@socketsecurity/cli 0.14.133 → 0.14.135
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +3 -3
- package/dist/cli.js.map +1 -1
- package/dist/shadow-bin.js +2 -2
- package/dist/shadow-bin.js.map +1 -1
- package/dist/shadow-npm-inject.js +10 -4
- package/dist/shadow-npm-inject.js.map +1 -1
- package/dist/vendor.js +9 -5
- package/dist/vendor.js.map +1 -1
- package/package.json +5 -5
package/dist/shadow-bin.js
CHANGED
|
@@ -49,13 +49,13 @@ require('@socketsecurity/registry/lib/path')
|
|
|
49
49
|
require('@socketsecurity/registry/lib/words')
|
|
50
50
|
require('./shadow-npm-inject.js')
|
|
51
51
|
require('@socketsecurity/registry/lib/arrays')
|
|
52
|
+
require('@socketsecurity/registry/lib/packages')
|
|
52
53
|
require('@socketsecurity/registry')
|
|
53
54
|
require('@socketsecurity/registry/lib/objects')
|
|
54
55
|
require('@socketsecurity/registry/lib/constants')
|
|
55
56
|
require('@socketsecurity/registry/lib/prompts')
|
|
56
57
|
require('@socketsecurity/registry/lib/strings')
|
|
57
58
|
require('@socketsecurity/registry/lib/fs')
|
|
58
|
-
require('@socketsecurity/registry/lib/packages')
|
|
59
59
|
require('node:timers/promises')
|
|
60
60
|
require('@socketsecurity/registry/lib/sorts')
|
|
61
61
|
require('@socketsecurity/registry/lib/env')
|
|
@@ -153,5 +153,5 @@ async function shadowBin(binName, args = process.argv.slice(2)) {
|
|
|
153
153
|
}
|
|
154
154
|
|
|
155
155
|
module.exports = shadowBin
|
|
156
|
-
//# debugId=
|
|
156
|
+
//# debugId=bb0b09bf-fa5a-4b1b-99ca-1fc80ff8f76d
|
|
157
157
|
//# sourceMappingURL=shadow-bin.js.map
|
package/dist/shadow-bin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shadow-bin.js","sources":["../src/shadow/npm/link.ts","../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx'\n): Promise<string> {\n const isNpx = binName === NPX\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n path.join(realBinPath, binName)\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import process from 'node:process'\n\nimport { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isLoglevelFlag,\n isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2)\n) {\n process.exitCode = 1\n const useDebug = isDebug()\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n const binArgs = rawBinArgs.filter(a => !isProgressFlag(a))\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'].\n ...(process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\n ? [\n '--require',\n // Lazily access constants.distInstrumentWithSentryPath.\n constants.distInstrumentWithSentryPath\n ]\n : []),\n '--require',\n // Lazily access constants.distShadowNpmInjectPath.\n constants.distShadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs\n ],\n {\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc']\n }\n )\n // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_BIN]: binName,\n [SOCKET_CLI_SAFE_PROGRESS]: progressArg\n }\n })\n await spawnPromise\n}\n"],"names":["NPX","WIN32","env","SOCKET_IPC_HANDSHAKE","constants","process","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;AC9BA;;;AAAuDC;AAAqB;AAG7D;;AAKb;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AASA;AACAC;AACA;AACA;AACA;;AAEA;AACA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAC;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"
|
|
1
|
+
{"version":3,"file":"shadow-bin.js","sources":["../src/shadow/npm/link.ts","../src/shadow/npm/bin.ts"],"sourcesContent":["import path from 'node:path'\nimport process from 'node:process'\n\nimport cmdShim from 'cmd-shim'\n\nimport {\n getNpmBinPath,\n getNpxBinPath,\n isNpmBinPathShadowed,\n isNpxBinPathShadowed\n} from './paths'\nimport constants from '../../constants'\n\nconst { CLI, NPX } = constants\n\nexport async function installLinks(\n realBinPath: string,\n binName: 'npm' | 'npx'\n): Promise<string> {\n const isNpx = binName === NPX\n // Find package manager being shadowed by this process.\n const binPath = isNpx ? getNpxBinPath() : getNpmBinPath()\n // Lazily access constants.WIN32.\n const { WIN32 } = constants\n // TODO: Is this early exit needed?\n if (WIN32 && binPath) {\n return binPath\n }\n const shadowed = isNpx ? isNpxBinPathShadowed() : isNpmBinPathShadowed()\n // Move our bin directory to front of PATH so its found first.\n if (!shadowed) {\n if (WIN32) {\n await cmdShim(\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, `${binName}-${CLI}.js`),\n path.join(realBinPath, binName)\n )\n }\n const { env } = process\n env['PATH'] = `${realBinPath}${path.delimiter}${env['PATH']}`\n }\n return binPath\n}\n","import process from 'node:process'\n\nimport { isDebug } from '@socketsecurity/registry/lib/debug'\nimport {\n isLoglevelFlag,\n isProgressFlag\n} from '@socketsecurity/registry/lib/npm'\nimport { spawn } from '@socketsecurity/registry/lib/spawn'\n\nimport { installLinks } from './link'\nimport constants from '../../constants'\n\nconst { SOCKET_CLI_SAFE_BIN, SOCKET_CLI_SAFE_PROGRESS, SOCKET_IPC_HANDSHAKE } =\n constants\n\nexport default async function shadowBin(\n binName: 'npm' | 'npx',\n args = process.argv.slice(2)\n) {\n process.exitCode = 1\n const useDebug = isDebug()\n const terminatorPos = args.indexOf('--')\n const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos)\n const progressArg = rawBinArgs.findLast(isProgressFlag) !== '--no-progress'\n const binArgs = rawBinArgs.filter(a => !isProgressFlag(a))\n const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos)\n const isSilent = !useDebug && !binArgs.some(isLoglevelFlag)\n // The default value of loglevel is \"notice\". We default to \"error\" which is\n // two levels quieter.\n const logLevelArgs = isSilent ? ['--loglevel', 'error'] : []\n const spawnPromise = spawn(\n // Lazily access constants.execPath.\n constants.execPath,\n [\n // Lazily access constants.nodeHardenFlags.\n ...constants.nodeHardenFlags,\n // Lazily access constants.nodeNoWarningsFlags.\n ...constants.nodeNoWarningsFlags,\n // Lazily access process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'].\n ...(process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\n ? [\n '--require',\n // Lazily access constants.distInstrumentWithSentryPath.\n constants.distInstrumentWithSentryPath\n ]\n : []),\n '--require',\n // Lazily access constants.distShadowNpmInjectPath.\n constants.distShadowNpmInjectPath,\n // Lazily access constants.shadowBinPath.\n await installLinks(constants.shadowBinPath, binName),\n // Add '--no-progress' to fix input being swallowed by the npm spinner.\n '--no-progress',\n // Add '--loglevel=error' if a loglevel flag is not provided and the\n // SOCKET_CLI_DEBUG environment variable is not truthy.\n ...logLevelArgs,\n ...binArgs,\n ...otherArgs\n ],\n {\n // 'inherit' + 'ipc'\n stdio: [0, 1, 2, 'ipc']\n }\n )\n // See https://nodejs.org/api/all.html#all_child_process_event-exit.\n spawnPromise.process.on('exit', (code, signalName) => {\n if (signalName) {\n process.kill(process.pid, signalName)\n } else if (code !== null) {\n // eslint-disable-next-line n/no-process-exit\n process.exit(code)\n }\n })\n spawnPromise.process.send({\n [SOCKET_IPC_HANDSHAKE]: {\n [SOCKET_CLI_SAFE_BIN]: binName,\n [SOCKET_CLI_SAFE_PROGRESS]: progressArg\n }\n })\n await spawnPromise\n}\n"],"names":["NPX","WIN32","env","SOCKET_IPC_HANDSHAKE","constants","process","spawnPromise"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA;;AAAaA;AAAI;AAEV;AAIL;AACA;;AAEA;;AACQC;AAAM;AACd;;AAEE;AACF;;AAEA;;AAEE;AACE;AACE;;AAIJ;;AACQC;AAAI;AACZA;AACF;AACA;AACF;;AC9BA;;;AAAuDC;AAAqB;AAG7D;;AAKb;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;;AAGE;;AAGE;;AAEA;;AAEA;;AASA;AACAC;AACA;AACA;AACA;;AAEA;AACA;;AAMA;;AAEF;AAEF;;AAEE;;AAEA;AACE;AACAC;AACF;AACF;AACAC;AACE;;AAEE;AACF;AACF;AACA;AACF;;","debugId":"bb0b09bf-fa5a-4b1b-99ca-1fc80ff8f76d"}
|
|
@@ -6,6 +6,7 @@ const vendor = require('./vendor.js')
|
|
|
6
6
|
const logger = require('@socketsecurity/registry/lib/logger')
|
|
7
7
|
const constants = require('./constants.js')
|
|
8
8
|
const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
9
|
+
const packages = require('@socketsecurity/registry/lib/packages')
|
|
9
10
|
const registry = require('@socketsecurity/registry')
|
|
10
11
|
const objects = require('@socketsecurity/registry/lib/objects')
|
|
11
12
|
const debug = require('@socketsecurity/registry/lib/debug')
|
|
@@ -16,7 +17,6 @@ const fs = require('node:fs')
|
|
|
16
17
|
const os = require('node:os')
|
|
17
18
|
const path = require('node:path')
|
|
18
19
|
const fs$1 = require('@socketsecurity/registry/lib/fs')
|
|
19
|
-
const packages = require('@socketsecurity/registry/lib/packages')
|
|
20
20
|
const promises = require('node:timers/promises')
|
|
21
21
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
22
22
|
require('node:module')
|
|
@@ -662,7 +662,7 @@ async function setupSdk(
|
|
|
662
662
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_NAME']".
|
|
663
663
|
name: 'socket',
|
|
664
664
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
665
|
-
version: '0.14.
|
|
665
|
+
version: '0.14.135',
|
|
666
666
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_HOMEPAGE']".
|
|
667
667
|
homepage: 'https://github.com/SocketDev/socket-cli'
|
|
668
668
|
})
|
|
@@ -2364,7 +2364,13 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
|
2364
2364
|
...options_
|
|
2365
2365
|
}
|
|
2366
2366
|
const depTypes = vendor.libExports$1.detectDepTypes(lockfile)
|
|
2367
|
-
const purls = Object.keys(depTypes).map(id =>
|
|
2367
|
+
const purls = Object.keys(depTypes).map(id => {
|
|
2368
|
+
const purlObj = vendor.packageurlJsExports.PackageURL.fromString(
|
|
2369
|
+
`pkg:npm/${id}`
|
|
2370
|
+
)
|
|
2371
|
+
const name = packages.resolvePackageName(purlObj)
|
|
2372
|
+
return `pkg:npm/${name}@${vendor.semverExports.coerce(purlObj.version)}`
|
|
2373
|
+
})
|
|
2368
2374
|
return await getAlertsMapFromPurls(purls, {
|
|
2369
2375
|
overrides: lockfile.overrides,
|
|
2370
2376
|
...options
|
|
@@ -2641,5 +2647,5 @@ exports.supportedConfigKeys = supportedConfigKeys
|
|
|
2641
2647
|
exports.updateConfigValue = updateConfigValue
|
|
2642
2648
|
exports.updateNode = updateNode
|
|
2643
2649
|
exports.updatePackageJsonFromNode = updatePackageJsonFromNode
|
|
2644
|
-
//# debugId=
|
|
2650
|
+
//# debugId=d16ea1a3-81bf-473e-9fa8-26fc9fdda46
|
|
2645
2651
|
//# sourceMappingURL=shadow-npm-inject.js.map
|