@socketsecurity/cli 0.14.38 → 0.14.40

package/dist/module-sync/path-resolve.d.ts

@@ -8,6 +8,6 @@ declare function findBinPathDetails(binName: string): Promise<{
     path: string | undefined;
     shadowed: boolean;
 }>;
-declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
+declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
 declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
 export { directoryPatterns, findRoot, findBinPathDetails, getPackageFiles, getPackageFilesFullScans };

package/dist/module-sync/path-resolve.js

@@ -11,12 +11,56 @@ function _socketInterop(e) {
 
 var fs = require('node:fs');
 var path = require('node:path');
+var process = require('node:process');
 var ignore = _socketInterop(require('ignore'));
 var micromatch = _socketInterop(require('micromatch'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
 var which = _socketInterop(require('which'));
+var colors = _socketInterop(require('yoctocolors-cjs'));
+var isUnicodeSupported = require('@socketregistry/is-unicode-supported/index.cjs');
+var spinner = require('@socketsecurity/registry/lib/spinner');
 var constants = require('./constants.js');
 
+const logSymbols = isUnicodeSupported() ? {
+  __proto__: null,
+  info: colors.blue('ℹ'),
+  success: colors.green('✔'),
+  warning: colors.yellow('⚠'),
+  error: colors.red('✖️')
+} : {
+  __proto__: null,
+  info: colors.blue('i'),
+  success: colors.green('√'),
+  warning: colors.yellow('‼'),
+  error: colors.red('×')
+};
+class Logger {
+  #spinnerLogger;
+  constructor() {
+    this.#spinnerLogger = new spinner.Spinner();
+  }
+  error(text) {
+    this.#spinnerLogger.error(text);
+  }
+  info(text) {
+    this.#spinnerLogger.info(text);
+  }
+  warn(text) {
+    this.#spinnerLogger.warning(text);
+  }
+}
+const logger = new Logger();
+
+function isDebug() {
+  // Lazily access constants.ENV.
+  return constants.ENV.SOCKET_CLI_DEBUG;
+}
+function debugLog(...args) {
+  if (isDebug()) {
+    console.error(logSymbols.info, ...args);
+  }
+}
+
 const ignoredDirs = [
 // Taken from ignore-by-default:
 // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
@@ -134,6 +178,7 @@ function ignorePatternToMinimatch(pattern) {
   return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`;
 }
 function pathsToPatterns(paths) {
+  // TODO: Does not support `~/` paths.
   return paths.map(p => p === '.' ? '**/*' : p);
 }
 function findRoot(filepath) {
@@ -169,10 +214,8 @@ async function findBinPathDetails(binName) {
     shadowed: shadowIndex !== -1
   };
 }
-async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog = () => {}) {
+async function getPackageFiles(cwd, inputPaths, config, supportedFiles) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
-
-  // TODO: Does not support `~/` paths
   const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
     cwd,
     socketConfig: config
@@ -184,8 +227,6 @@ async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog
 }
 async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLog = () => {}) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
-
-  // TODO: Does not support `~/` paths
   const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
     cwd
   });
@@ -195,7 +236,11 @@ async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLo
   return packageFiles;
 }
 
+exports.debugLog = debugLog;
 exports.findBinPathDetails = findBinPathDetails;
 exports.findRoot = findRoot;
 exports.getPackageFiles = getPackageFiles;
 exports.getPackageFilesFullScans = getPackageFilesFullScans;
+exports.isDebug = isDebug;
+exports.logSymbols = logSymbols;
+exports.logger = logger;

package/dist/module-sync/shadow-bin.d.ts

@@ -1,2 +1,2 @@
-declare function shadow(binName: 'npm' | 'npx', binArgs?: string[]): Promise<void>;
-export { shadow as default };
+declare function shadowBin(binName: 'npm' | 'npx', binArgs?: string[]): Promise<void>;
+export { shadowBin as default };

package/dist/module-sync/shadow-bin.js

@@ -9,17 +9,13 @@ function _socketInterop(e) {
   return c ? e.default : e
 }
 
-var fs = require('node:fs');
 var path = require('node:path');
+var process = require('node:process');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
-var constants = require('./constants.js');
 var cmdShim = _socketInterop(require('cmd-shim'));
+var constants = require('./constants.js');
 var pathResolve = require('./path-resolve.js');
 
-const {
-  WIN32,
-  rootDistPath
-} = constants;
 async function installLinks(realBinPath, binName) {
   // Find package manager being shadowed by this process.
   const {
@@ -32,6 +28,10 @@ async function installLinks(realBinPath, binName) {
     console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
     process.exit(127);
   }
+  // Lazily access constants.WIN32.
+  const {
+    WIN32
+  } = constants;
   // TODO: Is this early exit needed?
   if (WIN32 && binPath) {
     return binPath;
@@ -39,7 +39,9 @@ async function installLinks(realBinPath, binName) {
   // Move our bin directory to front of PATH so its found first.
   if (!shadowed) {
     if (WIN32) {
-      await cmdShim(path.join(rootDistPath, `${binName}-cli.js`), path.join(realBinPath, binName));
+      await cmdShim(
+      // Lazily access constants.rootDistPath.
+      path.join(constants.rootDistPath, `${binName}-cli.js`), path.join(realBinPath, binName));
     }
     process.env['PATH'] = `${realBinPath}${path.delimiter}${process.env['PATH']}`;
   }
@@ -48,41 +50,22 @@ async function installLinks(realBinPath, binName) {
 
 const {
   NPM,
-  abortSignal,
-  distPath,
-  execPath,
-  shadowBinPath
+  abortSignal
 } = constants;
-const injectionPath = path.join(distPath, 'npm-injection.js');
-async function shadow(binName, binArgs = process.argv.slice(2)) {
-  const binPath = await installLinks(shadowBinPath, binName);
-  if (abortSignal.aborted) {
-    return;
-  }
-  // Adding the `--quiet` and `--no-progress` flags when the `proc-log` module
-  // is found to fix a UX issue when running the command with recent versions of
-  // npm (input swallowed by the standard npm spinner)
-  if (binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet')) {
-    const npmEntrypoint = fs.realpathSync(binPath);
-    const npmRootPath = pathResolve.findRoot(path.dirname(npmEntrypoint));
-    if (npmRootPath === undefined) {
-      // The exit code 127 indicates that the command or binary being executed
-      // could not be found.
-      process.exit(127);
-    }
-    const npmDepPath = path.join(npmRootPath, 'node_modules');
-    let procLog;
-    try {
-      procLog = require(path.join(npmDepPath, 'proc-log/lib/index.js')).log;
-    } catch {}
-    if (procLog) {
-      binArgs.push('--no-progress', '--quiet');
-    }
-  }
+async function shadowBin(binName, binArgs = process.argv.slice(2)) {
   process.exitCode = 1;
-  const spawnPromise = spawn(execPath, [
+  const spawnPromise = spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
   // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require', injectionPath, binPath, ...binArgs], {
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.distPath.
+  path.join(constants.distPath, 'npm-injection.js'),
+  // Lazily access constants.shadowBinPath.
+  await installLinks(constants.shadowBinPath, binName), ...binArgs,
+  // Add the `--quiet` and `--no-progress` flags to fix input being swallowed
+  // by the spinner when running the command with recent versions of npm.
+  ...(binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet') ? ['--no-progress', '--quiet'] : [])], {
     signal: abortSignal,
     stdio: 'inherit'
   });
@@ -100,4 +83,4 @@ async function shadow(binName, binArgs = process.argv.slice(2)) {
   await spawnPromise;
 }
 
-module.exports = shadow;
+module.exports = shadowBin;

package/dist/module-sync/socket-url.d.ts

@@ -0,0 +1,24 @@
+import { SocketSdk } from "@socketsecurity/sdk";
+import indentString from "@socketregistry/indent-string/index.cjs";
+import { logSymbols } from "./logging.js";
+declare function getDefaultToken(): string | undefined;
+declare function getPublicToken(): string;
+declare function setupSdk(apiToken?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
+declare class ColorOrMarkdown {
+    useMarkdown: boolean;
+    constructor(useMarkdown: boolean);
+    bold(text: string): string;
+    header(text: string, level?: number): string;
+    hyperlink(text: string, url: string | undefined, { fallback, fallbackToUrl }?: {
+        fallback?: boolean;
+        fallbackToUrl?: boolean;
+    }): string;
+    indent(...args: Parameters<typeof indentString>): ReturnType<typeof indentString>;
+    italic(text: string): string;
+    json(value: any): string;
+    list(items: string[]): string;
+    get logSymbols(): typeof logSymbols;
+}
+declare function getSocketDevAlertUrl(alertType: string): string;
+declare function getSocketDevPackageOverviewUrl(eco: string, name: string, version?: string): string;
+export { getDefaultToken, getPublicToken, setupSdk, ColorOrMarkdown, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl };

package/dist/module-sync/socket-url.js

@@ -0,0 +1,222 @@
+'use strict';
+
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c && k !== '__esModule') break
+  }
+  return c ? e.default : e
+}
+
+var terminalLink = _socketInterop(require('terminal-link'));
+var colors = _socketInterop(require('yoctocolors-cjs'));
+var indentString = require('@socketregistry/indent-string/index.cjs');
+var pathResolve = require('./path-resolve.js');
+var process = require('node:process');
+var hpagent = _socketInterop(require('hpagent'));
+var isInteractive = require('@socketregistry/is-interactive/index.cjs');
+var registryConstants = require('@socketsecurity/registry/lib/constants');
+var prompts = require('@socketsecurity/registry/lib/prompts');
+var strings = require('@socketsecurity/registry/lib/strings');
+var sdk = require('@socketsecurity/sdk');
+var fs = require('node:fs');
+var os = require('node:os');
+var path = require('node:path');
+var constants = require('./constants.js');
+
+class AuthError extends Error {}
+class InputError extends Error {
+  constructor(message, body) {
+    super(message);
+    this.body = body;
+  }
+}
+function isErrnoException(value) {
+  if (!(value instanceof Error)) {
+    return false;
+  }
+  return value.code !== undefined;
+}
+
+const markdownLogSymbols = {
+  __proto__: null,
+  info: ':information_source:',
+  error: ':stop_sign:',
+  success: ':white_check_mark:',
+  warning: ':warning:'
+};
+class ColorOrMarkdown {
+  constructor(useMarkdown) {
+    this.useMarkdown = !!useMarkdown;
+  }
+  bold(text) {
+    return this.useMarkdown ? `**${text}**` : colors.bold(`${text}`);
+  }
+  header(text, level = 1) {
+    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : colors.underline(`\n${level === 1 ? colors.bold(text) : text}\n`);
+  }
+  hyperlink(text, url, {
+    fallback = true,
+    fallbackToUrl
+  } = {}) {
+    if (url) {
+      return this.useMarkdown ? `[${text}](${url})` : terminalLink(text, url, {
+        fallback: fallbackToUrl ? (_text, url) => url : fallback
+      });
+    }
+    return text;
+  }
+  indent(...args) {
+    return indentString(...args);
+  }
+  italic(text) {
+    return this.useMarkdown ? `_${text}_` : colors.italic(`${text}`);
+  }
+  json(value) {
+    return this.useMarkdown ? '```json\n' + JSON.stringify(value) + '\n```' : JSON.stringify(value);
+  }
+  list(items) {
+    const indentedContent = items.map(item => this.indent(item).trimStart());
+    return this.useMarkdown ? `* ${indentedContent.join('\n* ')}\n` : `${indentedContent.join('\n')}\n`;
+  }
+  get logSymbols() {
+    return this.useMarkdown ? markdownLogSymbols : pathResolve.logSymbols;
+  }
+}
+
+const LOCALAPPDATA = 'LOCALAPPDATA';
+let _settings;
+function getSettings() {
+  if (_settings === undefined) {
+    _settings = {};
+    const settingsPath = getSettingsPath();
+    if (settingsPath) {
+      if (fs.existsSync(settingsPath)) {
+        const raw = fs.readFileSync(settingsPath, 'utf8');
+        try {
+          Object.assign(_settings, JSON.parse(Buffer.from(raw, 'base64').toString()));
+        } catch {
+          pathResolve.logger.warn(`Failed to parse settings at ${settingsPath}`);
+        }
+      } else {
+        fs.mkdirSync(path.dirname(settingsPath), {
+          recursive: true
+        });
+      }
+    }
+  }
+  return _settings;
+}
+let _settingsPath;
+let _warnedSettingPathWin32Missing = false;
+function getSettingsPath() {
+  if (_settingsPath === undefined) {
+    // Lazily access constants.WIN32.
+    const {
+      WIN32
+    } = constants;
+    let dataHome = WIN32 ? process.env[LOCALAPPDATA] : process.env['XDG_DATA_HOME'];
+    if (!dataHome) {
+      if (WIN32) {
+        if (!_warnedSettingPathWin32Missing) {
+          _warnedSettingPathWin32Missing = true;
+          pathResolve.logger.warn(`Missing %${LOCALAPPDATA}%`);
+        }
+      } else {
+        dataHome = path.join(os.homedir(), ...(process.platform === 'darwin' ? ['Library', 'Application Support'] : ['.local', 'share']));
+      }
+    }
+    _settingsPath = dataHome ? path.join(dataHome, 'socket', 'settings') : undefined;
+  }
+  return _settingsPath;
+}
+function getSetting(key) {
+  return getSettings()[key];
+}
+let pendingSave = false;
+function updateSetting(key, value) {
+  const settings = getSettings();
+  settings[key] = value;
+  if (!pendingSave) {
+    pendingSave = true;
+    process.nextTick(() => {
+      pendingSave = false;
+      const settingsPath = getSettingsPath();
+      if (settingsPath) {
+        fs.writeFileSync(settingsPath, Buffer.from(JSON.stringify(settings)).toString('base64'));
+      }
+    });
+  }
+}
+
+// The API server that should be used for operations.
+function getDefaultApiBaseUrl() {
+  const baseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || getSetting('apiBaseUrl');
+  return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
+}
+
+// The API server that should be used for operations.
+function getDefaultHttpProxy() {
+  const apiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || getSetting('apiProxy');
+  return strings.isNonEmptyString(apiProxy) ? apiProxy : undefined;
+}
+
+// This API key should be stored globally for the duration of the CLI execution.
+let _defaultToken;
+function getDefaultToken() {
+  const key = process.env['SOCKET_SECURITY_API_TOKEN'] ||
+  // Keep 'SOCKET_SECURITY_API_KEY' as an alias of 'SOCKET_SECURITY_API_TOKEN'.
+  // TODO: Remove 'SOCKET_SECURITY_API_KEY' alias.
+  process.env['SOCKET_SECURITY_API_KEY'] ||
+  // TODO: Rename the 'apiKey' setting to 'apiToken'.
+  getSetting('apiKey') || _defaultToken;
+  _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
+  return _defaultToken;
+}
+function getPublicToken() {
+  return getDefaultToken() ?? registryConstants.SOCKET_PUBLIC_API_TOKEN;
+}
+async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApiBaseUrl(), proxy = getDefaultHttpProxy()) {
+  if (typeof apiToken !== 'string' && isInteractive()) {
+    apiToken = await prompts.password({
+      message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'
+    });
+    _defaultToken = apiToken;
+  }
+  if (!apiToken) {
+    throw new AuthError('You need to provide an API key');
+  }
+  return new sdk.SocketSdk(apiToken, {
+    agent: proxy ? {
+      http: new hpagent.HttpProxyAgent({
+        proxy
+      }),
+      https: new hpagent.HttpsProxyAgent({
+        proxy
+      })
+    } : undefined,
+    baseUrl: apiBaseUrl,
+    // Lazily access constants.rootPkgJsonPath.
+    userAgent: sdk.createUserAgentFromPkgJson(require(constants.rootPkgJsonPath))
+  });
+}
+
+function getSocketDevAlertUrl(alertType) {
+  return `https://socket.dev/alerts/${alertType}`;
+}
+function getSocketDevPackageOverviewUrl(eco, name, version) {
+  return `https://socket.dev/${eco}/package/${name}${version ? `/overview/${version}` : ''}`;
+}
+
+exports.AuthError = AuthError;
+exports.ColorOrMarkdown = ColorOrMarkdown;
+exports.InputError = InputError;
+exports.getDefaultToken = getDefaultToken;
+exports.getPublicToken = getPublicToken;
+exports.getSetting = getSetting;
+exports.getSocketDevAlertUrl = getSocketDevAlertUrl;
+exports.getSocketDevPackageOverviewUrl = getSocketDevPackageOverviewUrl;
+exports.isErrnoException = isErrnoException;
+exports.setupSdk = setupSdk;
+exports.updateSetting = updateSetting;