npm - @socketsecurity/cli - Versions diffs - 0.14.33 → 0.14.34 - Mend

@socketsecurity/cli 0.14.33 → 0.14.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/bin/cli.js +2 -4
package/bin/npm-cli.js +2 -4
package/bin/npx-cli.js +2 -4
package/dist/constants.js +68 -0
package/dist/module-sync/cli.d.ts +0 -1
package/dist/module-sync/cli.js +184 -164
package/dist/module-sync/constants.d.ts +91 -18
package/dist/module-sync/constants.js +2 -79
package/dist/module-sync/link.js +9 -12
package/dist/module-sync/npm-cli.js +23 -19
package/dist/module-sync/npm-injection.js +98 -99
package/dist/module-sync/npx-cli.js +21 -17
package/dist/module-sync/path-resolve.js +11 -14
package/dist/module-sync/sdk.js +30 -29
package/dist/module-sync/vendor.js +0 -12
package/dist/require/cli.js +168 -148
package/dist/require/constants.js +2 -79
package/dist/require/link.js +9 -12
package/dist/require/npm-cli.js +23 -19
package/dist/require/npm-injection.js +98 -99
package/dist/require/npx-cli.js +21 -17
package/dist/require/path-resolve.js +11 -14
package/dist/require/sdk.js +26 -25
package/dist/require/vendor.js +30 -115
package/package.json +18 -32
package/dist/module-sync/cli.d.ts.map +0 -1
package/dist/require/cli.d.ts +0 -3
package/dist/require/cli.d.ts.map +0 -1
package/dist/require/color-or-markdown.d.ts +0 -23
package/dist/require/constants.d.ts +0 -21
package/dist/require/errors.d.ts +0 -7
package/dist/require/link.d.ts +0 -2
package/dist/require/npm-cli.d.ts +0 -2
package/dist/require/npm-injection.d.ts +0 -1
package/dist/require/npx-cli.d.ts +0 -2
package/dist/require/path-resolve.d.ts +0 -8
package/dist/require/sdk.d.ts +0 -8
package/dist/require/settings.d.ts +0 -9

package/dist/require/constants.js CHANGED Viewed

@@ -1,80 +1,3 @@
-'use strict';
+'use strict'
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
-  }
-  return d ?? e
-}
-var require$$0 = _interop(require('node:fs'));
-var require$$1 = _interop(require('node:path'));
-var require$$2 = _interop(require('@socketsecurity/registry/lib/env'));
-var require$$3 = _interop(require('@socketsecurity/registry/lib/constants'));
-var require$$4 = _interop(require('semver'));
-var constants = {};
-Object.defineProperty(constants, "__esModule", {
-  value: true
-});
-constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_PUBLIC_API_KEY = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
-var _nodeFs = require$$0;
-var _nodePath = require$$1;
-var _env = require$$2;
-var _constants = require$$3;
-var _semver = require$$4;
-const {
-  PACKAGE_JSON
-} = _constants;
-const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
-constants.API_V0_URL = 'https://api.socket.dev/v0';
-const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
-constants.LOOP_SENTINEL = 1_000_000;
-constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
-constants.SOCKET_PUBLIC_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
-const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
-const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
-constants.ENV = Object.freeze({
-  // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
-  [UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: (0, _env.envAsBoolean)(process.env[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE])
-});
-// Dynamically detect the rootPath so constants.ts can be used in tests.
-const rootPath = constants.rootPath = (() => {
-  let oldPath;
-  let currPath = (0, _nodeFs.realpathSync)(__dirname);
-  // Dirname stops when at the filepath root, e.g. '/' for posix and 'C:\\' for win32,
-  // so `currPath` equal `oldPath`.
-  while (currPath !== oldPath) {
-    const pkgJsonPath = _nodePath.join(currPath, PACKAGE_JSON);
-    if ((0, _nodeFs.existsSync)(pkgJsonPath)) {
-      try {
-        // Content matching @socketsecurity/cli is replaced by
-        // the @rollup/plugin-replace plugin used in .config/rollup.base.config.mjs
-        // with either 'socket' or '@socketsecurity/cli'.
-        if (require(pkgJsonPath)?.name === '@socketsecurity/cli') {
-          return currPath;
-        }
-      } catch {}
-    }
-    oldPath = currPath;
-    currPath = _nodePath.dirname(currPath);
-  }
-  throw new TypeError(`Socket CLI initialization error: rootPath cannot be resolved.\n\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`);
-})();
-const rootDistPath = constants.rootDistPath = _nodePath.join(rootPath, 'dist');
-constants.rootBinPath = _nodePath.join(rootPath, 'bin');
-constants.rootPkgJsonPath = _nodePath.join(rootPath, PACKAGE_JSON);
-const nmBinPath = constants.nmBinPath = _nodePath.join(rootPath, 'node_modules/.bin');
-constants.cdxgenBinPath = _nodePath.join(nmBinPath, 'cdxgen');
-constants.distPath = _nodePath.join(rootDistPath, DIST_TYPE);
-constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', DIST_TYPE);
-constants.synpBinPath = _nodePath.join(nmBinPath, 'synp');
-exports.constants = constants;
+module.exports = require('../constants.js')

package/dist/require/link.js CHANGED Viewed

@@ -1,20 +1,17 @@
 'use strict';
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
-var require$$0 = _interop(require('node:fs'));
-var require$$1 = _interop(require('node:path'));
-var require$$4 = _interop(require('which'));
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$4 = _socketInterop(require('which'));
 var link = {};

package/dist/require/npm-cli.js CHANGED Viewed

@@ -1,25 +1,22 @@
 #!/usr/bin/env node
 'use strict';
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
-var vendor = _interop(require('./vendor.js'));
-var require$$0 = _interop(require('node:fs'));
-var require$$1 = _interop(require('node:path'));
-var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
-var constants = _interop(require('./constants.js'));
-var link = _interop(require('./link.js'));
-var pathResolve = _interop(require('./path-resolve.js'));
+var vendor = require('./vendor.js');
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var require$$1$1 = _socketInterop(require('@npmcli/promise-spawn'));
+var constants = require('./constants.js');
+var link = require('./link.js');
+var pathResolve = require('./path-resolve.js');
 var npmCli$2 = {};
@@ -31,8 +28,13 @@ var _promiseSpawn = require$$1$1;
 var _constants = constants.constants;
 var _link = link.link;
 var _pathResolve = pathResolve.pathResolve;
-const npmPath = (0, _link.installLinks)(_constants.shadowBinPath, 'npm');
-const injectionPath = _nodePath.join(_constants.distPath, 'npm-injection.js');
+const {
+  distPath,
+  execPath,
+  shadowBinPath
+} = _constants;
+const npmPath = (0, _link.installLinks)(shadowBinPath, 'npm');
+const injectionPath = _nodePath.join(distPath, 'npm-injection.js');
 // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
 // is found to fix a UX issue when running the command with recent versions of
@@ -54,7 +56,9 @@ if (npmArgs.includes('install') && !npmArgs.includes('--no-progress') && !npmArg
   }
 }
 process.exitCode = 1;
-const spawnPromise = _promiseSpawn(process.execPath, ['--disable-warning', 'ExperimentalWarning', '--require', injectionPath, npmPath, ...npmArgs], {
+const spawnPromise = _promiseSpawn(execPath, [
+// Lazily access constants.nodeNoWarningsFlags.
+..._constants.nodeNoWarningsFlags, '--require', injectionPath, npmPath, ...npmArgs], {
   stdio: 'inherit'
 });
 spawnPromise.process.on('exit', (code, signal) => {

package/dist/require/npm-injection.js CHANGED Viewed

@@ -1,37 +1,35 @@
 'use strict';
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
-var vendor = _interop(require('./vendor.js'));
-var constants = _interop(require('./constants.js'));
-var require$$1$4 = _interop(require('node:events'));
-var require$$0 = _interop(require('node:fs'));
-var require$$3$2 = _interop(require('node:https'));
-var require$$1$1 = _interop(require('node:path'));
-var require$$3 = _interop(require('node:readline'));
-var require$$6$2 = _interop(require('node:timers/promises'));
-var require$$1$3 = _interop(require('@inquirer/confirm'));
-var require$$3$1 = _interop(require('@socketregistry/yocto-spinner'));
-var require$$5$1 = _interop(require('npm-package-arg'));
-var require$$4 = _interop(require('semver'));
-var require$$6$1 = _interop(require('@socketsecurity/config'));
-var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
-var require$$1$2 = _interop(require('node:net'));
-var require$$1 = _interop(require('node:os'));
-var require$$5 = _interop(require('node:stream'));
-var sdk = _interop(require('./sdk.js'));
-var pathResolve = _interop(require('./path-resolve.js'));
-var link = _interop(require('./link.js'));
+var vendor = require('./vendor.js');
+var constants = require('./constants.js');
+var require$$1$4 = require('node:events');
+var require$$0 = require('node:fs');
+var require$$3$3 = require('node:https');
+var require$$1$1 = require('node:path');
+var require$$3 = require('node:readline');
+var require$$6$2 = require('node:timers/promises');
+var require$$1$3 = require('@socketsecurity/registry/lib/prompts');
+var require$$3$2 = require('@socketregistry/yocto-spinner');
+var require$$5$1 = _socketInterop(require('npm-package-arg'));
+var require$$3$1 = _socketInterop(require('semver'));
+var require$$6$1 = require('@socketsecurity/config');
+var require$$7 = require('@socketsecurity/registry/lib/objects');
+var require$$8 = require('@socketsecurity/registry/lib/packages');
+var require$$1$2 = require('node:net');
+var require$$1 = require('node:os');
+var require$$5 = require('node:stream');
+var sdk = require('./sdk.js');
+var pathResolve = require('./path-resolve.js');
+var link = require('./link.js');
 var npmInjection$2 = {};
@@ -42,7 +40,7 @@ var arborist = {};
 var ttyServer$1 = {};
 var name = "@socketsecurity/cli";
-var version = "0.14.33";
+var version = "0.14.34";
 var description = "CLI tool for Socket.dev";
 var homepage = "http://github.com/SocketDev/socket-cli";
 var license = "MIT";
@@ -63,34 +61,19 @@ var bin = {
 };
 var exports$1 = {
 	"./bin/cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/cli.d.ts",
-			"default": "./dist/module-sync/cli.js"
-		},
-		require: {
-			types: "./dist/require/cli.d.ts",
-			"default": "./dist/require/cli.js"
-		}
+		types: "./dist/module-sync/cli.d.ts",
+		"module-sync": "./dist/module-sync/cli.js",
+		require: "./dist/require/cli.js"
 	},
 	"./bin/npm-cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/npm-cli.d.ts",
-			"default": "./dist/module-sync/npm-cli.js"
-		},
-		require: {
-			types: "./dist/require/npm-cli.d.ts",
-			"default": "./dist/require/npm-cli.js"
-		}
+		types: "./dist/module-sync/npm-cli.d.ts",
+		"module-sync": "./dist/module-sync/npm-cli.js",
+		require: "./dist/require/npm-cli.js"
 	},
 	"./bin/npx-cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/npx-cli.d.ts",
-			"default": "./dist/module-sync/npx-cli.js"
-		},
-		require: {
-			types: "./dist/require/npx-cli.d.ts",
-			"default": "./dist/require/npx-cli.js"
-		}
+		types: "./dist/module-sync/npx-cli.d.ts",
+		"module-sync": "./dist/module-sync/npx-cli.js",
+		require: "./dist/require/npx-cli.js"
 	},
 	"./package.json": "./package.json",
 	"./translations.json": "./translations.json"
@@ -109,23 +92,20 @@ var scripts = {
 	"lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
 	"lint:fix:fast": "prettier --cache --log-level warn --write .",
 	prepare: "husky && custompatch",
-	test: "run-s check build:* test:*",
-	"test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+	test: "run-s check build:* test:* test:coverage:*",
 	"test-ci": "run-s build:* test:*",
 	"test:unit": "tap-run",
-	"test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+	"test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+	"test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
 };
 var dependencies = {
 	"@apideck/better-ajv-errors": "^0.3.6",
 	"@cyclonedx/cdxgen": "^11.0.5",
-	"@inquirer/confirm": "^5.0.2",
-	"@inquirer/password": "^4.0.3",
-	"@inquirer/select": "^4.0.3",
 	"@npmcli/promise-spawn": "^8.0.2",
 	"@socketregistry/hyrious__bun.lockb": "1.0.5",
 	"@socketregistry/yocto-spinner": "^1.0.1",
 	"@socketsecurity/config": "^2.1.3",
-	"@socketsecurity/registry": "^1.0.35",
+	"@socketsecurity/registry": "^1.0.51",
 	"@socketsecurity/sdk": "^1.3.0",
 	blessed: "^0.1.81",
 	"blessed-contrib": "^4.11.0",
@@ -229,6 +209,8 @@ var overrides = {
 	semver: "$semver",
 	"set-function-length": "npm:@socketregistry/set-function-length@^1",
 	"side-channel": "npm:@socketregistry/side-channel@^1",
+	"tiny-colors": "$yoctocolors-cjs",
+	typedarray: "npm:@socketregistry/typedarray@^1",
 	yaml: "$yaml"
 };
 var resolutions = {
@@ -252,6 +234,8 @@ var resolutions = {
 	semver: "^7.6.3",
 	"set-function-length": "npm:@socketregistry/set-function-length@^1",
 	"side-channel": "npm:@socketregistry/side-channel@^1",
+	"tiny-colors": "npm:yoctocolors-cjs@^2.1.2",
+	typedarray: "npm:@socketregistry/typedarray@^1",
 	yaml: "^2.6.0"
 };
 var engines = {
@@ -322,7 +306,7 @@ function createNonStandardTTYServer() {
                   output: hasOutput
                 },
                 ipc_version: remote_ipc_version
-              } = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf-8'));
+              } = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf8'));
               lineBuff = null;
               captured = true;
               if (remote_ipc_version !== _package.version) {
@@ -480,12 +464,12 @@ function createTTYServer(isInteractive, npmlog) {
   return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(isInteractive, npmlog);
 }
-var issueRules = {};
+var alertRules = {};
-Object.defineProperty(issueRules, "__esModule", {
+Object.defineProperty(alertRules, "__esModule", {
   value: true
 });
-issueRules.createAlertUXLookup = createAlertUXLookup;
+alertRules.createAlertUXLookup = createAlertUXLookup;
 //#region UX Constants
 const IGNORE_UX = {
@@ -508,7 +492,7 @@ const ERROR_UX = {
  * all issue rules and finds the first defined value that does not defer otherwise
  * uses the defaultValue. Takes the value and converts into a UX workflow
  */
-function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
+function resolveAlertRuleUX(orderedRulesCollection, defaultValue) {
   if (defaultValue === true || defaultValue == null) {
     defaultValue = {
       action: 'error'
@@ -521,9 +505,9 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
   let block = false;
   let display = false;
   let needDefault = true;
-  iterate_entries: for (const issueRuleArr of entriesOrderedIssueRules) {
-    for (const rule of issueRuleArr) {
-      if (issueRuleValueDoesNotDefer(rule)) {
+  iterate_entries: for (const rules of orderedRulesCollection) {
+    for (const rule of rules) {
+      if (ruleValueDoesNotDefer(rule)) {
         needDefault = false;
         const narrowingFilter = uxForDefinedNonDeferValue(rule);
         block = block || narrowingFilter.block;
@@ -549,13 +533,13 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
 /**
  * Negative form because it is narrowing the type
  */
-function issueRuleValueDoesNotDefer(issueRule) {
-  if (issueRule === undefined) {
+function ruleValueDoesNotDefer(rule) {
+  if (rule === undefined) {
     return false;
-  } else if (issueRule !== null && typeof issueRule === 'object') {
+  } else if (rule !== null && typeof rule === 'object') {
     const {
       action
-    } = issueRule;
+    } = rule;
     if (action === undefined || action === 'defer') {
       return false;
     }
@@ -566,13 +550,13 @@ function issueRuleValueDoesNotDefer(issueRule) {
 /**
  * Handles booleans for backwards compatibility
  */
-function uxForDefinedNonDeferValue(issueRuleValue) {
-  if (typeof issueRuleValue === 'boolean') {
-    return issueRuleValue ? ERROR_UX : IGNORE_UX;
+function uxForDefinedNonDeferValue(ruleValue) {
+  if (typeof ruleValue === 'boolean') {
+    return ruleValue ? ERROR_UX : IGNORE_UX;
   }
   const {
     action
-  } = issueRuleValue;
+  } = ruleValue;
   if (action === 'warn') {
     return WARN_UX;
   } else if (action === 'ignore') {
@@ -594,9 +578,9 @@ function createAlertUXLookup(settings) {
     if (ux) {
       return ux;
     }
-    const entriesOrderedIssueRules = [];
+    const orderedRulesCollection = [];
     for (const settingsEntry of settings.entries) {
-      const orderedIssueRules = [];
+      const orderedRules = [];
       let target = settingsEntry.start;
       while (target !== null) {
         const resolvedTarget = settingsEntry.settings[target];
@@ -605,11 +589,11 @@ function createAlertUXLookup(settings) {
         }
         const issueRuleValue = resolvedTarget.issueRules?.[type];
         if (typeof issueRuleValue !== 'undefined') {
-          orderedIssueRules.push(issueRuleValue);
+          orderedRules.push(issueRuleValue);
         }
         target = resolvedTarget.deferTo ?? null;
       }
-      entriesOrderedIssueRules.push(orderedIssueRules);
+      orderedRulesCollection.push(orderedRules);
     }
     const defaultValue = settings.defaults.issueRules[type];
     let resolvedDefaultValue = {
@@ -624,7 +608,7 @@ function createAlertUXLookup(settings) {
         action: defaultValue.action ?? 'error'
       };
     }
-    ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
+    ux = resolveAlertRuleUX(orderedRulesCollection, resolvedDefaultValue);
     cachedUX.set(type, ux);
     return ux;
   };
@@ -638,26 +622,37 @@ arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
 var _nodeEvents = require$$1$4;
 var _nodeFs = require$$0;
-var _nodeHttps = require$$3$2;
+var _nodeHttps = require$$3$3;
 var _nodePath = require$$1$1;
 var _nodeReadline = require$$3;
 var _promises = require$$6$2;
-var _confirm = require$$1$3;
-var _yoctoSpinner = require$$3$1;
+var _prompts = require$$1$3;
+var _yoctoSpinner = require$$3$2;
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _npmPackageArg = require$$5$1;
-var _semver = require$$4;
+var _semver = require$$3$1;
 var _config = require$$6$1;
 var _objects = require$$7;
+var _packages = require$$8;
 var _ttyServer = ttyServer$1;
 var _constants$1 = constants.constants;
 var _colorOrMarkdown = sdk.colorOrMarkdown;
-var _issueRules = issueRules;
+var _alertRules = alertRules;
 var _misc = sdk.misc;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
-const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${_constants$1.SOCKET_CLI_ISSUES_URL}.`;
+const {
+  API_V0_URL,
+  ENV,
+  LOOP_SENTINEL,
+  NPM_REGISTRY_URL,
+  SOCKET_CLI_ISSUES_URL,
+  SOCKET_PUBLIC_API_KEY,
+  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE,
+  rootPath
+} = _constants$1;
+const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
 const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
 const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
 function tryRequire(...ids) {
@@ -705,7 +700,7 @@ const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
 const {
   tarball
 } = pacote;
-const translations = require(_nodePath.join(_constants$1.rootPath, 'translations.json'));
+const translations = require(_nodePath.join(rootPath, 'translations.json'));
 const abortController = new AbortController();
 const {
   signal: abortSignal
@@ -718,7 +713,7 @@ const OverrideSet = require(arboristOverrideSetClassPatch);
 const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
 const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
-const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
+const pubToken = (0, _sdk.getDefaultKey)() ?? SOCKET_PUBLIC_API_KEY;
 const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
   stream: process.stdin
 }), log);
@@ -733,7 +728,7 @@ async function uxLookup(settings) {
   return _uxLookup(settings);
 }
 async function* batchScan(pkgIds) {
-  const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
+  const req = _nodeHttps.request(`${API_V0_URL}/purl?alerts=true`, {
     method: 'POST',
     headers: {
       Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
@@ -849,7 +844,7 @@ async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
       const {
         version
       } = artifact;
-      const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
+      const name = (0, _packages.resolvePackageName)(artifact);
       const id = `${name}@${artifact.version}`;
       let blocked = false;
       let displayWarning = false;
@@ -947,7 +942,7 @@ function walk(diff_, needInfoOn = []) {
     length: queueLength
   } = queue;
   while (pos < queueLength) {
-    if (pos === _constants$1.LOOP_SENTINEL) {
+    if (pos === LOOP_SENTINEL) {
       throw new Error('Detected infinite loop while walking Arborist diff');
     }
     const diff = queue[pos++];
@@ -1527,7 +1522,7 @@ class SafeOverrideSet extends OverrideSet {
       length: queueLength
     } = queue;
     while (pos < queueLength) {
-      if (pos === _constants$1.LOOP_SENTINEL) {
+      if (pos === LOOP_SENTINEL) {
         throw new Error('Detected infinite loop while comparing override sets');
       }
       const {
@@ -1669,10 +1664,10 @@ class SafeArborist extends Arborist {
     options['save'] = old.save;
     options['saveBundle'] = old.saveBundle;
     // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.repository_url === _constants$1.NPM_REGISTRY_URL) === -1) {
+    if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
       return await this[kRiskyReify](...args);
     }
-    let proceed = _constants$1.ENV[_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
+    let proceed = ENV[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
     if (!proceed) {
       proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {
@@ -1680,7 +1675,7 @@ class SafeArborist extends Arborist {
           if (!alerts.length) {
             return true;
           }
-          return await _confirm({
+          return await (0, _prompts.confirm)({
             message: 'Accept risks of installing these packages?',
             default: false
           }, {
@@ -1789,14 +1784,18 @@ void (async () => {
       }
     });
   }
-  _uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
+  _uxLookup = (0, _alertRules.createAlertUXLookup)(settings);
 })();
 var _constants = constants.constants;
 var _arborist = arborist;
 var _link = link.link;
+const {
+  shadowBinPath
+} = _constants;
 // Shadow `npm` and `npx` to mitigate subshells.
-(0, _link.installLinks)(_constants.shadowBinPath, 'npm');
+(0, _link.installLinks)(shadowBinPath, 'npm');
 (0, _arborist.installSafeArborist)();
 (function (exports) {

package/dist/require/npx-cli.js CHANGED Viewed

@@ -1,23 +1,20 @@
 #!/usr/bin/env node
 'use strict';
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
-var vendor = _interop(require('./vendor.js'));
-var require$$1 = _interop(require('node:path'));
-var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
-var constants = _interop(require('./constants.js'));
-var link = _interop(require('./link.js'));
+var vendor = require('./vendor.js');
+var require$$1 = require('node:path');
+var require$$1$1 = _socketInterop(require('@npmcli/promise-spawn'));
+var constants = require('./constants.js');
+var link = require('./link.js');
 var npxCli$2 = {};
@@ -27,10 +24,17 @@ var _nodePath = require$$1;
 var _promiseSpawn = require$$1$1;
 var _constants = constants.constants;
 var _link = link.link;
-const npxPath = (0, _link.installLinks)(_constants.shadowBinPath, 'npx');
-const injectionPath = _nodePath.join(_constants.distPath, 'npm-injection.js');
+const {
+  distPath,
+  execPath,
+  shadowBinPath
+} = _constants;
+const npxPath = (0, _link.installLinks)(shadowBinPath, 'npx');
+const injectionPath = _nodePath.join(distPath, 'npm-injection.js');
 process.exitCode = 1;
-const spawnPromise = _promiseSpawn(process.execPath, ['--disable-warning', 'ExperimentalWarning', '--require', injectionPath, npxPath, ...process.argv.slice(2)], {
+const spawnPromise = _promiseSpawn(execPath, [
+// Lazily access constants.nodeNoWarningsFlags.
+..._constants.nodeNoWarningsFlags, '--require', injectionPath, npxPath, ...process.argv.slice(2)], {
   stdio: 'inherit'
 });
 spawnPromise.process.on('exit', (code, signal) => {