@socketsecurity/cli 0.14.40 → 0.14.42

package/dist/require/cli.js

@@ -24,13 +24,12 @@ var constants = require('./constants.js');
 var spinner = require('@socketsecurity/registry/lib/spinner');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var objects = require('@socketsecurity/registry/lib/objects');
-var pathResolve = require('./path-resolve.js');
+var npmPaths = require('./npm-paths.js');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var socketUrl = require('./socket-url.js');
 var terminalLink = _socketInterop(require('terminal-link'));
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var prompts = require('@socketsecurity/registry/lib/prompts');
-var fs$1 = require('node:fs/promises');
 var npa = _socketInterop(require('npm-package-arg'));
 var semver = _socketInterop(require('semver'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
@@ -43,12 +42,14 @@ var strings = require('@socketsecurity/registry/lib/strings');
 var browserslist = _socketInterop(require('browserslist'));
 var which = _socketInterop(require('which'));
 var index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs');
+var sorts = require('@socketsecurity/registry/lib/sorts');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config = require('@socketsecurity/config');
 var os = require('node:os');
 var readline = require('node:readline');
 var readline$1 = require('node:readline/promises');
 var chalkTable = _socketInterop(require('chalk-table'));
+var fs$1 = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var GridLayout = _socketInterop(require('blessed-contrib/lib/layout/grid'));
 var BarChart = _socketInterop(require('blessed-contrib/lib/widget/charts/bar'));
@@ -222,24 +223,30 @@ const {
 } = constants;
 function shadowNpmInstall(opts) {
   const {
-    flags = [],
+    flags: flags_ = [],
     ipc,
     ...spawnOptions
   } = {
     __proto__: null,
     ...opts
   };
+  const flags = flags_.filter(f => f !== '--audit' && f !== '--fund' && f !== '--progress' && f !== '--no-audit' && f !== '--no-fund' && f !== '--no-progress');
   const useIpc = objects.isObject(ipc);
-  const useDebug = pathResolve.isDebug();
-  const promise = spawn(
+  const useDebug = npmPaths.isDebug();
+  const spawnPromise = spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
-  // Lazily access constants.rootBinPath.
-  path.join(constants.rootBinPath, 'npm-cli.js'), 'install',
-  // Even though the 'silent' flag is passed npm will still run through code
-  // paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund' flags
-  // are passed.
-  ...(useDebug ? ['--no-audit', '--no-fund'] : ['silent', '--no-audit', '--no-fund']), ...flags], {
+  // Lazily access constants.nodeNoWarningsFlags.
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.distPath.
+  path.join(constants.distPath, 'npm-injection.js'), npmPaths.getNpmBinPath(), 'install',
+  // Even though the '--silent' flag is passed npm will still run through
+  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+  // flags are passed.
+  '--no-audit', '--no-fund',
+  // Add `--no-progress` flags to fix input being swallowed by the spinner
+  // when running the command with recent versions of npm.
+  '--no-progress', ...(useDebug || flags.some(f => f.startsWith('--loglevel') || f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
     signal: abortSignal$3,
     // Set stdio to include 'ipc'.
     // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
@@ -256,9 +263,9 @@ function shadowNpmInstall(opts) {
     }
   });
   if (useIpc) {
-    promise.process.send(ipc);
+    spawnPromise.process.send(ipc);
   }
-  return promise;
+  return spawnPromise;
 }
 
 const {
@@ -333,47 +340,6 @@ const validationFlags = {
   }
 };
 
-const {
-  API_V0_URL
-} = constants;
-function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  // SocketSdkErrorType['error'] is not typed.
-  const resultErrorMessage = result.error?.message;
-  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
-  if (result.status === 401 || result.status === 403) {
-    spinner.stop();
-    throw new socketUrl.AuthError(message);
-  }
-  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
-  process$1.exit(1);
-}
-async function handleApiCall(value, description) {
-  let result;
-  try {
-    result = await value;
-  } catch (cause) {
-    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
-      cause
-    });
-  }
-  return result;
-}
-async function handleAPIError(code) {
-  if (code === 400) {
-    return 'One of the options passed might be incorrect.';
-  } else if (code === 403) {
-    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
-  }
-}
-async function queryAPI(path, apiKey) {
-  return await fetch(`${API_V0_URL}/${path}`, {
-    method: 'GET',
-    headers: {
-      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
-    }
-  });
-}
-
 function objectSome(obj) {
   for (const key in obj) {
     if (obj[key]) {
@@ -390,31 +356,6 @@ function pick(input, keys) {
   return result;
 }
 
-function getFlagListOutput(list, indent, {
-  keyPrefix = '--',
-  padName
-} = {}) {
-  return getHelpListOutput({
-    ...list
-  }, indent, {
-    keyPrefix,
-    padName
-  });
-}
-function getHelpListOutput(list, indent, {
-  keyPrefix = '',
-  padName = 18
-} = {}) {
-  let result = '';
-  const names = Object.keys(list).sort();
-  for (const name of names) {
-    const rawDescription = list[name];
-    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
-    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
-  }
-  return result.trim();
-}
-
 function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   const values = list.filter(Boolean);
   const {
@@ -430,6 +371,7 @@ function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   return `${values.join(', ')}${separator}${finalValue}`;
 }
 
+// Ordered from most severe to least.
 const SEVERITIES_BY_ORDER = ['critical', 'high', 'middle', 'low'];
 function getDesiredSeverities(lowestToInclude) {
   const result = [];
@@ -471,6 +413,72 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
+const {
+  API_V0_URL
+} = constants;
+function handleUnsuccessfulApiResponse(_name, result, spinner) {
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
+  if (result.status === 401 || result.status === 403) {
+    spinner.stop();
+    throw new socketUrl.AuthError(message);
+  }
+  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
+  process$1.exit(1);
+}
+async function handleApiCall(value, description) {
+  let result;
+  try {
+    result = await value;
+  } catch (cause) {
+    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
+      cause
+    });
+  }
+  return result;
+}
+async function handleAPIError(code) {
+  if (code === 400) {
+    return 'One of the options passed might be incorrect.';
+  } else if (code === 403) {
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
+  }
+}
+async function queryAPI(path, apiKey) {
+  return await fetch(`${API_V0_URL}/${path}`, {
+    method: 'GET',
+    headers: {
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
+    }
+  });
+}
+
+function getFlagListOutput(list, indent, {
+  keyPrefix = '--',
+  padName
+} = {}) {
+  return getHelpListOutput({
+    ...list
+  }, indent, {
+    keyPrefix,
+    padName
+  });
+}
+function getHelpListOutput(list, indent, {
+  keyPrefix = '',
+  padName = 18
+} = {}) {
+  let result = '';
+  const names = Object.keys(list).sort();
+  for (const name of names) {
+    const rawDescription = list[name];
+    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
+    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
+  }
+  return result.trim();
+}
+
 const {
   NPM: NPM$4
 } = registryConstants;
@@ -832,48 +840,6 @@ const npx = {
   }
 };
 
-function existsSync(filepath) {
-  try {
-    return filepath ? fs.existsSync(filepath) : false;
-  } catch {}
-  return false;
-}
-async function findUp(name, {
-  cwd = process$1.cwd()
-}) {
-  let dir = path.resolve(cwd);
-  const {
-    root
-  } = path.parse(dir);
-  const names = [name].flat();
-  while (dir && dir !== root) {
-    for (const name of names) {
-      const filePath = path.join(dir, name);
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        const stats = await fs.promises.stat(filePath);
-        if (stats.isFile()) {
-          return filePath;
-        }
-      } catch {}
-    }
-    dir = path.dirname(dir);
-  }
-  return undefined;
-}
-async function readFileBinary(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'binary'
-  });
-}
-async function readFileUtf8(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'utf8'
-  });
-}
-
 const {
   BINARY_LOCK_EXT,
   BUN: BUN$1,
@@ -886,12 +852,6 @@ const {
   YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
 const AGENTS = [BUN$1, NPM$2, PNPM$1, YARN_BERRY$1, YARN_CLASSIC$1, VLT$1];
-const {
-  compare: alphanumericComparator
-} = new Intl.Collator(undefined, {
-  numeric: true,
-  sensitivity: 'base'
-});
 const binByAgent = {
   __proto__: null,
   [BUN$1]: BUN$1,
@@ -949,8 +909,8 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
-  const binaryReader = wrapReader(readFileBinary);
-  const defaultReader = wrapReader(async lockPath => await readFileUtf8(lockPath));
+  const binaryReader = wrapReader(socketUrl.readFileBinary);
+  const defaultReader = wrapReader(async lockPath => await socketUrl.readFileUtf8(lockPath));
   return {
     [BUN$1]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
@@ -982,15 +942,15 @@ async function detect({
   cwd = process$1.cwd(),
   onUnknown
 } = {}) {
-  let lockPath = await findUp(Object.keys(LOCKS), {
+  let lockPath = await socketUrl.findUp(Object.keys(LOCKS), {
     cwd
   });
   let lockBasename = lockPath ? path.basename(lockPath) : undefined;
   const isHiddenLockFile = lockBasename === '.package-lock.json';
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await findUp('package.json', {
+  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await socketUrl.findUp('package.json', {
     cwd
   });
-  const pkgPath = existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
+  const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await packages.readPackageJson(pkgPath, {
     editable: true
   }) : undefined;
@@ -1047,7 +1007,7 @@ async function detect({
     }
     const browserslistQuery = pkgJson['browserslist'];
     if (Array.isArray(browserslistQuery)) {
-      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(alphanumericComparator);
+      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(sorts.naturalCompare);
       const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5 /*'node '.length*/));
       if (!targets.browser && browserslistTargets.length) {
         targets.browser = browserslistTargets.length !== browserslistNodeTargets.length;
@@ -1473,11 +1433,11 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   let workspacePatterns;
   if (agent === PNPM) {
     for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
-      if (existsSync(workspacePath)) {
+      // eslint-disable-next-line no-await-in-loop
+      const yml = await socketUrl.safeReadFile(workspacePath, 'utf8');
+      if (yml) {
         try {
-          workspacePatterns = yaml.parse(
-          // eslint-disable-next-line no-await-in-loop
-          await fs$1.readFile(workspacePath, 'utf8'))?.packages;
+          workspacePatterns = yaml.parse(yml)?.packages;
         } catch {}
         if (workspacePatterns) {
           break;
@@ -1962,16 +1922,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
     cli.showHelp();
     return;
   }
-  const {
-    path: binPath
-  } = await pathResolve.findBinPathDetails(binName$1);
-  if (!binPath) {
-    // The exit code 127 indicates that the command or binary being executed
-    // could not be found.
-    console.error(`Socket unable to locate ${binName$1}; ensure it is available in the PATH environment variable.`);
-    process$1.exit(127);
-  }
-  const spawnPromise = spawn(binPath, argv, {
+  const spawnPromise = spawn(npmPaths.getNpmBinPath(), argv, {
     signal: abortSignal$1,
     stdio: 'inherit'
   });
@@ -2030,16 +1981,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
     cli.showHelp();
     return;
   }
-  const {
-    path: binPath
-  } = await pathResolve.findBinPathDetails(binName);
-  if (!binPath) {
-    // The exit code 127 indicates that the command or binary being executed
-    // could not be found.
-    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
-    process$1.exit(127);
-  }
-  const spawnPromise = spawn(binPath, argv, {
+  const spawnPromise = spawn(npmPaths.getNpxBinPath(), argv, {
     signal: abortSignal,
     stdio: 'inherit'
   });
@@ -2216,7 +2158,6 @@ const create$2 = {
         }));
         if (reportData) {
           formatReportDataOutput(reportData, {
-            includeAllIssues,
             name,
             outputJson,
             outputMarkdown,
@@ -2328,7 +2269,7 @@ async function setupCommand$g(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
+  const packagePaths = await npmPaths.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
   return {
     config: config$1,
     cwd,
@@ -2346,7 +2287,7 @@ async function createReport(packagePaths, {
   cwd,
   dryRun
 }) {
-  pathResolve.debugLog('Uploading:', packagePaths.join(`\n${pathResolve.logSymbols.info} Uploading: `));
+  npmPaths.debugLog('Uploading:', packagePaths.join(`\n${npmPaths.logSymbols.info} Uploading: `));
   if (dryRun) {
     return;
   }
@@ -2716,7 +2657,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
   const {
     branch: branchName,
     repo: repoName
@@ -3831,7 +3772,7 @@ const dependencies = {
   }) {
     const name = parentName + ' dependencies';
     const input = setupCommand$3(name, dependencies.description, argv, importMeta);
-    {
+    if (input) {
       await searchDeps(input);
     }
   }
@@ -4399,7 +4340,7 @@ const threatFeed = {
   }) {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
-    {
+    if (input) {
       const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
         throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
@@ -4620,7 +4561,7 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${pathResolve.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    console.error(`${npmPaths.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }

package/dist/require/npm-paths.js

@@ -0,0 +1,3 @@
+'use strict'
+
+module.exports = require('../module-sync/npm-paths.js')

package/dist/require/vendor.js

@@ -1707,22 +1707,15 @@ function redent(string, count = 0, options = {}) {
 }
 const debug$1 = typeof process === 'object' && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error('SEMVER', ...args) : () => {};
 var debug_1 = debug$1;
-const SEMVER_SPEC_VERSION = '2.0.0';
 const MAX_LENGTH$1 = 256;
 const MAX_SAFE_INTEGER$1 = Number.MAX_SAFE_INTEGER || 9007199254740991;
 const MAX_SAFE_COMPONENT_LENGTH = 16;
 const MAX_SAFE_BUILD_LENGTH = MAX_LENGTH$1 - 6;
-const RELEASE_TYPES = ['major', 'premajor', 'minor', 'preminor', 'patch', 'prepatch', 'prerelease'];
 var constants$1 = {
   MAX_LENGTH: MAX_LENGTH$1,
   MAX_SAFE_COMPONENT_LENGTH,
   MAX_SAFE_BUILD_LENGTH,
-  MAX_SAFE_INTEGER: MAX_SAFE_INTEGER$1,
-  RELEASE_TYPES,
-  SEMVER_SPEC_VERSION,
-  FLAG_INCLUDE_PRERELEASE: 0b001,
-  FLAG_LOOSE: 0b010
-};
+  MAX_SAFE_INTEGER: MAX_SAFE_INTEGER$1};
 var re$1 = {
   exports: {}
 };
@@ -1828,11 +1821,8 @@ const compareIdentifiers$1 = (a, b) => {
   }
   return a === b ? 0 : anum && !bnum ? -1 : bnum && !anum ? 1 : a < b ? -1 : 1;
 };
-const rcompareIdentifiers = (a, b) => compareIdentifiers$1(b, a);
 var identifiers = {
-  compareIdentifiers: compareIdentifiers$1,
-  rcompareIdentifiers
-};
+  compareIdentifiers: compareIdentifiers$1};
 const debug = debug_1;
 const {
   MAX_LENGTH,
@@ -4694,9 +4684,9 @@ function versionIncluded(nodeVersion, specifierValue) {
   if (typeof specifierValue === 'boolean') {
     return specifierValue;
   }
-  var current = typeof nodeVersion === 'undefined' ? process.versions && process.versions.node : nodeVersion;
+  var current = process.versions && process.versions.node ;
   if (typeof current !== 'string') {
-    throw new TypeError(typeof nodeVersion === 'undefined' ? 'Unable to determine current node version' : 'If provided, a valid node version is required');
+    throw new TypeError('Unable to determine current node version' );
   }
   if (specifierValue && typeof specifierValue === 'object') {
     for (var i = 0; i < specifierValue.length; ++i) {
@@ -6765,7 +6755,6 @@ function getSupportLevel$1(stream) {
   return translateLevel$1(level);
 }
 var supportsColor_1$1 = {
-  supportsColor: getSupportLevel$1,
   stdout: getSupportLevel$1(process.stdout),
   stderr: getSupportLevel$1(process.stderr)
 };
@@ -7391,7 +7380,6 @@ function getSupportLevel(stream) {
   return translateLevel(level);
 }
 var supportsColor_1 = {
-  supportsColor: getSupportLevel,
   stdout: getSupportLevel(process.stdout),
   stderr: getSupportLevel(process.stderr)
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.14.40",
+  "version": "0.14.42",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -43,6 +43,9 @@
     "check:lint": "eslint --report-unused-disable-directives .",
     "check:tsc": "tsc",
     "check:type-coverage": "type-coverage --detail --strict --at-least 95 --ignore-files 'test/*'",
+    "clean": "run-p --aggregate-output clean:*",
+    "clean:dist": "del-cli 'dist' 'test/dist'",
+    "clean:node_modules": "del-cli '**/node_modules'",
     "knip:dependencies": "knip --dependencies",
     "knip:exports": "knip --include exports,duplicates",
     "lint": "oxlint -c=./.oxlintrc.json --ignore-path=./.prettierignore --tsconfig=./tsconfig.json .",
@@ -53,18 +56,20 @@
     "test-ci": "run-s build:* test:*",
     "test:unit": "tap-run",
     "test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
-    "test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+    "test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report",
+    "update": "run-p --aggregate-output update:**",
+    "update:deps": "npx npm-check-updates"
   },
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
-    "@cyclonedx/cdxgen": "^11.1.0",
+    "@cyclonedx/cdxgen": "^11.1.7",
     "@npmcli/promise-spawn": "^8.0.2",
-    "@socketregistry/hyrious__bun.lockb": "^1.0.11",
+    "@socketregistry/hyrious__bun.lockb": "^1.0.12",
     "@socketregistry/indent-string": "^1.0.9",
     "@socketregistry/is-interactive": "^1.0.1",
     "@socketregistry/is-unicode-supported": "^1.0.0",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.74",
+    "@socketsecurity/registry": "^1.0.81",
     "@socketsecurity/sdk": "^1.4.5",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -79,7 +84,7 @@
     "npm-package-arg": "^12.0.1",
     "open": "^10.1.0",
     "pony-cause": "^2.1.11",
-    "semver": "^7.6.3",
+    "semver": "^7.7.0",
     "synp": "^1.9.14",
     "terminal-link": "2.1.1",
     "tiny-updater": "^3.5.3",
@@ -90,16 +95,16 @@
     "yoctocolors-cjs": "^2.1.2"
   },
   "devDependencies": {
-    "@babel/core": "^7.26.0",
+    "@babel/core": "^7.26.7",
     "@babel/plugin-proposal-export-default-from": "^7.25.9",
     "@babel/plugin-syntax-dynamic-import": "^7.8.3",
     "@babel/plugin-transform-export-namespace-from": "^7.25.9",
     "@babel/plugin-transform-runtime": "^7.25.9",
-    "@babel/preset-env": "^7.26.0",
+    "@babel/preset-env": "^7.26.7",
     "@babel/preset-typescript": "^7.26.0",
-    "@babel/runtime": "^7.26.0",
-    "@eslint/compat": "^1.2.5",
-    "@eslint/js": "^9.18.0",
+    "@babel/runtime": "^7.26.7",
+    "@eslint/compat": "^1.2.6",
+    "@eslint/js": "^9.19.0",
     "@rollup/plugin-commonjs": "^28.0.2",
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^16.0.0",
@@ -111,7 +116,7 @@
     "@types/micromatch": "^4.0.9",
     "@types/mocha": "^10.0.10",
     "@types/mock-fs": "^4.13.4",
-    "@types/node": "^22.10.7",
+    "@types/node": "^22.13.0",
     "@types/npmcli__arborist": "^6.3.0",
     "@types/npmcli__promise-spawn": "^6.0.3",
     "@types/proc-log": "^3.0.4",
@@ -119,34 +124,36 @@
     "@types/update-notifier": "^6.0.8",
     "@types/which": "^3.0.4",
     "@types/yargs-parser": "^21.0.3",
-    "@typescript-eslint/eslint-plugin": "^8.21.0",
-    "@typescript-eslint/parser": "^8.21.0",
+    "@typescript-eslint/eslint-plugin": "^8.22.0",
+    "@typescript-eslint/parser": "^8.22.0",
     "c8": "^10.1.3",
     "custompatch": "^1.1.4",
-    "eslint": "^9.18.0",
-    "eslint-import-resolver-oxc": "^0.9.1",
+    "del-cli": "^6.0.0",
+    "eslint": "^9.19.0",
+    "eslint-import-resolver-oxc": "^0.10.1",
     "eslint-plugin-depend": "^0.12.0",
     "eslint-plugin-import-x": "^4.6.1",
     "eslint-plugin-n": "^17.15.1",
     "eslint-plugin-sort-destructure-keys": "^2.0.0",
     "eslint-plugin-unicorn": "^56.0.1",
     "husky": "^9.1.7",
-    "knip": "^5.42.2",
+    "knip": "^5.43.6",
     "magic-string": "^0.30.17",
     "mock-fs": "^5.4.1",
-    "nock": "^13.5.6",
+    "nock": "^14.0.0",
     "npm-run-all2": "^7.0.2",
-    "oxlint": "0.15.7",
+    "oxlint": "0.15.9",
     "prettier": "3.4.2",
     "read-package-up": "^11.0.0",
-    "rollup": "4.31.0",
+    "rollup": "4.34.1",
     "rollup-plugin-ts": "^3.4.5",
     "type-coverage": "^2.29.7",
     "typescript": "5.4.5",
-    "typescript-eslint": "^8.21.0",
+    "typescript-eslint": "^8.22.0",
     "unplugin-purge-polyfills": "^0.0.7"
   },
   "overrides": {
+    "@socketregistry/packageurl-js": "npm:@socketregistry/packageurl-js@^1",
     "aggregate-error": "npm:@socketregistry/aggregate-error@^1",
     "es-define-property": "npm:@socketregistry/es-define-property@^1",
     "function-bind": "npm:@socketregistry/function-bind@^1",
@@ -173,6 +180,7 @@
     "yaml": "$yaml"
   },
   "resolutions": {
+    "@socketregistry/packageurl-js": "npm:@socketregistry/packageurl-js@^1",
     "aggregate-error": "npm:@socketregistry/aggregate-error@^1",
     "es-define-property": "npm:@socketregistry/es-define-property@^1",
     "function-bind": "npm:@socketregistry/function-bind@^1",

package/dist/require/path-resolve.js

@@ -1,3 +0,0 @@
-'use strict'
-
-module.exports = require('../module-sync/path-resolve.js')