@socketsecurity/cli 0.14.32 → 0.14.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +2 -4
- package/bin/npm-cli.js +2 -4
- package/bin/npx-cli.js +2 -4
- package/dist/constants.js +68 -0
- package/dist/module-sync/cli.d.ts +0 -1
- package/dist/module-sync/cli.js +184 -164
- package/dist/module-sync/constants.d.ts +91 -18
- package/dist/module-sync/constants.js +2 -79
- package/dist/module-sync/link.js +9 -12
- package/dist/module-sync/npm-cli.js +23 -19
- package/dist/module-sync/npm-injection.js +126 -123
- package/dist/module-sync/npx-cli.js +21 -17
- package/dist/module-sync/path-resolve.js +11 -14
- package/dist/module-sync/sdk.js +30 -29
- package/dist/module-sync/vendor.js +0 -12
- package/dist/require/cli.js +168 -148
- package/dist/require/constants.js +2 -79
- package/dist/require/link.js +9 -12
- package/dist/require/npm-cli.js +23 -19
- package/dist/require/npm-injection.js +126 -123
- package/dist/require/npx-cli.js +21 -17
- package/dist/require/path-resolve.js +11 -14
- package/dist/require/sdk.js +26 -25
- package/dist/require/vendor.js +30 -115
- package/package.json +18 -32
- package/dist/module-sync/cli.d.ts.map +0 -1
- package/dist/require/cli.d.ts +0 -3
- package/dist/require/cli.d.ts.map +0 -1
- package/dist/require/color-or-markdown.d.ts +0 -23
- package/dist/require/constants.d.ts +0 -21
- package/dist/require/errors.d.ts +0 -7
- package/dist/require/link.d.ts +0 -2
- package/dist/require/npm-cli.d.ts +0 -2
- package/dist/require/npm-injection.d.ts +0 -1
- package/dist/require/npx-cli.d.ts +0 -2
- package/dist/require/path-resolve.d.ts +0 -8
- package/dist/require/sdk.d.ts +0 -8
- package/dist/require/settings.d.ts +0 -9
|
@@ -1,38 +1,36 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
function
|
|
4
|
-
let
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
d = c++ === 0 && k === 'default' ? e[k] : void 0
|
|
9
|
-
if (!d) break
|
|
10
|
-
}
|
|
3
|
+
function _socketInterop(e) {
|
|
4
|
+
let c = 0
|
|
5
|
+
for (const k in e ?? {}) {
|
|
6
|
+
c = c === 0 && k === 'default' ? 1 : 0
|
|
7
|
+
if (!c) break
|
|
11
8
|
}
|
|
12
|
-
return
|
|
9
|
+
return c ? e.default : e
|
|
13
10
|
}
|
|
14
11
|
|
|
15
|
-
var vendor =
|
|
16
|
-
var constants =
|
|
17
|
-
var require$$1$3 =
|
|
18
|
-
var require$$0 =
|
|
19
|
-
var require$$3$3 =
|
|
20
|
-
var require$$1 =
|
|
21
|
-
var require$$3 =
|
|
22
|
-
var require$$6$2 =
|
|
23
|
-
var require$$1$2 =
|
|
24
|
-
var require$$3$2 =
|
|
25
|
-
var require$$
|
|
26
|
-
var require$$5$1 =
|
|
27
|
-
var require$$
|
|
28
|
-
var require$$6$1 =
|
|
29
|
-
var require$$7 =
|
|
30
|
-
var require$$
|
|
31
|
-
var require$$
|
|
32
|
-
var require$$
|
|
33
|
-
var
|
|
34
|
-
var
|
|
35
|
-
var
|
|
12
|
+
var vendor = require('./vendor.js');
|
|
13
|
+
var constants = require('./constants.js');
|
|
14
|
+
var require$$1$3 = require('node:events');
|
|
15
|
+
var require$$0 = require('node:fs');
|
|
16
|
+
var require$$3$3 = require('node:https');
|
|
17
|
+
var require$$1 = require('node:path');
|
|
18
|
+
var require$$3 = require('node:readline');
|
|
19
|
+
var require$$6$2 = require('node:timers/promises');
|
|
20
|
+
var require$$1$2 = require('@socketsecurity/registry/lib/prompts');
|
|
21
|
+
var require$$3$2 = require('@socketregistry/yocto-spinner');
|
|
22
|
+
var require$$2$1 = _socketInterop(require('is-interactive'));
|
|
23
|
+
var require$$5$1 = _socketInterop(require('npm-package-arg'));
|
|
24
|
+
var require$$3$1 = _socketInterop(require('semver'));
|
|
25
|
+
var require$$6$1 = require('@socketsecurity/config');
|
|
26
|
+
var require$$7 = require('@socketsecurity/registry/lib/objects');
|
|
27
|
+
var require$$8 = require('@socketsecurity/registry/lib/packages');
|
|
28
|
+
var require$$1$1 = require('node:net');
|
|
29
|
+
var require$$2 = require('node:os');
|
|
30
|
+
var require$$5 = require('node:stream');
|
|
31
|
+
var sdk = require('./sdk.js');
|
|
32
|
+
var pathResolve = require('./path-resolve.js');
|
|
33
|
+
var link = require('./link.js');
|
|
36
34
|
|
|
37
35
|
var npmInjection$2 = {};
|
|
38
36
|
|
|
@@ -43,7 +41,7 @@ var arborist = {};
|
|
|
43
41
|
var ttyServer$1 = {};
|
|
44
42
|
|
|
45
43
|
var name = "@socketsecurity/cli";
|
|
46
|
-
var version = "0.14.
|
|
44
|
+
var version = "0.14.34";
|
|
47
45
|
var description = "CLI tool for Socket.dev";
|
|
48
46
|
var homepage = "http://github.com/SocketDev/socket-cli";
|
|
49
47
|
var license = "MIT";
|
|
@@ -64,34 +62,19 @@ var bin = {
|
|
|
64
62
|
};
|
|
65
63
|
var exports$1 = {
|
|
66
64
|
"./bin/cli.js": {
|
|
67
|
-
"module-sync"
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
},
|
|
71
|
-
require: {
|
|
72
|
-
types: "./dist/require/cli.d.ts",
|
|
73
|
-
"default": "./dist/require/cli.js"
|
|
74
|
-
}
|
|
65
|
+
types: "./dist/module-sync/cli.d.ts",
|
|
66
|
+
"module-sync": "./dist/module-sync/cli.js",
|
|
67
|
+
require: "./dist/require/cli.js"
|
|
75
68
|
},
|
|
76
69
|
"./bin/npm-cli.js": {
|
|
77
|
-
"module-sync"
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
},
|
|
81
|
-
require: {
|
|
82
|
-
types: "./dist/require/npm-cli.d.ts",
|
|
83
|
-
"default": "./dist/require/npm-cli.js"
|
|
84
|
-
}
|
|
70
|
+
types: "./dist/module-sync/npm-cli.d.ts",
|
|
71
|
+
"module-sync": "./dist/module-sync/npm-cli.js",
|
|
72
|
+
require: "./dist/require/npm-cli.js"
|
|
85
73
|
},
|
|
86
74
|
"./bin/npx-cli.js": {
|
|
87
|
-
"module-sync"
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
},
|
|
91
|
-
require: {
|
|
92
|
-
types: "./dist/require/npx-cli.d.ts",
|
|
93
|
-
"default": "./dist/require/npx-cli.js"
|
|
94
|
-
}
|
|
75
|
+
types: "./dist/module-sync/npx-cli.d.ts",
|
|
76
|
+
"module-sync": "./dist/module-sync/npx-cli.js",
|
|
77
|
+
require: "./dist/require/npx-cli.js"
|
|
95
78
|
},
|
|
96
79
|
"./package.json": "./package.json",
|
|
97
80
|
"./translations.json": "./translations.json"
|
|
@@ -110,23 +93,20 @@ var scripts = {
|
|
|
110
93
|
"lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
|
|
111
94
|
"lint:fix:fast": "prettier --cache --log-level warn --write .",
|
|
112
95
|
prepare: "husky && custompatch",
|
|
113
|
-
test: "run-s check build:* test:*",
|
|
114
|
-
"test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
|
|
96
|
+
test: "run-s check build:* test:* test:coverage:*",
|
|
115
97
|
"test-ci": "run-s build:* test:*",
|
|
116
98
|
"test:unit": "tap-run",
|
|
117
|
-
"test:coverage": "
|
|
99
|
+
"test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
|
|
100
|
+
"test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
|
|
118
101
|
};
|
|
119
102
|
var dependencies = {
|
|
120
103
|
"@apideck/better-ajv-errors": "^0.3.6",
|
|
121
104
|
"@cyclonedx/cdxgen": "^11.0.5",
|
|
122
|
-
"@inquirer/confirm": "^5.0.2",
|
|
123
|
-
"@inquirer/password": "^4.0.3",
|
|
124
|
-
"@inquirer/select": "^4.0.3",
|
|
125
105
|
"@npmcli/promise-spawn": "^8.0.2",
|
|
126
106
|
"@socketregistry/hyrious__bun.lockb": "1.0.5",
|
|
127
107
|
"@socketregistry/yocto-spinner": "^1.0.1",
|
|
128
108
|
"@socketsecurity/config": "^2.1.3",
|
|
129
|
-
"@socketsecurity/registry": "^1.0.
|
|
109
|
+
"@socketsecurity/registry": "^1.0.51",
|
|
130
110
|
"@socketsecurity/sdk": "^1.3.0",
|
|
131
111
|
blessed: "^0.1.81",
|
|
132
112
|
"blessed-contrib": "^4.11.0",
|
|
@@ -230,6 +210,8 @@ var overrides = {
|
|
|
230
210
|
semver: "$semver",
|
|
231
211
|
"set-function-length": "npm:@socketregistry/set-function-length@^1",
|
|
232
212
|
"side-channel": "npm:@socketregistry/side-channel@^1",
|
|
213
|
+
"tiny-colors": "$yoctocolors-cjs",
|
|
214
|
+
typedarray: "npm:@socketregistry/typedarray@^1",
|
|
233
215
|
yaml: "$yaml"
|
|
234
216
|
};
|
|
235
217
|
var resolutions = {
|
|
@@ -253,6 +235,8 @@ var resolutions = {
|
|
|
253
235
|
semver: "^7.6.3",
|
|
254
236
|
"set-function-length": "npm:@socketregistry/set-function-length@^1",
|
|
255
237
|
"side-channel": "npm:@socketregistry/side-channel@^1",
|
|
238
|
+
"tiny-colors": "npm:yoctocolors-cjs@^2.1.2",
|
|
239
|
+
typedarray: "npm:@socketregistry/typedarray@^1",
|
|
256
240
|
yaml: "^2.6.0"
|
|
257
241
|
};
|
|
258
242
|
var engines = {
|
|
@@ -323,7 +307,7 @@ function createNonStandardTTYServer() {
|
|
|
323
307
|
output: hasOutput
|
|
324
308
|
},
|
|
325
309
|
ipc_version: remote_ipc_version
|
|
326
|
-
} = JSON.parse(lineBuff.subarray(0, eolIndex).toString('
|
|
310
|
+
} = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf8'));
|
|
327
311
|
lineBuff = null;
|
|
328
312
|
captured = true;
|
|
329
313
|
if (remote_ipc_version !== _package.version) {
|
|
@@ -481,12 +465,12 @@ function createTTYServer(isInteractive, npmlog) {
|
|
|
481
465
|
return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(isInteractive, npmlog);
|
|
482
466
|
}
|
|
483
467
|
|
|
484
|
-
var
|
|
468
|
+
var alertRules = {};
|
|
485
469
|
|
|
486
|
-
Object.defineProperty(
|
|
470
|
+
Object.defineProperty(alertRules, "__esModule", {
|
|
487
471
|
value: true
|
|
488
472
|
});
|
|
489
|
-
|
|
473
|
+
alertRules.createAlertUXLookup = createAlertUXLookup;
|
|
490
474
|
//#region UX Constants
|
|
491
475
|
|
|
492
476
|
const IGNORE_UX = {
|
|
@@ -509,7 +493,7 @@ const ERROR_UX = {
|
|
|
509
493
|
* all issue rules and finds the first defined value that does not defer otherwise
|
|
510
494
|
* uses the defaultValue. Takes the value and converts into a UX workflow
|
|
511
495
|
*/
|
|
512
|
-
function
|
|
496
|
+
function resolveAlertRuleUX(orderedRulesCollection, defaultValue) {
|
|
513
497
|
if (defaultValue === true || defaultValue == null) {
|
|
514
498
|
defaultValue = {
|
|
515
499
|
action: 'error'
|
|
@@ -522,9 +506,9 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
|
|
|
522
506
|
let block = false;
|
|
523
507
|
let display = false;
|
|
524
508
|
let needDefault = true;
|
|
525
|
-
iterate_entries: for (const
|
|
526
|
-
for (const rule of
|
|
527
|
-
if (
|
|
509
|
+
iterate_entries: for (const rules of orderedRulesCollection) {
|
|
510
|
+
for (const rule of rules) {
|
|
511
|
+
if (ruleValueDoesNotDefer(rule)) {
|
|
528
512
|
needDefault = false;
|
|
529
513
|
const narrowingFilter = uxForDefinedNonDeferValue(rule);
|
|
530
514
|
block = block || narrowingFilter.block;
|
|
@@ -550,13 +534,13 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
|
|
|
550
534
|
/**
|
|
551
535
|
* Negative form because it is narrowing the type
|
|
552
536
|
*/
|
|
553
|
-
function
|
|
554
|
-
if (
|
|
537
|
+
function ruleValueDoesNotDefer(rule) {
|
|
538
|
+
if (rule === undefined) {
|
|
555
539
|
return false;
|
|
556
|
-
} else if (
|
|
540
|
+
} else if (rule !== null && typeof rule === 'object') {
|
|
557
541
|
const {
|
|
558
542
|
action
|
|
559
|
-
} =
|
|
543
|
+
} = rule;
|
|
560
544
|
if (action === undefined || action === 'defer') {
|
|
561
545
|
return false;
|
|
562
546
|
}
|
|
@@ -567,13 +551,13 @@ function issueRuleValueDoesNotDefer(issueRule) {
|
|
|
567
551
|
/**
|
|
568
552
|
* Handles booleans for backwards compatibility
|
|
569
553
|
*/
|
|
570
|
-
function uxForDefinedNonDeferValue(
|
|
571
|
-
if (typeof
|
|
572
|
-
return
|
|
554
|
+
function uxForDefinedNonDeferValue(ruleValue) {
|
|
555
|
+
if (typeof ruleValue === 'boolean') {
|
|
556
|
+
return ruleValue ? ERROR_UX : IGNORE_UX;
|
|
573
557
|
}
|
|
574
558
|
const {
|
|
575
559
|
action
|
|
576
|
-
} =
|
|
560
|
+
} = ruleValue;
|
|
577
561
|
if (action === 'warn') {
|
|
578
562
|
return WARN_UX;
|
|
579
563
|
} else if (action === 'ignore') {
|
|
@@ -595,9 +579,9 @@ function createAlertUXLookup(settings) {
|
|
|
595
579
|
if (ux) {
|
|
596
580
|
return ux;
|
|
597
581
|
}
|
|
598
|
-
const
|
|
582
|
+
const orderedRulesCollection = [];
|
|
599
583
|
for (const settingsEntry of settings.entries) {
|
|
600
|
-
const
|
|
584
|
+
const orderedRules = [];
|
|
601
585
|
let target = settingsEntry.start;
|
|
602
586
|
while (target !== null) {
|
|
603
587
|
const resolvedTarget = settingsEntry.settings[target];
|
|
@@ -606,11 +590,11 @@ function createAlertUXLookup(settings) {
|
|
|
606
590
|
}
|
|
607
591
|
const issueRuleValue = resolvedTarget.issueRules?.[type];
|
|
608
592
|
if (typeof issueRuleValue !== 'undefined') {
|
|
609
|
-
|
|
593
|
+
orderedRules.push(issueRuleValue);
|
|
610
594
|
}
|
|
611
595
|
target = resolvedTarget.deferTo ?? null;
|
|
612
596
|
}
|
|
613
|
-
|
|
597
|
+
orderedRulesCollection.push(orderedRules);
|
|
614
598
|
}
|
|
615
599
|
const defaultValue = settings.defaults.issueRules[type];
|
|
616
600
|
let resolvedDefaultValue = {
|
|
@@ -625,7 +609,7 @@ function createAlertUXLookup(settings) {
|
|
|
625
609
|
action: defaultValue.action ?? 'error'
|
|
626
610
|
};
|
|
627
611
|
}
|
|
628
|
-
ux =
|
|
612
|
+
ux = resolveAlertRuleUX(orderedRulesCollection, resolvedDefaultValue);
|
|
629
613
|
cachedUX.set(type, ux);
|
|
630
614
|
return ux;
|
|
631
615
|
};
|
|
@@ -643,22 +627,33 @@ var _nodeHttps = require$$3$3;
|
|
|
643
627
|
var _nodePath = require$$1;
|
|
644
628
|
var _nodeReadline = require$$3;
|
|
645
629
|
var _promises = require$$6$2;
|
|
646
|
-
var
|
|
630
|
+
var _prompts = require$$1$2;
|
|
647
631
|
var _yoctoSpinner = require$$3$2;
|
|
648
|
-
var _isInteractive = _interopRequireDefault(require$$
|
|
632
|
+
var _isInteractive = _interopRequireDefault(require$$2$1);
|
|
649
633
|
var _npmPackageArg = require$$5$1;
|
|
650
|
-
var _semver = require$$
|
|
634
|
+
var _semver = require$$3$1;
|
|
651
635
|
var _config = require$$6$1;
|
|
652
636
|
var _objects = require$$7;
|
|
637
|
+
var _packages = require$$8;
|
|
653
638
|
var _ttyServer = ttyServer$1;
|
|
654
639
|
var _constants$1 = constants.constants;
|
|
655
640
|
var _colorOrMarkdown = sdk.colorOrMarkdown;
|
|
656
|
-
var
|
|
641
|
+
var _alertRules = alertRules;
|
|
657
642
|
var _misc = sdk.misc;
|
|
658
643
|
var _pathResolve = pathResolve.pathResolve;
|
|
659
644
|
var _sdk = sdk.sdk;
|
|
660
645
|
var _settings = sdk.settings;
|
|
661
|
-
const
|
|
646
|
+
const {
|
|
647
|
+
API_V0_URL,
|
|
648
|
+
ENV,
|
|
649
|
+
LOOP_SENTINEL,
|
|
650
|
+
NPM_REGISTRY_URL,
|
|
651
|
+
SOCKET_CLI_ISSUES_URL,
|
|
652
|
+
SOCKET_PUBLIC_API_KEY,
|
|
653
|
+
UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE,
|
|
654
|
+
rootPath
|
|
655
|
+
} = _constants$1;
|
|
656
|
+
const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
|
|
662
657
|
const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
|
|
663
658
|
const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
|
|
664
659
|
function tryRequire(...ids) {
|
|
@@ -706,7 +701,7 @@ const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
|
|
|
706
701
|
const {
|
|
707
702
|
tarball
|
|
708
703
|
} = pacote;
|
|
709
|
-
const translations = require(_nodePath.join(
|
|
704
|
+
const translations = require(_nodePath.join(rootPath, 'translations.json'));
|
|
710
705
|
const abortController = new AbortController();
|
|
711
706
|
const {
|
|
712
707
|
signal: abortSignal
|
|
@@ -719,7 +714,7 @@ const OverrideSet = require(arboristOverrideSetClassPatch);
|
|
|
719
714
|
const kCtorArgs = Symbol('ctorArgs');
|
|
720
715
|
const kRiskyReify = Symbol('riskyReify');
|
|
721
716
|
const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
|
|
722
|
-
const pubToken = (0, _sdk.getDefaultKey)() ??
|
|
717
|
+
const pubToken = (0, _sdk.getDefaultKey)() ?? SOCKET_PUBLIC_API_KEY;
|
|
723
718
|
const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
|
|
724
719
|
stream: process.stdin
|
|
725
720
|
}), log);
|
|
@@ -734,7 +729,7 @@ async function uxLookup(settings) {
|
|
|
734
729
|
return _uxLookup(settings);
|
|
735
730
|
}
|
|
736
731
|
async function* batchScan(pkgIds) {
|
|
737
|
-
const req = _nodeHttps.request(`${
|
|
732
|
+
const req = _nodeHttps.request(`${API_V0_URL}/purl?alerts=true`, {
|
|
738
733
|
method: 'POST',
|
|
739
734
|
headers: {
|
|
740
735
|
Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
|
|
@@ -850,7 +845,7 @@ async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
|
|
|
850
845
|
const {
|
|
851
846
|
version
|
|
852
847
|
} = artifact;
|
|
853
|
-
const name =
|
|
848
|
+
const name = (0, _packages.resolvePackageName)(artifact);
|
|
854
849
|
const id = `${name}@${artifact.version}`;
|
|
855
850
|
let blocked = false;
|
|
856
851
|
let displayWarning = false;
|
|
@@ -883,20 +878,16 @@ async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
|
|
|
883
878
|
});
|
|
884
879
|
// Before we ask about problematic issues, check to see if they
|
|
885
880
|
// already existed in the old version if they did, be quiet.
|
|
886
|
-
const
|
|
887
|
-
if (
|
|
888
|
-
|
|
889
|
-
//
|
|
890
|
-
|
|
891
|
-
|
|
892
|
-
|
|
893
|
-
|
|
894
|
-
|
|
895
|
-
|
|
896
|
-
// oldIssue => oldIssue.type === type
|
|
897
|
-
// ) === undefined
|
|
898
|
-
// )
|
|
899
|
-
// }
|
|
881
|
+
const existing = pkgs.find(p => p.existing?.startsWith(`${name}@`))?.existing;
|
|
882
|
+
if (existing) {
|
|
883
|
+
const oldArtifact =
|
|
884
|
+
// eslint-disable-next-line no-await-in-loop
|
|
885
|
+
(await batchScan([existing]).next()).value;
|
|
886
|
+
if (oldArtifact?.alerts?.length) {
|
|
887
|
+
alerts = alerts.filter(({
|
|
888
|
+
type
|
|
889
|
+
}) => !oldArtifact.alerts?.find(a => a.type === type));
|
|
890
|
+
}
|
|
900
891
|
}
|
|
901
892
|
}
|
|
902
893
|
}
|
|
@@ -952,30 +943,38 @@ function walk(diff_, needInfoOn = []) {
|
|
|
952
943
|
length: queueLength
|
|
953
944
|
} = queue;
|
|
954
945
|
while (pos < queueLength) {
|
|
955
|
-
if (pos ===
|
|
946
|
+
if (pos === LOOP_SENTINEL) {
|
|
956
947
|
throw new Error('Detected infinite loop while walking Arborist diff');
|
|
957
948
|
}
|
|
958
949
|
const diff = queue[pos++];
|
|
959
950
|
if (!diff) {
|
|
960
951
|
continue;
|
|
961
952
|
}
|
|
962
|
-
|
|
963
|
-
|
|
953
|
+
const {
|
|
954
|
+
action
|
|
955
|
+
} = diff;
|
|
956
|
+
if (action) {
|
|
957
|
+
const oldNode = diff.actual;
|
|
958
|
+
const oldPkgid = oldNode?.pkgid;
|
|
959
|
+
const pkgNode = diff.ideal;
|
|
960
|
+
const pkgid = pkgNode?.pkgid;
|
|
961
|
+
let existing;
|
|
964
962
|
let keep = false;
|
|
965
|
-
|
|
966
|
-
|
|
967
|
-
if (!sameVersion) {
|
|
968
|
-
existing = diff.actual.pkgid;
|
|
963
|
+
if (action === 'CHANGE') {
|
|
964
|
+
if (pkgNode?.package.version !== oldNode?.package.version) {
|
|
969
965
|
keep = true;
|
|
966
|
+
if (oldNode?.package.name && oldNode.package.name === pkgNode?.package.name) {
|
|
967
|
+
existing = oldPkgid;
|
|
968
|
+
}
|
|
970
969
|
}
|
|
971
970
|
} else {
|
|
972
|
-
keep =
|
|
971
|
+
keep = action !== 'REMOVE';
|
|
973
972
|
}
|
|
974
|
-
if (keep &&
|
|
973
|
+
if (keep && pkgid && pkgNode.resolved && (!oldNode || oldNode.resolved)) {
|
|
975
974
|
needInfoOn.push({
|
|
976
975
|
existing,
|
|
977
|
-
pkgid
|
|
978
|
-
repository_url: toRepoUrl(
|
|
976
|
+
pkgid,
|
|
977
|
+
repository_url: toRepoUrl(pkgNode.resolved)
|
|
979
978
|
});
|
|
980
979
|
}
|
|
981
980
|
}
|
|
@@ -1524,7 +1523,7 @@ class SafeOverrideSet extends OverrideSet {
|
|
|
1524
1523
|
length: queueLength
|
|
1525
1524
|
} = queue;
|
|
1526
1525
|
while (pos < queueLength) {
|
|
1527
|
-
if (pos ===
|
|
1526
|
+
if (pos === LOOP_SENTINEL) {
|
|
1528
1527
|
throw new Error('Detected infinite loop while comparing override sets');
|
|
1529
1528
|
}
|
|
1530
1529
|
const {
|
|
@@ -1666,10 +1665,10 @@ class SafeArborist extends Arborist {
|
|
|
1666
1665
|
options['save'] = old.save;
|
|
1667
1666
|
options['saveBundle'] = old.saveBundle;
|
|
1668
1667
|
// Nothing to check, mmm already installed or all private?
|
|
1669
|
-
if (diff.findIndex(c => c.repository_url ===
|
|
1668
|
+
if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
|
|
1670
1669
|
return await this[kRiskyReify](...args);
|
|
1671
1670
|
}
|
|
1672
|
-
let proceed =
|
|
1671
|
+
let proceed = ENV[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
|
|
1673
1672
|
if (!proceed) {
|
|
1674
1673
|
proceed = await ttyServer.captureTTY(async (input, output) => {
|
|
1675
1674
|
if (input && output) {
|
|
@@ -1677,7 +1676,7 @@ class SafeArborist extends Arborist {
|
|
|
1677
1676
|
if (!alerts.length) {
|
|
1678
1677
|
return true;
|
|
1679
1678
|
}
|
|
1680
|
-
return await
|
|
1679
|
+
return await (0, _prompts.confirm)({
|
|
1681
1680
|
message: 'Accept risks of installing these packages?',
|
|
1682
1681
|
default: false
|
|
1683
1682
|
}, {
|
|
@@ -1786,14 +1785,18 @@ void (async () => {
|
|
|
1786
1785
|
}
|
|
1787
1786
|
});
|
|
1788
1787
|
}
|
|
1789
|
-
_uxLookup = (0,
|
|
1788
|
+
_uxLookup = (0, _alertRules.createAlertUXLookup)(settings);
|
|
1790
1789
|
})();
|
|
1791
1790
|
|
|
1792
1791
|
var _constants = constants.constants;
|
|
1793
1792
|
var _arborist = arborist;
|
|
1794
1793
|
var _link = link.link;
|
|
1794
|
+
const {
|
|
1795
|
+
shadowBinPath
|
|
1796
|
+
} = _constants;
|
|
1797
|
+
|
|
1795
1798
|
// Shadow `npm` and `npx` to mitigate subshells.
|
|
1796
|
-
(0, _link.installLinks)(
|
|
1799
|
+
(0, _link.installLinks)(shadowBinPath, 'npm');
|
|
1797
1800
|
(0, _arborist.installSafeArborist)();
|
|
1798
1801
|
|
|
1799
1802
|
(function (exports) {
|
|
@@ -1,23 +1,20 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
'use strict';
|
|
3
3
|
|
|
4
|
-
function
|
|
5
|
-
let
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
d = c++ === 0 && k === 'default' ? e[k] : void 0
|
|
10
|
-
if (!d) break
|
|
11
|
-
}
|
|
4
|
+
function _socketInterop(e) {
|
|
5
|
+
let c = 0
|
|
6
|
+
for (const k in e ?? {}) {
|
|
7
|
+
c = c === 0 && k === 'default' ? 1 : 0
|
|
8
|
+
if (!c) break
|
|
12
9
|
}
|
|
13
|
-
return
|
|
10
|
+
return c ? e.default : e
|
|
14
11
|
}
|
|
15
12
|
|
|
16
|
-
var vendor =
|
|
17
|
-
var require$$1 =
|
|
18
|
-
var require$$1$1 =
|
|
19
|
-
var constants =
|
|
20
|
-
var link =
|
|
13
|
+
var vendor = require('./vendor.js');
|
|
14
|
+
var require$$1 = require('node:path');
|
|
15
|
+
var require$$1$1 = _socketInterop(require('@npmcli/promise-spawn'));
|
|
16
|
+
var constants = require('./constants.js');
|
|
17
|
+
var link = require('./link.js');
|
|
21
18
|
|
|
22
19
|
var npxCli$2 = {};
|
|
23
20
|
|
|
@@ -27,10 +24,17 @@ var _nodePath = require$$1;
|
|
|
27
24
|
var _promiseSpawn = require$$1$1;
|
|
28
25
|
var _constants = constants.constants;
|
|
29
26
|
var _link = link.link;
|
|
30
|
-
const
|
|
31
|
-
|
|
27
|
+
const {
|
|
28
|
+
distPath,
|
|
29
|
+
execPath,
|
|
30
|
+
shadowBinPath
|
|
31
|
+
} = _constants;
|
|
32
|
+
const npxPath = (0, _link.installLinks)(shadowBinPath, 'npx');
|
|
33
|
+
const injectionPath = _nodePath.join(distPath, 'npm-injection.js');
|
|
32
34
|
process.exitCode = 1;
|
|
33
|
-
const spawnPromise = _promiseSpawn(
|
|
35
|
+
const spawnPromise = _promiseSpawn(execPath, [
|
|
36
|
+
// Lazily access constants.nodeNoWarningsFlags.
|
|
37
|
+
..._constants.nodeNoWarningsFlags, '--require', injectionPath, npxPath, ...process.argv.slice(2)], {
|
|
34
38
|
stdio: 'inherit'
|
|
35
39
|
});
|
|
36
40
|
spawnPromise.process.on('exit', (code, signal) => {
|
|
@@ -1,22 +1,19 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
function
|
|
4
|
-
let
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
d = c++ === 0 && k === 'default' ? e[k] : void 0
|
|
9
|
-
if (!d) break
|
|
10
|
-
}
|
|
3
|
+
function _socketInterop(e) {
|
|
4
|
+
let c = 0
|
|
5
|
+
for (const k in e ?? {}) {
|
|
6
|
+
c = c === 0 && k === 'default' ? 1 : 0
|
|
7
|
+
if (!c) break
|
|
11
8
|
}
|
|
12
|
-
return
|
|
9
|
+
return c ? e.default : e
|
|
13
10
|
}
|
|
14
11
|
|
|
15
|
-
var require$$1$1 =
|
|
16
|
-
var require$$1 =
|
|
17
|
-
var require$$2 =
|
|
18
|
-
var require$$3 =
|
|
19
|
-
var require$$8 =
|
|
12
|
+
var require$$1$1 = require('node:fs/promises');
|
|
13
|
+
var require$$1 = require('node:path');
|
|
14
|
+
var require$$2 = _socketInterop(require('ignore'));
|
|
15
|
+
var require$$3 = _socketInterop(require('micromatch'));
|
|
16
|
+
var require$$8 = _socketInterop(require('tinyglobby'));
|
|
20
17
|
|
|
21
18
|
var pathResolve = {};
|
|
22
19
|
|