@socketsecurity/cli 0.14.40 → 0.14.42

package/dist/module-sync/npm-paths.d.ts

@@ -0,0 +1,14 @@
+declare function directoryPatterns(): string[];
+declare function getNpmBinPath(): string;
+declare function isNpmBinPathShadowed(): boolean;
+declare function getNpxBinPath(): string;
+declare function isNpxBinPathShadowed(): boolean;
+declare function getNpmPath(): string;
+declare function getNpmNodeModulesPath(): string;
+declare function getArboristPackagePath(): string;
+declare function getArboristClassPath(): string;
+declare function getArboristDepValidPath(): string;
+declare function getArboristEdgeClassPath(): string;
+declare function getArboristNodeClassPath(): string;
+declare function getArboristOverrideSetClassPath(): string;
+export { directoryPatterns, getNpmBinPath, isNpmBinPathShadowed, getNpxBinPath, isNpxBinPathShadowed, getNpmPath, getNpmNodeModulesPath, getArboristPackagePath, getArboristClassPath, getArboristDepValidPath, getArboristEdgeClassPath, getArboristNodeClassPath, getArboristOverrideSetClassPath };

package/dist/module-sync/{path-resolve.js → npm-paths.js}

@@ -12,6 +12,7 @@ function _socketInterop(e) {
 var fs = require('node:fs');
 var path = require('node:path');
 var process = require('node:process');
+var constants = require('./constants.js');
 var ignore = _socketInterop(require('ignore'));
 var micromatch = _socketInterop(require('micromatch'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
@@ -19,7 +20,6 @@ var which = _socketInterop(require('which'));
 var colors = _socketInterop(require('yoctocolors-cjs'));
 var isUnicodeSupported = require('@socketregistry/is-unicode-supported/index.cjs');
 var spinner = require('@socketsecurity/registry/lib/spinner');
-var constants = require('./constants.js');
 
 const logSymbols = isUnicodeSupported() ? {
   __proto__: null,
@@ -89,11 +89,11 @@ function directoryPatterns() {
 }
 
 const {
-  NPM,
+  NPM: NPM$1,
   shadowBinPath
 } = constants;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
-  const patterns = ['golang', NPM, 'pypi'].reduce((r, n) => {
+  const patterns = ['golang', NPM$1, 'pypi'].reduce((r, n) => {
     const supported = supportedFiles[n];
     r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
     return r;
@@ -181,25 +181,12 @@ function pathsToPatterns(paths) {
   // TODO: Does not support `~/` paths.
   return paths.map(p => p === '.' ? '**/*' : p);
 }
-function findRoot(filepath) {
-  let curPath = filepath;
-  while (true) {
-    if (path.basename(curPath) === NPM) {
-      return curPath;
-    }
-    const parent = path.dirname(curPath);
-    if (parent === curPath) {
-      return undefined;
-    }
-    curPath = parent;
-  }
-}
-async function findBinPathDetails(binName) {
+function findBinPathDetailsSync(binName) {
   let shadowIndex = -1;
-  const bins = (await which(binName, {
+  const bins = which.sync(binName, {
     all: true,
     nothrow: true
-  })) ?? [];
+  }) ?? [];
   const binPath = bins.find((binPath, i) => {
     // Skip our bin directory if it's in the front.
     if (fs.realpathSync(path.dirname(binPath)) === shadowBinPath) {
@@ -214,6 +201,19 @@ async function findBinPathDetails(binName) {
     shadowed: shadowIndex !== -1
   };
 }
+function findNpmPathSync(filepath) {
+  let curPath = filepath;
+  while (true) {
+    if (path.basename(curPath) === NPM$1) {
+      return curPath;
+    }
+    const parent = path.dirname(curPath);
+    if (parent === curPath) {
+      return undefined;
+    }
+    curPath = parent;
+  }
+}
 async function getPackageFiles(cwd, inputPaths, config, supportedFiles) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
   const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
@@ -236,11 +236,139 @@ async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLo
   return packageFiles;
 }
 
+const {
+  NODE_MODULES,
+  NPM,
+  NPX,
+  SOCKET_CLI_ISSUES_URL
+} = constants;
+function exitWithBinPathError(binName) {
+  console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
+  // The exit code 127 indicates that the command or binary being executed
+  // could not be found.
+  process.exit(127);
+}
+let _npmBinPathDetails;
+function getNpmBinPathDetails() {
+  if (_npmBinPathDetails === undefined) {
+    _npmBinPathDetails = findBinPathDetailsSync(NPM);
+  }
+  return _npmBinPathDetails;
+}
+let _npxBinPathDetails;
+function getNpxBinPathDetails() {
+  if (_npxBinPathDetails === undefined) {
+    _npxBinPathDetails = findBinPathDetailsSync(NPX);
+  }
+  return _npxBinPathDetails;
+}
+let _npmBinPath;
+function getNpmBinPath() {
+  if (_npmBinPath === undefined) {
+    _npmBinPath = getNpmBinPathDetails().path;
+    if (!_npmBinPath) {
+      exitWithBinPathError(NPM);
+    }
+  }
+  return _npmBinPath;
+}
+function isNpmBinPathShadowed() {
+  return getNpmBinPathDetails().shadowed;
+}
+let _npxBinPath;
+function getNpxBinPath() {
+  if (_npxBinPath === undefined) {
+    _npxBinPath = getNpxBinPathDetails().path;
+    if (!_npxBinPath) {
+      exitWithBinPathError(NPX);
+    }
+  }
+  return _npxBinPath;
+}
+function isNpxBinPathShadowed() {
+  return getNpxBinPathDetails().shadowed;
+}
+let _npmPath;
+function getNpmPath() {
+  if (_npmPath === undefined) {
+    const npmEntrypoint = path.dirname(fs.realpathSync.native(getNpmBinPath()));
+    _npmPath = findNpmPathSync(npmEntrypoint);
+    if (!_npmPath) {
+      console.error(`Unable to find npm CLI install directory.
+    Searched parent directories of ${npmEntrypoint}.
+
+    This is may be a bug with socket-npm related to changes to the npm CLI.
+    Please report to ${SOCKET_CLI_ISSUES_URL}.`);
+      // The exit code 127 indicates that the command or binary being executed
+      // could not be found.
+      process.exit(127);
+    }
+  }
+  return _npmPath;
+}
+let _npmNmPath;
+function getNpmNodeModulesPath() {
+  if (_npmNmPath === undefined) {
+    _npmNmPath = path.join(getNpmPath(), NODE_MODULES);
+  }
+  return _npmNmPath;
+}
+let _arboristPkgPath;
+function getArboristPackagePath() {
+  if (_arboristPkgPath === undefined) {
+    _arboristPkgPath = path.join(getNpmNodeModulesPath(), '@npmcli/arborist');
+  }
+  return _arboristPkgPath;
+}
+let _arboristClassPath;
+function getArboristClassPath() {
+  if (_arboristClassPath === undefined) {
+    _arboristClassPath = path.join(getArboristPackagePath(), 'lib/arborist/index.js');
+  }
+  return _arboristClassPath;
+}
+let _arboristDepValidPath;
+function getArboristDepValidPath() {
+  if (_arboristDepValidPath === undefined) {
+    _arboristDepValidPath = path.join(getArboristPackagePath(), 'lib/dep-valid.js');
+  }
+  return _arboristDepValidPath;
+}
+let _arboristEdgeClassPath;
+function getArboristEdgeClassPath() {
+  if (_arboristEdgeClassPath === undefined) {
+    _arboristEdgeClassPath = path.join(getArboristPackagePath(), 'lib/edge.js');
+  }
+  return _arboristEdgeClassPath;
+}
+let _arboristNodeClassPath;
+function getArboristNodeClassPath() {
+  if (_arboristNodeClassPath === undefined) {
+    _arboristNodeClassPath = path.join(getArboristPackagePath(), 'lib/node.js');
+  }
+  return _arboristNodeClassPath;
+}
+let _arboristOverrideSetClassPath;
+function getArboristOverrideSetClassPath() {
+  if (_arboristOverrideSetClassPath === undefined) {
+    _arboristOverrideSetClassPath = path.join(getArboristPackagePath(), 'lib/override-set.js');
+  }
+  return _arboristOverrideSetClassPath;
+}
+
 exports.debugLog = debugLog;
-exports.findBinPathDetails = findBinPathDetails;
-exports.findRoot = findRoot;
+exports.getArboristClassPath = getArboristClassPath;
+exports.getArboristDepValidPath = getArboristDepValidPath;
+exports.getArboristEdgeClassPath = getArboristEdgeClassPath;
+exports.getArboristNodeClassPath = getArboristNodeClassPath;
+exports.getArboristOverrideSetClassPath = getArboristOverrideSetClassPath;
+exports.getNpmBinPath = getNpmBinPath;
+exports.getNpmNodeModulesPath = getNpmNodeModulesPath;
+exports.getNpxBinPath = getNpxBinPath;
 exports.getPackageFiles = getPackageFiles;
 exports.getPackageFilesFullScans = getPackageFilesFullScans;
 exports.isDebug = isDebug;
+exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
+exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
 exports.logSymbols = logSymbols;
 exports.logger = logger;

package/dist/module-sync/path-resolve.d.ts

@@ -1,13 +1,12 @@
 /// <reference types="node" />
 import { SocketYml } from '@socketsecurity/config';
 import { SocketSdkReturnType } from '@socketsecurity/sdk';
-declare function directoryPatterns(): string[];
-declare function findRoot(filepath: string): string | undefined;
-declare function findBinPathDetails(binName: string): Promise<{
+declare function findBinPathDetailsSync(binName: string): {
     name: string;
     path: string | undefined;
     shadowed: boolean;
-}>;
+};
+declare function findNpmPathSync(filepath: string): string | undefined;
 declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
 declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
-export { directoryPatterns, findRoot, findBinPathDetails, getPackageFiles, getPackageFilesFullScans };
+export { findBinPathDetailsSync, findNpmPathSync, getPackageFiles, getPackageFilesFullScans };

package/dist/module-sync/settings.d.ts

@@ -1,9 +1,14 @@
+import config from '@socketsecurity/config';
 interface Settings {
     apiKey?: string | null;
     enforcedOrgs?: string[] | null;
     apiBaseUrl?: string | null;
     apiProxy?: string | null;
 }
+declare function findSocketYmlSync(): {
+    path: string;
+    parsed: config.SocketYml;
+} | null;
 declare function getSetting<Key extends keyof Settings>(key: Key): Settings[Key];
 declare function updateSetting<Key extends keyof Settings>(key: Key, value: Settings[Key]): void;
-export { getSetting, updateSetting };
+export { findSocketYmlSync, getSetting, updateSetting };

package/dist/module-sync/shadow-bin.js

@@ -13,21 +13,16 @@ var path = require('node:path');
 var process = require('node:process');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var cmdShim = _socketInterop(require('cmd-shim'));
+var npmPaths = require('./npm-paths.js');
 var constants = require('./constants.js');
-var pathResolve = require('./path-resolve.js');
 
+const {
+  NPX
+} = constants;
 async function installLinks(realBinPath, binName) {
+  const isNpx = binName === NPX;
   // Find package manager being shadowed by this process.
-  const {
-    path: binPath,
-    shadowed
-  } = await pathResolve.findBinPathDetails(binName);
-  if (!binPath) {
-    // The exit code 127 indicates that the command or binary being executed
-    // could not be found.
-    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
-    process.exit(127);
-  }
+  const binPath = isNpx ? npmPaths.getNpxBinPath() : npmPaths.getNpmBinPath();
   // Lazily access constants.WIN32.
   const {
     WIN32
@@ -36,6 +31,7 @@ async function installLinks(realBinPath, binName) {
   if (WIN32 && binPath) {
     return binPath;
   }
+  const shadowed = isNpx ? npmPaths.isNpxBinPathShadowed() : npmPaths.isNpmBinPathShadowed();
   // Move our bin directory to front of PATH so its found first.
   if (!shadowed) {
     if (WIN32) {
@@ -62,10 +58,10 @@ async function shadowBin(binName, binArgs = process.argv.slice(2)) {
   // Lazily access constants.distPath.
   path.join(constants.distPath, 'npm-injection.js'),
   // Lazily access constants.shadowBinPath.
-  await installLinks(constants.shadowBinPath, binName), ...binArgs,
+  await installLinks(constants.shadowBinPath, binName), ...(binName === NPM && binArgs.includes('install') ? [
   // Add the `--quiet` and `--no-progress` flags to fix input being swallowed
   // by the spinner when running the command with recent versions of npm.
-  ...(binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet') ? ['--no-progress', '--quiet'] : [])], {
+  ...binArgs.filter(a => a !== '--progress' && a !== '--no-progress'), '--no-progress', ...(binArgs.includes('-q') || binArgs.includes('--quiet') || binArgs.includes('-s') || binArgs.includes('--silent') ? [] : ['--quiet'])] : binArgs)], {
     signal: abortSignal,
     stdio: 'inherit'
   });

package/dist/module-sync/socket-url.d.ts

@@ -1,9 +1,25 @@
+/// <reference types="node" />
 import { SocketSdk } from "@socketsecurity/sdk";
+import { ObjectEncodingOptions, OpenMode, PathLike } from "node:fs";
+import { promises as fs } from "node:fs";
+import { readFileSync as fsReadFileSync } from "node:fs";
+import { Abortable } from "node:events";
+import { FileHandle } from "node:fs/promises";
 import indentString from "@socketregistry/indent-string/index.cjs";
 import { logSymbols } from "./logging.js";
 declare function getDefaultToken(): string | undefined;
 declare function getPublicToken(): string;
 declare function setupSdk(apiToken?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
+declare function findUp(name: string | string[], { cwd }: {
+    cwd: string | undefined;
+}): Promise<string | undefined>;
+type ReadFileOptions = ObjectEncodingOptions & Abortable & {
+    flag?: OpenMode | undefined;
+};
+declare function readFileBinary(filepath: PathLike | FileHandle, options?: ReadFileOptions): Promise<Buffer>;
+declare function readFileUtf8(filepath: PathLike | FileHandle, options?: ReadFileOptions): Promise<string>;
+declare function safeReadFile(...args: Parameters<typeof fs.readFile>): ReturnType<typeof fs.readFile> | undefined;
+declare function safeReadFileSync(...args: Parameters<typeof fsReadFileSync>): ReturnType<typeof fsReadFileSync> | undefined;
 declare class ColorOrMarkdown {
     useMarkdown: boolean;
     constructor(useMarkdown: boolean);
@@ -21,4 +37,4 @@ declare class ColorOrMarkdown {
 }
 declare function getSocketDevAlertUrl(alertType: string): string;
 declare function getSocketDevPackageOverviewUrl(eco: string, name: string, version?: string): string;
-export { getDefaultToken, getPublicToken, setupSdk, ColorOrMarkdown, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl };
+export { getDefaultToken, getPublicToken, setupSdk, findUp, ReadFileOptions, readFileBinary, readFileUtf8, safeReadFile, safeReadFileSync, ColorOrMarkdown, getSocketDevAlertUrl, getSocketDevPackageOverviewUrl };

package/dist/module-sync/socket-url.js

@@ -12,7 +12,7 @@ function _socketInterop(e) {
 var terminalLink = _socketInterop(require('terminal-link'));
 var colors = _socketInterop(require('yoctocolors-cjs'));
 var indentString = require('@socketregistry/indent-string/index.cjs');
-var pathResolve = require('./path-resolve.js');
+var npmPaths = require('./npm-paths.js');
 var process = require('node:process');
 var hpagent = _socketInterop(require('hpagent'));
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
@@ -23,6 +23,7 @@ var sdk = require('@socketsecurity/sdk');
 var fs = require('node:fs');
 var os = require('node:os');
 var path = require('node:path');
+var config = require('@socketsecurity/config');
 var constants = require('./constants.js');
 
 class AuthError extends Error {}
@@ -81,10 +82,58 @@ class ColorOrMarkdown {
     return this.useMarkdown ? `* ${indentedContent.join('\n* ')}\n` : `${indentedContent.join('\n')}\n`;
   }
   get logSymbols() {
-    return this.useMarkdown ? markdownLogSymbols : pathResolve.logSymbols;
+    return this.useMarkdown ? markdownLogSymbols : npmPaths.logSymbols;
   }
 }
 
+async function findUp(name, {
+  cwd = process.cwd()
+}) {
+  let dir = path.resolve(cwd);
+  const {
+    root
+  } = path.parse(dir);
+  const names = [name].flat();
+  while (dir && dir !== root) {
+    for (const name of names) {
+      const filePath = path.join(dir, name);
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        const stats = await fs.promises.stat(filePath);
+        if (stats.isFile()) {
+          return filePath;
+        }
+      } catch {}
+    }
+    dir = path.dirname(dir);
+  }
+  return undefined;
+}
+async function readFileBinary(filepath, options) {
+  return await fs.promises.readFile(filepath, {
+    ...options,
+    encoding: 'binary'
+  });
+}
+async function readFileUtf8(filepath, options) {
+  return await fs.promises.readFile(filepath, {
+    ...options,
+    encoding: 'utf8'
+  });
+}
+function safeReadFile(...args) {
+  try {
+    return fs.promises.readFile(...args);
+  } catch {}
+  return undefined;
+}
+function safeReadFileSync(...args) {
+  try {
+    return fs.readFileSync(...args);
+  } catch {}
+  return undefined;
+}
+
 const LOCALAPPDATA = 'LOCALAPPDATA';
 let _settings;
 function getSettings() {
@@ -92,12 +141,12 @@ function getSettings() {
     _settings = {};
     const settingsPath = getSettingsPath();
     if (settingsPath) {
-      if (fs.existsSync(settingsPath)) {
-        const raw = fs.readFileSync(settingsPath, 'utf8');
+      const raw = safeReadFileSync(settingsPath, 'utf8');
+      if (raw) {
         try {
           Object.assign(_settings, JSON.parse(Buffer.from(raw, 'base64').toString()));
         } catch {
-          pathResolve.logger.warn(`Failed to parse settings at ${settingsPath}`);
+          npmPaths.logger.warn(`Failed to parse settings at ${settingsPath}`);
         }
       } else {
         fs.mkdirSync(path.dirname(settingsPath), {
@@ -121,7 +170,7 @@ function getSettingsPath() {
       if (WIN32) {
         if (!_warnedSettingPathWin32Missing) {
           _warnedSettingPathWin32Missing = true;
-          pathResolve.logger.warn(`Missing %${LOCALAPPDATA}%`);
+          npmPaths.logger.warn(`Missing %${LOCALAPPDATA}%`);
         }
       } else {
         dataHome = path.join(os.homedir(), ...(process.platform === 'darwin' ? ['Library', 'Application Support'] : ['.local', 'share']));
@@ -131,6 +180,31 @@ function getSettingsPath() {
   }
   return _settingsPath;
 }
+function findSocketYmlSync() {
+  let prevDir = null;
+  let dir = process.cwd();
+  while (dir !== prevDir) {
+    let ymlPath = path.join(dir, 'socket.yml');
+    let yml = safeReadFileSync(ymlPath, 'utf8');
+    if (yml === undefined) {
+      ymlPath = path.join(dir, 'socket.yaml');
+      yml = safeReadFileSync(ymlPath, 'utf8');
+    }
+    if (typeof yml === 'string') {
+      try {
+        return {
+          path: ymlPath,
+          parsed: config.parseSocketConfig(yml)
+        };
+      } catch {
+        throw new Error(`Found file but was unable to parse ${ymlPath}`);
+      }
+    }
+    prevDir = dir;
+    dir = path.join(dir, '..');
+  }
+  return null;
+}
 function getSetting(key) {
   return getSettings()[key];
 }
@@ -212,11 +286,16 @@ function getSocketDevPackageOverviewUrl(eco, name, version) {
 exports.AuthError = AuthError;
 exports.ColorOrMarkdown = ColorOrMarkdown;
 exports.InputError = InputError;
+exports.findSocketYmlSync = findSocketYmlSync;
+exports.findUp = findUp;
 exports.getDefaultToken = getDefaultToken;
 exports.getPublicToken = getPublicToken;
 exports.getSetting = getSetting;
 exports.getSocketDevAlertUrl = getSocketDevAlertUrl;
 exports.getSocketDevPackageOverviewUrl = getSocketDevPackageOverviewUrl;
 exports.isErrnoException = isErrnoException;
+exports.readFileBinary = readFileBinary;
+exports.readFileUtf8 = readFileUtf8;
+exports.safeReadFile = safeReadFile;
 exports.setupSdk = setupSdk;
 exports.updateSetting = updateSetting;