@socketsecurity/cli 0.14.20 → 0.14.22

package/dist/link.js

@@ -2,7 +2,7 @@
 
 var require$$0 = require('node:fs');
 var require$$1 = require('node:path');
-var require$$6 = require('which');
+var require$$8 = require('which');
 
 var link = {};
 
@@ -12,7 +12,7 @@ Object.defineProperty(link, "__esModule", {
 link.installLinks = installLinks;
 var _nodeFs = require$$0;
 var _nodePath = require$$1;
-var _which = require$$6;
+var _which = require$$8;
 function installLinks(realDirname, binName) {
   const realShadowBinDir = realDirname;
   // find package manager being shadowed by this process

package/dist/npm-cli.js

@@ -25,24 +25,24 @@ const injectionPath = _nodePath.join(realDirname, 'npm-injection.js');
 // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
 // is found to fix a UX issue when running the command with recent versions of
 // npm (input swallowed by the standard npm spinner)
-let npmArgs = [];
-if (process.argv.slice(2).includes('install')) {
+const npmArgs = process.argv.slice(2);
+if (npmArgs.includes('install') && !npmArgs.includes('--no-progress') && !npmArgs.includes('--quiet')) {
   const npmEntrypoint = (0, _nodeFs.realpathSync)(npmPath);
   const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
   if (npmRootPath === undefined) {
     process.exit(127);
   }
   const npmDepPath = _nodePath.join(npmRootPath, 'node_modules');
-  let npmlog;
+  let procLog;
   try {
-    npmlog = require(_nodePath.join(npmDepPath, 'proc-log/lib/index.js')).log;
+    procLog = require(_nodePath.join(npmDepPath, 'proc-log/lib/index.js')).log;
   } catch {}
-  if (npmlog) {
-    npmArgs = ['--quiet', '--no-progress'];
+  if (procLog) {
+    npmArgs.push('--no-progress', '--quiet');
   }
 }
 process.exitCode = 1;
-const spawnPromise = _promiseSpawn(process.execPath, ['--require', injectionPath, npmPath, ...process.argv.slice(2), ...npmArgs], {
+const spawnPromise = _promiseSpawn(process.execPath, ['--require', injectionPath, npmPath, ...npmArgs], {
   stdio: 'inherit'
 });
 spawnPromise.process.on('exit', (code, signal) => {

package/dist/npm-injection.js

@@ -17,7 +17,6 @@ var require$$1$1 = require('node:net');
 var require$$2 = require('node:os');
 var require$$6 = require('../package.json');
 var pathResolve = require('./path-resolve.js');
-var require$$0$1 = require('pacote');
 
 var npmInjection$1 = {};
 
@@ -63,12 +62,12 @@ function createNonStandardTTYServer() {
               conn.removeListener('data', awaitCapture);
               conn.push(lineBuff.slice(eolIndex + 1));
               const {
-                ipc_version: remote_ipc_version,
                 capabilities: {
+                  colorLevel: ipcColorLevel,
                   input: hasInput,
-                  output: hasOutput,
-                  colorLevel: ipcColorLevel
-                }
+                  output: hasOutput
+                },
+                ipc_version: remote_ipc_version
               } = JSON.parse(lineBuff.slice(0, eolIndex).toString('utf-8'));
               lineBuff = null;
               captured = true;
@@ -313,7 +312,6 @@ function issueRuleValueDoesNotDefer(issueRule) {
 
 /**
  * Handles booleans for backwards compatibility
-
  */
 function uxForDefinedNonDeferValue(issueRuleValue) {
   if (typeof issueRuleValue === 'boolean') {
@@ -402,51 +400,69 @@ var _ttyServer = ttyServer$1;
 var _chalkMarkdown = sdk.chalkMarkdown;
 var _issueRules = issueRules;
 var _misc = sdk.misc;
-var _objects = sdk.objects;
+var _objects = vendor.objects;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
-const LOOP_SENTINEL = 1_000_000;
 const POTENTIALLY_BUG_ERROR_SNIPPET = 'this is potentially a bug with socket-npm caused by changes to the npm cli';
 const distPath$1 = __dirname;
 const rootPath$1 = _nodePath$1.resolve(distPath$1, '..');
-const translations = require(_nodePath$1.join(rootPath$1, 'translations.json'));
-const npmEntrypoint = (0, _nodeFs$1.realpathSync)(`${process.argv[1]}`);
+const npmEntrypoint = (0, _nodeFs$1.realpathSync)(process.argv[1]);
 const npmRootPath = (0, _pathResolve.findRoot)(_nodePath$1.dirname(npmEntrypoint));
-const abortController = new AbortController();
-const {
-  signal: abortSignal
-} = abortController;
+function tryRequire(...ids) {
+  for (const data of ids) {
+    let id;
+    let transformer;
+    if (Array.isArray(data)) {
+      id = data[0];
+      transformer = data[1];
+    } else {
+      id = data;
+      transformer = mod => mod;
+    }
+    try {
+      // Check that the transformed value isn't `undefined` because older
+      // versions of packages like 'proc-log' may not export a `log` method.
+      const exported = transformer(require(id));
+      if (exported !== undefined) {
+        return exported;
+      }
+    } catch {}
+  }
+  return undefined;
+}
 if (npmRootPath === undefined) {
   console.error(`Unable to find npm cli install directory, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
   console.error(`Searched parent directories of ${npmEntrypoint}`);
   process.exit(127);
 }
+const LOOP_SENTINEL = 1_000_000;
+const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const npmNmPath = _nodePath$1.join(npmRootPath, 'node_modules');
 const arboristClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/arborist/index.js');
+const arboristDepValidPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/dep-valid.js');
 const arboristEdgeClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/edge.js');
 const arboristNodeClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/node.js');
 const arboristOverrideSetClassPatch = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/override-set.js');
-let npmlog;
-try {
-  npmlog = require(_nodePath$1.join(npmNmPath, 'proc-log/lib/index.js')).log;
-} catch {}
-if (npmlog === undefined) {
-  try {
-    npmlog = require(_nodePath$1.join(npmNmPath, 'npmlog/lib/log.js'));
-  } catch {}
-}
-if (npmlog === undefined) {
+const log = tryRequire([_nodePath$1.join(npmNmPath, 'proc-log/lib/index.js'),
+// The proc-log DefinitelyTyped definition is incorrect. The type definition
+// is really that of its export log.
+mod => mod.log], _nodePath$1.join(npmNmPath, 'npmlog/lib/log.js'));
+if (log === undefined) {
   console.error(`Unable to integrate with npm cli logging infrastructure, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
   process.exit(127);
 }
-let tarball;
-try {
-  tarball = require(_nodePath$1.join(npmNmPath, 'pacote')).tarball;
-} catch {
-  tarball = require$$0$1.tarball;
-}
+const pacote = tryRequire(_nodePath$1.join(npmNmPath, 'pacote'), 'pacote');
+const {
+  tarball
+} = pacote;
+const translations = require(_nodePath$1.join(rootPath$1, 'translations.json'));
+const abortController = new AbortController();
+const {
+  signal: abortSignal
+} = abortController;
 const Arborist = require(arboristClassPath);
+const depValid = require(arboristDepValidPath);
 const Edge = require(arboristEdgeClassPath);
 const Node = require(arboristNodeClassPath);
 const OverrideSet = require(arboristOverrideSetClassPatch);
@@ -456,7 +472,7 @@ const formatter = new _chalkMarkdown.ChalkOrMarkdown(false);
 const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
 const ttyServer = (0, _ttyServer.createTTYServer)(_chalk.default.level, (0, _isInteractive.default)({
   stream: process.stdin
-}), npmlog);
+}), log);
 let _uxLookup;
 async function uxLookup(settings) {
   while (_uxLookup === undefined) {
@@ -502,6 +518,12 @@ async function* batchScan(pkgIds) {
     yield JSON.parse(line);
   }
 }
+
+// Patch adding doOverrideSetsConflict is based on
+// https://github.com/npm/cli/pull/7025.
+function doOverrideSetsConflict(first, second) {
+  return findSpecificOverrideSet(first, second) === undefined;
+}
 function findSocketYmlSync() {
   let prevDir = null;
   let dir = process.cwd();
@@ -545,7 +567,7 @@ function findSpecificOverrideSet(first, second) {
     }
     overrideSet = overrideSet.parent;
   }
-  console.error('Conflicting override sets');
+  log.silly('Conflicting override sets', first, second);
   return undefined;
 }
 function maybeReadfileSync(filepath) {
@@ -747,11 +769,13 @@ class SafeEdge extends Edge {
   #safeError;
   #safeExplanation;
   #safeFrom;
+  #safeName;
   #safeTo;
   constructor(options) {
     const {
       accept,
-      from
+      from,
+      name
     } = options;
     // Defer to supper to validate options and assign non-private values.
     super(options);
@@ -761,43 +785,51 @@ class SafeEdge extends Edge {
     this.#safeError = null;
     this.#safeExplanation = null;
     this.#safeFrom = from;
+    this.#safeName = name;
     this.#safeTo = null;
     this.reload(true);
   }
-
-  // Return the edge data, and an explanation of how that edge came to be here.
-  // @ts-ignore: Edge#explain is defined with an unused `seen = []` param.
-  explain() {
-    if (!this.#safeExplanation) {
-      const explanation = {
-        type: this.type,
-        name: this.name,
-        spec: this.spec,
-        bundled: false,
-        overridden: false,
-        error: undefined,
-        from: undefined,
-        rawSpec: undefined
-      };
-      if (this.rawSpec !== this.spec) {
-        explanation.rawSpec = this.rawSpec;
-        explanation.overridden = true;
-      }
-      if (this.bundled) {
-        explanation.bundled = this.bundled;
-      }
-      if (this.error) {
-        explanation.error = this.error;
+  get accept() {
+    return this.#safeAccept;
+  }
+  get bundled() {
+    return !!this.#safeFrom?.package?.bundleDependencies?.includes(this.name);
+  }
+  get error() {
+    if (!this.#safeError) {
+      if (!this.#safeTo) {
+        if (this.optional) {
+          this.#safeError = null;
+        } else {
+          this.#safeError = 'MISSING';
+        }
+      } else if (this.peer && this.#safeFrom === this.#safeTo.parent && !this.#safeFrom?.isTop) {
+        this.#safeError = 'PEER LOCAL';
+      } else if (!this.satisfiedBy(this.#safeTo)) {
+        this.#safeError = 'INVALID';
       }
-      if (this.#safeFrom) {
-        explanation.from = this.#safeFrom.explain();
+      // Patch adding "else if" condition is based on
+      // https://github.com/npm/cli/pull/7025.
+      else if (this.overrides && this.#safeTo.edgesOut.size && doOverrideSetsConflict(this.overrides, this.#safeTo.overrides)) {
+        // Any inconsistency between the edge's override set and the target's
+        // override set is potentially problematic. But we only say the edge is
+        // in error if the override sets are plainly conflicting. Note that if
+        // the target doesn't have any dependencies of their own, then this
+        // inconsistency is irrelevant.
+        this.#safeError = 'INVALID';
+      } else {
+        this.#safeError = 'OK';
       }
-      this.#safeExplanation = explanation;
     }
-    return this.#safeExplanation;
+    if (this.#safeError === 'OK') {
+      return null;
+    }
+    return this.#safeError;
   }
-  get bundled() {
-    return !!this.#safeFrom?.package?.bundleDependencies?.includes(this.name);
+
+  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
+  get from() {
+    return this.#safeFrom;
   }
 
   // @ts-ignore: Incorrectly typed as a property instead of an accessor.
@@ -835,39 +867,55 @@ class SafeEdge extends Edge {
     }
     return this.rawSpec;
   }
-  get accept() {
-    return this.#safeAccept;
+
+  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
+  get to() {
+    return this.#safeTo;
   }
-  get error() {
-    if (!this.#safeError) {
-      if (!this.#safeTo) {
-        if (this.optional) {
-          this.#safeError = null;
-        } else {
-          this.#safeError = 'MISSING';
-        }
-      } else if (this.peer && this.#safeFrom === this.#safeTo.parent && !this.#safeFrom?.isTop) {
-        this.#safeError = 'PEER LOCAL';
-      } else if (!this.satisfiedBy(this.#safeTo)) {
-        this.#safeError = 'INVALID';
+  detach() {
+    this.#safeExplanation = null;
+    // Patch replacing
+    // if (this.#safeTo) {
+    //   this.#safeTo.edgesIn.delete(this)
+    // }
+    // is based on https://github.com/npm/cli/pull/7025.
+    this.#safeTo?.deleteEdgeIn(this);
+    this.#safeFrom?.edgesOut.delete(this.name);
+    this.#safeTo = null;
+    this.#safeError = 'DETACHED';
+    this.#safeFrom = null;
+  }
+
+  // Return the edge data, and an explanation of how that edge came to be here.
+  // @ts-ignore: Edge#explain is defined with an unused `seen = []` param.
+  explain() {
+    if (!this.#safeExplanation) {
+      const explanation = {
+        type: this.type,
+        name: this.name,
+        spec: this.spec,
+        bundled: false,
+        overridden: false,
+        error: undefined,
+        from: undefined,
+        rawSpec: undefined
+      };
+      if (this.rawSpec !== this.spec) {
+        explanation.rawSpec = this.rawSpec;
+        explanation.overridden = true;
       }
-      // Patch adding "else if" condition is based on
-      // https://github.com/npm/cli/pull/7025.
-      else if (this.overrides && this.#safeTo.edgesOut.size && !findSpecificOverrideSet(this.overrides, this.#safeTo.overrides)) {
-        // Any inconsistency between the edge's override set and the target's
-        // override set is potentially problematic. But we only say the edge is
-        // in error if the override sets are plainly conflicting. Note that if
-        // the target doesn't have any dependencies of their own, then this
-        // inconsistency is irrelevant.
-        this.#safeError = 'INVALID';
-      } else {
-        this.#safeError = 'OK';
+      if (this.bundled) {
+        explanation.bundled = this.bundled;
       }
+      if (this.error) {
+        explanation.error = this.error;
+      }
+      if (this.#safeFrom) {
+        explanation.from = this.#safeFrom.explain();
+      }
+      this.#safeExplanation = explanation;
     }
-    if (this.#safeError === 'OK') {
-      return null;
-    }
-    return this.#safeError;
+    return this.#safeExplanation;
   }
   reload(hard = false) {
     this.#safeExplanation = null;
@@ -916,36 +964,100 @@ class SafeEdge extends Edge {
       this.#safeTo.updateOverridesEdgeInAdded(newOverrideSet);
     }
   }
-  detach() {
-    this.#safeExplanation = null;
-    if (this.#safeTo) {
-      // Patch replacing
-      // this.#safeTo.edgesIn.delete(this)
-      // is based on https://github.com/npm/cli/pull/7025.
-      this.#safeTo.deleteEdgeIn(this);
+  satisfiedBy(node) {
+    // Patch replacing
+    // if (node.name !== this.#name) {
+    //   return false
+    // }
+    // is based on https://github.com/npm/cli/pull/7025.
+    if (node.name !== this.#safeName || !this.#safeFrom) {
+      return false;
     }
-    if (this.#safeFrom) {
-      this.#safeFrom.edgesOut.delete(this.name);
+    // NOTE: this condition means we explicitly do not support overriding
+    // bundled or shrinkwrapped dependencies
+    if (node.hasShrinkwrap || node.inShrinkwrap || node.inBundle) {
+      return depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom);
     }
-    this.#safeTo = null;
-    this.#safeError = 'DETACHED';
-    this.#safeFrom = null;
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get from() {
-    return this.#safeFrom;
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get to() {
-    return this.#safeTo;
+    // Patch replacing
+    // return depValid(node, this.spec, this.#accept, this.#from)
+    // is based on https://github.com/npm/cli/pull/7025.
+    //
+    // If there's no override we just use the spec.
+    if (!this.overrides?.keySpec) {
+      return depValid(node, this.spec, this.#safeAccept, this.#safeFrom);
+    }
+    // There's some override. If the target node satisfies the overriding spec
+    // then it's okay.
+    if (depValid(node, this.spec, this.#safeAccept, this.#safeFrom)) {
+      return true;
+    }
+    // If it doesn't, then it should at least satisfy the original spec.
+    if (!depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom)) {
+      return false;
+    }
+    // It satisfies the original spec, not the overriding spec. We need to make
+    // sure it doesn't use the overridden spec.
+    // For example, we might have an ^8.0.0 rawSpec, and an override that makes
+    // keySpec=8.23.0 and the override value spec=9.0.0.
+    // If the node is 9.0.0, then it's okay because it's consistent with spec.
+    // If the node is 8.24.0, then it's okay because it's consistent with the rawSpec.
+    // If the node is 8.23.0, then it's not okay because even though it's consistent
+    // with the rawSpec, it's also consistent with the keySpec.
+    // So we're looking for ^8.0.0 or 9.0.0 and not 8.23.0.
+    return !depValid(node, this.overrides.keySpec, this.#safeAccept, this.#safeFrom);
   }
 }
 
 // Implementation code not related to patch https://github.com/npm/cli/pull/7025
 // is based on https://github.com/npm/cli/blob/v10.9.0/workspaces/arborist/lib/node.js:
 class SafeNode extends Node {
+  // Return true if it's safe to remove this node, because anything that is
+  // depending on it would be fine with the thing that they would resolve to if
+  // it was removed, or nothing is depending on it in the first place.
+  canDedupe(preferDedupe = false) {
+    // Not allowed to mess with shrinkwraps or bundles.
+    if (this.inDepBundle || this.inShrinkwrap) {
+      return false;
+    }
+    // It's a top level pkg, or a dep of one.
+    if (!this.resolveParent?.resolveParent) {
+      return false;
+    }
+    // No one wants it, remove it.
+    if (this.edgesIn.size === 0) {
+      return true;
+    }
+    const other = this.resolveParent.resolveParent.resolve(this.name);
+    // Nothing else, need this one.
+    if (!other) {
+      return false;
+    }
+    // If it's the same thing, then always fine to remove.
+    if (other.matches(this)) {
+      return true;
+    }
+    // If the other thing can't replace this, then skip it.
+    if (!other.canReplace(this)) {
+      return false;
+    }
+    // Patch replacing
+    // if (preferDedupe || semver.gte(other.version, this.version)) {
+    //   return true
+    // }
+    // is based on https://github.com/npm/cli/pull/7025.
+    //
+    // If we prefer dedupe, or if the version is equal, take the other.
+    if (preferDedupe || _semver.eq(other.version, this.version)) {
+      return true;
+    }
+    // If our current version isn't the result of an override, then prefer to
+    // take the greater version.
+    if (!this.overridden && _semver.gt(other.version, this.version)) {
+      return true;
+    }
+    return false;
+  }
+
   // Is it safe to replace one node with another?  check the edges to
   // make sure no one will get upset.  Note that the node might end up
   // having its own unmet dependencies, if the new node has new deps.
@@ -1036,7 +1148,7 @@ class SafeNode extends Node {
     // overridden, we check whether any edge going in had the rule applied to it,
     // in which case its overrides set is different than its source node.
     for (const edge of this.edgesIn) {
-      if (this.overrides.isEqual(edge.overrides)) {
+      if (edge.overrides && edge.overrides.name === this.name && edge.overrides.value === this.version) {
         if (!edge.overrides?.isEqual(edge.from?.overrides)) {
           return true;
         }
@@ -1123,9 +1235,9 @@ class SafeNode extends Node {
       this.recalculateOutEdgesOverrides();
       return true;
     }
-    // This is an error condition. We can only get here if the new override set is
-    // in conflict with the existing.
-    console.error('Conflicting override sets');
+    // This is an error condition. We can only get here if the new override set
+    // is in conflict with the existing.
+    log.silly('Conflicting override sets', this.name);
     return false;
   }
 
@@ -1318,7 +1430,7 @@ class SafeArborist extends Arborist {
     options['save'] = old.save;
     options['saveBundle'] = old.saveBundle;
     // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.newPackage.repository_url === 'https://registry.npmjs.org') === -1) {
+    if (diff.findIndex(c => c.newPackage.repository_url === NPM_REGISTRY_URL) === -1) {
       return await this[kRiskyReify](...args);
     }
     let proceed = _constants.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
@@ -1381,7 +1493,7 @@ void (async () => {
       const socketSdk = await (0, _sdk.setupSdk)(pubToken);
       const orgResult = await socketSdk.getOrganizations();
       if (!orgResult.success) {
-        throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message);
+        throw new Error(`Failed to fetch Socket organization info: ${orgResult.error.message}`);
       }
       const orgs = [];
       for (const org of Object.values(orgResult.data.organizations)) {
@@ -1393,7 +1505,7 @@ void (async () => {
         organization: org.id
       })));
       if (!result.success) {
-        throw new Error('Failed to fetch API key settings: ' + result.error.message);
+        throw new Error(`Failed to fetch API key settings: ${result.error.message}`);
       }
       return {
         orgs,
@@ -1434,10 +1546,14 @@ void (async () => {
   if (socketYml) {
     settings.entries.push({
       start: socketYml.path,
-      // @ts-ignore
       settings: {
         [socketYml.path]: {
           deferTo: null,
+          // TODO: TypeScript complains about the type not matching. We should
+          // figure out why are providing
+          // issueRules: { [issueName: string]: boolean }
+          // but expecting
+          // issueRules: { [issueName: string]: { action: 'defer' | 'error' | 'ignore' | 'monitor' | 'warn' } }
           issueRules: socketYml.parsed.issueRules
         }
       }

package/dist/path-resolve.js

@@ -4,7 +4,7 @@ var require$$1$1 = require('node:fs/promises');
 var require$$1 = require('node:path');
 var require$$2 = require('ignore');
 var require$$3 = require('micromatch');
-var require$$11 = require('tinyglobby');
+var require$$10 = require('tinyglobby');
 
 var pathResolve = {};
 
@@ -51,7 +51,7 @@ var _promises = require$$1$1;
 var _nodePath = require$$1;
 var _ignore = require$$2;
 var _micromatch = require$$3;
-var _tinyglobby = require$$11;
+var _tinyglobby = require$$10;
 var _ignoreByDefault = ignoreByDefault;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
   const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {
@@ -63,8 +63,8 @@ async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
 }
 async function globWithGitIgnore(patterns, options) {
   const {
-    socketConfig,
     cwd = process.cwd(),
+    socketConfig,
     ...additionalOptions
   } = {
     __proto__: null,

package/dist/sdk.d.ts

@@ -1,12 +1,5 @@
 /// <reference types="node" />
 import { SocketSdk } from '@socketsecurity/sdk';
-declare function hasOwn(obj: any, propKey: PropertyKey): boolean;
-declare function isObject(value: any): value is object;
-declare function isObjectObject(value: any): value is {
-    [key: string]: any;
-};
-declare function objectSome(obj: Record<string, any>): boolean;
-declare function pick<T extends Record<string, any>, K extends keyof T>(input: T, keys: K[] | ReadonlyArray<K>): Pick<T, K>;
 declare function createDebugLogger(printDebugLogs?: boolean): typeof console.error;
 declare function isErrnoException(value: unknown): value is NodeJS.ErrnoException;
 declare function stringJoinWithSeparateFinalSeparator(list: (string | undefined)[], separator?: string): string;
@@ -14,9 +7,7 @@ declare const API_V0_URL = "https://api.socket.dev/v0";
 declare const ENV: Readonly<{
     UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
 }>;
-declare const packumentCache: Map<any, any>;
-declare const pacoteCachePath: any;
 declare const FREE_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
 declare function getDefaultKey(): string | undefined;
 declare function setupSdk(apiKey?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
-export { hasOwn, isObject, isObjectObject, objectSome, pick, createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, packumentCache, pacoteCachePath, FREE_API_KEY, getDefaultKey, setupSdk };
+export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, FREE_API_KEY, getDefaultKey, setupSdk };