'npm',
-    namespace_and_name: name,
-    version,
-    repository_url: repo
-  };
-}
-function walk(diff_, needInfoOn = []) {
-  const queue = [diff_];
-  let pos = 0;
-  let {
-    length: queueLength
-  } = queue;
-  while (pos < queueLength) {
-    if (pos === LOOP_SENTINEL) {
-      throw new Error('Detected infinite loop while walking Arborist diff');
-    }
-    const diff = queue[pos++];
-    if (!diff) {
-      continue;
-    }
-    if (diff.action) {
-      const sameVersion = diff.actual?.package.version === diff.ideal?.package.version;
-      let keep = false;
-      let existing = null;
-      if (diff.action === 'CHANGE') {
-        if (!sameVersion) {
-          existing = diff.actual.pkgid;
-          keep = true;
-        }
-      } else {
-        keep = diff.action !== 'REMOVE';
-      }
-      if (keep && diff.ideal?.pkgid && diff.ideal.resolved && (!diff.actual || diff.actual.resolved)) {
-        needInfoOn.push({
-          existing,
-          action: diff.action,
-          location: diff.ideal.location,
-          pkgid: diff.ideal.pkgid,
-          newPackage: toPURL(diff.ideal.pkgid, diff.ideal.resolved),
-          oldPackage: diff.actual && diff.actual.resolved ? toPURL(diff.actual.pkgid, diff.actual.resolved) : null,
-          resolved: diff.ideal.resolved
-        });
-      }
-    }
-    if (diff.children) {
-      for (const child of diff.children) {
-        queue[queueLength++] = child;
-      }
-    }
-  }
-  return needInfoOn;
-}
-class SafeArborist extends Arborist {
-  constructor(...ctorArgs) {
-    const mutedArguments = [{
-      ...(ctorArgs[0] ?? {}),
-      audit: true,
-      dryRun: true,
-      ignoreScripts: true,
-      save: false,
-      saveBundle: false,
-      // progress: false,
-      fund: false
-    }, ctorArgs.slice(1)];
-    super(...mutedArguments);
-    this[kCtorArgs] = ctorArgs;
-  }
-  async [kRiskyReify](...args) {
-    // safe arborist has suffered side effects and must be rebuilt from scratch
-    const arb = new Arborist(...this[kCtorArgs]);
-    const ret = await arb.reify(...args);
-    Object.assign(this, arb);
-    return ret;
-  }
-  async reify(...args) {
-    const options = args[0] ? {
-      ...args[0]
-    } : {};
-    if (options.dryRun) {
-      return await this[kRiskyReify](...args);
-    }
-    const old = {
-      ...options,
-      dryRun: false,
-      save: Boolean(options['save'] ?? true),
-      saveBundle: Boolean(options['saveBundle'] ?? false)
-    };
-    args[0] = options;
-    options.dryRun = true;
-    options['save'] = false;
-    options['saveBundle'] = false;
-    // TODO: make this deal w/ any refactor to private fields by punching the class itself
-    await super.reify(...args);
-    const diff = walk(this['diff']);
-    options.dryRun = old.dryRun;
-    options['save'] = old.save;
-    options['saveBundle'] = old.saveBundle;
-    // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.newPackage.repository_url === 'https://registry.npmjs.org') === -1) {
-      return await this[kRiskyReify](...args);
-    }
-    const proceed = await ttyServer.captureTTY(async (colorLevel, input, output) => {
-      _chalk.default.level = colorLevel;
-      if (input && output) {
-        const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
-        if (!risky) {
-          return true;
-        }
-        const rlin = new _nodeStream.PassThrough();
-        input.pipe(rlin);
-        const rlout = new _nodeStream.PassThrough();
-        rlout.pipe(output, {
-          end: false
-        });
-        const rli = _nodeReadline.createInterface(rlin, rlout);
-        try {
-          while (true) {
-            const answer = await new Promise(resolve => {
-              rli.question('Accept risks of installing these packages (y/N)?\n', {
-                signal: abortSignal
-              }, resolve);
-            });
-            if (/^\s*y(?:es)?\s*$/i.test(answer)) {
-              return true;
-            }
-            if (/^(?:\s*no?\s*|)$/i.test(answer)) {
-              return false;
-            }
-          }
-        } finally {
-          rli.close();
-        }
-      } else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
-        throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');
-      }
-      return true;
-    });
-    if (proceed) {
-      return await this[kRiskyReify](...args);
-    } else {
-      throw new Error('Socket npm exiting due to risks');
-    }
-  }
-}
-require.cache[arboristClassPath].exports = SafeArborist;
-async function main() {
-  // shadow `npm` and `npx` to mitigate subshells
-  (0, _link.installLinks)((0, _nodeFs.realpathSync)(binPath), 'npm');
-  const remoteSettings = await (async () => {
-    try {
-      const sdk = await (0, _sdk.setupSdk)(pubToken);
-      const orgResult = await sdk.getOrganizations();
-      if (!orgResult.success) {
-        throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message);
-      }
-      const orgs = [];
-      for (const org of Object.values(orgResult.data.organizations)) {
-        if (org) {
-          orgs.push(org);
-        }
-      }
-      const result = await sdk.postSettings(orgs.map(org => {
-        return {
-          organization: org.id
-        };
-      }));
-      if (!result.success) {
-        throw new Error('Failed to fetch API key settings: ' + result.error.message);
-      }
-      return {
-        orgs,
-        settings: result.data
-      };
-    } catch (e) {
-      if (typeof e === 'object' && e !== null && 'cause' in e) {
-        const {
-          cause
-        } = e;
-        if ((0, _typeHelpers.isErrnoException)(cause)) {
-          if (cause.code === 'ENOTFOUND' || cause.code === 'ECONNREFUSED') {
-            throw new Error('Unable to connect to socket.dev, ensure internet connectivity before retrying', {
-              cause: e
-            });
-          }
-        }
-      }
-      throw e;
-    }
-  })();
-  const {
-    orgs,
-    settings
-  } = remoteSettings;
-  const enforcedOrgs = (0, _settings.getSetting)('enforcedOrgs') ?? [];
-
-  // remove any organizations not being enforced
-  for (const {
-    0: i,
-    1: org
-  } of orgs.entries()) {
-    if (!enforcedOrgs.includes(org.id)) {
-      settings.entries.splice(i, 1);
-    }
-  }
-  const socketYml = findSocketYML();
-  if (socketYml) {
-    settings.entries.push({
-      start: socketYml.path,
-      // @ts-ignore
-      settings: {
-        [socketYml.path]: {
-          deferTo: null,
-          issueRules: socketYml.parsed.issueRules
-        }
-      }
-    });
-  }
-  _uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
-}
-void main();
-
-exports.npmInjection = npmInjection;