@socketsecurity/cli 0.14.34 → 0.14.36

package/dist/require/path-resolve.js

@@ -4,25 +4,19 @@ function _socketInterop(e) {
   let c = 0
   for (const k in e ?? {}) {
     c = c === 0 && k === 'default' ? 1 : 0
-    if (!c) break
+    if (!c && k !== '__esModule') break
   }
   return c ? e.default : e
 }
 
-var require$$1$1 = require('node:fs/promises');
-var require$$1 = require('node:path');
-var require$$2 = _socketInterop(require('ignore'));
-var require$$3 = _socketInterop(require('micromatch'));
-var require$$8 = _socketInterop(require('tinyglobby'));
+var fs = require('node:fs');
+var path = require('node:path');
+var ignore = _socketInterop(require('ignore'));
+var micromatch = _socketInterop(require('micromatch'));
+var tinyglobby = _socketInterop(require('tinyglobby'));
+var which = _socketInterop(require('which'));
+var constants = require('./constants.js');
 
-var pathResolve = {};
-
-var ignoreByDefault = {};
-
-Object.defineProperty(ignoreByDefault, "__esModule", {
-  value: true
-});
-ignoreByDefault.directoryPatterns = directoryPatterns;
 const ignoredDirs = [
 // Taken from ignore-by-default:
 // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
@@ -50,25 +44,17 @@ function directoryPatterns() {
   return [...ignoredDirPatterns];
 }
 
-Object.defineProperty(pathResolve, "__esModule", {
-  value: true
-});
-pathResolve.findRoot = findRoot;
-pathResolve.getPackageFiles = getPackageFiles;
-pathResolve.getPackageFilesFullScans = getPackageFilesFullScans;
-var _promises = require$$1$1;
-var _nodePath = require$$1;
-var _ignore = require$$2;
-var _micromatch = require$$3;
-var _tinyglobby = require$$8;
-var _ignoreByDefault = ignoreByDefault;
+const {
+  NPM,
+  shadowBinPath
+} = constants;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
-  const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {
+  const patterns = ['golang', NPM, 'pypi'].reduce((r, n) => {
     const supported = supportedFiles[n];
     r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
     return r;
   }, []);
-  return entries.filter(p => _micromatch.some(p, patterns));
+  return entries.filter(p => micromatch.some(p, patterns));
 }
 async function globWithGitIgnore(patterns, options) {
   const {
@@ -80,12 +66,12 @@ async function globWithGitIgnore(patterns, options) {
     ...options
   };
   const projectIgnorePaths = socketConfig?.projectIgnorePaths;
-  const ignoreFiles = await (0, _tinyglobby.glob)(['**/.gitignore'], {
+  const ignoreFiles = await tinyglobby.glob(['**/.gitignore'], {
     absolute: true,
     cwd,
     expandDirectories: true
   });
-  const ignores = [...(0, _ignoreByDefault.directoryPatterns)(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, _nodePath.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await _promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
+  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
   const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
   const globOptions = {
     absolute: true,
@@ -94,25 +80,25 @@ async function globWithGitIgnore(patterns, options) {
     ignore: hasNegatedPattern ? [] : ignores,
     ...additionalOptions
   };
-  const result = await (0, _tinyglobby.glob)(patterns, globOptions);
+  const result = await tinyglobby.glob(patterns, globOptions);
   if (!hasNegatedPattern) {
     return result;
   }
   const {
     absolute
   } = globOptions;
-  const filtered = _ignore().add(ignores).filter(absolute ? result.map(p => _nodePath.relative(cwd, p)) : result);
-  return absolute ? filtered.map(p => _nodePath.resolve(cwd, p)) : filtered;
+  const filtered = ignore().add(ignores).filter(absolute ? result.map(p => path.relative(cwd, p)) : result);
+  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered;
 }
 function ignoreFileLinesToGlobPatterns(lines, filepath, cwd) {
-  const base = _nodePath.relative(cwd, _nodePath.dirname(filepath)).replace(/\\/g, '/');
+  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\/g, '/');
   const patterns = [];
   for (let i = 0, {
       length
     } = lines; i < length; i += 1) {
     const pattern = lines[i].trim();
     if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {
-      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${_nodePath.posix.join(base, pattern.slice(1))}` : _nodePath.posix.join(base, pattern)));
+      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${path.posix.join(base, pattern.slice(1))}` : path.posix.join(base, pattern)));
     }
   }
   return patterns;
@@ -153,16 +139,36 @@ function pathsToPatterns(paths) {
 function findRoot(filepath) {
   let curPath = filepath;
   while (true) {
-    if (_nodePath.basename(curPath) === 'npm') {
+    if (path.basename(curPath) === NPM) {
       return curPath;
     }
-    const parent = _nodePath.dirname(curPath);
+    const parent = path.dirname(curPath);
     if (parent === curPath) {
       return undefined;
     }
     curPath = parent;
   }
 }
+async function findBinPathDetails(binName) {
+  let shadowIndex = -1;
+  const bins = (await which(binName, {
+    all: true,
+    nothrow: true
+  })) ?? [];
+  const binPath = bins.find((binPath, i) => {
+    // Skip our bin directory if it's in the front.
+    if (fs.realpathSync(path.dirname(binPath)) === shadowBinPath) {
+      shadowIndex = i;
+      return false;
+    }
+    return true;
+  });
+  return {
+    name: binName,
+    path: binPath,
+    shadowed: shadowIndex !== -1
+  };
+}
 async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog = () => {}) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
 
@@ -189,4 +195,7 @@ async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLo
   return packageFiles;
 }
 
-exports.pathResolve = pathResolve;
+exports.findBinPathDetails = findBinPathDetails;
+exports.findRoot = findRoot;
+exports.getPackageFiles = getPackageFiles;
+exports.getPackageFilesFullScans = getPackageFilesFullScans;

package/dist/require/sdk.js

@@ -4,69 +4,51 @@ function _socketInterop(e) {
   let c = 0
   for (const k in e ?? {}) {
     c = c === 0 && k === 'default' ? 1 : 0
-    if (!c) break
+    if (!c && k !== '__esModule') break
   }
   return c ? e.default : e
 }
 
+var colors = _socketInterop(require('yoctocolors-cjs'));
 var vendor = require('./vendor.js');
-var require$$1 = _socketInterop(require('yoctocolors-cjs'));
-var require$$1$3 = _socketInterop(require('hpagent'));
-var require$$1$4 = require('@socketsecurity/registry/lib/prompts');
-var require$$4 = require('@socketsecurity/registry/lib/strings');
-var require$$5 = require('@socketsecurity/sdk');
+var hpagent = _socketInterop(require('hpagent'));
+var prompts = require('@socketsecurity/registry/lib/prompts');
+var strings = require('@socketsecurity/registry/lib/strings');
+var sdk = require('@socketsecurity/sdk');
 var constants = require('./constants.js');
-var require$$0 = require('node:fs');
-var require$$1$1 = require('node:os');
-var require$$1$2 = require('node:path');
-var require$$3 = require('@socketregistry/yocto-spinner');
+var fs = require('node:fs');
+var os = require('node:os');
+var path = require('node:path');
+var yoctoSpinner = require('@socketregistry/yocto-spinner');
 
-var errors = {};
-
-Object.defineProperty(errors, "__esModule", {
-  value: true
-});
-errors.InputError = errors.AuthError = void 0;
 class AuthError extends Error {}
-errors.AuthError = AuthError;
 class InputError extends Error {
   constructor(message, body) {
     super(message);
     this.body = body;
   }
 }
-errors.InputError = InputError;
-
-var colorOrMarkdown = {};
 
-var _interopRequireDefault$1 = vendor.interopRequireDefault.default;
-Object.defineProperty(colorOrMarkdown, "__esModule", {
-  value: true
-});
-colorOrMarkdown.logSymbols = colorOrMarkdown.ColorOrMarkdown = void 0;
-var _yoctocolorsCjs = require$$1;
-var _isUnicodeSupported = _interopRequireDefault$1(vendor.isUnicodeSupported);
-var _terminalLink = _interopRequireDefault$1(vendor.terminalLink);
 // From the 'log-symbols' module
 const unicodeLogSymbols = {
   __proto__: null,
-  info: _yoctocolorsCjs.blue('ℹ'),
-  success: _yoctocolorsCjs.green('✔'),
-  warning: _yoctocolorsCjs.yellow('⚠'),
-  error: _yoctocolorsCjs.red('✖')
+  info: colors.blue('ℹ'),
+  success: colors.green('✔'),
+  warning: colors.yellow('⚠'),
+  error: colors.red('✖')
 };
 
 // From the 'log-symbols' module
 const fallbackLogSymbols = {
   __proto__: null,
-  info: _yoctocolorsCjs.blue('i'),
-  success: _yoctocolorsCjs.green('√'),
-  warning: _yoctocolorsCjs.yellow('‼'),
-  error: _yoctocolorsCjs.red('×')
+  info: colors.blue('i'),
+  success: colors.green('√'),
+  warning: colors.yellow('‼'),
+  error: colors.red('×')
 };
 
 // From the 'log-symbols' module
-const logSymbols = colorOrMarkdown.logSymbols = (0, _isUnicodeSupported.default)() ? unicodeLogSymbols : fallbackLogSymbols;
+const logSymbols = vendor.isUnicodeSupported() ? unicodeLogSymbols : fallbackLogSymbols;
 const markdownLogSymbols = {
   __proto__: null,
   info: ':information_source:',
@@ -79,20 +61,20 @@ class ColorOrMarkdown {
     this.useMarkdown = !!useMarkdown;
   }
   header(text, level = 1) {
-    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : _yoctocolorsCjs.underline(`\n${level === 1 ? _yoctocolorsCjs.bold(text) : text}\n`);
+    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : colors.underline(`\n${level === 1 ? colors.bold(text) : text}\n`);
   }
   bold(text) {
-    return this.useMarkdown ? `**${text}**` : _yoctocolorsCjs.bold(`${text}`);
+    return this.useMarkdown ? `**${text}**` : colors.bold(`${text}`);
   }
   italic(text) {
-    return this.useMarkdown ? `_${text}_` : _yoctocolorsCjs.italic(`${text}`);
+    return this.useMarkdown ? `_${text}_` : colors.italic(`${text}`);
   }
   hyperlink(text, url, {
     fallback = true,
     fallbackToUrl
   } = {}) {
     if (!url) return text;
-    return this.useMarkdown ? `[${text}](${url})` : (0, _terminalLink.default)(text, url, {
+    return this.useMarkdown ? `[${text}](${url})` : vendor.terminalLink(text, url, {
       fallback: fallbackToUrl ? (_text, url) => url : fallback
     });
   }
@@ -111,19 +93,9 @@ class ColorOrMarkdown {
     return this.useMarkdown ? '```json\n' + JSON.stringify(value) + '\n```' : JSON.stringify(value);
   }
 }
-colorOrMarkdown.ColorOrMarkdown = ColorOrMarkdown;
-
-var misc = {};
 
-Object.defineProperty(misc, "__esModule", {
-  value: true
-});
-misc.createDebugLogger = createDebugLogger;
-misc.isErrnoException = isErrnoException;
-misc.stringJoinWithSeparateFinalSeparator = stringJoinWithSeparateFinalSeparator;
-var _colorOrMarkdown = colorOrMarkdown;
 function createDebugLogger(printDebugLogs) {
-  return printDebugLogs ? (...params) => console.error(_colorOrMarkdown.logSymbols.info, ...params) : () => {};
+  return printDebugLogs ? (...params) => console.error(logSymbols.info, ...params) : () => {};
 }
 function isErrnoException(value) {
   if (!(value instanceof Error)) {
@@ -140,36 +112,23 @@ function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   return values.join(', ') + separator + finalValue;
 }
 
-var sdk = {};
-
-var settings$1 = {};
-
-Object.defineProperty(settings$1, "__esModule", {
-  value: true
-});
-settings$1.getSetting = getSetting;
-settings$1.updateSetting = updateSetting;
-var _nodeFs = require$$0;
-var _nodeOs = require$$1$1;
-var _nodePath = require$$1$2;
-var _yoctoSpinner = require$$3;
 let dataHome = process.platform === 'win32' ? process.env['LOCALAPPDATA'] : process.env['XDG_DATA_HOME'];
 if (!dataHome) {
   if (process.platform === 'win32') throw new Error('missing %LOCALAPPDATA%');
-  const home = _nodeOs.homedir();
-  dataHome = _nodePath.join(home, ...(process.platform === 'darwin' ? ['Library', 'Application Support'] : ['.local', 'share']));
+  const home = os.homedir();
+  dataHome = path.join(home, ...(process.platform === 'darwin' ? ['Library', 'Application Support'] : ['.local', 'share']));
 }
-const settingsPath = _nodePath.join(dataHome, 'socket', 'settings');
+const settingsPath = path.join(dataHome, 'socket', 'settings');
 let settings = {};
-if ((0, _nodeFs.existsSync)(settingsPath)) {
-  const raw = (0, _nodeFs.readFileSync)(settingsPath, 'utf8');
+if (fs.existsSync(settingsPath)) {
+  const raw = fs.readFileSync(settingsPath, 'utf8');
   try {
     settings = JSON.parse(Buffer.from(raw, 'base64').toString());
   } catch {
-    _yoctoSpinner().warning(`Failed to parse settings at ${settingsPath}`);
+    yoctoSpinner().warning(`Failed to parse settings at ${settingsPath}`);
   }
 } else {
-  (0, _nodeFs.mkdirSync)(_nodePath.dirname(settingsPath), {
+  fs.mkdirSync(path.dirname(settingsPath), {
     recursive: true
   });
 }
@@ -183,65 +142,51 @@ function updateSetting(key, value) {
     pendingSave = true;
     process.nextTick(() => {
       pendingSave = false;
-      (0, _nodeFs.writeFileSync)(settingsPath, Buffer.from(JSON.stringify(settings)).toString('base64'));
+      fs.writeFileSync(settingsPath, Buffer.from(JSON.stringify(settings)).toString('base64'));
     });
   }
 }
 
-var _interopRequireDefault = vendor.interopRequireDefault.default;
-Object.defineProperty(sdk, "__esModule", {
-  value: true
-});
-sdk.getDefaultKey = getDefaultKey;
-sdk.setupSdk = setupSdk;
-var _hpagent = require$$1$3;
-var _isInteractive = _interopRequireDefault(vendor.isInteractive);
-var _prompts = require$$1$4;
-var _strings = require$$4;
-var _sdk = require$$5;
-var _constants = constants.constants;
-var _errors = errors;
-var _settings = settings$1;
 const {
   rootPkgJsonPath
-} = _constants;
+} = constants;
 
 // This API key should be stored globally for the duration of the CLI execution.
 let defaultKey;
 function getDefaultKey() {
-  const key = process.env['SOCKET_SECURITY_API_KEY'] || (0, _settings.getSetting)('apiKey') || defaultKey;
-  defaultKey = (0, _strings.isNonEmptyString)(key) ? key : undefined;
+  const key = process.env['SOCKET_SECURITY_API_KEY'] || getSetting('apiKey') || defaultKey;
+  defaultKey = strings.isNonEmptyString(key) ? key : undefined;
   return defaultKey;
 }
 
 // The API server that should be used for operations.
 function getDefaultAPIBaseUrl() {
-  const baseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || (0, _settings.getSetting)('apiBaseUrl');
-  return (0, _strings.isNonEmptyString)(baseUrl) ? baseUrl : undefined;
+  const baseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || getSetting('apiBaseUrl');
+  return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
 }
 
 // The API server that should be used for operations.
 function getDefaultHTTPProxy() {
-  const apiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || (0, _settings.getSetting)('apiProxy');
-  return (0, _strings.isNonEmptyString)(apiProxy) ? apiProxy : undefined;
+  const apiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || getSetting('apiProxy');
+  return strings.isNonEmptyString(apiProxy) ? apiProxy : undefined;
 }
 async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
-  if (typeof apiKey !== 'string' && (0, _isInteractive.default)()) {
-    apiKey = await (0, _prompts.password)({
+  if (typeof apiKey !== 'string' && vendor.isInteractive()) {
+    apiKey = await prompts.password({
       message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'
     });
     defaultKey = apiKey;
   }
   if (!apiKey) {
-    throw new _errors.AuthError('You need to provide an API key');
+    throw new AuthError('You need to provide an API key');
   }
   let agent;
   if (proxy) {
     agent = {
-      http: new _hpagent.HttpProxyAgent({
+      http: new hpagent.HttpProxyAgent({
         proxy
       }),
-      https: new _hpagent.HttpsProxyAgent({
+      https: new hpagent.HttpsProxyAgent({
         proxy
       })
     };
@@ -249,13 +194,19 @@ async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBase
   const sdkOptions = {
     agent,
     baseUrl: apiBaseUrl,
-    userAgent: (0, _sdk.createUserAgentFromPkgJson)(require(rootPkgJsonPath))
+    userAgent: sdk.createUserAgentFromPkgJson(require(rootPkgJsonPath))
   };
-  return new _sdk.SocketSdk(apiKey || '', sdkOptions);
+  return new sdk.SocketSdk(apiKey || '', sdkOptions);
 }
 
-exports.colorOrMarkdown = colorOrMarkdown;
-exports.errors = errors;
-exports.misc = misc;
-exports.sdk = sdk;
-exports.settings = settings$1;
+exports.AuthError = AuthError;
+exports.ColorOrMarkdown = ColorOrMarkdown;
+exports.InputError = InputError;
+exports.createDebugLogger = createDebugLogger;
+exports.getDefaultKey = getDefaultKey;
+exports.getSetting = getSetting;
+exports.isErrnoException = isErrnoException;
+exports.logSymbols = logSymbols;
+exports.setupSdk = setupSdk;
+exports.stringJoinWithSeparateFinalSeparator = stringJoinWithSeparateFinalSeparator;
+exports.updateSetting = updateSetting;

package/dist/require/shadow-bin.js

@@ -0,0 +1,103 @@
+'use strict';
+
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c && k !== '__esModule') break
+  }
+  return c ? e.default : e
+}
+
+var fs = require('node:fs');
+var path = require('node:path');
+var spawn = _socketInterop(require('@npmcli/promise-spawn'));
+var constants = require('./constants.js');
+var cmdShim = _socketInterop(require('cmd-shim'));
+var pathResolve = require('./path-resolve.js');
+
+const {
+  WIN32,
+  rootDistPath
+} = constants;
+async function installLinks(realBinPath, binName) {
+  // Find package manager being shadowed by this process.
+  const {
+    path: binPath,
+    shadowed
+  } = await pathResolve.findBinPathDetails(binName);
+  if (!binPath) {
+    // The exit code 127 indicates that the command or binary being executed
+    // could not be found.
+    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
+    process.exit(127);
+  }
+  // TODO: Is this early exit needed?
+  if (WIN32 && binPath) {
+    return binPath;
+  }
+  // Move our bin directory to front of PATH so its found first.
+  if (!shadowed) {
+    if (WIN32) {
+      await cmdShim(path.join(rootDistPath, `${binName}-cli.js`), path.join(realBinPath, binName));
+    }
+    process.env['PATH'] = `${realBinPath}${path.delimiter}${process.env['PATH']}`;
+  }
+  return binPath;
+}
+
+const {
+  NPM,
+  abortSignal,
+  distPath,
+  execPath,
+  shadowBinPath
+} = constants;
+const injectionPath = path.join(distPath, 'npm-injection.js');
+async function shadow(binName, binArgs = process.argv.slice(2)) {
+  const binPath = await installLinks(shadowBinPath, binName);
+  if (abortSignal.aborted) {
+    return;
+  }
+  // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
+  // is found to fix a UX issue when running the command with recent versions of
+  // npm (input swallowed by the standard npm spinner)
+  if (binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
+    const npmEntrypoint = fs.realpathSync(binPath);
+    const npmRootPath = pathResolve.findRoot(path.dirname(npmEntrypoint));
+    if (npmRootPath === undefined) {
+      // The exit code 127 indicates that the command or binary being executed
+      // could not be found.
+      process.exit(127);
+    }
+    const npmDepPath = path.join(npmRootPath, 'node_modules');
+    let procLog;
+    try {
+      procLog = require(path.join(npmDepPath, 'proc-log/lib/index.js')).log;
+    } catch {}
+    if (procLog) {
+      binArgs.push('--no-progress', '--quiet');
+    }
+  }
+  process.exitCode = 1;
+  const spawnPromise = spawn(execPath, [
+  // Lazily access constants.nodeNoWarningsFlags.
+  ...constants.nodeNoWarningsFlags, '--require', injectionPath, binPath, ...binArgs], {
+    signal: abortSignal,
+    stdio: 'inherit'
+  });
+  // See https://nodejs.org/api/all.html#all_child_process_event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    if (abortSignal.aborted) {
+      return;
+    }
+    if (signalName) {
+      process.kill(process.pid, signalName);
+    } else if (code !== null) {
+      process.exit(code);
+    }
+  });
+  await spawnPromise;
+}
+
+module.exports = shadow;