@socketsecurity/cli 0.14.30 → 0.14.32

package/dist/require/constants.js

@@ -1,17 +1,29 @@
 'use strict';
 
-var require$$0 = require('node:fs');
-var require$$1 = require('node:path');
-var require$$2 = require('@socketsecurity/registry/lib/env');
-var require$$3 = require('@socketsecurity/registry/lib/constants');
-var require$$4 = require('semver');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var require$$0 = _interop(require('node:fs'));
+var require$$1 = _interop(require('node:path'));
+var require$$2 = _interop(require('@socketsecurity/registry/lib/env'));
+var require$$3 = _interop(require('@socketsecurity/registry/lib/constants'));
+var require$$4 = _interop(require('semver'));
 
 var constants = {};
 
 Object.defineProperty(constants, "__esModule", {
   value: true
 });
-constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
+constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_PUBLIC_API_KEY = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
 var _nodeFs = require$$0;
 var _nodePath = require$$1;
 var _env = require$$2;
@@ -25,6 +37,7 @@ constants.API_V0_URL = 'https://api.socket.dev/v0';
 const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
 constants.LOOP_SENTINEL = 1_000_000;
 constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+constants.SOCKET_PUBLIC_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
 const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
 const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
 constants.ENV = Object.freeze({

package/dist/require/link.js

@@ -1,8 +1,20 @@
 'use strict';
 
-var require$$0 = require('node:fs');
-var require$$1 = require('node:path');
-var require$$4 = require('which');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var require$$0 = _interop(require('node:fs'));
+var require$$1 = _interop(require('node:path'));
+var require$$4 = _interop(require('which'));
 
 var link = {};
 

package/dist/require/npm-cli.js

@@ -1,13 +1,25 @@
 #!/usr/bin/env node
 'use strict';
 
-var vendor = require('./vendor.js');
-var require$$0 = require('node:fs');
-var require$$1 = require('node:path');
-var require$$1$1 = require('@npmcli/promise-spawn');
-var constants = require('./constants.js');
-var link = require('./link.js');
-var pathResolve = require('./path-resolve.js');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var vendor = _interop(require('./vendor.js'));
+var require$$0 = _interop(require('node:fs'));
+var require$$1 = _interop(require('node:path'));
+var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
+var constants = _interop(require('./constants.js'));
+var link = _interop(require('./link.js'));
+var pathResolve = _interop(require('./path-resolve.js'));
 
 var npmCli$2 = {};
 

package/dist/require/npm-injection.js

@@ -1,24 +1,37 @@
 'use strict';
 
-var vendor = require('./vendor.js');
-var constants = require('./constants.js');
-var require$$1$3 = require('node:events');
-var require$$0 = require('node:fs');
-var require$$3$2 = require('node:https');
-var require$$1$1 = require('node:path');
-var require$$3 = require('node:readline');
-var require$$5 = require('node:stream');
-var require$$7$1 = require('node:timers/promises');
-var require$$5$1 = require('npm-package-arg');
-var require$$3$1 = require('@socketregistry/yocto-spinner');
-var require$$4 = require('semver');
-var require$$6$1 = require('@socketsecurity/config');
-var require$$7 = require('@socketsecurity/registry/lib/objects');
-var require$$1$2 = require('node:net');
-var require$$1 = require('node:os');
-var sdk = require('./sdk.js');
-var pathResolve = require('./path-resolve.js');
-var link = require('./link.js');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var vendor = _interop(require('./vendor.js'));
+var constants = _interop(require('./constants.js'));
+var require$$1$4 = _interop(require('node:events'));
+var require$$0 = _interop(require('node:fs'));
+var require$$3$2 = _interop(require('node:https'));
+var require$$1$1 = _interop(require('node:path'));
+var require$$3 = _interop(require('node:readline'));
+var require$$6$2 = _interop(require('node:timers/promises'));
+var require$$1$3 = _interop(require('@inquirer/confirm'));
+var require$$3$1 = _interop(require('@socketregistry/yocto-spinner'));
+var require$$5$1 = _interop(require('npm-package-arg'));
+var require$$4 = _interop(require('semver'));
+var require$$6$1 = _interop(require('@socketsecurity/config'));
+var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
+var require$$1$2 = _interop(require('node:net'));
+var require$$1 = _interop(require('node:os'));
+var require$$5 = _interop(require('node:stream'));
+var sdk = _interop(require('./sdk.js'));
+var pathResolve = _interop(require('./path-resolve.js'));
+var link = _interop(require('./link.js'));
 
 var npmInjection$2 = {};
 
@@ -29,7 +42,7 @@ var arborist = {};
 var ttyServer$1 = {};
 
 var name = "@socketsecurity/cli";
-var version = "0.14.30";
+var version = "0.14.32";
 var description = "CLI tool for Socket.dev";
 var homepage = "http://github.com/SocketDev/socket-cli";
 var license = "MIT";
@@ -105,12 +118,14 @@ var scripts = {
 var dependencies = {
 	"@apideck/better-ajv-errors": "^0.3.6",
 	"@cyclonedx/cdxgen": "^11.0.5",
-	"@inquirer/prompts": "^7.1.0",
+	"@inquirer/confirm": "^5.0.2",
+	"@inquirer/password": "^4.0.3",
+	"@inquirer/select": "^4.0.3",
 	"@npmcli/promise-spawn": "^8.0.2",
 	"@socketregistry/hyrious__bun.lockb": "1.0.5",
 	"@socketregistry/yocto-spinner": "^1.0.1",
 	"@socketsecurity/config": "^2.1.3",
-	"@socketsecurity/registry": "^1.0.33",
+	"@socketsecurity/registry": "^1.0.35",
 	"@socketsecurity/sdk": "^1.3.0",
 	blessed: "^0.1.81",
 	"blessed-contrib": "^4.11.0",
@@ -275,7 +290,7 @@ var _nodeNet = require$$1$2;
 var _nodeOs = require$$1;
 var _nodePath$1 = require$$1$1;
 var _nodeReadline$1 = require$$3;
-var _nodeStream$1 = require$$5;
+var _nodeStream = require$$5;
 var _package = require$$6;
 var _misc$1 = sdk.misc;
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
@@ -313,10 +328,10 @@ function createNonStandardTTYServer() {
               if (remote_ipc_version !== _package.version) {
                 throw new Error('Mismatched STDIO tunnel IPC version, ensure you only have 1 version of socket CLI being called.');
               }
-              const input = hasInput ? new _nodeStream$1.PassThrough() : null;
+              const input = hasInput ? new _nodeStream.PassThrough() : null;
               input?.pause();
               if (input) conn.pipe(input);
-              const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
+              const output = hasOutput ? new _nodeStream.PassThrough() : null;
               if (output) {
                 output.pipe(conn)
                 // Make ora happy
@@ -470,7 +485,7 @@ var issueRules = {};
 Object.defineProperty(issueRules, "__esModule", {
   value: true
 });
-issueRules.createIssueUXLookup = createIssueUXLookup;
+issueRules.createAlertUXLookup = createAlertUXLookup;
 //#region UX Constants
 
 const IGNORE_UX = {
@@ -537,7 +552,7 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
 function issueRuleValueDoesNotDefer(issueRule) {
   if (issueRule === undefined) {
     return false;
-  } else if (typeof issueRule === 'object' && issueRule) {
+  } else if (issueRule !== null && typeof issueRule === 'object') {
     const {
       action
     } = issueRule;
@@ -569,11 +584,13 @@ function uxForDefinedNonDeferValue(issueRuleValue) {
 
 //#region exports
 
-function createIssueUXLookup(settings) {
+function createAlertUXLookup(settings) {
   const cachedUX = new Map();
   return context => {
-    const key = context.issue.type;
-    let ux = cachedUX.get(key);
+    const {
+      type
+    } = context.alert;
+    let ux = cachedUX.get(type);
     if (ux) {
       return ux;
     }
@@ -586,7 +603,7 @@ function createIssueUXLookup(settings) {
         if (!resolvedTarget) {
           break;
         }
-        const issueRuleValue = resolvedTarget.issueRules?.[key];
+        const issueRuleValue = resolvedTarget.issueRules?.[type];
         if (typeof issueRuleValue !== 'undefined') {
           orderedIssueRules.push(issueRuleValue);
         }
@@ -594,7 +611,7 @@ function createIssueUXLookup(settings) {
       }
       entriesOrderedIssueRules.push(orderedIssueRules);
     }
-    const defaultValue = settings.defaults.issueRules[key];
+    const defaultValue = settings.defaults.issueRules[type];
     let resolvedDefaultValue = {
       action: 'error'
     };
@@ -608,7 +625,7 @@ function createIssueUXLookup(settings) {
       };
     }
     ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
-    cachedUX.set(key, ux);
+    cachedUX.set(type, ux);
     return ux;
   };
 }
@@ -619,16 +636,16 @@ Object.defineProperty(arborist, "__esModule", {
 });
 arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
-var _nodeEvents = require$$1$3;
+var _nodeEvents = require$$1$4;
 var _nodeFs = require$$0;
 var _nodeHttps = require$$3$2;
 var _nodePath = require$$1$1;
 var _nodeReadline = require$$3;
-var _nodeStream = require$$5;
-var _promises = require$$7$1;
+var _promises = require$$6$2;
+var _confirm = require$$1$3;
+var _yoctoSpinner = require$$3$1;
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _npmPackageArg = require$$5$1;
-var _yoctoSpinner = require$$3$1;
 var _semver = require$$4;
 var _config = require$$6$1;
 var _objects = require$$7;
@@ -701,7 +718,7 @@ const OverrideSet = require(arboristOverrideSetClassPatch);
 const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
 const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
-const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
+const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
 const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
   stream: process.stdin
 }), log);
@@ -716,31 +733,20 @@ async function uxLookup(settings) {
   return _uxLookup(settings);
 }
 async function* batchScan(pkgIds) {
-  const query = {
-    packages: pkgIds.map(id => {
-      const {
-        name,
-        version
-      } = pkgidParts(id);
-      return {
-        eco: 'npm',
-        pkg: name,
-        ver: version,
-        top: true
-      };
-    })
-  };
-  // TODO: Migrate to SDK.
-  const pkgDataReq = _nodeHttps.request(`${_constants$1.API_V0_URL}/scan/batch`, {
+  const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
     method: 'POST',
     headers: {
       Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
     },
     signal: abortSignal
-  }).end(JSON.stringify(query));
+  }).end(JSON.stringify({
+    components: pkgIds.map(id => ({
+      purl: `pkg:npm/${id}`
+    }))
+  }));
   const {
     0: res
-  } = await _nodeEvents.once(pkgDataReq, 'response');
+  } = await _nodeEvents.once(req, 'response');
   const ok = res.statusCode >= 200 && res.statusCode <= 299;
   if (!ok) {
     throw new Error(`Socket API Error: ${res.statusCode}`);
@@ -806,118 +812,118 @@ function findSpecificOverrideSet(first, second) {
   log.silly('Conflicting override sets', first, second);
   return undefined;
 }
+function isAlertFixable(alert) {
+  const {
+    type
+  } = alert;
+  if (type === 'cve' || type === 'mediumCVE' || type === 'mildCVE' || type === 'criticalCVE') {
+    return !!alert.props?.['firstPatchedVersionIdentifier'];
+  }
+  return type === 'socketUpgradeAvailable';
+}
 function maybeReadfileSync(filepath) {
   try {
     return (0, _nodeFs.readFileSync)(filepath, 'utf8');
   } catch {}
   return undefined;
 }
-async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
+async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
   const spinner = _yoctoSpinner({
     stream: output
   });
-  let result = false;
   let {
     length: remaining
   } = pkgs;
+  const packageAlerts = [];
   if (!remaining) {
     spinner.success('No changes detected');
-    return result;
+    return packageAlerts;
   }
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner.start(getText());
   try {
-    for await (const pkgData of batchScan(pkgs.map(p => p.pkgid))) {
+    for await (const artifact of batchScan(pkgs.map(p => p.pkgid))) {
+      if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
+        continue;
+      }
       const {
-        pkg: name,
-        ver: version
-      } = pkgData;
-      const id = `${name}@${version}`;
+        version
+      } = artifact;
+      const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
+      const id = `${name}@${artifact.version}`;
+      let blocked = false;
       let displayWarning = false;
-      let failures = [];
-      if (pkgData.type === 'missing') {
-        result = true;
-        failures.push({
-          type: 'missingDependency',
-          block: false,
-          raw: undefined
+      let alerts = [];
+      for (const alert of artifact.alerts) {
+        // eslint-disable-next-line no-await-in-loop
+        const ux = await uxLookup({
+          package: {
+            name,
+            version
+          },
+          alert: {
+            type: alert.type
+          }
         });
-      } else {
-        let blocked = false;
-        for (const failure of pkgData.value.issues) {
-          const {
-            type
-          } = failure;
-          // eslint-disable-next-line no-await-in-loop
-          const ux = await uxLookup({
-            package: {
-              name,
-              version
-            },
-            issue: {
-              type
-            }
+        if (ux.block) {
+          blocked = true;
+        }
+        if (ux.display) {
+          displayWarning = true;
+        }
+        if (ux.block || ux.display) {
+          alerts.push({
+            name,
+            version,
+            type: alert.type,
+            block: ux.block,
+            raw: alert,
+            fixable: isAlertFixable(alert)
           });
-          if (ux.block) {
-            result = true;
-            blocked = true;
-          }
-          if (ux.display) {
-            displayWarning = true;
-          }
-          if (ux.block || ux.display) {
-            failures.push({
-              type,
-              block: ux.block,
-              raw: failure
-            });
-            // Before we ask about problematic issues, check to see if they
-            // already existed in the old version if they did, be quiet.
-            const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
-            if (pkg?.existing) {
-              const oldPkgData =
-              // eslint-disable-next-line no-await-in-loop
-              (await batchScan([pkg.existing]).next()).value;
-              if (oldPkgData.type === 'success') {
-                failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.type) === undefined);
-              }
-            }
+          // Before we ask about problematic issues, check to see if they
+          // already existed in the old version if they did, be quiet.
+          const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
+          if (pkg?.existing) {
+            // const oldArtifact: SocketArtifact =
+            //   // eslint-disable-next-line no-await-in-loop
+            //   (await batchScan([pkg.existing]).next()).value
+            // console.log('oldArtifact', oldArtifact)
+            // if (oldArtifact.type === 'success') {
+            //   issues = issues.filter(
+            //     ({ type }) =>
+            //       oldPkgData.value.issues.find(
+            //         oldIssue => oldIssue.type === type
+            //       ) === undefined
+            //   )
+            // }
           }
         }
-        if (!blocked) {
-          const pkg = pkgs.find(p => p.pkgid === id);
-          if (pkg) {
-            await tarball.stream(id, stream => {
-              stream.resume();
-              return stream.promise();
-            }, {
-              ...safeArb[kCtorArgs][0]
-            });
-          }
+      }
+      if (!blocked) {
+        const pkg = pkgs.find(p => p.pkgid === id);
+        if (pkg) {
+          await tarball.stream(id, stream => {
+            stream.resume();
+            return stream.promise();
+          }, {
+            ...safeArb[kCtorArgs][0]
+          });
         }
       }
       if (displayWarning) {
         spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
-        // Filter issues for blessed packages.
-        if (name === 'socket' || name.startsWith('@socketregistry/') || name.startsWith('@socketsecurity/')) {
-          failures = failures.filter(({
-            type
-          }) => type !== 'unpopularPackage' && type !== 'unstableOwnership');
-        }
-        failures.sort((a, b) => a.type < b.type ? -1 : 1);
+        alerts.sort((a, b) => a.type < b.type ? -1 : 1);
         const lines = new Set();
-        for (const failure of failures) {
-          const {
-            type
-          } = failure;
+        for (const alert of alerts) {
           // Based data from { pageProps: { alertTypes } } of:
           // https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
-          const info = translations.issues[type];
-          const title = info?.title ?? type;
-          const maybeBlocking = failure.block ? '' : ' (non-blocking)';
+          const info = translations.alerts[alert.type];
+          const title = info?.title ?? alert.type;
+          const attributes = [...(alert.fixable ? ['fixable'] : []), ...(alert.block ? [] : ['non-blocking'])];
+          const maybeAttributes = attributes.length ? ` (${attributes.join('; ')})` : '';
           const maybeDesc = info?.description ? ` - ${info.description}` : '';
           // TODO: emoji seems to mis-align terminals sometimes
-          lines.add(`  ${title}${maybeBlocking}${maybeDesc}\n`);
+          lines.add(`  ${title}${maybeAttributes}${maybeDesc}\n`);
         }
         for (const line of lines) {
           output?.write(line);
@@ -926,20 +932,14 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
       }
       remaining -= 1;
       spinner.text = remaining > 0 ? getText() : '';
+      packageAlerts.push(...alerts);
     }
-    return result;
+  } catch (e) {
+    console.log('error', e);
   } finally {
     spinner.stop();
   }
-}
-function pkgidParts(pkgid) {
-  const delimiter = pkgid.lastIndexOf('@');
-  const name = pkgid.slice(0, delimiter);
-  const version = pkgid.slice(delimiter + 1);
-  return {
-    name,
-    version
-  };
+  return packageAlerts;
 }
 function toRepoUrl(resolved) {
   return resolved.replace(/#[\s\S]*$/, '').replace(/\?[\s\S]*$/, '').replace(/\/[^/]*\/-\/[\s\S]*$/, '');
@@ -1672,36 +1672,19 @@ class SafeArborist extends Arborist {
     if (!proceed) {
       proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {
-          const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
-          if (!risky) {
+          const alerts = await getPackagesAlerts(this, this['registry'], diff, output);
+          if (!alerts.length) {
             return true;
           }
-          const rlin = new _nodeStream.PassThrough();
-          input.pipe(rlin);
-          const rlout = new _nodeStream.PassThrough();
-          rlout.pipe(output, {
-            end: false
+          return await _confirm({
+            message: 'Accept risks of installing these packages?',
+            default: false
+          }, {
+            input,
+            output,
+            signal: abortSignal
           });
-          const rli = _nodeReadline.createInterface(rlin, rlout);
-          try {
-            while (true) {
-              // eslint-disable-next-line no-await-in-loop
-              const answer = await new Promise(resolve => {
-                rli.question('Accept risks of installing these packages (y/N)?\n', {
-                  signal: abortSignal
-                }, resolve);
-              });
-              if (/^\s*y(?:es)?\s*$/i.test(answer)) {
-                return true;
-              }
-              if (/^(?:\s*no?\s*|)$/i.test(answer)) {
-                return false;
-              }
-            }
-          } finally {
-            rli.close();
-          }
-        } else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
+        } else if ((await getPackagesAlerts(this, this['registry'], diff, output)).length > 0) {
           throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');
         }
         return true;
@@ -1802,7 +1785,7 @@ void (async () => {
       }
     });
   }
-  _uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
+  _uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
 })();
 
 var _constants = constants.constants;

package/dist/require/npx-cli.js

@@ -1,11 +1,23 @@
 #!/usr/bin/env node
 'use strict';
 
-var vendor = require('./vendor.js');
-var require$$1 = require('node:path');
-var require$$1$1 = require('@npmcli/promise-spawn');
-var constants = require('./constants.js');
-var link = require('./link.js');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var vendor = _interop(require('./vendor.js'));
+var require$$1 = _interop(require('node:path'));
+var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
+var constants = _interop(require('./constants.js'));
+var link = _interop(require('./link.js'));
 
 var npxCli$2 = {};