@socketsecurity/cli 0.14.35 → 0.14.36

package/dist/require/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAyC5B,QAAA,MAAM,SAAS,WA0Bd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAsE5B,QAAA,MAAM,SAAS,WA0Cd,CAAA"}

package/dist/require/npm-injection.js

@@ -30,7 +30,7 @@ var sdk = require('./sdk.js');
 var constants = require('./constants.js');
 var pathResolve = require('./path-resolve.js');
 
-var version = "0.14.35";
+var version = "0.14.36";
 
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
 

package/dist/require/path-resolve.js

@@ -9,11 +9,13 @@ function _socketInterop(e) {
   return c ? e.default : e
 }
 
-var fs = require('node:fs/promises');
+var fs = require('node:fs');
 var path = require('node:path');
 var ignore = _socketInterop(require('ignore'));
 var micromatch = _socketInterop(require('micromatch'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
+var which = _socketInterop(require('which'));
+var constants = require('./constants.js');
 
 const ignoredDirs = [
 // Taken from ignore-by-default:
@@ -42,8 +44,12 @@ function directoryPatterns() {
   return [...ignoredDirPatterns];
 }
 
+const {
+  NPM,
+  shadowBinPath
+} = constants;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
-  const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {
+  const patterns = ['golang', NPM, 'pypi'].reduce((r, n) => {
     const supported = supportedFiles[n];
     r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
     return r;
@@ -65,7 +71,7 @@ async function globWithGitIgnore(patterns, options) {
     cwd,
     expandDirectories: true
   });
-  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
+  const ignores = [...directoryPatterns(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await fs.promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
   const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
   const globOptions = {
     absolute: true,
@@ -133,7 +139,7 @@ function pathsToPatterns(paths) {
 function findRoot(filepath) {
   let curPath = filepath;
   while (true) {
-    if (path.basename(curPath) === 'npm') {
+    if (path.basename(curPath) === NPM) {
       return curPath;
     }
     const parent = path.dirname(curPath);
@@ -143,6 +149,26 @@ function findRoot(filepath) {
     curPath = parent;
   }
 }
+async function findBinPathDetails(binName) {
+  let shadowIndex = -1;
+  const bins = (await which(binName, {
+    all: true,
+    nothrow: true
+  })) ?? [];
+  const binPath = bins.find((binPath, i) => {
+    // Skip our bin directory if it's in the front.
+    if (fs.realpathSync(path.dirname(binPath)) === shadowBinPath) {
+      shadowIndex = i;
+      return false;
+    }
+    return true;
+  });
+  return {
+    name: binName,
+    path: binPath,
+    shadowed: shadowIndex !== -1
+  };
+}
 async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog = () => {}) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
 
@@ -169,6 +195,7 @@ async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLo
   return packageFiles;
 }
 
+exports.findBinPathDetails = findBinPathDetails;
 exports.findRoot = findRoot;
 exports.getPackageFiles = getPackageFiles;
 exports.getPackageFilesFullScans = getPackageFilesFullScans;

package/dist/require/shadow-bin.js

@@ -14,7 +14,6 @@ var path = require('node:path');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var constants = require('./constants.js');
 var cmdShim = _socketInterop(require('cmd-shim'));
-var which = _socketInterop(require('which'));
 var pathResolve = require('./path-resolve.js');
 
 const {
@@ -23,23 +22,14 @@ const {
 } = constants;
 async function installLinks(realBinPath, binName) {
   // Find package manager being shadowed by this process.
-  const bins = (await which(binName, {
-    all: true,
-    nothrow: true
-  })) ?? [];
-  let shadowIndex = -1;
-  const binPath = bins.find((binPath, i) => {
-    // Skip our bin directory if it's in the front.
-    if (fs.realpathSync(path.dirname(binPath)) === realBinPath) {
-      shadowIndex = i;
-      return false;
-    }
-    return true;
-  });
+  const {
+    path: binPath,
+    shadowed
+  } = await pathResolve.findBinPathDetails(binName);
   if (!binPath) {
-    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
+    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
     process.exit(127);
   }
   // TODO: Is this early exit needed?
@@ -47,23 +37,24 @@ async function installLinks(realBinPath, binName) {
     return binPath;
   }
   // Move our bin directory to front of PATH so its found first.
-  if (shadowIndex === -1) {
+  if (!shadowed) {
     if (WIN32) {
       await cmdShim(path.join(rootDistPath, `${binName}-cli.js`), path.join(realBinPath, binName));
     }
-    process.env['PATH'] = `${realBinPath}${WIN32 ? ';' : ':'}${process.env['PATH']}`;
+    process.env['PATH'] = `${realBinPath}${path.delimiter}${process.env['PATH']}`;
   }
   return binPath;
 }
 
 const {
+  NPM,
   abortSignal,
   distPath,
   execPath,
   shadowBinPath
 } = constants;
 const injectionPath = path.join(distPath, 'npm-injection.js');
-async function shadow(binName) {
+async function shadow(binName, binArgs = process.argv.slice(2)) {
   const binPath = await installLinks(shadowBinPath, binName);
   if (abortSignal.aborted) {
     return;
@@ -71,8 +62,7 @@ async function shadow(binName) {
   // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
   // is found to fix a UX issue when running the command with recent versions of
   // npm (input swallowed by the standard npm spinner)
-  const binArgs = process.argv.slice(2);
-  if (binName === 'npm' && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
+  if (binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
     const npmEntrypoint = fs.realpathSync(binPath);
     const npmRootPath = pathResolve.findRoot(path.dirname(npmEntrypoint));
     if (npmRootPath === undefined) {
@@ -96,9 +86,13 @@ async function shadow(binName) {
     signal: abortSignal,
     stdio: 'inherit'
   });
-  spawnPromise.process.on('exit', (code, signal) => {
-    if (signal) {
-      process.kill(process.pid, signal);
+  // See https://nodejs.org/api/all.html#all_child_process_event-exit.
+  spawnPromise.process.on('exit', (code, signalName) => {
+    if (abortSignal.aborted) {
+      return;
+    }
+    if (signalName) {
+      process.kill(process.pid, signalName);
     } else if (code !== null) {
       process.exit(code);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.14.35",
+  "version": "0.14.36",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -62,7 +62,7 @@
     "@socketregistry/hyrious__bun.lockb": "1.0.6",
     "@socketregistry/yocto-spinner": "^1.0.2",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.52",
+    "@socketsecurity/registry": "^1.0.56",
     "@socketsecurity/sdk": "^1.3.0",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -120,21 +120,21 @@
     "eslint": "^9.17.0",
     "eslint-import-resolver-oxc": "^0.6.0",
     "eslint-plugin-depend": "^0.12.0",
-    "eslint-plugin-import-x": "^4.5.0",
+    "eslint-plugin-import-x": "^4.6.1",
     "eslint-plugin-n": "^17.15.0",
     "eslint-plugin-sort-destructure-keys": "^2.0.0",
     "eslint-plugin-unicorn": "^56.0.1",
     "husky": "^9.1.7",
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^2.1.0",
-    "knip": "^5.41.0",
+    "knip": "^5.41.1",
     "magic-string": "^0.30.17",
     "meow": "^13.2.0",
     "mock-fs": "^5.4.1",
     "nock": "^13.5.6",
     "npm-run-all2": "^7.0.2",
     "open": "^10.1.0",
-    "oxlint": "0.15.2",
+    "oxlint": "0.15.3",
     "prettier": "3.4.2",
     "read-package-up": "^11.0.0",
     "rollup": "4.28.1",