@socketsecurity/cli 0.14.42 → 0.14.44

package/dist/module-sync/npm-injection.js

@@ -1,1514 +1,26 @@
 'use strict';
 
-function _socketInterop(e) {
-  let c = 0
-  for (const k in e ?? {}) {
-    c = c === 0 && k === 'default' ? 1 : 0
-    if (!c && k !== '__esModule') break
-  }
-  return c ? e.default : e
-}
-
-var path = require('node:path');
-var process = require('node:process');
-var semver = _socketInterop(require('semver'));
-var registry = require('@socketsecurity/registry');
-var arrays = require('@socketsecurity/registry/lib/arrays');
-var objects = require('@socketsecurity/registry/lib/objects');
-var packages = require('@socketsecurity/registry/lib/packages');
-var prompts = require('@socketsecurity/registry/lib/prompts');
-var spinner = require('@socketsecurity/registry/lib/spinner');
-var constants = require('./constants.js');
-var events = require('node:events');
-var https = require('node:https');
-var readline = require('node:readline');
-var socketUrl = require('./socket-url.js');
-var promises = require('node:timers/promises');
+var index = require('./index.js');
 var npmPaths = require('./npm-paths.js');
-var npa = _socketInterop(require('npm-package-arg'));
-
-const {
-  LOOP_SENTINEL: LOOP_SENTINEL$2,
-  NPM_REGISTRY_URL: NPM_REGISTRY_URL$1
-} = constants;
-function getUrlOrigin(input) {
-  try {
-    return URL.parse(input)?.origin ?? '';
-  } catch {}
-  return '';
-}
-function getPackagesToQueryFromDiff(diff_, options) {
-  const {
-    includeUnchanged = false,
-    includeUnknownOrigin = false
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const details = [];
-  // `diff_` is `null` when `npm install --package-lock-only` is passed.
-  if (!diff_) {
-    return details;
-  }
-  const queue = [...diff_.children];
-  let pos = 0;
-  let {
-    length: queueLength
-  } = queue;
-  while (pos < queueLength) {
-    if (pos === LOOP_SENTINEL$2) {
-      throw new Error('Detected infinite loop while walking Arborist diff');
-    }
-    const diff = queue[pos++];
-    const {
-      action
-    } = diff;
-    if (action) {
-      // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff
-      // action is 'REMOVE'
-      // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff
-      // action is 'ADD'.
-      const {
-        actual: oldNode,
-        ideal: pkgNode
-      } = diff;
-      let existing;
-      let keep = false;
-      if (action === 'CHANGE') {
-        if (pkgNode?.package.version !== oldNode?.package.version) {
-          keep = true;
-          if (oldNode?.package.name && oldNode.package.name === pkgNode?.package.name) {
-            existing = oldNode;
-          }
-        }
-      } else {
-        keep = action !== 'REMOVE';
-      }
-      if (keep && pkgNode?.resolved && (!oldNode || oldNode.resolved)) {
-        const origin = getUrlOrigin(pkgNode.resolved);
-        if (includeUnknownOrigin || origin === NPM_REGISTRY_URL$1) {
-          details.push({
-            node: pkgNode,
-            origin,
-            existing
-          });
-        }
-      }
-    }
-    for (const child of diff.children) {
-      queue[queueLength++] = child;
-    }
-  }
-  if (includeUnchanged) {
-    const {
-      unchanged
-    } = diff_;
-    for (let i = 0, {
-        length
-      } = unchanged; i < length; i += 1) {
-      const pkgNode = unchanged[i];
-      const origin = getUrlOrigin(pkgNode.resolved);
-      if (includeUnknownOrigin || origin === NPM_REGISTRY_URL$1) {
-        details.push({
-          node: pkgNode,
-          origin,
-          existing: pkgNode
-        });
-      }
-    }
-  }
-  return details;
-}
-
-const {
-  API_V0_URL,
-  abortSignal: abortSignal$2
-} = constants;
-async function* batchScan(pkgIds) {
-  const req = https.request(`${API_V0_URL}/purl?alerts=true`, {
-    method: 'POST',
-    headers: {
-      Authorization: `Basic ${Buffer.from(`${socketUrl.getPublicToken()}:`).toString('base64url')}`
-    },
-    signal: abortSignal$2
-  }).end(JSON.stringify({
-    components: pkgIds.map(id => ({
-      purl: `pkg:npm/${id}`
-    }))
-  }));
-  const {
-    0: res
-  } = await events.once(req, 'response');
-  const ok = res.statusCode >= 200 && res.statusCode <= 299;
-  if (!ok) {
-    throw new Error(`Socket API Error: ${res.statusCode}`);
-  }
-  const rli = readline.createInterface(res);
-  for await (const line of rli) {
-    yield JSON.parse(line);
-  }
-}
-function isArtifactAlertCveFixable(alert) {
-  const {
-    type
-  } = alert;
-  return (type === 'cve' || type === 'mediumCVE' || type === 'mildCVE' || type === 'criticalCVE') && !!alert.props?.['firstPatchedVersionIdentifier'] && !!alert.props?.['vulnerableVersionRange'];
-}
-function isArtifactAlertFixable(alert) {
-  return alert.type === 'socketUpgradeAvailable' || isArtifactAlertCveFixable(alert);
-}
-
-const {
-  abortSignal: abortSignal$1
-} = constants;
-const ERROR_UX = {
-  block: true,
-  display: true
-};
-const IGNORE_UX = {
-  block: false,
-  display: false
-};
-const WARN_UX = {
-  block: false,
-  display: true
-};
-
-// Iterates over all entries with ordered issue rule for deferral.  Iterates over
-// all issue rules and finds the first defined value that does not defer otherwise
-// uses the defaultValue. Takes the value and converts into a UX workflow.
-function resolveAlertRuleUX(orderedRulesCollection, defaultValue) {
-  if (defaultValue === true || defaultValue === null || defaultValue === undefined) {
-    defaultValue = {
-      action: 'error'
-    };
-  } else if (defaultValue === false) {
-    defaultValue = {
-      action: 'ignore'
-    };
-  }
-  let block = false;
-  let display = false;
-  let needDefault = true;
-  iterate_entries: for (const rules of orderedRulesCollection) {
-    for (const rule of rules) {
-      if (ruleValueDoesNotDefer(rule)) {
-        needDefault = false;
-        const narrowingFilter = uxForDefinedNonDeferValue(rule);
-        block = block || narrowingFilter.block;
-        display = display || narrowingFilter.display;
-        continue iterate_entries;
-      }
-    }
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
-    block = block || narrowingFilter.block;
-    display = display || narrowingFilter.display;
-  }
-  if (needDefault) {
-    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
-    block = block || narrowingFilter.block;
-    display = display || narrowingFilter.display;
-  }
-  return {
-    block,
-    display
-  };
-}
-
-// Negative form because it is narrowing the type.
-function ruleValueDoesNotDefer(rule) {
-  if (rule === undefined) {
-    return false;
-  }
-  if (objects.isObject(rule)) {
-    const {
-      action
-    } = rule;
-    if (action === undefined || action === 'defer') {
-      return false;
-    }
-  }
-  return true;
-}
-
-// Handles booleans for backwards compatibility.
-function uxForDefinedNonDeferValue(ruleValue) {
-  if (typeof ruleValue === 'boolean') {
-    return ruleValue ? ERROR_UX : IGNORE_UX;
-  }
-  const {
-    action
-  } = ruleValue;
-  if (action === 'warn') {
-    return WARN_UX;
-  } else if (action === 'ignore') {
-    return IGNORE_UX;
-  }
-  return ERROR_UX;
-}
-function createAlertUXLookup(settings) {
-  const cachedUX = new Map();
-  return context => {
-    const {
-      type
-    } = context.alert;
-    let ux = cachedUX.get(type);
-    if (ux) {
-      return ux;
-    }
-    const orderedRulesCollection = [];
-    for (const settingsEntry of settings.entries) {
-      const orderedRules = [];
-      let target = settingsEntry.start;
-      while (target !== null) {
-        const resolvedTarget = settingsEntry.settings[target];
-        if (!resolvedTarget) {
-          break;
-        }
-        const issueRuleValue = resolvedTarget.issueRules?.[type];
-        if (typeof issueRuleValue !== 'undefined') {
-          orderedRules.push(issueRuleValue);
-        }
-        target = resolvedTarget.deferTo ?? null;
-      }
-      orderedRulesCollection.push(orderedRules);
-    }
-    const defaultValue = settings.defaults.issueRules[type];
-    let resolvedDefaultValue = {
-      action: 'error'
-    };
-    if (defaultValue === false) {
-      resolvedDefaultValue = {
-        action: 'ignore'
-      };
-    } else if (defaultValue && defaultValue !== true) {
-      resolvedDefaultValue = {
-        action: defaultValue.action ?? 'error'
-      };
-    }
-    ux = resolveAlertRuleUX(orderedRulesCollection, resolvedDefaultValue);
-    cachedUX.set(type, ux);
-    return ux;
-  };
-}
-let _uxLookup;
-async function uxLookup(settings) {
-  while (_uxLookup === undefined) {
-    // eslint-disable-next-line no-await-in-loop
-    await promises.setTimeout(1, {
-      signal: abortSignal$1
-    });
-  }
-  return _uxLookup(settings);
-}
-
-// Start initializing the AlertUxLookupResult immediately.
-void (async () => {
-  const {
-    orgs,
-    settings
-  } = await (async () => {
-    try {
-      const socketSdk = await socketUrl.setupSdk(socketUrl.getPublicToken());
-      const orgResult = await socketSdk.getOrganizations();
-      if (!orgResult.success) {
-        throw new Error(`Failed to fetch Socket organization info: ${orgResult.error.message}`);
-      }
-      const orgs = [];
-      for (const org of Object.values(orgResult.data.organizations)) {
-        if (org) {
-          orgs.push(org);
-        }
-      }
-      const result = await socketSdk.postSettings(orgs.map(org => ({
-        organization: org.id
-      })));
-      if (!result.success) {
-        throw new Error(`Failed to fetch API key settings: ${result.error.message}`);
-      }
-      return {
-        orgs,
-        settings: result.data
-      };
-    } catch (e) {
-      const cause = objects.isObject(e) && 'cause' in e ? e.cause : undefined;
-      if (socketUrl.isErrnoException(cause) && (cause.code === 'ENOTFOUND' || cause.code === 'ECONNREFUSED')) {
-        throw new Error('Unable to connect to socket.dev, ensure internet connectivity before retrying', {
-          cause: e
-        });
-      }
-      throw e;
-    }
-  })();
-
-  // Remove any organizations not being enforced.
-  const enforcedOrgs = socketUrl.getSetting('enforcedOrgs') ?? [];
-  for (const {
-    0: i,
-    1: org
-  } of orgs.entries()) {
-    if (!enforcedOrgs.includes(org.id)) {
-      settings.entries.splice(i, 1);
-    }
-  }
-  const socketYml = socketUrl.findSocketYmlSync();
-  if (socketYml) {
-    settings.entries.push({
-      start: socketYml.path,
-      settings: {
-        [socketYml.path]: {
-          deferTo: null,
-          // TODO: TypeScript complains about the type not matching. We should
-          // figure out why are providing
-          // issueRules: { [issueName: string]: boolean }
-          // but expecting
-          // issueRules: { [issueName: string]: { action: 'defer' | 'error' | 'ignore' | 'monitor' | 'warn' } }
-          issueRules: socketYml.parsed.issueRules
-        }
-      }
-    });
-  }
-  _uxLookup = createAlertUXLookup(settings);
-})();
-
-const depValid = require(npmPaths.getArboristDepValidPath());
-
-const {
-  UNDEFINED_TOKEN
-} = constants;
-function tryRequire(...ids) {
-  for (const data of ids) {
-    let id;
-    let transformer;
-    if (Array.isArray(data)) {
-      id = data[0];
-      transformer = data[1];
-    } else {
-      id = data;
-      transformer = mod => mod;
-    }
-    try {
-      // Check that the transformed value isn't `undefined` because older
-      // versions of packages like 'proc-log' may not export a `log` method.
-      const exported = transformer(require(id));
-      if (exported !== undefined) {
-        return exported;
-      }
-    } catch {}
-  }
-  return undefined;
-}
-let _log = UNDEFINED_TOKEN;
-function getLogger() {
-  if (_log === UNDEFINED_TOKEN) {
-    const npmNmPath = npmPaths.getNpmNodeModulesPath();
-    _log = tryRequire([path.join(npmNmPath, 'proc-log/lib/index.js'),
-    // The proc-log DefinitelyTyped definition is incorrect. The type definition
-    // is really that of its export log.
-    mod => mod.log], path.join(npmNmPath, 'npmlog/lib/log.js'));
-  }
-  return _log;
-}
-
-const {
-  LOOP_SENTINEL: LOOP_SENTINEL$1
-} = constants;
-const OverrideSet = require(npmPaths.getArboristOverrideSetClassPath());
-
-// Implementation code not related to patch https://github.com/npm/cli/pull/7025
-// is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/override-set.js:
-class SafeOverrideSet extends OverrideSet {
-  // Patch adding doOverrideSetsConflict is based on
-  // https://github.com/npm/cli/pull/7025.
-  static doOverrideSetsConflict(first, second) {
-    // If override sets contain one another then we can try to use the more specific
-    // one. However, if neither one is more specific, then we consider them to be
-    // in conflict.
-    return this.findSpecificOverrideSet(first, second) === undefined;
-  }
-
-  // Patch adding findSpecificOverrideSet is based on
-  // https://github.com/npm/cli/pull/7025.
-  static findSpecificOverrideSet(first, second) {
-    let overrideSet = second;
-    while (overrideSet) {
-      if (overrideSet.isEqual(first)) {
-        return second;
-      }
-      overrideSet = overrideSet.parent;
-    }
-    overrideSet = first;
-    while (overrideSet) {
-      if (overrideSet.isEqual(second)) {
-        return first;
-      }
-      overrideSet = overrideSet.parent;
-    }
-    // The override sets are incomparable. Neither one contains the other.
-    const log = getLogger();
-    log?.silly('Conflicting override sets', first, second);
-    return undefined;
-  }
-
-  // Patch adding childrenAreEqual is based on
-  // https://github.com/npm/cli/pull/7025.
-  childrenAreEqual(otherOverrideSet) {
-    const queue = [[this, otherOverrideSet]];
-    let pos = 0;
-    let {
-      length: queueLength
-    } = queue;
-    while (pos < queueLength) {
-      if (pos === LOOP_SENTINEL$1) {
-        throw new Error('Detected infinite loop while comparing override sets');
-      }
-      const {
-        0: currSet,
-        1: currOtherSet
-      } = queue[pos++];
-      const {
-        children
-      } = currSet;
-      const {
-        children: otherChildren
-      } = currOtherSet;
-      if (children.size !== otherChildren.size) {
-        return false;
-      }
-      for (const key of children.keys()) {
-        if (!otherChildren.has(key)) {
-          return false;
-        }
-        const child = children.get(key);
-        const otherChild = otherChildren.get(key);
-        if (child.value !== otherChild.value) {
-          return false;
-        }
-        queue[queueLength++] = [child, otherChild];
-      }
-    }
-    return true;
-  }
-  getEdgeRule(edge) {
-    for (const rule of this.ruleset.values()) {
-      if (rule.name !== edge.name) {
-        continue;
-      }
-      // If keySpec is * we found our override.
-      if (rule.keySpec === '*') {
-        return rule;
-      }
-      // Patch replacing
-      // let spec = npa(`${edge.name}@${edge.spec}`)
-      // is based on https://github.com/npm/cli/pull/7025.
-      //
-      // We need to use the rawSpec here, because the spec has the overrides
-      // applied to it already.
-      let spec = npa(`${edge.name}@${edge.rawSpec}`);
-      if (spec.type === 'alias') {
-        spec = spec.subSpec;
-      }
-      if (spec.type === 'git') {
-        if (spec.gitRange && rule.keySpec && semver.intersects(spec.gitRange, rule.keySpec)) {
-          return rule;
-        }
-        continue;
-      }
-      if (spec.type === 'range' || spec.type === 'version') {
-        if (rule.keySpec && semver.intersects(spec.fetchSpec, rule.keySpec)) {
-          return rule;
-        }
-        continue;
-      }
-      // If we got this far, the spec type is one of tag, directory or file
-      // which means we have no real way to make version comparisons, so we
-      // just accept the override.
-      return rule;
-    }
-    return this;
-  }
-
-  // Patch adding isEqual is based on
-  // https://github.com/npm/cli/pull/7025.
-  isEqual(otherOverrideSet) {
-    if (this === otherOverrideSet) {
-      return true;
-    }
-    if (!otherOverrideSet) {
-      return false;
-    }
-    if (this.key !== otherOverrideSet.key || this.value !== otherOverrideSet.value) {
-      return false;
-    }
-    if (!this.childrenAreEqual(otherOverrideSet)) {
-      return false;
-    }
-    if (!this.parent) {
-      return !otherOverrideSet.parent;
-    }
-    return this.parent.isEqual(otherOverrideSet.parent);
-  }
-}
-
-const Node = require(npmPaths.getArboristNodeClassPath());
-
-// Implementation code not related to patch https://github.com/npm/cli/pull/7025
-// is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/node.js:
-class SafeNode extends Node {
-  // Return true if it's safe to remove this node, because anything that is
-  // depending on it would be fine with the thing that they would resolve to if
-  // it was removed, or nothing is depending on it in the first place.
-  canDedupe(preferDedupe = false) {
-    // Not allowed to mess with shrinkwraps or bundles.
-    if (this.inDepBundle || this.inShrinkwrap) {
-      return false;
-    }
-    // It's a top level pkg, or a dep of one.
-    if (!this.resolveParent?.resolveParent) {
-      return false;
-    }
-    // No one wants it, remove it.
-    if (this.edgesIn.size === 0) {
-      return true;
-    }
-    const other = this.resolveParent.resolveParent.resolve(this.name);
-    // Nothing else, need this one.
-    if (!other) {
-      return false;
-    }
-    // If it's the same thing, then always fine to remove.
-    if (other.matches(this)) {
-      return true;
-    }
-    // If the other thing can't replace this, then skip it.
-    if (!other.canReplace(this)) {
-      return false;
-    }
-    // Patch replacing
-    // if (preferDedupe || semver.gte(other.version, this.version)) {
-    //   return true
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    //
-    // If we prefer dedupe, or if the version is equal, take the other.
-    if (preferDedupe || semver.eq(other.version, this.version)) {
-      return true;
-    }
-    // If our current version isn't the result of an override, then prefer to
-    // take the greater version.
-    if (!this.overridden && semver.gt(other.version, this.version)) {
-      return true;
-    }
-    return false;
-  }
-
-  // Is it safe to replace one node with another?  check the edges to
-  // make sure no one will get upset.  Note that the node might end up
-  // having its own unmet dependencies, if the new node has new deps.
-  // Note that there are cases where Arborist will opt to insert a node
-  // into the tree even though this function returns false!  This is
-  // necessary when a root dependency is added or updated, or when a
-  // root dependency brings peer deps along with it.  In that case, we
-  // will go ahead and create the invalid state, and then try to resolve
-  // it with more tree construction, because it's a user request.
-  canReplaceWith(node, ignorePeers) {
-    if (this.name !== node.name || this.packageName !== node.packageName) {
-      return false;
-    }
-    // Patch replacing
-    // if (node.overrides !== this.overrides) {
-    //   return false
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    //
-    // If this node has no dependencies, then it's irrelevant to check the
-    // override rules of the replacement node.
-    if (this.edgesOut.size) {
-      // XXX need to check for two root nodes?
-      if (node.overrides) {
-        if (!node.overrides.isEqual(this.overrides)) {
-          return false;
-        }
-      } else {
-        if (this.overrides) {
-          return false;
-        }
-      }
-    }
-    // To satisfy the patch we ensure `node.overrides === this.overrides`
-    // so that the condition we want to replace,
-    // if (this.overrides !== node.overrides) {
-    // , is not hit.`
-    const oldOverrideSet = this.overrides;
-    let result = true;
-    if (oldOverrideSet !== node.overrides) {
-      this.overrides = node.overrides;
-    }
-    try {
-      result = super.canReplaceWith(node, ignorePeers);
-      this.overrides = oldOverrideSet;
-    } catch (e) {
-      this.overrides = oldOverrideSet;
-      throw e;
-    }
-    return result;
-  }
-
-  // Patch adding deleteEdgeIn is based on https://github.com/npm/cli/pull/7025.
-  deleteEdgeIn(edge) {
-    this.edgesIn.delete(edge);
-    const {
-      overrides
-    } = edge;
-    if (overrides) {
-      this.updateOverridesEdgeInRemoved(overrides);
-    }
-  }
-  addEdgeIn(edge) {
-    // Patch replacing
-    // if (edge.overrides) {
-    //   this.overrides = edge.overrides
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    //
-    // We need to handle the case where the new edge in has an overrides field
-    // which is different from the current value.
-    if (!this.overrides || !this.overrides.isEqual(edge.overrides)) {
-      this.updateOverridesEdgeInAdded(edge.overrides);
-    }
-    this.edgesIn.add(edge);
-    // Try to get metadata from the yarn.lock file.
-    this.root.meta?.addEdge(edge);
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get overridden() {
-    // Patch replacing
-    // return !!(this.overrides && this.overrides.value && this.overrides.name === this.name)
-    // is based on https://github.com/npm/cli/pull/7025.
-    if (!this.overrides || !this.overrides.value || this.overrides.name !== this.name) {
-      return false;
-    }
-    // The overrides rule is for a package with this name, but some override rules
-    // only apply to specific versions. To make sure this package was actually
-    // overridden, we check whether any edge going in had the rule applied to it,
-    // in which case its overrides set is different than its source node.
-    for (const edge of this.edgesIn) {
-      if (edge.overrides && edge.overrides.name === this.name && edge.overrides.value === this.version) {
-        if (!edge.overrides?.isEqual(edge.from?.overrides)) {
-          return true;
-        }
-      }
-    }
-    return false;
-  }
-
-  // Patch adding recalculateOutEdgesOverrides is based on
-  // https://github.com/npm/cli/pull/7025.
-  recalculateOutEdgesOverrides() {
-    // For each edge out propagate the new overrides through.
-    for (const edge of this.edgesOut.values()) {
-      edge.reload(true);
-      if (edge.to) {
-        edge.to.updateOverridesEdgeInAdded(edge.overrides);
-      }
-    }
-  }
-
-  // @ts-ignore: Incorrectly typed to accept null.
-  set root(newRoot) {
-    // Patch removing
-    // if (!this.overrides && this.parent && this.parent.overrides) {
-    //   this.overrides = this.parent.overrides.getNodeRule(this)
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    //
-    // The "root" setter is a really large and complex function. To satisfy the
-    // patch we add a dummy value to `this.overrides` so that the condition we
-    // want to remove,
-    // if (!this.overrides && this.parent && this.parent.overrides) {
-    // , is not hit.
-    if (!this.overrides) {
-      this.overrides = new SafeOverrideSet({
-        overrides: ''
-      });
-    }
-    try {
-      super.root = newRoot;
-      this.overrides = undefined;
-    } catch (e) {
-      this.overrides = undefined;
-      throw e;
-    }
-  }
-
-  // Patch adding updateOverridesEdgeInAdded is based on
-  // https://github.com/npm/cli/pull/7025.
-  //
-  // This logic isn't perfect either. When we have two edges in that have
-  // different override sets, then we have to decide which set is correct. This
-  // function assumes the more specific override set is applicable, so if we have
-  // dependencies A->B->C and A->C and an override set that specifies what happens
-  // for C under A->B, this will work even if the new A->C edge comes along and
-  // tries to change the override set. The strictly correct logic is not to allow
-  // two edges with different overrides to point to the same node, because even
-  // if this node can satisfy both, one of its dependencies might need to be
-  // different depending on the edge leading to it. However, this might cause a
-  // lot of duplication, because the conflict in the dependencies might never
-  // actually happen.
-  updateOverridesEdgeInAdded(otherOverrideSet) {
-    if (!otherOverrideSet) {
-      // Assuming there are any overrides at all, the overrides field is never
-      // undefined for any node at the end state of the tree. So if the new edge's
-      // overrides is undefined it will be updated later. So we can wait with
-      // updating the node's overrides field.
-      return false;
-    }
-    if (!this.overrides) {
-      this.overrides = otherOverrideSet;
-      this.recalculateOutEdgesOverrides();
-      return true;
-    }
-    if (this.overrides.isEqual(otherOverrideSet)) {
-      return false;
-    }
-    const newOverrideSet = SafeOverrideSet.findSpecificOverrideSet(this.overrides, otherOverrideSet);
-    if (newOverrideSet) {
-      if (this.overrides.isEqual(newOverrideSet)) {
-        return false;
-      }
-      this.overrides = newOverrideSet;
-      this.recalculateOutEdgesOverrides();
-      return true;
-    }
-    // This is an error condition. We can only get here if the new override set
-    // is in conflict with the existing.
-    const log = getLogger();
-    log?.silly('Conflicting override sets', this.name);
-    return false;
-  }
-
-  // Patch adding updateOverridesEdgeInRemoved is based on
-  // https://github.com/npm/cli/pull/7025.
-  updateOverridesEdgeInRemoved(otherOverrideSet) {
-    // If this edge's overrides isn't equal to this node's overrides,
-    // then removing it won't change newOverrideSet later.
-    if (!this.overrides || !this.overrides.isEqual(otherOverrideSet)) {
-      return false;
-    }
-    let newOverrideSet;
-    for (const edge of this.edgesIn) {
-      const {
-        overrides: edgeOverrides
-      } = edge;
-      if (newOverrideSet && edgeOverrides) {
-        newOverrideSet = SafeOverrideSet.findSpecificOverrideSet(edgeOverrides, newOverrideSet);
-      } else {
-        newOverrideSet = edgeOverrides;
-      }
-    }
-    if (this.overrides.isEqual(newOverrideSet)) {
-      return false;
-    }
-    this.overrides = newOverrideSet;
-    if (newOverrideSet) {
-      // Optimization: If there's any override set at all, then no non-extraneous
-      // node has an empty override set. So if we temporarily have no override set
-      // (for example, we removed all the edges in), there's no use updating all
-      // the edges out right now. Let's just wait until we have an actual override
-      // set later.
-      this.recalculateOutEdgesOverrides();
-    }
-    return true;
-  }
-}
-
-const Edge = require(npmPaths.getArboristEdgeClassPath());
-
-// The Edge class makes heavy use of private properties which subclasses do NOT
-// have access to. So we have to recreate any functionality that relies on those
-// private properties and use our own "safe" prefixed non-conflicting private
-// properties. Implementation code not related to patch https://github.com/npm/cli/pull/7025
-// is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/edge.js.
-//
-// The npm application
-// Copyright (c) npm, Inc. and Contributors
-// Licensed on the terms of The Artistic License 2.0
-//
-// An edge in the dependency graph.
-// Represents a dependency relationship of some kind.
-const initializedSafeEdges = new WeakSet();
-class SafeEdge extends Edge {
-  #safeAccept;
-  #safeError;
-  #safeExplanation;
-  #safeFrom;
-  #safeName;
-  #safeTo;
-  constructor(options) {
-    const {
-      accept,
-      from,
-      name
-    } = options;
-    // Defer to supper to validate options and assign non-private values.
-    super(options);
-    if (accept !== undefined) {
-      this.#safeAccept = accept || '*';
-    }
-    if (from.constructor !== SafeNode) {
-      Reflect.setPrototypeOf(from, SafeNode.prototype);
-    }
-    this.#safeError = null;
-    this.#safeExplanation = null;
-    this.#safeFrom = from;
-    this.#safeName = name;
-    this.#safeTo = null;
-    initializedSafeEdges.add(this);
-    this.reload(true);
-  }
-  get accept() {
-    return this.#safeAccept;
-  }
-  get bundled() {
-    return !!this.#safeFrom?.package?.bundleDependencies?.includes(this.name);
-  }
-  get error() {
-    if (!this.#safeError) {
-      if (!this.#safeTo) {
-        if (this.optional) {
-          this.#safeError = null;
-        } else {
-          this.#safeError = 'MISSING';
-        }
-      } else if (this.peer && this.#safeFrom === this.#safeTo.parent && !this.#safeFrom?.isTop) {
-        this.#safeError = 'PEER LOCAL';
-      } else if (!this.satisfiedBy(this.#safeTo)) {
-        this.#safeError = 'INVALID';
-      }
-      // Patch adding "else if" condition is based on
-      // https://github.com/npm/cli/pull/7025.
-      else if (this.overrides && this.#safeTo.edgesOut.size && SafeOverrideSet.doOverrideSetsConflict(this.overrides, this.#safeTo.overrides)) {
-        // Any inconsistency between the edge's override set and the target's
-        // override set is potentially problematic. But we only say the edge is
-        // in error if the override sets are plainly conflicting. Note that if
-        // the target doesn't have any dependencies of their own, then this
-        // inconsistency is irrelevant.
-        this.#safeError = 'INVALID';
-      } else {
-        this.#safeError = 'OK';
-      }
-    }
-    if (this.#safeError === 'OK') {
-      return null;
-    }
-    return this.#safeError;
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get from() {
-    return this.#safeFrom;
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get spec() {
-    if (this.overrides?.value && this.overrides.value !== '*' && this.overrides.name === this.name) {
-      // Patch adding "if" condition is based on
-      // https://github.com/npm/cli/pull/7025.
-      //
-      // If this edge has the same overrides field as the source, then we're not
-      // applying an override for this edge.
-      if (this.overrides === this.#safeFrom?.overrides) {
-        // The Edge rawSpec getter will retrieve the private Edge #spec property.
-        return this.rawSpec;
-      }
-      if (this.overrides.value.startsWith('$')) {
-        const ref = this.overrides.value.slice(1);
-        // We may be a virtual root, if we are we want to resolve reference
-        // overrides from the real root, not the virtual one.
-        const pkg = this.#safeFrom?.sourceReference ? this.#safeFrom.sourceReference.root.package : this.#safeFrom?.root?.package;
-        if (pkg?.devDependencies?.[ref]) {
-          return pkg.devDependencies[ref];
-        }
-        if (pkg?.optionalDependencies?.[ref]) {
-          return pkg.optionalDependencies[ref];
-        }
-        if (pkg?.dependencies?.[ref]) {
-          return pkg.dependencies[ref];
-        }
-        if (pkg?.peerDependencies?.[ref]) {
-          return pkg.peerDependencies[ref];
-        }
-        throw new Error(`Unable to resolve reference ${this.overrides.value}`);
-      }
-      return this.overrides.value;
-    }
-    return this.rawSpec;
-  }
-
-  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
-  get to() {
-    return this.#safeTo;
-  }
-  detach() {
-    this.#safeExplanation = null;
-    // Patch replacing
-    // if (this.#safeTo) {
-    //   this.#safeTo.edgesIn.delete(this)
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    this.#safeTo?.deleteEdgeIn(this);
-    this.#safeFrom?.edgesOut.delete(this.name);
-    this.#safeTo = null;
-    this.#safeError = 'DETACHED';
-    this.#safeFrom = null;
-  }
-
-  // Return the edge data, and an explanation of how that edge came to be here.
-  // @ts-ignore: Edge#explain is defined with an unused `seen = []` param.
-  explain() {
-    if (!this.#safeExplanation) {
-      const explanation = {
-        type: this.type,
-        name: this.name,
-        spec: this.spec,
-        bundled: false,
-        overridden: false,
-        error: undefined,
-        from: undefined,
-        rawSpec: undefined
-      };
-      if (this.rawSpec !== this.spec) {
-        explanation.rawSpec = this.rawSpec;
-        explanation.overridden = true;
-      }
-      if (this.bundled) {
-        explanation.bundled = this.bundled;
-      }
-      if (this.error) {
-        explanation.error = this.error;
-      }
-      if (this.#safeFrom) {
-        explanation.from = this.#safeFrom.explain();
-      }
-      this.#safeExplanation = explanation;
-    }
-    return this.#safeExplanation;
-  }
-  reload(hard = false) {
-    if (!initializedSafeEdges.has(this)) {
-      // Skip if called during super constructor.
-      return;
-    }
-    this.#safeExplanation = null;
-    // Patch adding newOverrideSet and oldOverrideSet is based on
-    // https://github.com/npm/cli/pull/7025.
-    let newOverrideSet;
-    let oldOverrideSet;
-    if (this.#safeFrom?.overrides) {
-      // Patch replacing
-      // this.overrides = this.#safeFrom.overrides.getEdgeRule(this)
-      // is based on https://github.com/npm/cli/pull/7025.
-      const newOverrideSet = this.#safeFrom.overrides.getEdgeRule(this);
-      if (newOverrideSet && !newOverrideSet.isEqual(this.overrides)) {
-        // If there's a new different override set we need to propagate it to
-        // the nodes. If we're deleting the override set then there's no point
-        // propagating it right now since it will be filled with another value
-        // later.
-        oldOverrideSet = this.overrides;
-        this.overrides = newOverrideSet;
-      }
-    } else {
-      this.overrides = undefined;
-    }
-    const newTo = this.#safeFrom?.resolve(this.name);
-    if (newTo !== this.#safeTo) {
-      // Patch replacing
-      // if (this.#safeTo) {
-      //   this.#safeTo.edgesIn.delete(this)
-      // }
-      // is based on https://github.com/npm/cli/pull/7025.
-      this.#safeTo?.deleteEdgeIn(this);
-      this.#safeTo = newTo ?? null;
-      this.#safeError = null;
-      this.#safeTo?.addEdgeIn(this);
-    } else if (hard) {
-      this.#safeError = null;
-    }
-    // Patch adding "else if" condition based on
-    // https://github.com/npm/cli/pull/7025.
-    else if (oldOverrideSet) {
-      // Propagate the new override set to the target node.
-      this.#safeTo.updateOverridesEdgeInRemoved(oldOverrideSet);
-      this.#safeTo.updateOverridesEdgeInAdded(newOverrideSet);
-    }
-  }
-  satisfiedBy(node) {
-    // Patch replacing
-    // if (node.name !== this.#name) {
-    //   return false
-    // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    if (node.name !== this.#safeName || !this.#safeFrom) {
-      return false;
-    }
-    // NOTE: this condition means we explicitly do not support overriding
-    // bundled or shrinkwrapped dependencies
-    if (node.hasShrinkwrap || node.inShrinkwrap || node.inBundle) {
-      return depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom);
-    }
-    // Patch replacing
-    // return depValid(node, this.spec, this.#accept, this.#from)
-    // is based on https://github.com/npm/cli/pull/7025.
-    //
-    // If there's no override we just use the spec.
-    if (!this.overrides?.keySpec) {
-      return depValid(node, this.spec, this.#safeAccept, this.#safeFrom);
-    }
-    // There's some override. If the target node satisfies the overriding spec
-    // then it's okay.
-    if (depValid(node, this.spec, this.#safeAccept, this.#safeFrom)) {
-      return true;
-    }
-    // If it doesn't, then it should at least satisfy the original spec.
-    if (!depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom)) {
-      return false;
-    }
-    // It satisfies the original spec, not the overriding spec. We need to make
-    // sure it doesn't use the overridden spec.
-    // For example, we might have an ^8.0.0 rawSpec, and an override that makes
-    // keySpec=8.23.0 and the override value spec=9.0.0.
-    // If the node is 9.0.0, then it's okay because it's consistent with spec.
-    // If the node is 8.24.0, then it's okay because it's consistent with the rawSpec.
-    // If the node is 8.23.0, then it's not okay because even though it's consistent
-    // with the rawSpec, it's also consistent with the keySpec.
-    // So we're looking for ^8.0.0 or 9.0.0 and not 8.23.0.
-    return !depValid(node, this.overrides.keySpec, this.#safeAccept, this.#safeFrom);
-  }
-}
-
-const {
-  LOOP_SENTINEL,
-  NPM,
-  NPM_REGISTRY_URL,
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
-  SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
-  abortSignal,
-  kInternalsSymbol,
-  [kInternalsSymbol]: {
-    getIPC
-  }
-} = constants;
-const formatter = new socketUrl.ColorOrMarkdown(false);
-function findBestPatchVersion(name, availableVersions, currentMajorVersion, vulnerableVersionRange, _firstPatchedVersionIdentifier) {
-  const manifestVersion = registry.getManifestData(NPM, name)?.version;
-  // Filter versions that are within the current major version and are not in the vulnerable range
-  const eligibleVersions = availableVersions.filter(version => {
-    const isSameMajor = semver.major(version) === currentMajorVersion;
-    const isNotVulnerable = !semver.satisfies(version, vulnerableVersionRange);
-    if (isSameMajor && isNotVulnerable) {
-      return true;
-    }
-    return !!manifestVersion;
-  });
-  if (eligibleVersions.length === 0) {
-    return null;
-  }
-  // Use semver to find the max satisfying version.
-  return semver.maxSatisfying(eligibleVersions, '*');
-}
-function findPackageNodes(tree, packageName) {
-  const queue = [{
-    node: tree
-  }];
-  const matches = [];
-  let sentinel = 0;
-  while (queue.length) {
-    if (sentinel++ === LOOP_SENTINEL) {
-      throw new Error('Detected infinite loop in findPackageNodes');
-    }
-    const {
-      node: currentNode
-    } = queue.pop();
-    const node = currentNode.children.get(packageName);
-    if (node) {
-      matches.push(node);
-    }
-    const children = [...currentNode.children.values()];
-    for (let i = children.length - 1; i >= 0; i -= 1) {
-      queue.push({
-        node: children[i]
-      });
-    }
-  }
-  return matches;
-}
-async function getPackagesAlerts(details, options) {
-  let {
-    length: remaining
-  } = details;
-  const packageAlerts = [];
-  if (!remaining) {
-    return packageAlerts;
-  }
-  const {
-    includeExisting = false,
-    includeUnfixable = true,
-    output
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const spinner$1 = output ? new spinner.Spinner({
-    stream: output
-  }) : undefined;
-  const getText = spinner$1 ? () => `Looking up data for ${remaining} packages` : () => '';
-  spinner$1?.start(getText());
-  try {
-    for await (const artifact of batchScan(arrays.arrayUnique(details.map(d => d.node.pkgid)))) {
-      if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
-        continue;
-      }
-      const {
-        version
-      } = artifact;
-      const name = packages.resolvePackageName(artifact);
-      const id = `${name}@${artifact.version}`;
-      let displayWarning = false;
-      let alerts = [];
-      for (const alert of artifact.alerts) {
-        // eslint-disable-next-line no-await-in-loop
-        const ux = await uxLookup({
-          package: {
-            name,
-            version
-          },
-          alert: {
-            type: alert.type
-          }
-        });
-        if (ux.display && output) {
-          displayWarning = true;
-        }
-        if (ux.block || ux.display) {
-          const fixable = isArtifactAlertFixable(alert);
-          if (includeUnfixable || fixable) {
-            alerts.push({
-              name,
-              version,
-              key: alert.key,
-              type: alert.type,
-              block: ux.block,
-              raw: alert,
-              fixable
-            });
-          }
-          // Lazily access constants.IPC.
-          if (includeExisting && !constants.IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]) {
-            // Before we ask about problematic issues, check to see if they
-            // already existed in the old version if they did, be quiet.
-            const existing = details.find(d => d.existing?.pkgid.startsWith(`${name}@`))?.existing;
-            if (existing) {
-              const oldArtifact =
-              // eslint-disable-next-line no-await-in-loop
-              (await batchScan([existing.pkgid]).next()).value;
-              if (oldArtifact?.alerts?.length) {
-                alerts = alerts.filter(({
-                  type
-                }) => !oldArtifact.alerts.find(a => a.type === type));
-              }
-            }
-          }
-        }
-      }
-      if (displayWarning && spinner$1) {
-        spinner$1.stop(`(socket) ${formatter.hyperlink(id, socketUrl.getSocketDevPackageOverviewUrl(NPM, name, version))} contains risks:`);
-      }
-      alerts.sort((a, b) => a.type < b.type ? -1 : 1);
-      if (output) {
-        const lines = new Set();
-        const translations = getTranslations();
-        for (const alert of alerts) {
-          const attributes = [...(alert.fixable ? ['fixable'] : []), ...(alert.block ? [] : ['non-blocking'])];
-          const maybeAttributes = attributes.length ? ` (${attributes.join('; ')})` : '';
-          // Based data from { pageProps: { alertTypes } } of:
-          // https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
-          const info = translations.alerts[alert.type];
-          const title = info?.title ?? alert.type;
-          const maybeDesc = info?.description ? ` - ${info.description}` : '';
-          // TODO: emoji seems to mis-align terminals sometimes
-          lines.add(`  ${title}${maybeAttributes}${maybeDesc}\n`);
-        }
-        for (const line of lines) {
-          output?.write(line);
-        }
-      }
-      spinner$1?.start();
-      remaining -= 1;
-      if (spinner$1) {
-        spinner$1.text = remaining > 0 ? getText() : '';
-      }
-      packageAlerts.push(...alerts);
-    }
-  } catch (e) {
-    npmPaths.debugLog(e);
-  } finally {
-    spinner$1?.stop();
-  }
-  return packageAlerts;
-}
-let _translations;
-function getTranslations() {
-  if (_translations === undefined) {
-    _translations = require(
-    // Lazily access constants.rootPath.
-    path.join(constants.rootPath, 'translations.json'));
-  }
-  return _translations;
-}
-async function updateAdvisoryDependencies(arb, alerts) {
-  let patchDataByPkg;
-  for (const alert of alerts) {
-    if (!isArtifactAlertCveFixable(alert.raw)) {
-      continue;
-    }
-    if (!patchDataByPkg) {
-      patchDataByPkg = {};
-    }
-    const {
-      name
-    } = alert;
-    if (!patchDataByPkg[name]) {
-      patchDataByPkg[name] = [];
-    }
-    const {
-      firstPatchedVersionIdentifier,
-      vulnerableVersionRange
-    } = alert.raw.props;
-    patchDataByPkg[name].push({
-      firstPatchedVersionIdentifier,
-      vulnerableVersionRange
-    });
-  }
-  if (!patchDataByPkg) {
-    // No advisories to process.
-    return;
-  }
-  await arb.buildIdealTree();
-  const tree = arb.idealTree;
-  for (const name of Object.keys(patchDataByPkg)) {
-    const nodes = findPackageNodes(tree, name);
-    if (!nodes.length) {
-      continue;
-    }
-    // Fetch packument to get available versions.
-    // eslint-disable-next-line no-await-in-loop
-    const packument = await packages.fetchPackagePackument(name);
-    for (const node of nodes) {
-      const {
-        version
-      } = node;
-      const majorVerNum = semver.major(version);
-      const availableVersions = packument ? Object.keys(packument.versions) : [];
-      const patchData = patchDataByPkg[name];
-      for (const {
-        firstPatchedVersionIdentifier,
-        vulnerableVersionRange
-      } of patchData) {
-        // Find the highest non-vulnerable version within the same major range
-        const targetVersion = findBestPatchVersion(name, availableVersions, majorVerNum, vulnerableVersionRange);
-        const targetPackument = targetVersion ? packument.versions[targetVersion] : undefined;
-        // Check !targetVersion to make TypeScript happy.
-        if (!targetVersion || !targetPackument) {
-          // No suitable patch version found.
-          continue;
-        }
-        // Use Object.defineProperty to override the version.
-        Object.defineProperty(node, 'version', {
-          configurable: true,
-          enumerable: true,
-          get: () => targetVersion
-        });
-        node.package.version = targetVersion;
-        // Update resolved and clear integrity for the new version.
-        node.resolved = `${NPM_REGISTRY_URL}/${name}/-/${name}-${targetVersion}.tgz`;
-        if (node.integrity) {
-          delete node.integrity;
-        }
-        if ('deprecated' in targetPackument) {
-          node.package['deprecated'] = targetPackument.deprecated;
-        } else {
-          delete node.package['deprecated'];
-        }
-        const newDeps = {
-          ...targetPackument.dependencies
-        };
-        const {
-          dependencies: oldDeps
-        } = node.package;
-        node.package.dependencies = newDeps;
-        if (oldDeps) {
-          for (const oldDepName of Object.keys(oldDeps)) {
-            if (!objects.hasOwn(newDeps, oldDepName)) {
-              node.edgesOut.get(oldDepName)?.detach();
-            }
-          }
-        }
-        for (const newDepName of Object.keys(newDeps)) {
-          if (!objects.hasOwn(oldDeps, newDepName)) {
-            node.addEdgeOut(new Edge({
-              from: node,
-              name: newDepName,
-              spec: newDeps[newDepName],
-              type: 'prod'
-            }));
-          }
-        }
-      }
-    }
-  }
-}
-const kRiskyReify = Symbol('riskyReify');
-async function reify(...args) {
-  const IPC = await getIPC();
-  // We are assuming `this[_diffTrees]()` has been called by `super.reify(...)`:
-  // https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/reify.js#L141
-  let needInfoOn = getPackagesToQueryFromDiff(this.diff, {
-    includeUnchanged: !!IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]
-  });
-  if (!needInfoOn.length) {
-    // Nothing to check, hmmm already installed or all private?
-    return await this[kRiskyReify](...args);
-  }
-  const {
-    [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: bypassConfirms,
-    [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: bypassAlerts
-  } = IPC;
-  const {
-    stderr: output,
-    stdin: input
-  } = process;
-  let alerts = bypassAlerts ? [] : await getPackagesAlerts(needInfoOn, {
-    output
-  });
-  if (alerts.length && !bypassConfirms && !(await prompts.confirm({
-    message: 'Accept risks of installing these packages?',
-    default: false
-  }, {
-    input,
-    output,
-    signal: abortSignal
-  }))) {
-    throw new Error('Socket npm exiting due to risks');
-  }
-  if (!alerts.length || !bypassConfirms && !(await prompts.confirm({
-    message: 'Try to fix alerts?',
-    default: true
-  }, {
-    input,
-    output,
-    signal: abortSignal
-  }))) {
-    return await this[kRiskyReify](...args);
-  }
-  const prev = new Set(alerts.map(a => a.key));
-  let ret;
-  /* eslint-disable no-await-in-loop */
-  while (alerts.length > 0) {
-    await updateAdvisoryDependencies(this, alerts);
-    ret = await this[kRiskyReify](...args);
-    await this.loadActual();
-    await this.buildIdealTree();
-    needInfoOn = getPackagesToQueryFromDiff(this.diff, {
-      includeUnchanged: true
-    });
-    alerts = (await getPackagesAlerts(needInfoOn, {
-      includeExisting: true,
-      includeUnfixable: true
-    })).filter(({
-      key
-    }) => {
-      const unseen = !prev.has(key);
-      if (unseen) {
-        prev.add(key);
-      }
-      return unseen;
-    });
-  }
-  /* eslint-enable no-await-in-loop */
-  return ret;
-}
-
-const Arborist = require(npmPaths.getArboristClassPath());
-const kCtorArgs = Symbol('ctorArgs');
-
-// Implementation code not related to our custom behavior is based on
-// https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/index.js:
-class SafeArborist extends Arborist {
-  constructor(...ctorArgs) {
-    super({
-      ...ctorArgs[0],
-      audit: true,
-      dryRun: true,
-      ignoreScripts: true,
-      save: false,
-      saveBundle: false,
-      // progress: false,
-      fund: false
-    }, ...ctorArgs.slice(1));
-    this[kCtorArgs] = ctorArgs;
-  }
-  async [kRiskyReify](...args) {
-    // SafeArborist has suffered side effects and must be rebuilt from scratch.
-    const arb = new Arborist(...this[kCtorArgs]);
-    arb.idealTree = this.idealTree;
-    const ret = await arb.reify(...args);
-    Object.assign(this, arb);
-    return ret;
-  }
-
-  // @ts-ignore Incorrectly typed.
-  async reify(...args) {
-    const options = args[0] ? {
-      ...args[0]
-    } : {};
-    if (options.dryRun) {
-      return await this[kRiskyReify](...args);
-    }
-    const old = {
-      ...options,
-      dryRun: false,
-      save: Boolean(options.save ?? true),
-      saveBundle: Boolean(options.saveBundle ?? false)
-    };
-    args[0] = options;
-    options.dryRun = true;
-    options.save = false;
-    options.saveBundle = false;
-    await super.reify(...args);
-    options.dryRun = old.dryRun;
-    options.save = old.save;
-    options.saveBundle = old.saveBundle;
-    return await Reflect.apply(reify, this, args);
-  }
-}
 
 function installSafeArborist() {
   // Override '@npmcli/arborist' module exports with patched variants based on
   // https://github.com/npm/cli/pull/7025.
   const cache = require.cache;
   cache[npmPaths.getArboristClassPath()] = {
-    exports: SafeArborist
+    exports: index.SafeArborist
   };
   cache[npmPaths.getArboristEdgeClassPath()] = {
-    exports: SafeEdge
+    exports: index.SafeEdge
   };
   cache[npmPaths.getArboristNodeClassPath()] = {
-    exports: SafeNode
+    exports: index.SafeNode
   };
   cache[npmPaths.getArboristOverrideSetClassPath()] = {
-    exports: SafeOverrideSet
+    exports: index.SafeOverrideSet
   };
 }
 
 installSafeArborist();
+//# debugId=dac61d14-9648-405b-a9b5-46614799a46c
+//# sourceMappingURL=npm-injection.js.map