@socketsecurity/cli 0.14.130 → 0.14.132
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +37 -44
- package/bin/npx-cli.js +1 -3
- package/dist/{module-sync/cli.js → cli.js} +55 -36
- package/dist/cli.js.map +1 -0
- package/dist/constants.js +8 -25
- package/dist/constants.js.map +1 -1
- package/dist/{module-sync/shadow-bin.js → shadow-bin.js} +52 -1
- package/dist/shadow-bin.js.map +1 -0
- package/dist/{module-sync/shadow-npm-inject.js → shadow-npm-inject.js} +60 -16
- package/dist/shadow-npm-inject.js.map +1 -0
- package/dist/shadow-npm-paths.js.map +1 -0
- package/dist/{module-sync/vendor.js → vendor.js} +10320 -4778
- package/dist/vendor.js.map +1 -0
- package/package.json +16 -26
- package/dist/constants.d.ts +0 -285
- package/dist/module-sync/arborist-helpers.d.ts +0 -68
- package/dist/module-sync/artifact.d.ts +0 -63
- package/dist/module-sync/cli.d.ts +0 -2
- package/dist/module-sync/cli.js.map +0 -1
- package/dist/module-sync/cmd.d.ts +0 -4
- package/dist/module-sync/config.d.ts +0 -44
- package/dist/module-sync/constants.js +0 -3
- package/dist/module-sync/edge.d.ts +0 -78
- package/dist/module-sync/errors.d.ts +0 -29
- package/dist/module-sync/fs.d.ts +0 -63
- package/dist/module-sync/index.d.ts +0 -34
- package/dist/module-sync/node.d.ts +0 -121
- package/dist/module-sync/override-set.d.ts +0 -43
- package/dist/module-sync/package-environment.d.ts +0 -83
- package/dist/module-sync/path-resolve.d.ts +0 -15
- package/dist/module-sync/sdk.d.ts +0 -9
- package/dist/module-sync/semver.d.ts +0 -17
- package/dist/module-sync/shadow-bin.d.ts +0 -5
- package/dist/module-sync/shadow-bin.js.map +0 -1
- package/dist/module-sync/shadow-npm-inject.d.ts +0 -1
- package/dist/module-sync/shadow-npm-inject.js.map +0 -1
- package/dist/module-sync/shadow-npm-paths.d.ts +0 -27
- package/dist/module-sync/shadow-npm-paths.js.map +0 -1
- package/dist/module-sync/socket-package-alert.d.ts +0 -104
- package/dist/module-sync/vendor.d.ts +0 -0
- package/dist/module-sync/vendor.js.map +0 -1
- package/dist/require/cli.d.ts +0 -2
- package/dist/require/cli.js +0 -12336
- package/dist/require/cli.js.map +0 -1
- package/dist/require/constants.js +0 -3
- package/dist/require/shadow-bin.d.ts +0 -5
- package/dist/require/shadow-bin.js +0 -106
- package/dist/require/shadow-bin.js.map +0 -1
- package/dist/require/shadow-npm-inject.d.ts +0 -1
- package/dist/require/shadow-npm-inject.js +0 -2596
- package/dist/require/shadow-npm-inject.js.map +0 -1
- package/dist/require/shadow-npm-paths.d.ts +0 -27
- package/dist/require/shadow-npm-paths.js +0 -292
- package/dist/require/shadow-npm-paths.js.map +0 -1
- package/dist/require/vendor.js +0 -3
- /package/dist/{module-sync/shadow-npm-paths.js → shadow-npm-paths.js} +0 -0
package/dist/constants.js
CHANGED
|
@@ -35,7 +35,6 @@ const INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'
|
|
|
35
35
|
const INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'
|
|
36
36
|
const LOCALAPPDATA = 'LOCALAPPDATA'
|
|
37
37
|
const LOCK_EXT = '.lock'
|
|
38
|
-
const MODULE_SYNC = 'module-sync'
|
|
39
38
|
const NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'
|
|
40
39
|
const NPM_REGISTRY_URL = 'https://registry.npmjs.org'
|
|
41
40
|
const PNPM = 'pnpm'
|
|
@@ -79,8 +78,6 @@ const YARN_BERRY = 'yarn/berry'
|
|
|
79
78
|
const YARN_CLASSIC = 'yarn/classic'
|
|
80
79
|
const YARN_LOCK = 'yarn.lock'
|
|
81
80
|
let _Sentry
|
|
82
|
-
const LAZY_DIST_TYPE = () =>
|
|
83
|
-
registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE
|
|
84
81
|
const LAZY_ENV = () => {
|
|
85
82
|
const { env: env$1 } = process
|
|
86
83
|
// We inline some environment values so that they CANNOT be influenced by user
|
|
@@ -167,20 +164,17 @@ const lazyBlessedOptions = () =>
|
|
|
167
164
|
useBCE: true
|
|
168
165
|
})
|
|
169
166
|
const lazyDistCliPath = () =>
|
|
170
|
-
// Lazily access constants.
|
|
171
|
-
path.join(constants.
|
|
167
|
+
// Lazily access constants.rootDistPath.
|
|
168
|
+
path.join(constants.rootDistPath, 'cli.js')
|
|
172
169
|
const lazyDistInstrumentWithSentryPath = () =>
|
|
173
170
|
// Lazily access constants.rootDistPath.
|
|
174
171
|
path.join(constants.rootDistPath, 'instrument-with-sentry.js')
|
|
175
|
-
const lazyDistPath = () =>
|
|
176
|
-
// Lazily access constants.rootDistPath and constants.DIST_TYPE.
|
|
177
|
-
path.join(constants.rootDistPath, constants.DIST_TYPE)
|
|
178
172
|
const lazyDistShadowNpmBinPath = () =>
|
|
179
|
-
// Lazily access constants.
|
|
180
|
-
path.join(constants.
|
|
173
|
+
// Lazily access constants.rootDistPath.
|
|
174
|
+
path.join(constants.rootDistPath, `${SHADOW_NPM_BIN}.js`)
|
|
181
175
|
const lazyDistShadowNpmInjectPath = () =>
|
|
182
|
-
// Lazily access constants.
|
|
183
|
-
path.join(constants.
|
|
176
|
+
// Lazily access constants.rootDistPath.
|
|
177
|
+
path.join(constants.rootDistPath, `${SHADOW_NPM_INJECT}.js`)
|
|
184
178
|
const lazyHomePath = () => os.homedir()
|
|
185
179
|
const lazyMinimumVersionByAgent = () =>
|
|
186
180
|
new Map([
|
|
@@ -234,12 +228,7 @@ const lazyRootBinPath = () =>
|
|
|
234
228
|
const lazyRootDistPath = () =>
|
|
235
229
|
// Lazily access constants.rootPath.
|
|
236
230
|
path.join(constants.rootPath, 'dist')
|
|
237
|
-
const lazyRootPath = () =>
|
|
238
|
-
path.join(
|
|
239
|
-
fs.realpathSync.native(__dirname),
|
|
240
|
-
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD']".
|
|
241
|
-
'..'
|
|
242
|
-
)
|
|
231
|
+
const lazyRootPath = () => path.join(fs.realpathSync.native(__dirname), '..')
|
|
243
232
|
const lazyShadowBinPath = () =>
|
|
244
233
|
// Lazily access constants.rootPath.
|
|
245
234
|
path.join(constants.rootPath, SHADOW_NPM_BIN)
|
|
@@ -257,8 +246,6 @@ const constants = createConstantsObject(
|
|
|
257
246
|
BUN,
|
|
258
247
|
CLI,
|
|
259
248
|
CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,
|
|
260
|
-
// Lazily defined values are initialized as `undefined` to keep their key order.
|
|
261
|
-
DIST_TYPE: undefined,
|
|
262
249
|
DRY_RUN_LABEL,
|
|
263
250
|
DRY_RUN_BAIL_TEXT,
|
|
264
251
|
ENV: undefined,
|
|
@@ -271,7 +258,6 @@ const constants = createConstantsObject(
|
|
|
271
258
|
INLINED_SOCKET_CLI_SENTRY_BUILD,
|
|
272
259
|
LOCALAPPDATA,
|
|
273
260
|
LOCK_EXT,
|
|
274
|
-
MODULE_SYNC,
|
|
275
261
|
NPM_BUGGY_OVERRIDES_PATCHED_VERSION,
|
|
276
262
|
NPM_REGISTRY_URL,
|
|
277
263
|
PNPM,
|
|
@@ -318,7 +304,6 @@ const constants = createConstantsObject(
|
|
|
318
304
|
blessedOptions: undefined,
|
|
319
305
|
distCliPath: undefined,
|
|
320
306
|
distInstrumentWithSentryPath: undefined,
|
|
321
|
-
distPath: undefined,
|
|
322
307
|
distShadowNpmBinPath: undefined,
|
|
323
308
|
distShadowNpmInjectPath: undefined,
|
|
324
309
|
homePath: undefined,
|
|
@@ -333,13 +318,11 @@ const constants = createConstantsObject(
|
|
|
333
318
|
},
|
|
334
319
|
{
|
|
335
320
|
getters: {
|
|
336
|
-
DIST_TYPE: LAZY_DIST_TYPE,
|
|
337
321
|
ENV: LAZY_ENV,
|
|
338
322
|
bashRcPath: lazyBashRcPath,
|
|
339
323
|
blessedOptions: lazyBlessedOptions,
|
|
340
324
|
distCliPath: lazyDistCliPath,
|
|
341
325
|
distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,
|
|
342
|
-
distPath: lazyDistPath,
|
|
343
326
|
distShadowNpmBinPath: lazyDistShadowNpmBinPath,
|
|
344
327
|
distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,
|
|
345
328
|
homePath: lazyHomePath,
|
|
@@ -370,5 +353,5 @@ const constants = createConstantsObject(
|
|
|
370
353
|
)
|
|
371
354
|
|
|
372
355
|
module.exports = constants
|
|
373
|
-
//# debugId=
|
|
356
|
+
//# debugId=bafad096-d8f4-4b7b-b609-c35a7cc0e110
|
|
374
357
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean, envAsString } from '@socketsecurity/registry/lib/env'\n\nimport type { Agent } from './utils/package-environment'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject,\n getIpc\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n LOCALAPPDATA: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n SOCKET_SECURITY_API_BASE_URL: string\n SOCKET_SECURITY_API_PROXY: string\n SOCKET_SECURITY_API_TOKEN: string\n SOCKET_SECURITY_GITHUB_PAT: string\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' | 'require'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly GITHUB_ACTIONS: 'GITHUB_ACTIONS'\n readonly GITHUB_REF_NAME: 'GITHUB_REF_NAME'\n readonly GITHUB_REF_TYPE: 'GITHUB_REF_TYPE'\n readonly GITHUB_REPOSITORY: 'GITHUB_REPOSITORY'\n readonly INLINED_SOCKET_CLI_LEGACY_BUILD: 'INLINED_SOCKET_CLI_LEGACY_BUILD'\n readonly INLINED_SOCKET_CLI_PUBLISHED_BUILD: 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\n readonly INLINED_SOCKET_CLI_SENTRY_BUILD: 'INLINED_SOCKET_CLI_SENTRY_BUILD'\n readonly IPC: IPC\n readonly LOCALAPPDATA: 'LOCALAPPDATA'\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly REQUIRE: 'require'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_APP_DIR: 'socket/settings'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_SECURITY_API_BASE_URL: 'SOCKET_SECURITY_API_BASE_URL'\n readonly SOCKET_SECURITY_API_PROXY: 'SOCKET_SECURITY_API_PROXY'\n readonly SOCKET_SECURITY_API_TOKEN: 'SOCKET_SECURITY_API_TOKEN'\n readonly SOCKET_SECURITY_GITHUB_PAT: 'SOCKET_SECURITY_GITHUB_PAT'\n readonly TERM: 'TERM'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly XDG_DATA_HOME: 'XDG_DATA_HOME'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst GITHUB_ACTIONS = 'GITHUB_ACTIONS'\nconst GITHUB_REF_NAME = 'GITHUB_REF_NAME'\nconst GITHUB_REF_TYPE = 'GITHUB_REF_TYPE'\nconst GITHUB_REPOSITORY = 'GITHUB_REPOSITORY'\nconst INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD'\nconst INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\nconst INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET = 'socket'\nconst SOCKET_APP_DIR = 'socket/settings'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli-with-sentry`\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_SECURITY_API_BASE_URL = 'SOCKET_SECURITY_API_BASE_URL'\nconst SOCKET_SECURITY_API_PROXY = 'SOCKET_SECURITY_API_PROXY'\nconst SOCKET_SECURITY_API_TOKEN = 'SOCKET_SECURITY_API_TOKEN'\nconst SOCKET_SECURITY_GITHUB_PAT = 'SOCKET_SECURITY_GITHUB_PAT'\nconst TERM = 'TERM'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst XDG_DATA_HOME = 'XDG_DATA_HOME'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow run.\n // This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.\n // For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // Inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_LEGACY_BUILD]\".\n INLINED_SOCKET_CLI_LEGACY_BUILD:\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n // Inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD:\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n // Inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n INLINED_SOCKET_CLI_SENTRY_BUILD:\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env['LOCALAPPDATA']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env['SOCKET_CLI_ACCEPT_RISKS']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env['SOCKET_CLI_VIEW_ALL_RISKS']),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_SECURITY_API_BASE_URL: envAsString(\n env['SOCKET_SECURITY_API_BASE_URL']\n ),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_SECURITY_API_PROXY: envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_SECURITY_API_TOKEN:\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.\n // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // A classic GitHub personal access token with the \"repo\" scope or a fine-grained\n // access token with read/write permissions set for \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_SECURITY_GITHUB_PAT: envAsString(env['SOCKET_SECURITY_GITHUB_PAT']),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME'])\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true\n })\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n [NPM, '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.9'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*']\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'] ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n // TODO: Investigate why dist/blessed errors with it enabled.\n // '--disable-proto',\n // 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n // TODO: Investigate why @octokit/rest errors with it enabled.\n // '--frozen-intrinsics',\n '--no-deprecation'\n ]\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n path.join(\n realpathSync.native(__dirname),\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD']\".\n process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n DIST_TYPE: undefined,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n GITHUB_ACTIONS,\n GITHUB_REF_NAME,\n GITHUB_REF_TYPE,\n GITHUB_REPOSITORY,\n INLINED_SOCKET_CLI_LEGACY_BUILD,\n INLINED_SOCKET_CLI_PUBLISHED_BUILD,\n INLINED_SOCKET_CLI_SENTRY_BUILD,\n LOCALAPPDATA,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_APP_DIR,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_SECURITY_API_BASE_URL,\n SOCKET_SECURITY_API_PROXY,\n SOCKET_SECURITY_API_TOKEN,\n SOCKET_SECURITY_GITHUB_PAT,\n TERM,\n VLT,\n WITH_SENTRY,\n XDG_DATA_HOME,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n blessedOptions: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n blessedOptions: lazyBlessedOptions,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n) as Constants\n\nexport default constants\n"],"names":["getIpc","env","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","INLINED_SOCKET_CLI_LEGACY_BUILD","INLINED_SOCKET_CLI_PUBLISHED_BUILD","INLINED_SOCKET_CLI_SENTRY_BUILD","LOCALAPPDATA","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_DEBUG","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","SOCKET_SECURITY_API_BASE_URL","SOCKET_SECURITY_API_PROXY","SOCKET_SECURITY_API_TOKEN","envAsString","SOCKET_SECURITY_GITHUB_PAT","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","constants","DIST_TYPE","ENV","bashRcPath","blessedOptions","distCliPath","distInstrumentWithSentryPath","distPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootDistPath","rootPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAWA;;;;;AAKE;;AAEEA;AACF;AACF;AA8IA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACA;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AACE;AAEA;AACAI;AAEI;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGR;AACE;AACAJ;AAEF;AACE;AACAA;AAEF;AAGI;AAC8D;AAGlE;AACE;AACAA;AAEF;AACE;AACAA;AAEII;;;;;;;;;;AAWF;AACAC;;;AAGAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqDAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACElB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;AAEEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"25a584aa-b8dd-46fe-a71a-f82483c74b87"}
|
|
1
|
+
{"version":3,"file":"constants.js","sources":["../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean, envAsString } from '@socketsecurity/registry/lib/env'\n\nimport type { Agent } from './utils/package-environment'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject,\n getIpc\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n GITHUB_ACTIONS: boolean\n GITHUB_REF_NAME: string\n GITHUB_REF_TYPE: string\n GITHUB_REPOSITORY: string\n LOCALAPPDATA: string\n SOCKET_CLI_ACCEPT_RISKS: boolean\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_VIEW_ALL_RISKS: boolean\n SOCKET_SECURITY_API_BASE_URL: string\n SOCKET_SECURITY_API_PROXY: string\n SOCKET_SECURITY_API_TOKEN: string\n SOCKET_SECURITY_GITHUB_PAT: string\n TERM: string\n XDG_DATA_HOME: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_BIN?: string | undefined\n SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly ENV: ENV\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly GITHUB_ACTIONS: 'GITHUB_ACTIONS'\n readonly GITHUB_REF_NAME: 'GITHUB_REF_NAME'\n readonly GITHUB_REF_TYPE: 'GITHUB_REF_TYPE'\n readonly GITHUB_REPOSITORY: 'GITHUB_REPOSITORY'\n readonly INLINED_SOCKET_CLI_LEGACY_BUILD: 'INLINED_SOCKET_CLI_LEGACY_BUILD'\n readonly INLINED_SOCKET_CLI_PUBLISHED_BUILD: 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\n readonly INLINED_SOCKET_CLI_SENTRY_BUILD: 'INLINED_SOCKET_CLI_SENTRY_BUILD'\n readonly IPC: IPC\n readonly LOCALAPPDATA: 'LOCALAPPDATA'\n readonly LOCK_EXT: '.lock'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_APP_DIR: 'socket/settings'\n readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n readonly SOCKET_SECURITY_API_BASE_URL: 'SOCKET_SECURITY_API_BASE_URL'\n readonly SOCKET_SECURITY_API_PROXY: 'SOCKET_SECURITY_API_PROXY'\n readonly SOCKET_SECURITY_API_TOKEN: 'SOCKET_SECURITY_API_TOKEN'\n readonly SOCKET_SECURITY_GITHUB_PAT: 'SOCKET_SECURITY_GITHUB_PAT'\n readonly TERM: 'TERM'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly XDG_DATA_HOME: 'XDG_DATA_HOME'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly blessedOptions: {\n smartCSR: boolean\n term: string\n useBCE: boolean\n }\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst GITHUB_ACTIONS = 'GITHUB_ACTIONS'\nconst GITHUB_REF_NAME = 'GITHUB_REF_NAME'\nconst GITHUB_REF_TYPE = 'GITHUB_REF_TYPE'\nconst GITHUB_REPOSITORY = 'GITHUB_REPOSITORY'\nconst INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD'\nconst INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\nconst INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET = 'socket'\nconst SOCKET_APP_DIR = 'socket/settings'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli-with-sentry`\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_SECURITY_API_BASE_URL = 'SOCKET_SECURITY_API_BASE_URL'\nconst SOCKET_SECURITY_API_PROXY = 'SOCKET_SECURITY_API_PROXY'\nconst SOCKET_SECURITY_API_TOKEN = 'SOCKET_SECURITY_API_TOKEN'\nconst SOCKET_SECURITY_GITHUB_PAT = 'SOCKET_SECURITY_GITHUB_PAT'\nconst TERM = 'TERM'\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst XDG_DATA_HOME = 'XDG_DATA_HOME'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Always set to true when GitHub Actions is running the workflow. This variable\n // can be used to differentiate when tests are being run locally or by GitHub Actions.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_ACTIONS: envAsBoolean(env['GITHUB_ACTIONS']),\n // The short ref name of the branch or tag that triggered the GitHub workflow run.\n // This value matches the branch or tag name shown on GitHub. For example, feature-branch-1.\n // For pull requests, the format is <pr_number>/merge.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n // The type of ref that triggered the workflow run. Valid values are branch or tag.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n // The owner and repository name. For example, octocat/Hello-World.\n // https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables\n GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n // Inlined flag to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_LEGACY_BUILD]\".\n INLINED_SOCKET_CLI_LEGACY_BUILD:\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n // Inlined flag to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD:\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n // Inlined flag to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n INLINED_SOCKET_CLI_SENTRY_BUILD:\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n // The location of the %localappdata% folder on Windows used to store user-specific,\n // non-roaming application data, like temporary files, cached data, and program\n // settings, that are specific to the current machine and user.\n LOCALAPPDATA: envAsString(env['LOCALAPPDATA']),\n // Flag to accepts risks of safe-npm and safe-npx run.\n SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env['SOCKET_CLI_ACCEPT_RISKS']),\n // Flag to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // Flag to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n // Flag to view all risks of safe-npm and safe-npx run.\n SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env['SOCKET_CLI_VIEW_ALL_RISKS']),\n // Flag to change the base URL for all API-calls.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_SECURITY_API_BASE_URL: envAsString(\n env['SOCKET_SECURITY_API_BASE_URL']\n ),\n // Flag to set the proxy all requests are routed through.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n SOCKET_SECURITY_API_PROXY: envAsString(env['SOCKET_SECURITY_API_PROXY']),\n // Flag to set the API token.\n // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n SOCKET_SECURITY_API_TOKEN:\n envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.\n // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.\n envAsString(env['SOCKET_SECURITY_API_KEY']),\n // A classic GitHub personal access token with the \"repo\" scope or a fine-grained\n // access token with read/write permissions set for \"Contents\" and \"Pull Request\".\n // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n SOCKET_SECURITY_GITHUB_PAT: envAsString(env['SOCKET_SECURITY_GITHUB_PAT']),\n // Specifies the type of terminal or terminal emulator being used by the process.\n TERM: envAsString(env['TERM']),\n // The location of the base directory on Linux and MacOS used to store\n // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME'])\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyBlessedOptions = () =>\n Object.freeze({\n smartCSR: true,\n // Lazily access constants.WIN32.\n term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n useBCE: true\n })\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n [NPM, '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.9'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*']\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'] ||\n // Lazily access constants.WIN32.\n constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n [\n // TODO: Investigate why dist/blessed errors with it enabled.\n // '--disable-proto',\n // 'throw',\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n // TODO: Investigate why @octokit/rest errors with it enabled.\n // '--frozen-intrinsics',\n '--no-deprecation'\n ]\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n GITHUB_ACTIONS,\n GITHUB_REF_NAME,\n GITHUB_REF_TYPE,\n GITHUB_REPOSITORY,\n INLINED_SOCKET_CLI_LEGACY_BUILD,\n INLINED_SOCKET_CLI_PUBLISHED_BUILD,\n INLINED_SOCKET_CLI_SENTRY_BUILD,\n LOCALAPPDATA,\n LOCK_EXT,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_APP_DIR,\n SOCKET_CLI_ACCEPT_RISKS,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_BIN,\n SOCKET_CLI_SAFE_PROGRESS,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VIEW_ALL_RISKS,\n SOCKET_SECURITY_API_BASE_URL,\n SOCKET_SECURITY_API_PROXY,\n SOCKET_SECURITY_API_TOKEN,\n SOCKET_SECURITY_GITHUB_PAT,\n TERM,\n VLT,\n WITH_SENTRY,\n XDG_DATA_HOME,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n blessedOptions: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n blessedOptions: lazyBlessedOptions,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n) as Constants\n\nexport default constants\n"],"names":["getIpc","env","GITHUB_ACTIONS","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","INLINED_SOCKET_CLI_LEGACY_BUILD","INLINED_SOCKET_CLI_PUBLISHED_BUILD","INLINED_SOCKET_CLI_SENTRY_BUILD","LOCALAPPDATA","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_DEBUG","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_VIEW_ALL_RISKS","SOCKET_SECURITY_API_BASE_URL","SOCKET_SECURITY_API_PROXY","SOCKET_SECURITY_API_TOKEN","envAsString","SOCKET_SECURITY_GITHUB_PAT","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","constants","ENV","bashRcPath","blessedOptions","distCliPath","distInstrumentWithSentryPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootDistPath","rootPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAWA;;;;;AAKE;;AAEEA;AACF;AACF;AA0IA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACA;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AAGA;AACA;AACAC;AACA;AACA;AACAC;AAEE;AACA;AACAC;AACF;AACA;AACA;AACAC;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AACE;AAEA;AACAI;AAEI;AACA;AACA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGR;AACE;AACAJ;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEII;;;;;;;;;;;;AAaFC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoDAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEhB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;AAEEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"bafad096-d8f4-4b7b-b609-c35a7cc0e110"}
|
|
@@ -8,6 +8,57 @@ const path = require('node:path')
|
|
|
8
8
|
const vendor = require('./vendor.js')
|
|
9
9
|
const shadowNpmPaths = require('./shadow-npm-paths.js')
|
|
10
10
|
const constants = require('./constants.js')
|
|
11
|
+
require('node:fs')
|
|
12
|
+
require('node:os')
|
|
13
|
+
require('node:fs/promises')
|
|
14
|
+
require('node:buffer')
|
|
15
|
+
require('node:util')
|
|
16
|
+
require('node:path')
|
|
17
|
+
require('node:fs')
|
|
18
|
+
require('node:tty')
|
|
19
|
+
require('node:https')
|
|
20
|
+
require('node:http')
|
|
21
|
+
require('node:url')
|
|
22
|
+
require('node:process')
|
|
23
|
+
require('node:events')
|
|
24
|
+
require('node:http')
|
|
25
|
+
require('node:https')
|
|
26
|
+
require('node:readline')
|
|
27
|
+
require('@socketsecurity/registry/lib/constants/abort-signal')
|
|
28
|
+
require('node:util')
|
|
29
|
+
require('node:url')
|
|
30
|
+
require('node:fs/promises')
|
|
31
|
+
require('node:child_process')
|
|
32
|
+
require('node:os')
|
|
33
|
+
require('node:tty')
|
|
34
|
+
require('node:crypto')
|
|
35
|
+
require('node:constants')
|
|
36
|
+
require('node:stream')
|
|
37
|
+
require('node:assert')
|
|
38
|
+
require('node:stream')
|
|
39
|
+
require('node:string_decoder')
|
|
40
|
+
require('node:path/win32')
|
|
41
|
+
require('node:module')
|
|
42
|
+
require('node:events')
|
|
43
|
+
require('node:buffer')
|
|
44
|
+
require('node:string_decoder')
|
|
45
|
+
require('node:child_process')
|
|
46
|
+
require('node:module')
|
|
47
|
+
require('@socketsecurity/registry/lib/logger')
|
|
48
|
+
require('@socketsecurity/registry/lib/path')
|
|
49
|
+
require('@socketsecurity/registry/lib/words')
|
|
50
|
+
require('./shadow-npm-inject.js')
|
|
51
|
+
require('@socketsecurity/registry/lib/arrays')
|
|
52
|
+
require('@socketsecurity/registry')
|
|
53
|
+
require('@socketsecurity/registry/lib/objects')
|
|
54
|
+
require('@socketsecurity/registry/lib/constants')
|
|
55
|
+
require('@socketsecurity/registry/lib/prompts')
|
|
56
|
+
require('@socketsecurity/registry/lib/strings')
|
|
57
|
+
require('@socketsecurity/registry/lib/fs')
|
|
58
|
+
require('@socketsecurity/registry/lib/packages')
|
|
59
|
+
require('node:timers/promises')
|
|
60
|
+
require('@socketsecurity/registry/lib/sorts')
|
|
61
|
+
require('@socketsecurity/registry/lib/env')
|
|
11
62
|
|
|
12
63
|
const { CLI, NPX } = constants
|
|
13
64
|
async function installLinks(realBinPath, binName) {
|
|
@@ -102,5 +153,5 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
|
|
|
102
153
|
}
|
|
103
154
|
|
|
104
155
|
module.exports = shadowBin
|
|
105
|
-
//# debugId=
|
|
156
|
+
//# debugId=313e790a-5075-4e29-8eaf-c781fda83d6e
|
|
106
157
|
//# sourceMappingURL=shadow-bin.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shadow-bin.js","sources":["../src/shadow/npm/link.ts","../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx'\n): Promise<string> {\n const isNpx = binName === NPX\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n path.join(realBinPath, binName)\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import process from 'node:process'\n\nimport { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isLoglevelFlag,\n isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2)\n) {\n process.exitCode = 1\n const useDebug = isDebug()\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n const binArgs = rawBinArgs.filter(a => !isProgressFlag(a))\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'].\n ...(process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\n ? [\n '--require',\n // Lazily access constants.distInstrumentWithSentryPath.\n constants.distInstrumentWithSentryPath\n ]\n : []),\n '--require',\n // Lazily access constants.distShadowNpmInjectPath.\n constants.distShadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs\n ],\n {\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc']\n }\n )\n // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_BIN]: binName,\n [SOCKET_CLI_SAFE_PROGRESS]: progressArg\n }\n })\n await spawnPromise\n}\n"],"names":["NPX","WIN32","env","SOCKET_IPC_HANDSHAKE","constants","process","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;AC9BA;;;AAAuDC;AAAqB;AAG7D;;AAKb;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AASA;AACAC;AACA;AACA;AACA;;AAEA;AACA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAC;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"313e790a-5075-4e29-8eaf-c781fda83d6e"}
|
|
@@ -6,15 +6,12 @@ const vendor = require('./vendor.js')
|
|
|
6
6
|
const logger = require('@socketsecurity/registry/lib/logger')
|
|
7
7
|
const constants = require('./constants.js')
|
|
8
8
|
const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
9
|
-
const packageurlJs = require('@socketregistry/packageurl-js')
|
|
10
9
|
const registry = require('@socketsecurity/registry')
|
|
11
|
-
const debug = require('@socketsecurity/registry/lib/debug')
|
|
12
10
|
const objects = require('@socketsecurity/registry/lib/objects')
|
|
13
|
-
const
|
|
11
|
+
const debug = require('@socketsecurity/registry/lib/debug')
|
|
14
12
|
const registryConstants = require('@socketsecurity/registry/lib/constants')
|
|
15
13
|
const prompts = require('@socketsecurity/registry/lib/prompts')
|
|
16
14
|
const strings = require('@socketsecurity/registry/lib/strings')
|
|
17
|
-
const sdk = require('@socketsecurity/sdk')
|
|
18
15
|
const fs = require('node:fs')
|
|
19
16
|
const os = require('node:os')
|
|
20
17
|
const path = require('node:path')
|
|
@@ -22,7 +19,45 @@ const fs$1 = require('@socketsecurity/registry/lib/fs')
|
|
|
22
19
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
23
20
|
const promises = require('node:timers/promises')
|
|
24
21
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
25
|
-
|
|
22
|
+
require('node:module')
|
|
23
|
+
require('@socketsecurity/registry/lib/path')
|
|
24
|
+
require('@socketsecurity/registry/lib/npm')
|
|
25
|
+
require('@socketsecurity/registry/lib/words')
|
|
26
|
+
require('./shadow-npm-inject.js')
|
|
27
|
+
require('node:fs/promises')
|
|
28
|
+
require('node:buffer')
|
|
29
|
+
require('node:util')
|
|
30
|
+
require('node:path')
|
|
31
|
+
require('node:fs')
|
|
32
|
+
require('node:tty')
|
|
33
|
+
require('node:https')
|
|
34
|
+
require('node:http')
|
|
35
|
+
require('node:url')
|
|
36
|
+
require('node:process')
|
|
37
|
+
require('node:events')
|
|
38
|
+
require('node:http')
|
|
39
|
+
require('node:https')
|
|
40
|
+
require('node:readline')
|
|
41
|
+
require('@socketsecurity/registry/lib/constants/abort-signal')
|
|
42
|
+
require('node:util')
|
|
43
|
+
require('node:url')
|
|
44
|
+
require('node:fs/promises')
|
|
45
|
+
require('node:child_process')
|
|
46
|
+
require('node:os')
|
|
47
|
+
require('node:tty')
|
|
48
|
+
require('node:crypto')
|
|
49
|
+
require('node:constants')
|
|
50
|
+
require('node:stream')
|
|
51
|
+
require('node:assert')
|
|
52
|
+
require('node:stream')
|
|
53
|
+
require('node:string_decoder')
|
|
54
|
+
require('node:path/win32')
|
|
55
|
+
require('node:module')
|
|
56
|
+
require('node:events')
|
|
57
|
+
require('node:buffer')
|
|
58
|
+
require('node:string_decoder')
|
|
59
|
+
require('node:child_process')
|
|
60
|
+
require('@socketsecurity/registry/lib/env')
|
|
26
61
|
|
|
27
62
|
const { NPM: NPM$3, PNPM } = constants
|
|
28
63
|
const PNPM_WORKSPACE = `${PNPM}-workspace`
|
|
@@ -606,7 +641,7 @@ async function setupSdk(
|
|
|
606
641
|
apiBaseUrl = getDefaultApiBaseUrl(),
|
|
607
642
|
proxy = getDefaultHttpProxy()
|
|
608
643
|
) {
|
|
609
|
-
if (typeof apiToken !== 'string' &&
|
|
644
|
+
if (typeof apiToken !== 'string' && vendor.isInteractiveExports()) {
|
|
610
645
|
apiToken = await prompts.password({
|
|
611
646
|
message:
|
|
612
647
|
'Enter your Socket.dev API key (not saved, use socket login to persist)'
|
|
@@ -616,18 +651,18 @@ async function setupSdk(
|
|
|
616
651
|
if (!apiToken) {
|
|
617
652
|
throw new AuthError('You need to provide an API key')
|
|
618
653
|
}
|
|
619
|
-
return new
|
|
654
|
+
return new vendor.distExports$2.SocketSdk(apiToken, {
|
|
620
655
|
agent: proxy
|
|
621
656
|
? new vendor.HttpsProxyAgent({
|
|
622
657
|
proxy
|
|
623
658
|
})
|
|
624
659
|
: undefined,
|
|
625
660
|
baseUrl: apiBaseUrl,
|
|
626
|
-
userAgent:
|
|
661
|
+
userAgent: vendor.distExports$2.createUserAgentFromPkgJson({
|
|
627
662
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
|
|
628
663
|
name: 'socket',
|
|
629
664
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
630
|
-
version: '0.14.
|
|
665
|
+
version: '0.14.132',
|
|
631
666
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
|
|
632
667
|
homepage: 'https://github.com/SocketDev/socket-cli'
|
|
633
668
|
})
|
|
@@ -1541,8 +1576,6 @@ function getDetailsFromDiff(diff_, options) {
|
|
|
1541
1576
|
) {
|
|
1542
1577
|
existing = oldNode
|
|
1543
1578
|
}
|
|
1544
|
-
} else {
|
|
1545
|
-
debug.debugLog('SKIPPING META CHANGE ON\n', diff)
|
|
1546
1579
|
}
|
|
1547
1580
|
} else {
|
|
1548
1581
|
keep = action !== DiffAction.remove
|
|
@@ -1594,7 +1627,9 @@ function updateNode(node, newVersion, newVersionPackument) {
|
|
|
1594
1627
|
// Update package.version associated with the node.
|
|
1595
1628
|
node.package.version = newVersion
|
|
1596
1629
|
// Update node.resolved.
|
|
1597
|
-
const purlObj =
|
|
1630
|
+
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
1631
|
+
`pkg:npm/${node.name}`
|
|
1632
|
+
)
|
|
1598
1633
|
node.resolved = `${NPM_REGISTRY_URL}/${node.name}/-/${purlObj.name}-${newVersion}.tgz`
|
|
1599
1634
|
// Update node.integrity with the targetPackument.dist.integrity value if available
|
|
1600
1635
|
// else delete node.integrity so a new value is resolved for the target version.
|
|
@@ -1804,7 +1839,7 @@ class ColorOrMarkdown {
|
|
|
1804
1839
|
return text
|
|
1805
1840
|
}
|
|
1806
1841
|
indent(...args) {
|
|
1807
|
-
return
|
|
1842
|
+
return vendor.indentStringExports(...args)
|
|
1808
1843
|
}
|
|
1809
1844
|
italic(text) {
|
|
1810
1845
|
return this.useMarkdown
|
|
@@ -2056,6 +2091,7 @@ async function addArtifactToAlertsMap(artifact, alertsByPkgId, options) {
|
|
|
2056
2091
|
return alertsByPkgId
|
|
2057
2092
|
}
|
|
2058
2093
|
function getCveInfoByAlertsMap(alertsMap, options) {
|
|
2094
|
+
debug.debugLog('getCveInfoByAlertsMap')
|
|
2059
2095
|
const exclude = {
|
|
2060
2096
|
upgradable: true,
|
|
2061
2097
|
...{
|
|
@@ -2065,7 +2101,9 @@ function getCveInfoByAlertsMap(alertsMap, options) {
|
|
|
2065
2101
|
}
|
|
2066
2102
|
let infoByPkg = null
|
|
2067
2103
|
for (const [pkgId, sockPkgAlerts] of alertsMap) {
|
|
2068
|
-
const purlObj =
|
|
2104
|
+
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
2105
|
+
`pkg:npm/${pkgId}`
|
|
2106
|
+
)
|
|
2069
2107
|
const name = packages.resolvePackageName(purlObj)
|
|
2070
2108
|
for (const sockPkgAlert of sockPkgAlerts) {
|
|
2071
2109
|
const alert = sockPkgAlert.raw
|
|
@@ -2085,6 +2123,10 @@ function getCveInfoByAlertsMap(alertsMap, options) {
|
|
|
2085
2123
|
}
|
|
2086
2124
|
const { firstPatchedVersionIdentifier, vulnerableVersionRange } =
|
|
2087
2125
|
alert.props
|
|
2126
|
+
debug.debugLog({
|
|
2127
|
+
firstPatchedVersionIdentifier,
|
|
2128
|
+
vulnerableVersionRange
|
|
2129
|
+
})
|
|
2088
2130
|
infos.push({
|
|
2089
2131
|
firstPatchedVersionIdentifier,
|
|
2090
2132
|
vulnerableVersionRange: new vendor.semverExports.Range(
|
|
@@ -2210,7 +2252,9 @@ function logAlertsMap(alertsMap, options) {
|
|
|
2210
2252
|
// TODO: emoji seems to mis-align terminals sometimes
|
|
2211
2253
|
lines.add(` ${content}`)
|
|
2212
2254
|
}
|
|
2213
|
-
const purlObj =
|
|
2255
|
+
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
2256
|
+
`pkg:npm/${pkgId}`
|
|
2257
|
+
)
|
|
2214
2258
|
const hyperlink = format.hyperlink(
|
|
2215
2259
|
pkgId,
|
|
2216
2260
|
getSocketDevPackageOverviewUrl(
|
|
@@ -2592,5 +2636,5 @@ exports.supportedConfigKeys = supportedConfigKeys
|
|
|
2592
2636
|
exports.updateConfigValue = updateConfigValue
|
|
2593
2637
|
exports.updateNode = updateNode
|
|
2594
2638
|
exports.updatePackageJsonFromNode = updatePackageJsonFromNode
|
|
2595
|
-
//# debugId=
|
|
2639
|
+
//# debugId=23ca00a1-6f09-4c44-97cd-9cf09c24625a
|
|
2596
2640
|
//# sourceMappingURL=shadow-npm-inject.js.map
|