@socketsecurity/cli 0.14.29 → 0.14.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +2 -4
- package/bin/npm-cli.js +2 -4
- package/bin/npx-cli.js +2 -4
- package/dist/module-sync/cli.js +10 -8
- package/dist/module-sync/constants.d.ts +7 -2
- package/dist/module-sync/constants.js +17 -7
- package/dist/module-sync/npm-injection.js +47 -33
- package/dist/require/cli.js +10 -8
- package/dist/require/constants.d.ts +7 -2
- package/dist/require/constants.js +17 -7
- package/dist/require/npm-injection.js +48 -34
- package/package.json +2 -2
- package/translations.json +190 -287
|
@@ -29,7 +29,7 @@ var arborist = {};
|
|
|
29
29
|
var ttyServer$1 = {};
|
|
30
30
|
|
|
31
31
|
var name = "@socketsecurity/cli";
|
|
32
|
-
var version = "0.14.
|
|
32
|
+
var version = "0.14.30";
|
|
33
33
|
var description = "CLI tool for Socket.dev";
|
|
34
34
|
var homepage = "http://github.com/SocketDev/socket-cli";
|
|
35
35
|
var license = "MIT";
|
|
@@ -640,7 +640,7 @@ var _misc = sdk.misc;
|
|
|
640
640
|
var _pathResolve = pathResolve.pathResolve;
|
|
641
641
|
var _sdk = sdk.sdk;
|
|
642
642
|
var _settings = sdk.settings;
|
|
643
|
-
const
|
|
643
|
+
const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${_constants$1.SOCKET_CLI_ISSUES_URL}.`;
|
|
644
644
|
const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
|
|
645
645
|
const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
|
|
646
646
|
function tryRequire(...ids) {
|
|
@@ -666,12 +666,9 @@ function tryRequire(...ids) {
|
|
|
666
666
|
return undefined;
|
|
667
667
|
}
|
|
668
668
|
if (npmRootPath === undefined) {
|
|
669
|
-
console.error(`Unable to find npm
|
|
670
|
-
console.error(`Searched parent directories of ${npmEntrypoint}`);
|
|
669
|
+
console.error(`Unable to find npm CLI install directory.\nSearched parent directories of ${npmEntrypoint}.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}`);
|
|
671
670
|
process.exit(127);
|
|
672
671
|
}
|
|
673
|
-
const LOOP_SENTINEL = 1_000_000;
|
|
674
|
-
const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
|
|
675
672
|
const npmNmPath = _nodePath.join(npmRootPath, 'node_modules');
|
|
676
673
|
const arboristPkgPath = _nodePath.join(npmNmPath, '@npmcli/arborist');
|
|
677
674
|
const arboristClassPath = _nodePath.join(arboristPkgPath, 'lib/arborist/index.js');
|
|
@@ -684,7 +681,7 @@ const log = tryRequire([_nodePath.join(npmNmPath, 'proc-log/lib/index.js'),
|
|
|
684
681
|
// is really that of its export log.
|
|
685
682
|
mod => mod.log], _nodePath.join(npmNmPath, 'npmlog/lib/log.js'));
|
|
686
683
|
if (log === undefined) {
|
|
687
|
-
console.error(`Unable to integrate with npm
|
|
684
|
+
console.error(`Unable to integrate with npm CLI logging infrastructure.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}.`);
|
|
688
685
|
process.exit(127);
|
|
689
686
|
}
|
|
690
687
|
const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
|
|
@@ -841,11 +838,16 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
|
|
|
841
838
|
if (pkgData.type === 'missing') {
|
|
842
839
|
result = true;
|
|
843
840
|
failures.push({
|
|
844
|
-
type: 'missingDependency'
|
|
841
|
+
type: 'missingDependency',
|
|
842
|
+
block: false,
|
|
843
|
+
raw: undefined
|
|
845
844
|
});
|
|
846
845
|
} else {
|
|
847
846
|
let blocked = false;
|
|
848
847
|
for (const failure of pkgData.value.issues) {
|
|
848
|
+
const {
|
|
849
|
+
type
|
|
850
|
+
} = failure;
|
|
849
851
|
// eslint-disable-next-line no-await-in-loop
|
|
850
852
|
const ux = await uxLookup({
|
|
851
853
|
package: {
|
|
@@ -853,33 +855,34 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
|
|
|
853
855
|
version
|
|
854
856
|
},
|
|
855
857
|
issue: {
|
|
856
|
-
type
|
|
858
|
+
type
|
|
857
859
|
}
|
|
858
860
|
});
|
|
859
|
-
if (ux.
|
|
861
|
+
if (ux.block) {
|
|
862
|
+
result = true;
|
|
863
|
+
blocked = true;
|
|
864
|
+
}
|
|
865
|
+
if (ux.display) {
|
|
866
|
+
displayWarning = true;
|
|
867
|
+
}
|
|
868
|
+
if (ux.block || ux.display) {
|
|
860
869
|
failures.push({
|
|
861
|
-
|
|
862
|
-
block: ux.block
|
|
870
|
+
type,
|
|
871
|
+
block: ux.block,
|
|
872
|
+
raw: failure
|
|
863
873
|
});
|
|
864
874
|
// Before we ask about problematic issues, check to see if they
|
|
865
875
|
// already existed in the old version if they did, be quiet.
|
|
866
876
|
const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
|
|
867
877
|
if (pkg?.existing) {
|
|
878
|
+
const oldPkgData =
|
|
868
879
|
// eslint-disable-next-line no-await-in-loop
|
|
869
|
-
|
|
870
|
-
|
|
871
|
-
|
|
872
|
-
}
|
|
880
|
+
(await batchScan([pkg.existing]).next()).value;
|
|
881
|
+
if (oldPkgData.type === 'success') {
|
|
882
|
+
failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.type) === undefined);
|
|
873
883
|
}
|
|
874
884
|
}
|
|
875
885
|
}
|
|
876
|
-
if (ux.block) {
|
|
877
|
-
result = true;
|
|
878
|
-
blocked = true;
|
|
879
|
-
}
|
|
880
|
-
if (ux.display) {
|
|
881
|
-
displayWarning = true;
|
|
882
|
-
}
|
|
883
886
|
}
|
|
884
887
|
if (!blocked) {
|
|
885
888
|
const pkg = pkgs.find(p => p.pkgid === id);
|
|
@@ -895,15 +898,26 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
|
|
|
895
898
|
}
|
|
896
899
|
if (displayWarning) {
|
|
897
900
|
spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
|
|
898
|
-
|
|
901
|
+
// Filter issues for blessed packages.
|
|
902
|
+
if (name === 'socket' || name.startsWith('@socketregistry/') || name.startsWith('@socketsecurity/')) {
|
|
903
|
+
failures = failures.filter(({
|
|
904
|
+
type
|
|
905
|
+
}) => type !== 'unpopularPackage' && type !== 'unstableOwnership');
|
|
906
|
+
}
|
|
907
|
+
failures.sort((a, b) => a.type < b.type ? -1 : 1);
|
|
899
908
|
const lines = new Set();
|
|
900
909
|
for (const failure of failures) {
|
|
901
|
-
const
|
|
902
|
-
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
910
|
+
const {
|
|
911
|
+
type
|
|
912
|
+
} = failure;
|
|
913
|
+
// Based data from { pageProps: { alertTypes } } of:
|
|
914
|
+
// https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
|
|
915
|
+
const info = translations.issues[type];
|
|
916
|
+
const title = info?.title ?? type;
|
|
917
|
+
const maybeBlocking = failure.block ? '' : ' (non-blocking)';
|
|
918
|
+
const maybeDesc = info?.description ? ` - ${info.description}` : '';
|
|
919
|
+
// TODO: emoji seems to mis-align terminals sometimes
|
|
920
|
+
lines.add(` ${title}${maybeBlocking}${maybeDesc}\n`);
|
|
907
921
|
}
|
|
908
922
|
for (const line of lines) {
|
|
909
923
|
output?.write(line);
|
|
@@ -937,7 +951,7 @@ function walk(diff_, needInfoOn = []) {
|
|
|
937
951
|
length: queueLength
|
|
938
952
|
} = queue;
|
|
939
953
|
while (pos < queueLength) {
|
|
940
|
-
if (pos === LOOP_SENTINEL) {
|
|
954
|
+
if (pos === _constants$1.LOOP_SENTINEL) {
|
|
941
955
|
throw new Error('Detected infinite loop while walking Arborist diff');
|
|
942
956
|
}
|
|
943
957
|
const diff = queue[pos++];
|
|
@@ -1509,7 +1523,7 @@ class SafeOverrideSet extends OverrideSet {
|
|
|
1509
1523
|
length: queueLength
|
|
1510
1524
|
} = queue;
|
|
1511
1525
|
while (pos < queueLength) {
|
|
1512
|
-
if (pos === LOOP_SENTINEL) {
|
|
1526
|
+
if (pos === _constants$1.LOOP_SENTINEL) {
|
|
1513
1527
|
throw new Error('Detected infinite loop while comparing override sets');
|
|
1514
1528
|
}
|
|
1515
1529
|
const {
|
|
@@ -1651,10 +1665,10 @@ class SafeArborist extends Arborist {
|
|
|
1651
1665
|
options['save'] = old.save;
|
|
1652
1666
|
options['saveBundle'] = old.saveBundle;
|
|
1653
1667
|
// Nothing to check, mmm already installed or all private?
|
|
1654
|
-
if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
|
|
1668
|
+
if (diff.findIndex(c => c.repository_url === _constants$1.NPM_REGISTRY_URL) === -1) {
|
|
1655
1669
|
return await this[kRiskyReify](...args);
|
|
1656
1670
|
}
|
|
1657
|
-
let proceed = _constants$1.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
|
|
1671
|
+
let proceed = _constants$1.ENV[_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
|
|
1658
1672
|
if (!proceed) {
|
|
1659
1673
|
proceed = await ttyServer.captureTTY(async (input, output) => {
|
|
1660
1674
|
if (input && output) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@socketsecurity/cli",
|
|
3
|
-
"version": "0.14.
|
|
3
|
+
"version": "0.14.30",
|
|
4
4
|
"description": "CLI tool for Socket.dev",
|
|
5
5
|
"homepage": "http://github.com/SocketDev/socket-cli",
|
|
6
6
|
"license": "MIT",
|
|
@@ -75,7 +75,7 @@
|
|
|
75
75
|
},
|
|
76
76
|
"dependencies": {
|
|
77
77
|
"@apideck/better-ajv-errors": "^0.3.6",
|
|
78
|
-
"@cyclonedx/cdxgen": "^11.0.
|
|
78
|
+
"@cyclonedx/cdxgen": "^11.0.5",
|
|
79
79
|
"@inquirer/prompts": "^7.1.0",
|
|
80
80
|
"@npmcli/promise-spawn": "^8.0.2",
|
|
81
81
|
"@socketregistry/hyrious__bun.lockb": "1.0.5",
|