@socketsecurity/cli 0.14.25 → 0.14.27

package/dist/{chalk-markdown.d.ts → color-or-markdown.d.ts}

@@ -5,7 +5,7 @@ declare const logSymbols: {
     warning: string;
     error: string;
 };
-declare class ChalkOrMarkdown {
+declare class ColorOrMarkdown {
     useMarkdown: boolean;
     constructor(useMarkdown: boolean);
     header(text: string, level?: number): string;
@@ -20,4 +20,4 @@ declare class ChalkOrMarkdown {
     indent(text: string, level?: number): string;
     json(value: unknown): string;
 }
-export { logSymbols, ChalkOrMarkdown };
+export { logSymbols, ColorOrMarkdown };

package/dist/npm-injection.js

@@ -3,12 +3,13 @@
 var vendor = require('./vendor.js');
 var require$$0 = require('node:fs');
 var require$$1$1 = require('node:path');
-var require$$2 = require('node:events');
-var require$$4 = require('node:https');
+var require$$1$3 = require('node:events');
+var require$$3$3 = require('node:https');
 var require$$3 = require('node:readline');
 var require$$5 = require('node:stream');
-var require$$8 = require('node:timers/promises');
+var require$$7$1 = require('node:timers/promises');
 var require$$5$1 = require('npm-package-arg');
+var require$$3$2 = require('@socketregistry/yocto-spinner');
 var require$$3$1 = require('semver');
 var require$$6$1 = require('@socketsecurity/config');
 var require$$7 = require('@socketsecurity/registry/lib/objects');
@@ -64,12 +65,11 @@ function createNonStandardTTYServer() {
               conn.push(lineBuff.slice(eolIndex + 1));
               const {
                 capabilities: {
-                  colorLevel: ipcColorLevel,
                   input: hasInput,
                   output: hasOutput
                 },
                 ipc_version: remote_ipc_version
-              } = JSON.parse(lineBuff.slice(0, eolIndex).toString('utf-8'));
+              } = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf-8'));
               lineBuff = null;
               captured = true;
               if (remote_ipc_version !== _package.version) {
@@ -91,7 +91,7 @@ function createNonStandardTTYServer() {
                   _nodeReadline$1.clearLine(this, dir, callback);
                 };
               }
-              mutexFn(ipcColorLevel, hasInput ? input : undefined, hasOutput ? output : undefined).then(resolve, reject).finally(() => {
+              mutexFn(hasInput ? input : undefined, hasOutput ? output : undefined).then(resolve, reject).finally(() => {
                 conn.unref();
                 conn.end();
                 input?.end();
@@ -107,7 +107,7 @@ function createNonStandardTTYServer() {
     }
   };
 }
-function createIPCServer(colorLevel, captureState, npmlog) {
+function createIPCServer(captureState, npmlog) {
   const input = process.stdin;
   const output = process.stderr;
   return new Promise((resolve, reject) => {
@@ -134,8 +134,7 @@ function createIPCServer(colorLevel, captureState, npmlog) {
         ipc_version: _package.version,
         capabilities: {
           input: Boolean(input),
-          output: true,
-          colorLevel
+          output: true
         }
       })}\n`);
       conn.on('data', data => {
@@ -163,7 +162,7 @@ function createIPCServer(colorLevel, captureState, npmlog) {
     resolve(server);
   });
 }
-function createStandardTTYServer(colorLevel, isInteractive, npmlog) {
+function createStandardTTYServer(isInteractive, npmlog) {
   const captureState = {
     captured: false,
     nextCapture: () => {
@@ -181,7 +180,7 @@ function createStandardTTYServer(colorLevel, isInteractive, npmlog) {
   const output = process.stderr;
   let ipcServerPromise;
   if (input) {
-    ipcServerPromise = createIPCServer(colorLevel, captureState, npmlog);
+    ipcServerPromise = createIPCServer(captureState, npmlog);
   }
   return {
     async captureTTY(mutexFn) {
@@ -204,7 +203,7 @@ function createStandardTTYServer(colorLevel, isInteractive, npmlog) {
         if (wasProgressEnabled) {
           npmlog.disableProgress();
         }
-        return await mutexFn(colorLevel, input, output);
+        return await mutexFn(input, output);
       } finally {
         if (wasProgressEnabled) {
           npmlog.enableProgress();
@@ -224,8 +223,8 @@ function tryUnlinkSync(filepath) {
     }
   }
 }
-function createTTYServer(colorLevel, isInteractive, npmlog) {
-  return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(colorLevel, isInteractive, npmlog);
+function createTTYServer(isInteractive, npmlog) {
+  return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(isInteractive, npmlog);
 }
 
 var issueRules = {};
@@ -376,30 +375,28 @@ function createIssueUXLookup(settings) {
   };
 }
 
-var _interopRequireWildcard = vendor.interopRequireWildcard.default;
 var _interopRequireDefault = vendor.interopRequireDefault.default;
 Object.defineProperty(arborist, "__esModule", {
   value: true
 });
 arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
-var _nodeEvents = require$$2;
+var _nodeEvents = require$$1$3;
 var _nodeFs$1 = require$$0;
-var _nodeHttps = require$$4;
+var _nodeHttps = require$$3$3;
 var _nodePath$1 = require$$1$1;
 var _nodeReadline = require$$3;
 var _nodeStream = require$$5;
-var _promises = require$$8;
-var _chalk = _interopRequireDefault(vendor.source);
+var _promises = require$$7$1;
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _npmPackageArg = require$$5$1;
-var _ora = _interopRequireWildcard(vendor.ora);
+var _yoctoSpinner = require$$3$2;
 var _semver = require$$3$1;
 var _config = require$$6$1;
 var _objects = require$$7;
 var _ttyServer = ttyServer$1;
 var _constants = sdk.constants;
-var _chalkMarkdown = sdk.chalkMarkdown;
+var _colorOrMarkdown = sdk.colorOrMarkdown;
 var _issueRules = issueRules;
 var _misc = sdk.misc;
 var _pathResolve = pathResolve.pathResolve;
@@ -440,11 +437,12 @@ if (npmRootPath === undefined) {
 const LOOP_SENTINEL = 1_000_000;
 const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const npmNmPath = _nodePath$1.join(npmRootPath, 'node_modules');
-const arboristClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/arborist/index.js');
-const arboristDepValidPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/dep-valid.js');
-const arboristEdgeClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/edge.js');
-const arboristNodeClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/node.js');
-const arboristOverrideSetClassPatch = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/override-set.js');
+const arboristPkgPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist');
+const arboristClassPath = _nodePath$1.join(arboristPkgPath, 'lib/arborist/index.js');
+const arboristDepValidPath = _nodePath$1.join(arboristPkgPath, 'lib/dep-valid.js');
+const arboristEdgeClassPath = _nodePath$1.join(arboristPkgPath, 'lib/edge.js');
+const arboristNodeClassPath = _nodePath$1.join(arboristPkgPath, 'lib/node.js');
+const arboristOverrideSetClassPatch = _nodePath$1.join(arboristPkgPath, 'lib/override-set.js');
 const log = tryRequire([_nodePath$1.join(npmNmPath, 'proc-log/lib/index.js'),
 // The proc-log DefinitelyTyped definition is incorrect. The type definition
 // is really that of its export log.
@@ -469,9 +467,9 @@ const Node = require(arboristNodeClassPath);
 const OverrideSet = require(arboristOverrideSetClassPatch);
 const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
-const formatter = new _chalkMarkdown.ChalkOrMarkdown(false);
+const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
 const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
-const ttyServer = (0, _ttyServer.createTTYServer)(_chalk.default.level, (0, _isInteractive.default)({
+const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
   stream: process.stdin
 }), log);
 let _uxLookup;
@@ -523,6 +521,9 @@ async function* batchScan(pkgIds) {
 // Patch adding doOverrideSetsConflict is based on
 // https://github.com/npm/cli/pull/7025.
 function doOverrideSetsConflict(first, second) {
+  // If override sets contain one another then we can try to use the more specific
+  // one. However, if neither one is more specific, then we consider them to be
+  // in conflict.
   return findSpecificOverrideSet(first, second) === undefined;
 }
 function findSocketYmlSync() {
@@ -568,6 +569,7 @@ function findSpecificOverrideSet(first, second) {
     }
     overrideSet = overrideSet.parent;
   }
+  // The override sets are incomparable. Neither one contains the other.
   log.silly('Conflicting override sets', first, second);
   return undefined;
 }
@@ -581,18 +583,12 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
   let result = false;
   let remaining = pkgs.length;
   if (!remaining) {
-    (0, _ora.default)('').succeed('No changes detected');
+    _yoctoSpinner().success('No changes detected');
     return result;
   }
   const getText = () => `Looking up data for ${remaining} packages`;
-  const spinner = (0, _ora.default)({
-    color: 'cyan',
-    stream: output,
-    isEnabled: true,
-    isSilent: false,
-    hideCursor: true,
-    discardStdin: true,
-    spinner: _ora.spinners.dots
+  const spinner = _yoctoSpinner({
+    stream: output
   }).start(getText());
   try {
     for await (const pkgData of batchScan(pkgs.map(pkg => pkg.pkgid))) {
@@ -1436,8 +1432,7 @@ class SafeArborist extends Arborist {
     }
     let proceed = _constants.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
     if (!proceed) {
-      proceed = await ttyServer.captureTTY(async (colorLevel, input, output) => {
-        _chalk.default.level = colorLevel;
+      proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {
           const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
           if (!risky) {
@@ -1483,10 +1478,19 @@ class SafeArborist extends Arborist {
 }
 arborist.SafeArborist = SafeArborist;
 function installSafeArborist() {
-  require.cache[arboristClassPath].exports = SafeArborist;
-  require.cache[arboristEdgeClassPath].exports = SafeEdge;
-  require.cache[arboristNodeClassPath].exports = SafeNode;
-  require.cache[arboristOverrideSetClassPatch].exports = SafeOverrideSet;
+  const cache = require.cache;
+  cache[arboristClassPath] = {
+    exports: SafeArborist
+  };
+  cache[arboristEdgeClassPath] = {
+    exports: SafeEdge
+  };
+  cache[arboristNodeClassPath] = {
+    exports: SafeNode
+  };
+  cache[arboristOverrideSetClassPatch] = {
+    exports: SafeOverrideSet
+  };
 }
 void (async () => {
   const remoteSettings = await (async () => {

package/dist/sdk.js

@@ -2,13 +2,15 @@
 
 var require$$0 = require('@socketsecurity/registry/lib/env');
 var vendor = require('./vendor.js');
-var require$$1$2 = require('node:fs/promises');
-var require$$1$1 = require('node:path');
-var require$$1$3 = require('@inquirer/prompts');
+var require$$1 = require('yoctocolors-cjs');
+var require$$1$3 = require('node:fs/promises');
+var require$$1$2 = require('node:path');
+var require$$1$4 = require('@inquirer/prompts');
 var require$$4 = require('hpagent');
 var require$$6 = require('@socketsecurity/sdk');
 var require$$0$1 = require('node:fs');
-var require$$1 = require('node:os');
+var require$$1$1 = require('node:os');
+var require$$3 = require('@socketregistry/yocto-spinner');
 
 var errors = {};
 
@@ -39,36 +41,36 @@ constants.ENV = Object.freeze({
   UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: (0, _env.envAsBoolean)(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
 });
 
-var chalkMarkdown = {};
+var colorOrMarkdown = {};
 
-var _interopRequireDefault$2 = vendor.interopRequireDefault.default;
-Object.defineProperty(chalkMarkdown, "__esModule", {
+var _interopRequireDefault$1 = vendor.interopRequireDefault.default;
+Object.defineProperty(colorOrMarkdown, "__esModule", {
   value: true
 });
-chalkMarkdown.logSymbols = chalkMarkdown.ChalkOrMarkdown = void 0;
-var _chalk = _interopRequireDefault$2(vendor.source);
-var _isUnicodeSupported = _interopRequireDefault$2(vendor.isUnicodeSupported);
-var _terminalLink = _interopRequireDefault$2(vendor.terminalLink);
+colorOrMarkdown.logSymbols = colorOrMarkdown.ColorOrMarkdown = void 0;
+var _yoctocolorsCjs = require$$1;
+var _isUnicodeSupported = _interopRequireDefault$1(vendor.isUnicodeSupported);
+var _terminalLink = _interopRequireDefault$1(vendor.terminalLink);
 // From the 'log-symbols' module
 const unicodeLogSymbols = {
   __proto__: null,
-  info: _chalk.default.blue('ℹ'),
-  success: _chalk.default.green('✔'),
-  warning: _chalk.default.yellow('⚠'),
-  error: _chalk.default.red('✖')
+  info: _yoctocolorsCjs.blue('ℹ'),
+  success: _yoctocolorsCjs.green('✔'),
+  warning: _yoctocolorsCjs.yellow('⚠'),
+  error: _yoctocolorsCjs.red('✖')
 };
 
 // From the 'log-symbols' module
 const fallbackLogSymbols = {
   __proto__: null,
-  info: _chalk.default.blue('i'),
-  success: _chalk.default.green('√'),
-  warning: _chalk.default.yellow('‼'),
-  error: _chalk.default.red('×')
+  info: _yoctocolorsCjs.blue('i'),
+  success: _yoctocolorsCjs.green('√'),
+  warning: _yoctocolorsCjs.yellow('‼'),
+  error: _yoctocolorsCjs.red('×')
 };
 
 // From the 'log-symbols' module
-const logSymbols = chalkMarkdown.logSymbols = (0, _isUnicodeSupported.default)() ? unicodeLogSymbols : fallbackLogSymbols;
+const logSymbols = colorOrMarkdown.logSymbols = (0, _isUnicodeSupported.default)() ? unicodeLogSymbols : fallbackLogSymbols;
 const markdownLogSymbols = {
   __proto__: null,
   info: ':information_source:',
@@ -76,18 +78,18 @@ const markdownLogSymbols = {
   success: ':white_check_mark:',
   warning: ':warning:'
 };
-class ChalkOrMarkdown {
+class ColorOrMarkdown {
   constructor(useMarkdown) {
     this.useMarkdown = !!useMarkdown;
   }
   header(text, level = 1) {
-    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : _chalk.default.underline(`\n${level === 1 ? _chalk.default.bold(text) : text}\n`);
+    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : _yoctocolorsCjs.underline(`\n${level === 1 ? _yoctocolorsCjs.bold(text) : text}\n`);
   }
   bold(text) {
-    return this.useMarkdown ? `**${text}**` : _chalk.default.bold(`${text}`);
+    return this.useMarkdown ? `**${text}**` : _yoctocolorsCjs.bold(`${text}`);
   }
   italic(text) {
-    return this.useMarkdown ? `_${text}_` : _chalk.default.italic(`${text}`);
+    return this.useMarkdown ? `_${text}_` : _yoctocolorsCjs.italic(`${text}`);
   }
   hyperlink(text, url, {
     fallback = true,
@@ -113,7 +115,7 @@ class ChalkOrMarkdown {
     return this.useMarkdown ? '```json\n' + JSON.stringify(value) + '\n```' : JSON.stringify(value);
   }
 }
-chalkMarkdown.ChalkOrMarkdown = ChalkOrMarkdown;
+colorOrMarkdown.ColorOrMarkdown = ColorOrMarkdown;
 
 var misc = {};
 
@@ -123,9 +125,9 @@ Object.defineProperty(misc, "__esModule", {
 misc.createDebugLogger = createDebugLogger;
 misc.isErrnoException = isErrnoException;
 misc.stringJoinWithSeparateFinalSeparator = stringJoinWithSeparateFinalSeparator;
-var _chalkMarkdown = chalkMarkdown;
+var _colorOrMarkdown = colorOrMarkdown;
 function createDebugLogger(printDebugLogs) {
-  return printDebugLogs ? (...params) => console.error(_chalkMarkdown.logSymbols.info, ...params) : () => {};
+  return printDebugLogs ? (...params) => console.error(_colorOrMarkdown.logSymbols.info, ...params) : () => {};
 }
 function isErrnoException(value) {
   if (!(value instanceof Error)) {
@@ -146,16 +148,15 @@ var sdk = {};
 
 var settings$1 = {};
 
-var _interopRequireDefault$1 = vendor.interopRequireDefault.default;
 Object.defineProperty(settings$1, "__esModule", {
   value: true
 });
 settings$1.getSetting = getSetting;
 settings$1.updateSetting = updateSetting;
 var _nodeFs = require$$0$1;
-var _nodeOs = require$$1;
-var _nodePath$1 = require$$1$1;
-var _ora = _interopRequireDefault$1(vendor.ora);
+var _nodeOs = require$$1$1;
+var _nodePath$1 = require$$1$2;
+var _yoctoSpinner = require$$3;
 let dataHome = process.platform === 'win32' ? process.env['LOCALAPPDATA'] : process.env['XDG_DATA_HOME'];
 if (!dataHome) {
   if (process.platform === 'win32') throw new Error('missing %LOCALAPPDATA%');
@@ -169,7 +170,7 @@ if ((0, _nodeFs.existsSync)(settingsPath)) {
   try {
     settings = JSON.parse(Buffer.from(raw, 'base64').toString());
   } catch {
-    (0, _ora.default)(`Failed to parse settings at ${settingsPath}`).warn();
+    _yoctoSpinner().warning(`Failed to parse settings at ${settingsPath}`);
   }
 } else {
   (0, _nodeFs.mkdirSync)(_nodePath$1.dirname(settingsPath), {
@@ -198,9 +199,9 @@ Object.defineProperty(sdk, "__esModule", {
 sdk.FREE_API_KEY = void 0;
 sdk.getDefaultKey = getDefaultKey;
 sdk.setupSdk = setupSdk;
-var _promises = require$$1$2;
-var _nodePath = require$$1$1;
-var _prompts = require$$1$3;
+var _promises = require$$1$3;
+var _nodePath = require$$1$2;
+var _prompts = require$$1$4;
 var _hpagent = require$$4;
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _sdk = require$$6;
@@ -261,7 +262,7 @@ async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBase
   return new _sdk.SocketSdk(apiKey || '', sdkOptions);
 }
 
-exports.chalkMarkdown = chalkMarkdown;
+exports.colorOrMarkdown = colorOrMarkdown;
 exports.constants = constants;
 exports.errors = errors;
 exports.misc = misc;