npm - @socketsecurity/cli - Versions diffs - 0.14.28 → 0.14.30 - Mend

@socketsecurity/cli 0.14.28 → 0.14.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/bin/cli.js +7 -0
package/bin/npm-cli.js +7 -0
package/bin/npx-cli.js +7 -0
package/bin/shadow/module-sync/npm +3 -0
package/bin/shadow/module-sync/npx +3 -0
package/bin/shadow/require/npm +3 -0
package/bin/shadow/require/npx +3 -0
package/dist/module-sync/cli.d.ts.map +1 -0
package/dist/module-sync/cli.js +5258 -0
package/dist/module-sync/constants.d.ts +20 -0
package/dist/module-sync/constants.js +72 -0
package/dist/module-sync/npm-cli.js +85 -0
package/dist/module-sync/npm-injection.js +1609 -0
package/dist/module-sync/npx-cli.js +61 -0
package/dist/{sdk.d.ts → module-sync/sdk.d.ts} +1 -5
package/dist/module-sync/sdk.js +253 -0
package/dist/require/cli.d.ts +3 -0
package/dist/require/cli.d.ts.map +1 -0
package/dist/{cli.js → require/cli.js} +80 -82
package/dist/require/color-or-markdown.d.ts +23 -0
package/dist/require/constants.d.ts +20 -0
package/dist/require/constants.js +67 -0
package/dist/require/errors.d.ts +7 -0
package/dist/require/link.d.ts +2 -0
package/dist/require/link.js +45 -0
package/dist/require/npm-cli.d.ts +2 -0
package/dist/{npm-cli.js → require/npm-cli.js} +12 -10
package/dist/require/npm-injection.d.ts +1 -0
package/dist/{npm-injection.js → require/npm-injection.js} +169 -135
package/dist/require/npx-cli.d.ts +2 -0
package/dist/{npx-cli.js → require/npx-cli.js} +12 -12
package/dist/require/path-resolve.d.ts +8 -0
package/dist/require/path-resolve.js +183 -0
package/dist/require/sdk.d.ts +9 -0
package/dist/{sdk.js → require/sdk.js} +16 -36
package/dist/require/settings.d.ts +9 -0
package/dist/{vendor.js → require/vendor.js} +6 -1
package/package.json +54 -19
package/translations.json +190 -287
package/bin/npm +0 -2
package/bin/npx +0 -2
package/dist/cli.d.ts.map +0 -1
/package/dist/{cli.d.ts → module-sync/cli.d.ts} +0 -0
/package/dist/{color-or-markdown.d.ts → module-sync/color-or-markdown.d.ts} +0 -0
/package/dist/{errors.d.ts → module-sync/errors.d.ts} +0 -0
/package/dist/{link.d.ts → module-sync/link.d.ts} +0 -0
/package/dist/{link.js → module-sync/link.js} +0 -0
/package/dist/{npm-cli.d.ts → module-sync/npm-cli.d.ts} +0 -0
/package/dist/{npm-injection.d.ts → module-sync/npm-injection.d.ts} +0 -0
/package/dist/{npx-cli.d.ts → module-sync/npx-cli.d.ts} +0 -0
/package/dist/{path-resolve.d.ts → module-sync/path-resolve.d.ts} +0 -0
/package/dist/{path-resolve.js → module-sync/path-resolve.js} +0 -0
/package/dist/{settings.d.ts → module-sync/settings.d.ts} +0 -0

package/dist/{cli.js → require/cli.js} RENAMED Viewed

@@ -2,20 +2,21 @@
 'use strict';
 var vendor = require('./vendor.js');
-var require$$1 = require('node:path');
 var require$$8$2 = require('node:url');
 var require$$1$2 = require('yoctocolors-cjs');
-var require$$5$1 = require('pony-cause');
+var require$$4$1 = require('pony-cause');
 var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
 var require$$1$1 = require('@npmcli/promise-spawn');
 var require$$4 = require('yargs-parser');
 var require$$5 = require('@socketsecurity/registry/lib/words');
+var constants = require('./constants.js');
 var require$$3 = require('@socketregistry/yocto-spinner');
 var sdk = require('./sdk.js');
 var require$$1$3 = require('@inquirer/prompts');
 var require$$1$4 = require('node:fs/promises');
-var require$$5$3 = require('npm-package-arg');
-var require$$3$1 = require('semver');
+var require$$5$2 = require('npm-package-arg');
+var require$$4$2 = require('semver');
 var require$$8$1 = require('tinyglobby');
 var require$$9$1 = require('yaml');
 var require$$10 = require('@socketsecurity/registry');
@@ -25,11 +26,11 @@ var require$$13 = require('@socketsecurity/registry/lib/promises');
 var require$$14 = require('@socketsecurity/registry/lib/regexps');
 var require$$9 = require('@socketsecurity/registry/lib/strings');
 var require$$2 = require('browserslist');
-var require$$4$1 = require('which');
-var require$$5$2 = require('@socketregistry/hyrious__bun.lockb');
-var require$$6 = require('@socketsecurity/registry/lib/constants');
+var require$$4$3 = require('which');
+var require$$5$1 = require('@socketregistry/hyrious__bun.lockb');
+var require$$3$1 = require('@socketsecurity/registry/lib/constants');
 var require$$2$1 = require('@apideck/better-ajv-errors');
-var require$$6$1 = require('@socketsecurity/config');
+var require$$6 = require('@socketsecurity/config');
 var pathResolve = require('./path-resolve.js');
 var require$$1$5 = require('node:os');
 var require$$3$2 = require('node:readline');
@@ -38,14 +39,14 @@ var require$$2$2 = require('node:readline/promises');
 var require$$2$3 = require('chalk-table');
 var require$$2$4 = require('blessed/lib/widgets/screen');
 var require$$3$3 = require('blessed-contrib/lib/widget/charts/bar');
-var require$$4$2 = require('blessed-contrib/lib/layout/grid');
-var require$$5$4 = require('blessed-contrib/lib/widget/charts/line');
+var require$$4$4 = require('blessed-contrib/lib/layout/grid');
+var require$$5$3 = require('blessed-contrib/lib/widget/charts/line');
 var require$$0$2 = require('node:util');
 var require$$2$5 = require('blessed-contrib/lib/widget/table');
-var cli$1 = {};
+var cli$2 = {};
-var cli = {};
+var cli$1 = {};
 var commands = {};
@@ -56,19 +57,15 @@ Object.defineProperty(cdxgen, "__esModule", {
 });
 cdxgen.cdxgen = void 0;
 var _nodeFs$3 = require$$0;
-var _nodePath$7 = require$$1;
+var _nodePath$6 = require$$1;
 var _promiseSpawn$6 = require$$1$1;
 var _yoctocolorsCjs$j = require$$1$2;
 var _yargsParser = require$$4;
 var _words$1 = require$$5;
-const distPath$4 = __dirname;
+var _constants$6 = constants.constants;
 const {
   execPath
 } = process;
-const rootPath$1 = _nodePath$7.resolve(distPath$4, '..');
-const binPath = _nodePath$7.join(rootPath$1, 'node_modules/.bin');
-const cdxgenBinPath = _nodePath$7.join(binPath, 'cdxgen');
-const synpBinPath = _nodePath$7.join(binPath, 'synp');
 const {
   SBOM_SIGN_ALGORITHM,
   // Algorithm. Example: RS512
@@ -194,7 +191,7 @@ cdxgen.cdxgen = {
         // Use synp to create a package-lock.json from the yarn.lock,
         // based on the node_modules folder, for a more accurate SBOM.
         try {
-          await _promiseSpawn$6(execPath, [await _nodeFs$3.promises.realpath(synpBinPath), '--source-file', './yarn.lock'], {
+          await _promiseSpawn$6(execPath, [await _nodeFs$3.promises.realpath(_constants$6.synpBinPath), '--source-file', './yarn.lock'], {
             shell: true
           });
           yargv.type = 'npm';
@@ -205,7 +202,7 @@ cdxgen.cdxgen = {
     if (yargv.output === undefined) {
       yargv.output = 'socket-cdx.json';
     }
-    await _promiseSpawn$6(execPath, [await _nodeFs$3.promises.realpath(cdxgenBinPath), ...argvToArray(yargv)], {
+    await _promiseSpawn$6(execPath, [await _nodeFs$3.promises.realpath(_constants$6.cdxgenBinPath), ...argvToArray(yargv)], {
       env: {
         NODE_ENV: '',
         SBOM_SIGN_ALGORITHM,
@@ -220,7 +217,7 @@ cdxgen.cdxgen = {
         await _nodeFs$3.promises.unlink('./package-lock.json');
       } catch {}
     }
-    const fullOutputPath = _nodePath$7.join(process.cwd(), yargv.output);
+    const fullOutputPath = _nodePath$6.join(process.cwd(), yargv.output);
     if ((0, _nodeFs$3.existsSync)(fullOutputPath)) {
       console.log(_yoctocolorsCjs$j.cyanBright(`${yargv.output} created!`));
     }
@@ -292,12 +289,13 @@ apiHelpers.handleApiCall = handleApiCall;
 apiHelpers.handleUnsuccessfulApiResponse = handleUnsuccessfulApiResponse;
 apiHelpers.queryAPI = queryAPI;
 var _yoctocolorsCjs$i = require$$1$2;
-var _ponyCause$4 = require$$5$1;
+var _ponyCause$4 = require$$4$1;
 var _errors$l = sdk.errors;
-var _constants$1 = sdk.constants;
+var _constants$5 = constants.constants;
 function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {};
-  const message = 'message' in resultError && typeof resultError.message === 'string' ? resultError.message : 'No error message returned';
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
   if (result.status === 401 || result.status === 403) {
     spinner.stop();
     throw new _errors$l.AuthError(message);
@@ -318,16 +316,16 @@ async function handleApiCall(value, description) {
 }
 async function handleAPIError(code) {
   if (code === 400) {
-    return `One of the options passed might be incorrect.`;
+    return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
-    return `You might be trying to access an organization that is not linked to the API key you are logged in with.`;
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
   }
 }
 async function queryAPI(path, apiKey) {
-  return await fetch(`${_constants$1.API_V0_URL}/${path}`, {
+  return await fetch(`${_constants$5.API_V0_URL}/${path}`, {
     method: 'GET',
     headers: {
-      Authorization: 'Basic ' + btoa(`${apiKey}:${apiKey}`)
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
     }
   });
 }
@@ -813,16 +811,16 @@ Object.defineProperty(npm, "__esModule", {
   value: true
 });
 npm.npm = void 0;
-var _nodePath$6 = require$$1;
+var _nodePath$5 = require$$1;
 var _promiseSpawn$5 = require$$1$1;
-const distPath$3 = __dirname;
+var _constants$4 = constants.constants;
 const description$5 = 'npm wrapper functionality';
 npm.npm = {
   description: description$5,
   async run(argv, _importMeta, _ctx) {
-    const wrapperPath = _nodePath$6.join(distPath$3, 'npm-cli.js');
+    const wrapperPath = _nodePath$5.join(_constants$4.distPath, 'npm-cli.js');
     process.exitCode = 1;
-    const spawnPromise = _promiseSpawn$5(process.execPath, [wrapperPath, ...argv], {
+    const spawnPromise = _promiseSpawn$5(process.execPath, ['--disable-warning', 'ExperimentalWarning', wrapperPath, ...argv], {
       stdio: 'inherit'
     });
     spawnPromise.process.on('exit', (code, signal) => {
@@ -842,16 +840,16 @@ Object.defineProperty(npx, "__esModule", {
   value: true
 });
 npx.npx = void 0;
-var _nodePath$5 = require$$1;
+var _nodePath$4 = require$$1;
 var _promiseSpawn$4 = require$$1$1;
-const distPath$2 = __dirname;
+var _constants$3 = constants.constants;
 const description$4 = 'npx wrapper functionality';
 npx.npx = {
   description: description$4,
   async run(argv, _importMeta, _ctx) {
-    const wrapperPath = _nodePath$5.join(distPath$2, 'npx-cli.js');
+    const wrapperPath = _nodePath$4.join(_constants$3.distPath, 'npx-cli.js');
     process.exitCode = 1;
-    const spawnPromise = _promiseSpawn$4(process.execPath, [wrapperPath, ...argv], {
+    const spawnPromise = _promiseSpawn$4(process.execPath, ['--disable-warning', 'ExperimentalWarning', wrapperPath, ...argv], {
       stdio: 'inherit'
     });
     spawnPromise.process.on('exit', (code, signal) => {
@@ -877,7 +875,7 @@ fs.findUp = findUp;
 fs.readFileBinary = readFileBinary;
 fs.readFileUtf8 = readFileUtf8;
 var _nodeFs$2 = require$$0;
-var _nodePath$4 = require$$1;
+var _nodePath$3 = require$$1;
 function existsSync(filepath) {
   try {
     return filepath ? (0, _nodeFs$2.existsSync)(filepath) : false;
@@ -887,14 +885,14 @@ function existsSync(filepath) {
 async function findUp(name, {
   cwd = process.cwd()
 }) {
-  let dir = _nodePath$4.resolve(cwd);
+  let dir = _nodePath$3.resolve(cwd);
   const {
     root
-  } = _nodePath$4.parse(dir);
+  } = _nodePath$3.parse(dir);
   const names = [name].flat();
   while (dir && dir !== root) {
     for (const name of names) {
-      const filePath = _nodePath$4.join(dir, name);
+      const filePath = _nodePath$3.join(dir, name);
       try {
         // eslint-disable-next-line no-await-in-loop
         const stats = await _nodeFs$2.promises.stat(filePath);
@@ -903,7 +901,7 @@ async function findUp(name, {
         }
       } catch {}
     }
-    dir = _nodePath$4.dirname(dir);
+    dir = _nodePath$3.dirname(dir);
   }
   return undefined;
 }
@@ -927,13 +925,13 @@ Object.defineProperty(packageManagerDetector, "__esModule", {
 });
 packageManagerDetector.AGENTS = void 0;
 packageManagerDetector.detect = detect;
-var _nodePath$3 = require$$1;
+var _nodePath$2 = require$$1;
 var _promiseSpawn$3 = require$$1$1;
 var _browserslist = require$$2;
-var _semver$1 = require$$3$1;
-var _which = require$$4$1;
-var _hyrious__bun = require$$5$2;
-var _constants = require$$6;
+var _semver$1 = require$$4$2;
+var _which = require$$4$3;
+var _hyrious__bun = require$$5$1;
+var _constants$2 = require$$3$1;
 var _objects$2 = require$$7;
 var _packages$1 = require$$8;
 var _strings$1 = require$$9;
@@ -1021,10 +1019,10 @@ async function detect({
     cwd
   });
   const isHiddenLockFile = lockPath?.endsWith('.package-lock.json') ?? false;
-  const pkgJsonPath = lockPath ? _nodePath$3.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await (0, _fs$1.findUp)('package.json', {
+  const pkgJsonPath = lockPath ? _nodePath$2.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await (0, _fs$1.findUp)('package.json', {
     cwd
   });
-  const pkgPath = (0, _fs$1.existsSync)(pkgJsonPath) ? _nodePath$3.dirname(pkgJsonPath) : undefined;
+  const pkgPath = (0, _fs$1.existsSync)(pkgJsonPath) ? _nodePath$2.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await (0, _packages$1.readPackageJson)(pkgPath, {
     editable: true
   }) : undefined;
@@ -1046,7 +1044,7 @@ async function detect({
     }
   }
   if (agent === undefined && !isHiddenLockFile && typeof pkgJsonPath === 'string' && typeof lockPath === 'string') {
-    agent = LOCKS[_nodePath$3.basename(lockPath)];
+    agent = LOCKS[_nodePath$2.basename(lockPath)];
   }
   if (agent === undefined) {
     agent = 'npm';
@@ -1066,7 +1064,7 @@ async function detect({
   };
   let lockSrc;
   // Lazily access constants.maintainedNodeVersions.
-  let minimumNodeVersion = _constants.maintainedNodeVersions.previous;
+  let minimumNodeVersion = _constants$2.maintainedNodeVersions.previous;
   if (pkgJson) {
     const browserField = pkgJson.browser;
     if ((0, _strings$1.isNonEmptyString)(browserField) || (0, _objects$2.isObjectObject)(browserField)) {
@@ -1094,7 +1092,7 @@ async function detect({
       }
     }
     // Lazily access constants.maintainedNodeVersions.
-    targets.node = _constants.maintainedNodeVersions.some(v => _semver$1.satisfies(v, `>=${minimumNodeVersion}`));
+    targets.node = _constants$2.maintainedNodeVersions.some(v => _semver$1.satisfies(v, `>=${minimumNodeVersion}`));
     lockSrc = typeof lockPath === 'string' ? await readLockFileByAgent[agent](lockPath, agentExecPath) : undefined;
   } else {
     lockPath = undefined;
@@ -1120,12 +1118,12 @@ Object.defineProperty(optimize$1, "__esModule", {
 });
 optimize$1.optimize = void 0;
 var _promises$2 = require$$1$4;
-var _nodePath$2 = require$$1;
+var _nodePath$1 = require$$1;
 var _promiseSpawn$2 = require$$1$1;
 var _meow$m = _interopRequireDefault$n(vendor.build);
-var _npmPackageArg = require$$5$3;
+var _npmPackageArg = require$$5$2;
 var _yoctoSpinner$i = require$$3;
-var _semver = require$$3$1;
+var _semver = require$$4$2;
 var _tinyglobby = require$$8$1;
 var _yaml = require$$9$1;
 var _registry = require$$10;
@@ -1135,16 +1133,17 @@ var _promises2 = require$$13;
 var _regexps = require$$14;
 var _strings = require$$9;
 var _words = require$$5;
+var _constants$1 = constants.constants;
 var _flags$j = flags$1;
 var _formatting$k = formatting;
 var _fs = fs;
 var _packageManagerDetector = packageManagerDetector;
 const COMMAND_TITLE = 'Socket Optimize';
 const OVERRIDES_FIELD_NAME = 'overrides';
+const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/7025';
 const PNPM_FIELD_NAME = 'pnpm';
 const PNPM_WORKSPACE = 'pnpm-workspace';
 const RESOLUTIONS_FIELD_NAME = 'resolutions';
-const distPath$1 = __dirname;
 const manifestNpmOverrides = (0, _registry.getManifestData)('npm');
 const getOverridesDataByAgent = {
   bun(pkgJson) {
@@ -1504,7 +1503,7 @@ function getDependencyEntries(pkgJson) {
 async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   let workspacePatterns;
   if (agent === 'pnpm') {
-    for (const workspacePath of [_nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), _nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
+    for (const workspacePath of [_nodePath$1.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), _nodePath$1.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
       if ((0, _fs.existsSync)(workspacePath)) {
         try {
           workspacePatterns = (0, _yaml.parse)(
@@ -1575,7 +1574,7 @@ async function addOverrides({
   } = editablePkgJson;
   const isRoot = pkgPath === rootPath;
   const isLockScanned = isRoot && !prod;
-  const workspaceName = _nodePath$2.relative(rootPath, pkgPath);
+  const workspaceName = _nodePath$1.relative(rootPath, pkgPath);
   const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson);
   const isWorkspace = !!workspaceGlobs;
   if (isWorkspace && agent === 'pnpm' && npmExecPath === 'npm' && !state.warnedPnpmWorkspaceRequiresNpm) {
@@ -1694,7 +1693,7 @@ async function addOverrides({
         manifestEntries,
         npmExecPath,
         pin,
-        pkgPath: _nodePath$2.dirname(workspacePkgJsonPath),
+        pkgPath: _nodePath$1.dirname(workspacePkgJsonPath),
         prod,
         rootPath
       }, createAddOverridesState({
@@ -1758,7 +1757,7 @@ const optimize = optimize$1.optimize = {
       console.error(`✖️ ${COMMAND_TITLE}: ${agent} does not support overrides. Soon, though ⚡`);
       return;
     }
-    const lockName = lockPath ? _nodePath$2.basename(lockPath) : 'lock file';
+    const lockName = lockPath ? _nodePath$1.basename(lockPath) : 'lock file';
     if (lockSrc === undefined) {
       console.error(`✖️ ${COMMAND_TITLE}: No ${lockName} found`);
       return;
@@ -1775,7 +1774,7 @@ const optimize = optimize$1.optimize = {
       console.error(`✖️ ${COMMAND_TITLE}: --prod not supported for ${agent}${agentVersion ? `@${agentVersion.toString()}` : ''}`);
       return;
     }
-    if (lockPath && _nodePath$2.relative(cwd, lockPath).startsWith('.')) {
+    if (lockPath && _nodePath$1.relative(cwd, lockPath).startsWith('.')) {
       console.warn(`⚠️ ${COMMAND_TITLE}: Package ${lockName} found at ${lockPath}`);
     }
     const spinner = _yoctoSpinner$i({
@@ -1822,12 +1821,12 @@ const optimize = optimize$1.optimize = {
       spinner.start(`Updating ${lockName}...`);
       try {
         if (isNpm) {
-          const wrapperPath = _nodePath$2.join(distPath$1, 'npm-cli.js');
-          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--no-audit', '--no-fund'], {
+          const wrapperPath = _nodePath$1.join(_constants$1.distPath, 'npm-cli.js');
+          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--silent'], {
             stdio: 'ignore',
             env: {
               ...process.env,
-              UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
+              [_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
             }
           });
         } else {
@@ -1838,7 +1837,7 @@ const optimize = optimize$1.optimize = {
         }
         spinner.stop();
         if (isNpm) {
-          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships https://github.com/npm/cli/pull/7025.`);
+          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships ${NPM_OVERRIDE_PR_URL}.`);
         }
       } catch {
         spinner.error(`${COMMAND_TITLE}: ${agent} install failed to update ${lockName}`);
@@ -2089,7 +2088,7 @@ view$3.view = void 0;
 var _yoctocolorsCjs$f = require$$1$2;
 var _meow$i = _interopRequireDefault$j(vendor.build);
 var _yoctoSpinner$g = require$$3;
-var _ponyCause$3 = require$$5$1;
+var _ponyCause$3 = require$$4$1;
 var _flags$g = flags$1;
 var _apiHelpers$g = apiHelpers;
 var _colorOrMarkdown$2 = sdk.colorOrMarkdown;
@@ -2229,12 +2228,12 @@ Object.defineProperty(create$5, "__esModule", {
   value: true
 });
 create$5.create = void 0;
-var _nodePath$1 = require$$1;
+var _nodePath = require$$1;
 var _betterAjvErrors = require$$2$1;
 var _meow$h = _interopRequireDefault$i(vendor.build);
 var _yoctoSpinner$f = require$$3;
-var _ponyCause$2 = require$$5$1;
-var _config = require$$6$1;
+var _ponyCause$2 = require$$4$1;
+var _config = require$$6;
 var _view$2 = view$3;
 var _flags$f = flags$1;
 var _apiHelpers$f = apiHelpers;
@@ -2371,7 +2370,7 @@ async function setupCommand$g(name, description, argv, importMeta) {
   // TODO: Allow setting a custom cwd and/or configFile path?
   const cwd = process.cwd();
-  const absoluteConfigPath = _nodePath$1.join(cwd, 'socket.yml');
+  const absoluteConfigPath = _nodePath.join(cwd, 'socket.yml');
   const config = await (0, _config.readSocketConfig)(absoluteConfigPath).catch(cause => {
     if (cause && typeof cause === 'object' && cause instanceof _config.SocketValidationError) {
       // Inspired by workbox-build:
@@ -2714,7 +2713,7 @@ var _yoctocolorsCjs$e = require$$1$2;
 var _meow$e = _interopRequireDefault$f(vendor.build);
 var _open = _interopRequireDefault$f(vendor.open);
 var _yoctoSpinner$e = require$$3;
-var _ponyCause$1 = require$$5$1;
+var _ponyCause$1 = require$$4$1;
 var _apiHelpers$e = apiHelpers;
 var _errors$f = sdk.errors;
 var _formatting$d = formatting;
@@ -4269,8 +4268,8 @@ analytics$1.analytics = void 0;
 var _promises = require$$1$4;
 var _screen$1 = require$$2$4;
 var _bar = require$$3$3;
-var _grid = require$$4$2;
-var _line = require$$5$4;
+var _grid = require$$4$4;
+var _line = require$$5$3;
 var _meow$2 = _interopRequireDefault$3(vendor.build);
 var _yoctocolorsCjs$2 = require$$1$2;
 var _yoctoSpinner$2 = require$$3;
@@ -5155,19 +5154,15 @@ const getMinDiff = (start, end) => Math.floor((end - start) / 60000);
 var _interopRequireWildcard = vendor.interopRequireWildcard.default;
 var _interopRequireDefault = vendor.interopRequireDefault.default;
-var _nodePath = require$$1;
 var _nodeUrl = require$$8$2;
 var _yoctocolorsCjs = require$$1$2;
-var _ponyCause = require$$5$1;
+var _ponyCause = require$$4$1;
 var _tinyUpdater = _interopRequireDefault(vendor.dist);
 var cliCommands = _interopRequireWildcard(commands, true);
+var _constants = constants.constants;
 var _colorOrMarkdown = sdk.colorOrMarkdown;
 var _errors = sdk.errors;
 var _meowWithSubcommands = meowWithSubcommands$1;
-const distPath = __dirname;
-const rootPath = _nodePath.resolve(distPath, '..');
-const rootPkgJsonPath = _nodePath.join(rootPath, 'package.json');
-const rootPkgJson = require(rootPkgJsonPath);
 const formattedCliCommands = Object.fromEntries(Object.entries(cliCommands).map(entry => {
   const key = entry[0];
   entry[0] = camelToHyphen(key);
@@ -5179,6 +5174,7 @@ function camelToHyphen(str) {
 // TODO: Add autocompletion using https://socket.dev/npm/package/omelette
 void (async () => {
+  const rootPkgJson = require(_constants.rootPkgJsonPath);
   await (0, _tinyUpdater.default)({
     name: rootPkgJson.name,
     version: rootPkgJson.version,
@@ -5237,7 +5233,7 @@ void (async () => {
 	    return _cli.default;
 	  }
 	});
-	var _cli = _interopRequireWildcard(cli, true);
+	var _cli = _interopRequireWildcard(cli$1, true);
 	Object.keys(_cli).forEach(function (key) {
 	  if (key === "default" || key === "__esModule") return;
 	  if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
@@ -5249,6 +5245,8 @@ void (async () => {
 	    }
 	  });
 	});
-} (cli$1));
+} (cli$2));
+var cli = /*@__PURE__*/vendor.getDefaultExportFromCjs(cli$2);
-module.exports = cli$1;
+module.exports = cli;

package/dist/require/color-or-markdown.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+declare const logSymbols: {
+    __proto__: null;
+    info: string;
+    success: string;
+    warning: string;
+    error: string;
+};
+declare class ColorOrMarkdown {
+    useMarkdown: boolean;
+    constructor(useMarkdown: boolean);
+    header(text: string, level?: number): string;
+    bold(text: string): string;
+    italic(text: string): string;
+    hyperlink(text: string, url: string | undefined, { fallback, fallbackToUrl }?: {
+        fallback?: boolean;
+        fallbackToUrl?: boolean;
+    }): string;
+    list(items: string[]): string;
+    get logSymbols(): typeof logSymbols;
+    indent(text: string, level?: number): string;
+    json(value: unknown): string;
+}
+export { logSymbols, ColorOrMarkdown };

package/dist/require/constants.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+declare const SUPPORTS_SYNC_ESM: boolean;
+declare const API_V0_URL = "https://api.socket.dev/v0";
+declare const DIST_TYPE: string;
+declare const LOOP_SENTINEL = 1000000;
+declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
+declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";
+declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";
+declare const ENV: Readonly<{
+    UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
+}>;
+declare const rootPath: string;
+declare const rootDistPath: string;
+declare const rootBinPath: string;
+declare const rootPkgJsonPath: string;
+declare const nmBinPath: string;
+declare const cdxgenBinPath: string;
+declare const distPath: string;
+declare const shadowBinPath: string;
+declare const synpBinPath: string;
+export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

package/dist/require/constants.js ADDED Viewed

@@ -0,0 +1,67 @@
+'use strict';
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$2 = require('@socketsecurity/registry/lib/env');
+var require$$3 = require('@socketsecurity/registry/lib/constants');
+var require$$4 = require('semver');
+var constants = {};
+Object.defineProperty(constants, "__esModule", {
+  value: true
+});
+constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
+var _nodeFs = require$$0;
+var _nodePath = require$$1;
+var _env = require$$2;
+var _constants = require$$3;
+var _semver = require$$4;
+const {
+  PACKAGE_JSON
+} = _constants;
+const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
+constants.API_V0_URL = 'https://api.socket.dev/v0';
+const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
+constants.LOOP_SENTINEL = 1_000_000;
+constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
+const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
+constants.ENV = Object.freeze({
+  // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
+  [UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: (0, _env.envAsBoolean)(process.env[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE])
+});
+// Dynamically detect the rootPath so constants.ts can be used in tests.
+const rootPath = constants.rootPath = (() => {
+  let oldPath;
+  let currPath = (0, _nodeFs.realpathSync)(__dirname);
+  // Dirname stops when at the filepath root, e.g. '/' for posix and 'C:\\' for win32,
+  // so `currPath` equal `oldPath`.
+  while (currPath !== oldPath) {
+    const pkgJsonPath = _nodePath.join(currPath, PACKAGE_JSON);
+    if ((0, _nodeFs.existsSync)(pkgJsonPath)) {
+      try {
+        // Content matching @socketsecurity/cli is replaced by
+        // the @rollup/plugin-replace plugin used in .config/rollup.base.config.mjs
+        // with either 'socket' or '@socketsecurity/cli'.
+        if (require(pkgJsonPath)?.name === '@socketsecurity/cli') {
+          return currPath;
+        }
+      } catch {}
+    }
+    oldPath = currPath;
+    currPath = _nodePath.dirname(currPath);
+  }
+  throw new TypeError(`Socket CLI initialization error: rootPath cannot be resolved.\n\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`);
+})();
+const rootDistPath = constants.rootDistPath = _nodePath.join(rootPath, 'dist');
+constants.rootBinPath = _nodePath.join(rootPath, 'bin');
+constants.rootPkgJsonPath = _nodePath.join(rootPath, PACKAGE_JSON);
+const nmBinPath = constants.nmBinPath = _nodePath.join(rootPath, 'node_modules/.bin');
+constants.cdxgenBinPath = _nodePath.join(nmBinPath, 'cdxgen');
+constants.distPath = _nodePath.join(rootDistPath, DIST_TYPE);
+constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', DIST_TYPE);
+constants.synpBinPath = _nodePath.join(nmBinPath, 'synp');
+exports.constants = constants;

package/dist/require/errors.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+declare class AuthError extends Error {
+}
+declare class InputError extends Error {
+    body: string | undefined;
+    constructor(message: string, body?: string);
+}
+export { AuthError, InputError };

package/dist/require/link.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare function installLinks(realDirname: string, binName: 'npm' \| 'npx'): string;
2	+ export { installLinks };

package/dist/require/link.js ADDED Viewed

@@ -0,0 +1,45 @@
+'use strict';
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$4 = require('which');
+var link = {};
+Object.defineProperty(link, "__esModule", {
+  value: true
+});
+link.installLinks = installLinks;
+var _nodeFs = require$$0;
+var _nodePath = require$$1;
+var _which = require$$4;
+function installLinks(realDirname, binName) {
+  const realShadowBinDir = realDirname;
+  // find package manager being shadowed by this process
+  const bins = _which.sync(binName, {
+    all: true
+  });
+  let shadowIndex = -1;
+  const binPath = bins.find((binPath, i) => {
+    if ((0, _nodeFs.realpathSync)(_nodePath.dirname(binPath)) === realShadowBinDir) {
+      shadowIndex = i;
+      return false;
+    }
+    return true;
+  });
+  const isWin = process.platform === 'win32';
+  if (isWin && binPath) {
+    return binPath;
+  }
+  if (!binPath) {
+    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
+    process.exit(127);
+  }
+  if (shadowIndex === -1) {
+    const binDir = _nodePath.join(realDirname);
+    process.env['PATH'] = `${binDir}${isWin ? ';' : ':'}${process.env['PATH']}`;
+  }
+  return binPath;
+}
+exports.link = link;

package/dist/require/npm-cli.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ export {};