@socketsecurity/cli 0.14.8 → 0.14.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/cli.js +19 -8
  2. package/dist/npm-injection.js +4 -0
  3. package/package.json +19 -17
package/dist/cli.js CHANGED
@@ -878,6 +878,7 @@ async function findUp(name, {
878
878
  for (const name of names) {
879
879
  const filePath = _nodePath$4.join(dir, name);
880
880
  try {
881
+ // eslint-disable-next-line no-await-in-loop
881
882
  const stats = await _nodeFs$4.promises.stat(filePath);
882
883
  if (stats.isFile()) {
883
884
  return filePath;
@@ -1051,7 +1052,10 @@ async function detect({
1051
1052
  }
1052
1053
  const nodeRange = (0, _objects$1.getOwn)(pkgJson['engines'], 'node');
1053
1054
  if ((0, _strings.isNonEmptyString)(nodeRange)) {
1054
- node = MAINTAINED_NODE_VERSIONS.some(v => _semver$1.satisfies(v, nodeRange));
1055
+ node = MAINTAINED_NODE_VERSIONS.some(v => {
1056
+ const coerced = _semver$1.coerce(nodeRange);
1057
+ coerced && _semver$1.satisfies(coerced, `^${v}`);
1058
+ });
1055
1059
  }
1056
1060
  const browserslistQuery = (0, _objects$1.getOwn)(pkgJson, 'browserslist');
1057
1061
  if (Array.isArray(browserslistQuery)) {
@@ -1061,7 +1065,10 @@ async function detect({
1061
1065
  browser = browserslistTargets.length !== browserslistNodeTargets.length;
1062
1066
  }
1063
1067
  if (node === undefined && browserslistNodeTargets.length) {
1064
- node = MAINTAINED_NODE_VERSIONS.some(r => browserslistNodeTargets.some(v => _semver$1.satisfies(v, `^${r}`)));
1068
+ node = MAINTAINED_NODE_VERSIONS.some(v => browserslistNodeTargets.some(t => {
1069
+ const coerced = _semver$1.coerce(t);
1070
+ return coerced && _semver$1.satisfies(coerced, `^${v}`);
1071
+ }));
1065
1072
  }
1066
1073
  }
1067
1074
  if (browser !== undefined) {
@@ -1257,11 +1264,14 @@ async function addOverrides({
1257
1264
  } : undefined]].filter(({
1258
1265
  1: o
1259
1266
  }) => o);
1260
- const overridesDataObjects = [getOverridesDataByAgent['npm'](editablePkgJson.content)];
1261
- const isApp = isPrivate || isWorkspace;
1262
- const overridesData = !isApp || agent !== 'npm' ? getOverridesDataByAgent[isApp ? agent : 'yarn'](editablePkgJson.content) : undefined;
1263
- if (overridesData) {
1264
- overridesDataObjects.push(overridesData);
1267
+ const overridesDataObjects = [];
1268
+ if (isPrivate || isWorkspace) {
1269
+ const data = getOverridesDataByAgent[agent](editablePkgJson.content);
1270
+ if (data) {
1271
+ overridesDataObjects.push(data);
1272
+ }
1273
+ } else {
1274
+ overridesDataObjects.push(getOverridesDataByAgent['npm'](editablePkgJson.content), getOverridesDataByAgent['yarn'](editablePkgJson.content));
1265
1275
  }
1266
1276
  const aliasMap = new Map();
1267
1277
  for (const {
@@ -1294,7 +1304,7 @@ async function addOverrides({
1294
1304
  type,
1295
1305
  overrides
1296
1306
  } of overridesDataObjects) {
1297
- if (overrides && !(0, _objects.hasOwn)(overrides, origPkgName) && lockIncludes(lockSrc, origPkgName)) {
1307
+ if (!(0, _objects.hasOwn)(overrides, origPkgName) && lockIncludes(lockSrc, origPkgName)) {
1298
1308
  packageNames.add(regPkgName);
1299
1309
  overrides[origPkgName] =
1300
1310
  // With npm you may not set an override for a package that you directly
@@ -1723,6 +1733,7 @@ async function fetchReportData(reportId, {
1723
1733
  let result;
1724
1734
  for (let retry = 1; !result; ++retry) {
1725
1735
  try {
1736
+ // eslint-disable-next-line no-await-in-loop
1726
1737
  result = await (0, _apiHelpers$g.handleApiCall)(socketSdk.getReport(reportId), 'fetching report');
1727
1738
  } catch (err) {
1728
1739
  if (retry >= MAX_TIMEOUT_RETRY || !(err instanceof _ponyCause$3.ErrorWithCause) || err.cause?.cause?.response?.statusCode !== 524) {
package/dist/npm-injection.js CHANGED
@@ -451,6 +451,7 @@ const ttyServer = (0, _ttyServer.createTTYServer)(_chalk.default.level, (0, _isI
451
451
  let _uxLookup;
452
452
  async function uxLookup(settings) {
453
453
  while (_uxLookup === undefined) {
454
+ // eslint-disable-next-line no-await-in-loop
454
455
  await (0, _promises.setTimeout)(1, {
455
456
  signal: abortSignal
456
457
  });
@@ -637,6 +638,7 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
637
638
  } else {
638
639
  let blocked = false;
639
640
  for (const failure of pkgData.value.issues) {
641
+ // eslint-disable-next-line no-await-in-loop
640
642
  const ux = await uxLookup({
641
643
  package: {
642
644
  name,
@@ -655,6 +657,7 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
655
657
  // already existed in the old version if they did, be quiet.
656
658
  const pkg = pkgs.find(pkg => pkg.pkgid === id && pkg.existing?.startsWith(`${name}@`));
657
659
  if (pkg?.existing) {
660
+ // eslint-disable-next-line no-await-in-loop
658
661
  for await (const oldPkgData of batchScan([pkg.existing])) {
659
662
  if (oldPkgData.type === 'success') {
660
663
  failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.raw.type) == null);
@@ -1101,6 +1104,7 @@ class SafeArborist extends Arborist {
1101
1104
  const rli = _nodeReadline.createInterface(rlin, rlout);
1102
1105
  try {
1103
1106
  while (true) {
1107
+ // eslint-disable-next-line no-await-in-loop
1104
1108
  const answer = await new Promise(resolve => {
1105
1109
  rli.question('Accept risks of installing these packages (y/N)?\n', {
1106
1110
  signal: abortSignal
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@socketsecurity/cli",
3
- "version": "0.14.8",
3
+ "version": "0.14.9",
4
4
  "description": "CLI tool for Socket.dev",
5
5
  "homepage": "http://github.com/SocketDev/socket-cli-js",
6
6
  "license": "MIT",
@@ -41,11 +41,11 @@
41
41
  },
42
42
  "dependencies": {
43
43
  "@apideck/better-ajv-errors": "^0.3.6",
44
- "@cyclonedx/cdxgen": "^10.10.4",
44
+ "@cyclonedx/cdxgen": "^10.10.6",
45
45
  "@inquirer/prompts": "^7.0.0",
46
46
  "@npmcli/package-json": "6.0.1",
47
- "@npmcli/promise-spawn": "^8.0.1",
48
- "@socketregistry/hyrious__bun.lockb": "1.0.0",
47
+ "@npmcli/promise-spawn": "^8.0.2",
48
+ "@socketregistry/hyrious__bun.lockb": "1.0.1",
49
49
  "@socketsecurity/config": "^2.1.3",
50
50
  "@socketsecurity/registry": "^1.0.8",
51
51
  "@socketsecurity/sdk": "^1.3.0",
@@ -67,7 +67,7 @@
67
67
  "ignore": "^6.0.2",
68
68
  "ini": "5.0.0",
69
69
  "onetime": "^7.0.0",
70
- "pacote": "^19.0.0",
70
+ "pacote": "^20.0.0",
71
71
  "pony-cause": "^2.1.11",
72
72
  "rc": "1.2.8",
73
73
  "registry-auth-token": "^5.0.2",
@@ -90,8 +90,9 @@
90
90
  "@babel/preset-env": "^7.25.8",
91
91
  "@babel/preset-typescript": "^7.25.7",
92
92
  "@babel/runtime": "^7.25.7",
93
- "@eslint/compat": "^1.2.0",
94
- "@rollup/plugin-commonjs": "^28.0.0",
93
+ "@eslint/compat": "^1.2.1",
94
+ "@eslint/js": "^9.13.0",
95
+ "@rollup/plugin-commonjs": "^28.0.1",
95
96
  "@rollup/plugin-json": "^6.1.0",
96
97
  "@rollup/plugin-node-resolve": "^15.3.0",
97
98
  "@rollup/plugin-replace": "^6.0.1",
@@ -100,7 +101,7 @@
100
101
  "@types/micromatch": "^4.0.9",
101
102
  "@types/mocha": "^10.0.9",
102
103
  "@types/mock-fs": "^4.13.4",
103
- "@types/node": "^22.7.5",
104
+ "@types/node": "^22.7.7",
104
105
  "@types/npmcli__arborist": "^5.6.11",
105
106
  "@types/npmcli__package-json": "^4.0.4",
106
107
  "@types/npmcli__promise-spawn": "^6.0.3",
@@ -108,35 +109,36 @@
108
109
  "@types/update-notifier": "^6.0.8",
109
110
  "@types/which": "^3.0.4",
110
111
  "@types/yargs-parser": "^21.0.3",
111
- "@typescript-eslint/eslint-plugin": "^8.8.1",
112
- "@typescript-eslint/parser": "^8.8.1",
112
+ "@typescript-eslint/eslint-plugin": "^8.10.0",
113
+ "@typescript-eslint/parser": "^8.10.0",
113
114
  "c8": "^10.1.2",
114
115
  "chalk": "^5.3.0",
115
- "eslint": "^9.12.0",
116
+ "eslint": "^9.13.0",
116
117
  "eslint-plugin-depend": "^0.11.0",
118
+ "eslint-plugin-unicorn": "^56.0.0",
117
119
  "globby": "^14.0.2",
118
120
  "husky": "^9.1.6",
119
121
  "is-interactive": "^2.0.0",
120
122
  "is-unicode-supported": "^2.1.0",
121
123
  "knip": "^5.33.3",
122
- "magic-string": "^0.30.11",
124
+ "magic-string": "^0.30.12",
123
125
  "meow": "^13.2.0",
124
- "mock-fs": "^5.3.0",
126
+ "mock-fs": "^5.4.0",
125
127
  "nock": "^13.5.5",
126
128
  "normalize-package-data": "^7.0.0",
127
- "npm-run-all2": "^6.2.3",
129
+ "npm-run-all2": "^6.2.4",
128
130
  "open": "^10.1.0",
129
131
  "ora": "^8.1.0",
130
- "oxlint": "^0.9.10",
132
+ "oxlint": "0.9.10",
131
133
  "prettier": "3.3.3",
132
134
  "read-package-up": "^11.0.0",
133
135
  "rollup": "4.24.0",
134
136
  "rollup-plugin-ts": "^3.4.5",
135
137
  "tap": "^21.0.1",
136
138
  "terminal-link": "^3.0.0",
137
- "type-coverage": "^2.29.1",
139
+ "type-coverage": "^2.29.7",
138
140
  "typescript": "5.4.5",
139
- "typescript-eslint": "^8.8.1",
141
+ "typescript-eslint": "^8.10.0",
140
142
  "unplugin-purge-polyfills": "^0.0.7",
141
143
  "update-notifier": "^7.3.1",
142
144
  "validate-npm-package-name": "^6.0.0"