@socketsecurity/cli 0.14.85 → 0.14.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module-sync/cli.js +84 -50
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +2 -2
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/require/cli.js +84 -50
- package/dist/require/cli.js.map +1 -1
- package/package.json +1 -1
- package/dist/module-sync/fs.d.ts +0 -61
package/dist/require/cli.js
CHANGED
|
@@ -912,7 +912,7 @@ function emitBanner(name) {
|
|
|
912
912
|
logger.logger.error(getAsciiHeader(name))
|
|
913
913
|
}
|
|
914
914
|
function getAsciiHeader(command) {
|
|
915
|
-
const cliVersion = '0.14.
|
|
915
|
+
const cliVersion = '0.14.86:69093e9:6be0e47e:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
916
916
|
const nodeVersion = process$1.version
|
|
917
917
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
918
918
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -3942,10 +3942,14 @@ async function npmFix(
|
|
|
3942
3942
|
continue
|
|
3943
3943
|
}
|
|
3944
3944
|
const oldSpec = `${name}@${oldVersion}`
|
|
3945
|
+
let targetVersion
|
|
3946
|
+
let failed = false
|
|
3947
|
+
let installed = false
|
|
3948
|
+
let saved = false
|
|
3945
3949
|
if (
|
|
3946
3950
|
shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3947
3951
|
) {
|
|
3948
|
-
|
|
3952
|
+
targetVersion = node.package.version
|
|
3949
3953
|
const fixSpec = `${name}@^${targetVersion}`
|
|
3950
3954
|
const revertData = {
|
|
3951
3955
|
...(pkgJson.dependencies
|
|
@@ -3965,8 +3969,6 @@ async function npmFix(
|
|
|
3965
3969
|
: undefined)
|
|
3966
3970
|
}
|
|
3967
3971
|
spinner?.info(`Installing ${fixSpec}`)
|
|
3968
|
-
let saved = false
|
|
3969
|
-
let installed = false
|
|
3970
3972
|
try {
|
|
3971
3973
|
shadowNpmInject.updatePackageJsonFromNode(
|
|
3972
3974
|
editablePkgJson,
|
|
@@ -3993,20 +3995,8 @@ async function npmFix(
|
|
|
3993
3995
|
}
|
|
3994
3996
|
spinner?.successAndStop(`Fixed ${name}`)
|
|
3995
3997
|
spinner?.start()
|
|
3996
|
-
// Lazily access constants.ENV[CI].
|
|
3997
|
-
if (constants.ENV[CI$1]) {
|
|
3998
|
-
// eslint-disable-next-line no-await-in-loop
|
|
3999
|
-
const prResponse = await openGitHubPullRequest(
|
|
4000
|
-
name,
|
|
4001
|
-
targetVersion,
|
|
4002
|
-
cwd
|
|
4003
|
-
)
|
|
4004
|
-
if (autoMerge) {
|
|
4005
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4006
|
-
await enableAutoMerge(prResponse.data)
|
|
4007
|
-
}
|
|
4008
|
-
}
|
|
4009
3998
|
} catch {
|
|
3999
|
+
failed = true
|
|
4010
4000
|
spinner?.error(`Reverting ${fixSpec}`)
|
|
4011
4001
|
if (saved) {
|
|
4012
4002
|
editablePkgJson.update(revertData)
|
|
@@ -4022,8 +4012,35 @@ async function npmFix(
|
|
|
4022
4012
|
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4023
4013
|
}
|
|
4024
4014
|
} else {
|
|
4015
|
+
failed = true
|
|
4025
4016
|
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4026
4017
|
}
|
|
4018
|
+
if (
|
|
4019
|
+
!failed &&
|
|
4020
|
+
// Check targetVersion to make TypeScript happy.
|
|
4021
|
+
targetVersion &&
|
|
4022
|
+
// Lazily access constants.ENV[CI].
|
|
4023
|
+
constants.ENV[CI$1]
|
|
4024
|
+
) {
|
|
4025
|
+
let prResponse
|
|
4026
|
+
try {
|
|
4027
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4028
|
+
prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
|
|
4029
|
+
} catch (e) {
|
|
4030
|
+
logger.logger.error('Failed to open pull request', e)
|
|
4031
|
+
}
|
|
4032
|
+
if (prResponse && autoMerge) {
|
|
4033
|
+
try {
|
|
4034
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4035
|
+
await enableAutoMerge(prResponse.data)
|
|
4036
|
+
} catch (e) {
|
|
4037
|
+
logger.logger.error(
|
|
4038
|
+
'Failed to enable auto-merge in pull request',
|
|
4039
|
+
e
|
|
4040
|
+
)
|
|
4041
|
+
}
|
|
4042
|
+
}
|
|
4043
|
+
}
|
|
4027
4044
|
}
|
|
4028
4045
|
}
|
|
4029
4046
|
}
|
|
@@ -4207,7 +4224,7 @@ function runAgentInstall(pkgEnvDetails, options) {
|
|
|
4207
4224
|
...options
|
|
4208
4225
|
}
|
|
4209
4226
|
const skipNodeHardenFlags =
|
|
4210
|
-
|
|
4227
|
+
agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
|
|
4211
4228
|
return spawn.spawn(agentExecPath, ['install', ...args], {
|
|
4212
4229
|
spinner,
|
|
4213
4230
|
stdio: 'inherit',
|
|
@@ -4228,8 +4245,15 @@ function runAgentInstall(pkgEnvDetails, options) {
|
|
|
4228
4245
|
}
|
|
4229
4246
|
|
|
4230
4247
|
const { CI, NPM: NPM$c, OVERRIDES: OVERRIDES$2, PNPM: PNPM$9 } = constants
|
|
4231
|
-
async function
|
|
4232
|
-
const
|
|
4248
|
+
async function getActualTree(cwd = process.cwd()) {
|
|
4249
|
+
const arb = new shadowNpmInject.SafeArborist({
|
|
4250
|
+
path: cwd,
|
|
4251
|
+
...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
4252
|
+
})
|
|
4253
|
+
return await arb.loadActual()
|
|
4254
|
+
}
|
|
4255
|
+
async function install(pkgEnvDetails, options) {
|
|
4256
|
+
const { cwd, spinner } = {
|
|
4233
4257
|
__proto__: null,
|
|
4234
4258
|
...options
|
|
4235
4259
|
}
|
|
@@ -4238,8 +4262,7 @@ async function install(pkgEnvDetails, arb, options) {
|
|
|
4238
4262
|
spinner,
|
|
4239
4263
|
stdio: debug.isDebug() ? 'inherit' : 'ignore'
|
|
4240
4264
|
})
|
|
4241
|
-
|
|
4242
|
-
await arb.loadActual()
|
|
4265
|
+
return await getActualTree(cwd)
|
|
4243
4266
|
}
|
|
4244
4267
|
async function pnpmFix(
|
|
4245
4268
|
pkgEnvDetails,
|
|
@@ -4269,11 +4292,7 @@ async function pnpmFix(
|
|
|
4269
4292
|
editable: true
|
|
4270
4293
|
})
|
|
4271
4294
|
const { content: pkgJson } = editablePkgJson
|
|
4272
|
-
|
|
4273
|
-
path: cwd,
|
|
4274
|
-
...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
4275
|
-
})
|
|
4276
|
-
await arb.loadActual()
|
|
4295
|
+
let actualTree = await getActualTree(cwd)
|
|
4277
4296
|
for (const { 0: name, 1: infos } of infoByPkg) {
|
|
4278
4297
|
if (registry.getManifestData(NPM$c, name)) {
|
|
4279
4298
|
spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
|
|
@@ -4281,7 +4300,7 @@ async function pnpmFix(
|
|
|
4281
4300
|
}
|
|
4282
4301
|
const specs = arrays.arrayUnique(
|
|
4283
4302
|
shadowNpmInject
|
|
4284
|
-
.findPackageNodes(
|
|
4303
|
+
.findPackageNodes(actualTree, name)
|
|
4285
4304
|
.map(n => `${n.name}@${n.version}`)
|
|
4286
4305
|
)
|
|
4287
4306
|
const packument =
|
|
@@ -4301,7 +4320,7 @@ async function pnpmFix(
|
|
|
4301
4320
|
vulnerableVersionRange
|
|
4302
4321
|
} of infos) {
|
|
4303
4322
|
const node = shadowNpmInject.findPackageNode(
|
|
4304
|
-
|
|
4323
|
+
actualTree,
|
|
4305
4324
|
name,
|
|
4306
4325
|
oldVersion
|
|
4307
4326
|
)
|
|
@@ -4318,6 +4337,9 @@ async function pnpmFix(
|
|
|
4318
4337
|
const targetPackument = targetVersion
|
|
4319
4338
|
? packument.versions[targetVersion]
|
|
4320
4339
|
: undefined
|
|
4340
|
+
let failed = false
|
|
4341
|
+
let installed = false
|
|
4342
|
+
let saved = false
|
|
4321
4343
|
if (targetVersion && targetPackument) {
|
|
4322
4344
|
const oldPnpm = pkgJson[PNPM$9]
|
|
4323
4345
|
const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
@@ -4367,13 +4389,11 @@ async function pnpmFix(
|
|
|
4367
4389
|
: undefined)
|
|
4368
4390
|
}
|
|
4369
4391
|
spinner?.info(`Installing ${fixSpec}`)
|
|
4370
|
-
let saved = false
|
|
4371
|
-
let installed = false
|
|
4372
4392
|
try {
|
|
4373
4393
|
editablePkgJson.update(updateData)
|
|
4374
4394
|
shadowNpmInject.updatePackageJsonFromNode(
|
|
4375
4395
|
editablePkgJson,
|
|
4376
|
-
|
|
4396
|
+
actualTree,
|
|
4377
4397
|
node,
|
|
4378
4398
|
rangeStyle
|
|
4379
4399
|
)
|
|
@@ -4382,7 +4402,7 @@ async function pnpmFix(
|
|
|
4382
4402
|
saved = true
|
|
4383
4403
|
|
|
4384
4404
|
// eslint-disable-next-line no-await-in-loop
|
|
4385
|
-
await install(pkgEnvDetails,
|
|
4405
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4386
4406
|
spinner
|
|
4387
4407
|
})
|
|
4388
4408
|
installed = true
|
|
@@ -4396,21 +4416,8 @@ async function pnpmFix(
|
|
|
4396
4416
|
}
|
|
4397
4417
|
spinner?.successAndStop(`Fixed ${name}`)
|
|
4398
4418
|
spinner?.start()
|
|
4399
|
-
|
|
4400
|
-
// Lazily access constants.ENV[CI].
|
|
4401
|
-
if (constants.ENV[CI]) {
|
|
4402
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4403
|
-
const prResponse = await openGitHubPullRequest(
|
|
4404
|
-
name,
|
|
4405
|
-
targetVersion,
|
|
4406
|
-
cwd
|
|
4407
|
-
)
|
|
4408
|
-
if (autoMerge) {
|
|
4409
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4410
|
-
await enableAutoMerge(prResponse.data)
|
|
4411
|
-
}
|
|
4412
|
-
}
|
|
4413
4419
|
} catch (e) {
|
|
4420
|
+
failed = true
|
|
4414
4421
|
spinner?.error(`Reverting ${fixSpec}`, e)
|
|
4415
4422
|
if (saved) {
|
|
4416
4423
|
editablePkgJson.update(revertData)
|
|
@@ -4419,15 +4426,42 @@ async function pnpmFix(
|
|
|
4419
4426
|
}
|
|
4420
4427
|
if (installed) {
|
|
4421
4428
|
// eslint-disable-next-line no-await-in-loop
|
|
4422
|
-
await install(pkgEnvDetails,
|
|
4429
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4423
4430
|
spinner
|
|
4424
4431
|
})
|
|
4425
4432
|
}
|
|
4426
4433
|
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4427
4434
|
}
|
|
4428
4435
|
} else {
|
|
4436
|
+
failed = true
|
|
4429
4437
|
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4430
4438
|
}
|
|
4439
|
+
if (
|
|
4440
|
+
!failed &&
|
|
4441
|
+
// Check targetVersion to make TypeScript happy.
|
|
4442
|
+
targetVersion &&
|
|
4443
|
+
// Lazily access constants.ENV[CI].
|
|
4444
|
+
constants.ENV[CI]
|
|
4445
|
+
) {
|
|
4446
|
+
let prResponse
|
|
4447
|
+
try {
|
|
4448
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4449
|
+
prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
|
|
4450
|
+
} catch (e) {
|
|
4451
|
+
logger.logger.error('Failed to open pull request', e)
|
|
4452
|
+
}
|
|
4453
|
+
if (prResponse && autoMerge) {
|
|
4454
|
+
try {
|
|
4455
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4456
|
+
await enableAutoMerge(prResponse.data)
|
|
4457
|
+
} catch (e) {
|
|
4458
|
+
logger.logger.error(
|
|
4459
|
+
'Failed to enable auto-merge in pull request',
|
|
4460
|
+
e
|
|
4461
|
+
)
|
|
4462
|
+
}
|
|
4463
|
+
}
|
|
4464
|
+
}
|
|
4431
4465
|
}
|
|
4432
4466
|
}
|
|
4433
4467
|
}
|
|
@@ -11303,7 +11337,7 @@ void (async () => {
|
|
|
11303
11337
|
await vendor.updater({
|
|
11304
11338
|
name: SOCKET_CLI_BIN_NAME,
|
|
11305
11339
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11306
|
-
version: '0.14.
|
|
11340
|
+
version: '0.14.86',
|
|
11307
11341
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11308
11342
|
})
|
|
11309
11343
|
try {
|
|
@@ -11371,5 +11405,5 @@ void (async () => {
|
|
|
11371
11405
|
await shadowNpmInject.captureException(e)
|
|
11372
11406
|
}
|
|
11373
11407
|
})()
|
|
11374
|
-
//# debugId=
|
|
11408
|
+
//# debugId=358951ff-4438-4565-a758-09112312f1b8
|
|
11375
11409
|
//# sourceMappingURL=cli.js.map
|