@socketsecurity/cli 0.14.28 → 0.14.30

package/dist/module-sync/constants.d.ts

@@ -0,0 +1,20 @@
+declare const SUPPORTS_SYNC_ESM: boolean;
+declare const API_V0_URL = "https://api.socket.dev/v0";
+declare const DIST_TYPE: string;
+declare const LOOP_SENTINEL = 1000000;
+declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
+declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";
+declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";
+declare const ENV: Readonly<{
+    UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
+}>;
+declare const rootPath: string;
+declare const rootDistPath: string;
+declare const rootBinPath: string;
+declare const rootPkgJsonPath: string;
+declare const nmBinPath: string;
+declare const cdxgenBinPath: string;
+declare const distPath: string;
+declare const shadowBinPath: string;
+declare const synpBinPath: string;
+export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

package/dist/module-sync/constants.js

@@ -0,0 +1,72 @@
+'use strict';
+
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$2 = require('@socketsecurity/registry/lib/env');
+var require$$3 = require('@socketsecurity/registry/lib/constants');
+var require$$4 = require('semver');
+
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+var constants = {};
+
+Object.defineProperty(constants, "__esModule", {
+  value: true
+});
+constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
+var _nodeFs = require$$0;
+var _nodePath = require$$1;
+var _env = require$$2;
+var _constants = require$$3;
+var _semver = require$$4;
+const {
+  PACKAGE_JSON
+} = _constants;
+const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
+constants.API_V0_URL = 'https://api.socket.dev/v0';
+const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
+constants.LOOP_SENTINEL = 1_000_000;
+constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
+const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
+constants.ENV = Object.freeze({
+  // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
+  [UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: (0, _env.envAsBoolean)(process.env[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE])
+});
+
+// Dynamically detect the rootPath so constants.ts can be used in tests.
+const rootPath = constants.rootPath = (() => {
+  let oldPath;
+  let currPath = (0, _nodeFs.realpathSync)(__dirname);
+  // Dirname stops when at the filepath root, e.g. '/' for posix and 'C:\\' for win32,
+  // so `currPath` equal `oldPath`.
+  while (currPath !== oldPath) {
+    const pkgJsonPath = _nodePath.join(currPath, PACKAGE_JSON);
+    if ((0, _nodeFs.existsSync)(pkgJsonPath)) {
+      try {
+        // Content matching @socketsecurity/cli is replaced by
+        // the @rollup/plugin-replace plugin used in .config/rollup.base.config.mjs
+        // with either 'socket' or '@socketsecurity/cli'.
+        if (require(pkgJsonPath)?.name === '@socketsecurity/cli') {
+          return currPath;
+        }
+      } catch {}
+    }
+    oldPath = currPath;
+    currPath = _nodePath.dirname(currPath);
+  }
+  throw new TypeError(`Socket CLI initialization error: rootPath cannot be resolved.\n\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`);
+})();
+const rootDistPath = constants.rootDistPath = _nodePath.join(rootPath, 'dist');
+constants.rootBinPath = _nodePath.join(rootPath, 'bin');
+constants.rootPkgJsonPath = _nodePath.join(rootPath, PACKAGE_JSON);
+const nmBinPath = constants.nmBinPath = _nodePath.join(rootPath, 'node_modules/.bin');
+constants.cdxgenBinPath = _nodePath.join(nmBinPath, 'cdxgen');
+constants.distPath = _nodePath.join(rootDistPath, DIST_TYPE);
+constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', DIST_TYPE);
+constants.synpBinPath = _nodePath.join(nmBinPath, 'synp');
+
+exports.constants = constants;
+exports.getDefaultExportFromCjs = getDefaultExportFromCjs;

package/dist/module-sync/npm-cli.js

@@ -0,0 +1,85 @@
+#!/usr/bin/env node
+'use strict';
+
+var constants = require('./constants.js');
+var require$$0$1 = require('@babel/runtime/helpers/interopRequireWildcard');
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$1$1 = require('@npmcli/promise-spawn');
+var link = require('./link.js');
+var pathResolve = require('./path-resolve.js');
+
+var npmCli$2 = {};
+
+var npmCli$1 = {};
+
+var _nodeFs = require$$0;
+var _nodePath = require$$1;
+var _promiseSpawn = require$$1$1;
+var _constants = constants.constants;
+var _link = link.link;
+var _pathResolve = pathResolve.pathResolve;
+const npmPath = (0, _link.installLinks)(_constants.shadowBinPath, 'npm');
+const injectionPath = _nodePath.join(_constants.distPath, 'npm-injection.js');
+
+// Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
+// is found to fix a UX issue when running the command with recent versions of
+// npm (input swallowed by the standard npm spinner)
+const npmArgs = process.argv.slice(2);
+if (npmArgs.includes('install') && !npmArgs.includes('--no-progress') && !npmArgs.includes('--quiet')) {
+  const npmEntrypoint = (0, _nodeFs.realpathSync)(npmPath);
+  const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
+  if (npmRootPath === undefined) {
+    process.exit(127);
+  }
+  const npmDepPath = _nodePath.join(npmRootPath, 'node_modules');
+  let procLog;
+  try {
+    procLog = require(_nodePath.join(npmDepPath, 'proc-log/lib/index.js')).log;
+  } catch {}
+  if (procLog) {
+    npmArgs.push('--no-progress', '--quiet');
+  }
+}
+process.exitCode = 1;
+const spawnPromise = _promiseSpawn(process.execPath, ['--disable-warning', 'ExperimentalWarning', '--require', injectionPath, npmPath, ...npmArgs], {
+  stdio: 'inherit'
+});
+spawnPromise.process.on('exit', (code, signal) => {
+  if (signal) {
+    process.kill(process.pid, signal);
+  } else if (code !== null) {
+    process.exit(code);
+  }
+});
+
+(function (exports) {
+
+	var _interopRequireWildcard = require$$0$1.default;
+	Object.defineProperty(exports, "__esModule", {
+	  value: true
+	});
+	var _exportNames = {};
+	Object.defineProperty(exports, "default", {
+	  enumerable: true,
+	  get: function () {
+	    return _npmCli.default;
+	  }
+	});
+	var _npmCli = _interopRequireWildcard(npmCli$1, true);
+	Object.keys(_npmCli).forEach(function (key) {
+	  if (key === "default" || key === "__esModule") return;
+	  if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
+	  if (key in exports && exports[key] === _npmCli[key]) return;
+	  Object.defineProperty(exports, key, {
+	    enumerable: true,
+	    get: function () {
+	      return _npmCli[key];
+	    }
+	  });
+	}); 
+} (npmCli$2));
+
+var npmCli = /*@__PURE__*/constants.getDefaultExportFromCjs(npmCli$2);
+
+module.exports = npmCli;