@socketsecurity/cli 0.14.35 → 0.14.36

package/dist/module-sync/constants.d.ts

@@ -2,13 +2,20 @@ import registryConstants from '@socketsecurity/registry/lib/constants';
 type RegistryEnv = typeof registryConstants.ENV;
 type Constants = {
     readonly API_V0_URL: 'https://api.socket.dev/v0';
+    readonly BABEL_RUNTIME: '@babel/runtime';
+    readonly BUN: 'bun';
     readonly ENV: RegistryEnv & {
         UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
     };
     readonly DIST_TYPE: 'module-sync' | 'require';
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
+    readonly NPX: 'npx';
+    readonly PNPM: 'pnpm';
     readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
     readonly UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
+    readonly VLT: 'vlt';
+    readonly YARN_BERRY: 'yarn/berry';
+    readonly YARN_CLASSIC: 'yarn/classic';
     readonly cdxgenBinPath: string;
     readonly distPath: string;
     readonly nmBinPath: string;

package/dist/module-sync/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAyC5B,QAAA,MAAM,SAAS,WA0Bd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAsE5B,QAAA,MAAM,SAAS,WA0Cd,CAAA"}

package/dist/module-sync/npm-injection.js

@@ -30,7 +30,7 @@ var sdk = require('./sdk.js');
 var constants = require('./constants.js');
 var pathResolve = require('./path-resolve.js');
 
-var version = "0.14.35";
+var version = "0.14.36";
 
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
 

package/dist/module-sync/path-resolve.d.ts

@@ -3,6 +3,11 @@ import { SocketYml } from '@socketsecurity/config';
 import { SocketSdkReturnType } from '@socketsecurity/sdk';
 declare function directoryPatterns(): string[];
 declare function findRoot(filepath: string): string | undefined;
+declare function findBinPathDetails(binName: string): Promise<{
+    name: string;
+    path: string | undefined;
+    shadowed: boolean;
+}>;
 declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
 declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
-export { directoryPatterns, findRoot, getPackageFiles, getPackageFilesFullScans };
+export { directoryPatterns, findRoot, findBinPathDetails, getPackageFiles, getPackageFilesFullScans };

package/dist/module-sync/path-resolve.js

@@ -9,11 +9,13 @@ function _socketInterop(e) {
   return c ? e.default : e
 }
 
-var fs = require('node:fs/promises');
+var fs = require('node:fs');
 var path = require('node:path');
 var ignore = _socketInterop(require('ignore'));
 var micromatch = _socketInterop(require('micromatch'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
+var which = _socketInterop(require('which'));
+var constants = require('./constants.js');
 
 const ignoredDirs = [
 // Taken from ignore-by-default:
@@ -42,8 +44,12 @@ function directoryPatterns() {
   return [...ignoredDirPatterns];
 }
 
+const {
+  NPM,
+  shadowBinPath
+} = constants;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
-  const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {
+  const patterns = ['golang', NPM, 'pypi'].reduce((r, n) => {
     const supported = supportedFiles[n];
     r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
     return r;
@@ -65,7 +71,7 @@ async function globWithGitIgnore(patterns, options) {
     cwd,
     expandDirectories: true
   });
-  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
+  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
   const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
   const globOptions = {
     absolute: true,
@@ -133,7 +139,7 @@ function pathsToPatterns(paths) {
 function findRoot(filepath) {
   let curPath = filepath;
   while (true) {
-    if (path.basename(curPath) === 'npm') {
+    if (path.basename(curPath) === NPM) {
       return curPath;
     }
     const parent = path.dirname(curPath);
@@ -143,6 +149,26 @@ function findRoot(filepath) {
     curPath = parent;
   }
 }
+async function findBinPathDetails(binName) {
+  let shadowIndex = -1;
+  const bins = (await which(binName, {
+    all: true,
+    nothrow: true
+  })) ?? [];
+  const binPath = bins.find((binPath, i) => {
+    // Skip our bin directory if it's in the front.
+    if (fs.realpathSync(path.dirname(binPath)) === shadowBinPath) {
+      shadowIndex = i;
+      return false;
+    }
+    return true;
+  });
+  return {
+    name: binName,
+    path: binPath,
+    shadowed: shadowIndex !== -1
+  };
+}
 async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog = () => {}) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
 
@@ -169,6 +195,7 @@ async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLo
   return packageFiles;
 }
 
+exports.findBinPathDetails = findBinPathDetails;
 exports.findRoot = findRoot;
 exports.getPackageFiles = getPackageFiles;
 exports.getPackageFilesFullScans = getPackageFilesFullScans;

package/dist/module-sync/shadow-bin.d.ts

@@ -1,2 +1,2 @@
-declare function shadow(binName: 'npm' | 'npx'): Promise<void>;
+declare function shadow(binName: 'npm' | 'npx', binArgs?: string[]): Promise<void>;
 export { shadow as default };

package/dist/module-sync/shadow-bin.js

@@ -14,7 +14,6 @@ var path = require('node:path');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var constants = require('./constants.js');
 var cmdShim = _socketInterop(require('cmd-shim'));
-var which = _socketInterop(require('which'));
 var pathResolve = require('./path-resolve.js');
 
 const {
@@ -23,23 +22,14 @@ const {
 } = constants;
 async function installLinks(realBinPath, binName) {
   // Find package manager being shadowed by this process.
-  const bins = (await which(binName, {
-    all: true,
-    nothrow: true
-  })) ?? [];
-  let shadowIndex = -1;
-  const binPath = bins.find((binPath, i) => {
-    // Skip our bin directory if it's in the front.
-    if (fs.realpathSync(path.dirname(binPath)) === realBinPath) {
-      shadowIndex = i;
-      return false;
-    }
-    return true;
-  });
+  const {
+    path: binPath,
+    shadowed
+  } = await pathResolve.findBinPathDetails(binName);
   if (!binPath) {
-    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
+    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
     process.exit(127);
   }
   // TODO: Is this early exit needed?
@@ -47,23 +37,24 @@ async function installLinks(realBinPath, binName) {
     return binPath;
   }
   // Move our bin directory to front of PATH so its found first.
-  if (shadowIndex === -1) {
+  if (!shadowed) {
     if (WIN32) {
       await cmdShim(path.join(rootDistPath, `${binName}-cli.js`), path.join(realBinPath, binName));
     }
-    process.env['PATH'] = `${realBinPath}${WIN32 ? ';' : ':'}${process.env['PATH']}`;
+    process.env['PATH'] = `${realBinPath}${path.delimiter}${process.env['PATH']}`;
   }
   return binPath;
 }
 
 const {
+  NPM,
   abortSignal,
   distPath,
   execPath,
   shadowBinPath
 } = constants;
 const injectionPath = path.join(distPath, 'npm-injection.js');
-async function shadow(binName) {
+async function shadow(binName, binArgs = process.argv.slice(2)) {
   const binPath = await installLinks(shadowBinPath, binName);
   if (abortSignal.aborted) {
     return;
@@ -71,8 +62,7 @@ async function shadow(binName) {
   // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
   // is found to fix a UX issue when running the command with recent versions of
   // npm (input swallowed by the standard npm spinner)
-  const binArgs = process.argv.slice(2);
-  if (binName === 'npm' && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
+  if (binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
     const npmEntrypoint = fs.realpathSync(binPath);
     const npmRootPath = pathResolve.findRoot(path.dirname(npmEntrypoint));
     if (npmRootPath === undefined) {
@@ -96,9 +86,13 @@ async function shadow(binName) {
     signal: abortSignal,
     stdio: 'inherit'
   });
-  spawnPromise.process.on('exit', (code, signal) => {
-    if (signal) {
-      process.kill(process.pid, signal);
+  // See https://nodejs.org/api/all.html#all_child_process_event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    if (abortSignal.aborted) {
+      return;
+    }
+    if (signalName) {
+      process.kill(process.pid, signalName);
     } else if (code !== null) {
       process.exit(code);
     }