@socketsecurity/cli 0.14.86 → 0.14.87
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module-sync/cli.js +58 -50
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/fs.d.ts +61 -0
- package/dist/module-sync/shadow-npm-inject.js +14 -7
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/require/cli.js +58 -50
- package/dist/require/cli.js.map +1 -1
- package/package.json +1 -1
package/dist/require/cli.js
CHANGED
|
@@ -912,7 +912,7 @@ function emitBanner(name) {
|
|
|
912
912
|
logger.logger.error(getAsciiHeader(name))
|
|
913
913
|
}
|
|
914
914
|
function getAsciiHeader(command) {
|
|
915
|
-
const cliVersion = '0.14.
|
|
915
|
+
const cliVersion = '0.14.87:0330c30:ab4a8e5e:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
916
916
|
const nodeVersion = process$1.version
|
|
917
917
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
918
918
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -3900,7 +3900,6 @@ async function npmFix(
|
|
|
3900
3900
|
const editablePkgJson = await packages.readPackageJson(cwd, {
|
|
3901
3901
|
editable: true
|
|
3902
3902
|
})
|
|
3903
|
-
const { content: pkgJson } = editablePkgJson
|
|
3904
3903
|
await arb.buildIdealTree()
|
|
3905
3904
|
for (const { 0: name, 1: infos } of infoByPkg) {
|
|
3906
3905
|
const hasUpgrade = !!registry.getManifestData(NPM$f, name)
|
|
@@ -3952,19 +3951,20 @@ async function npmFix(
|
|
|
3952
3951
|
targetVersion = node.package.version
|
|
3953
3952
|
const fixSpec = `${name}@^${targetVersion}`
|
|
3954
3953
|
const revertData = {
|
|
3955
|
-
...(
|
|
3954
|
+
...(editablePkgJson.content.dependencies
|
|
3956
3955
|
? {
|
|
3957
|
-
dependencies:
|
|
3956
|
+
dependencies: editablePkgJson.content.dependencies
|
|
3958
3957
|
}
|
|
3959
3958
|
: undefined),
|
|
3960
|
-
...(
|
|
3959
|
+
...(editablePkgJson.content.optionalDependencies
|
|
3961
3960
|
? {
|
|
3962
|
-
optionalDependencies:
|
|
3961
|
+
optionalDependencies:
|
|
3962
|
+
editablePkgJson.content.optionalDependencies
|
|
3963
3963
|
}
|
|
3964
3964
|
: undefined),
|
|
3965
|
-
...(
|
|
3965
|
+
...(editablePkgJson.content.peerDependencies
|
|
3966
3966
|
? {
|
|
3967
|
-
peerDependencies:
|
|
3967
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
3968
3968
|
}
|
|
3969
3969
|
: undefined)
|
|
3970
3970
|
}
|
|
@@ -3974,6 +3974,7 @@ async function npmFix(
|
|
|
3974
3974
|
editablePkgJson,
|
|
3975
3975
|
arb.idealTree,
|
|
3976
3976
|
node,
|
|
3977
|
+
targetVersion,
|
|
3977
3978
|
rangeStyle
|
|
3978
3979
|
)
|
|
3979
3980
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4291,7 +4292,6 @@ async function pnpmFix(
|
|
|
4291
4292
|
const editablePkgJson = await packages.readPackageJson(cwd, {
|
|
4292
4293
|
editable: true
|
|
4293
4294
|
})
|
|
4294
|
-
const { content: pkgJson } = editablePkgJson
|
|
4295
4295
|
let actualTree = await getActualTree(cwd)
|
|
4296
4296
|
for (const { 0: name, 1: infos } of infoByPkg) {
|
|
4297
4297
|
if (registry.getManifestData(NPM$c, name)) {
|
|
@@ -4341,14 +4341,18 @@ async function pnpmFix(
|
|
|
4341
4341
|
let installed = false
|
|
4342
4342
|
let saved = false
|
|
4343
4343
|
if (targetVersion && targetPackument) {
|
|
4344
|
-
const oldPnpm =
|
|
4345
|
-
const
|
|
4344
|
+
const oldPnpm = editablePkgJson.content[PNPM$9]
|
|
4345
|
+
const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
4346
4346
|
const oldOverrides = oldPnpm?.[OVERRIDES$2]
|
|
4347
|
-
const
|
|
4347
|
+
const oldOverridesCount = oldOverrides
|
|
4348
4348
|
? Object.keys(oldOverrides).length
|
|
4349
4349
|
: 0
|
|
4350
4350
|
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4351
|
-
const overrideRange =
|
|
4351
|
+
const overrideRange = shadowNpmInject.applyRange(
|
|
4352
|
+
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4353
|
+
targetVersion,
|
|
4354
|
+
rangeStyle
|
|
4355
|
+
)
|
|
4352
4356
|
const fixSpec = `${name}@${overrideRange}`
|
|
4353
4357
|
const updateData = {
|
|
4354
4358
|
[PNPM$9]: {
|
|
@@ -4360,11 +4364,11 @@ async function pnpmFix(
|
|
|
4360
4364
|
}
|
|
4361
4365
|
}
|
|
4362
4366
|
const revertData = {
|
|
4363
|
-
[PNPM$9]:
|
|
4367
|
+
[PNPM$9]: oldPnpmKeyCount
|
|
4364
4368
|
? {
|
|
4365
4369
|
...oldPnpm,
|
|
4366
4370
|
[OVERRIDES$2]:
|
|
4367
|
-
|
|
4371
|
+
oldOverridesCount === 1
|
|
4368
4372
|
? undefined
|
|
4369
4373
|
: {
|
|
4370
4374
|
[overrideKey]: undefined,
|
|
@@ -4372,19 +4376,20 @@ async function pnpmFix(
|
|
|
4372
4376
|
}
|
|
4373
4377
|
}
|
|
4374
4378
|
: undefined,
|
|
4375
|
-
...(
|
|
4379
|
+
...(editablePkgJson.content.dependencies
|
|
4376
4380
|
? {
|
|
4377
|
-
dependencies:
|
|
4381
|
+
dependencies: editablePkgJson.content.dependencies
|
|
4378
4382
|
}
|
|
4379
4383
|
: undefined),
|
|
4380
|
-
...(
|
|
4384
|
+
...(editablePkgJson.content.optionalDependencies
|
|
4381
4385
|
? {
|
|
4382
|
-
optionalDependencies:
|
|
4386
|
+
optionalDependencies:
|
|
4387
|
+
editablePkgJson.content.optionalDependencies
|
|
4383
4388
|
}
|
|
4384
4389
|
: undefined),
|
|
4385
|
-
...(
|
|
4390
|
+
...(editablePkgJson.content.peerDependencies
|
|
4386
4391
|
? {
|
|
4387
|
-
peerDependencies:
|
|
4392
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
4388
4393
|
}
|
|
4389
4394
|
: undefined)
|
|
4390
4395
|
}
|
|
@@ -4395,6 +4400,7 @@ async function pnpmFix(
|
|
|
4395
4400
|
editablePkgJson,
|
|
4396
4401
|
actualTree,
|
|
4397
4402
|
node,
|
|
4403
|
+
targetVersion,
|
|
4398
4404
|
rangeStyle
|
|
4399
4405
|
)
|
|
4400
4406
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -6395,13 +6401,13 @@ const depsIncludesByAgent = new Map([
|
|
|
6395
6401
|
[YARN_CLASSIC$5, matchLsCmdViewHumanStdout]
|
|
6396
6402
|
])
|
|
6397
6403
|
|
|
6398
|
-
function getDependencyEntries(
|
|
6404
|
+
function getDependencyEntries(editablePkgJson) {
|
|
6399
6405
|
const {
|
|
6400
6406
|
dependencies,
|
|
6401
6407
|
devDependencies,
|
|
6402
6408
|
optionalDependencies,
|
|
6403
6409
|
peerDependencies
|
|
6404
|
-
} =
|
|
6410
|
+
} = editablePkgJson.content
|
|
6405
6411
|
return [
|
|
6406
6412
|
[
|
|
6407
6413
|
'dependencies',
|
|
@@ -6452,8 +6458,8 @@ const {
|
|
|
6452
6458
|
YARN_BERRY: YARN_BERRY$3,
|
|
6453
6459
|
YARN_CLASSIC: YARN_CLASSIC$4
|
|
6454
6460
|
} = constants
|
|
6455
|
-
function getOverridesDataBun(
|
|
6456
|
-
const overrides =
|
|
6461
|
+
function getOverridesDataBun(editablePkgJson) {
|
|
6462
|
+
const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
|
|
6457
6463
|
return {
|
|
6458
6464
|
type: YARN_BERRY$3,
|
|
6459
6465
|
overrides
|
|
@@ -6462,8 +6468,8 @@ function getOverridesDataBun(pkgJson) {
|
|
|
6462
6468
|
|
|
6463
6469
|
// npm overrides documentation:
|
|
6464
6470
|
// https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
|
|
6465
|
-
function getOverridesDataNpm(
|
|
6466
|
-
const overrides =
|
|
6471
|
+
function getOverridesDataNpm(editablePkgJson) {
|
|
6472
|
+
const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
|
|
6467
6473
|
return {
|
|
6468
6474
|
type: NPM$5,
|
|
6469
6475
|
overrides
|
|
@@ -6472,15 +6478,15 @@ function getOverridesDataNpm(pkgJson) {
|
|
|
6472
6478
|
|
|
6473
6479
|
// pnpm overrides documentation:
|
|
6474
6480
|
// https://pnpm.io/package_json#pnpmoverrides
|
|
6475
|
-
function getOverridesDataPnpm(
|
|
6476
|
-
const overrides =
|
|
6481
|
+
function getOverridesDataPnpm(editablePkgJson) {
|
|
6482
|
+
const overrides = editablePkgJson.content?.[PNPM$5]?.[OVERRIDES$1] ?? {}
|
|
6477
6483
|
return {
|
|
6478
6484
|
type: PNPM$5,
|
|
6479
6485
|
overrides
|
|
6480
6486
|
}
|
|
6481
6487
|
}
|
|
6482
|
-
function getOverridesDataVlt(
|
|
6483
|
-
const overrides =
|
|
6488
|
+
function getOverridesDataVlt(editablePkgJson) {
|
|
6489
|
+
const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
|
|
6484
6490
|
return {
|
|
6485
6491
|
type: VLT$3,
|
|
6486
6492
|
overrides
|
|
@@ -6489,8 +6495,8 @@ function getOverridesDataVlt(pkgJson) {
|
|
|
6489
6495
|
|
|
6490
6496
|
// Yarn resolutions documentation:
|
|
6491
6497
|
// https://yarnpkg.com/configuration/manifest#resolutions
|
|
6492
|
-
function getOverridesDataYarn(
|
|
6493
|
-
const overrides =
|
|
6498
|
+
function getOverridesDataYarn(editablePkgJson) {
|
|
6499
|
+
const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
|
|
6494
6500
|
return {
|
|
6495
6501
|
type: YARN_BERRY$3,
|
|
6496
6502
|
overrides
|
|
@@ -6499,8 +6505,8 @@ function getOverridesDataYarn(pkgJson) {
|
|
|
6499
6505
|
|
|
6500
6506
|
// Yarn resolutions documentation:
|
|
6501
6507
|
// https://classic.yarnpkg.com/en/docs/selective-version-resolutions
|
|
6502
|
-
function
|
|
6503
|
-
const overrides =
|
|
6508
|
+
function getOverridesDataYarnClassic(editablePkgJson) {
|
|
6509
|
+
const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
|
|
6504
6510
|
return {
|
|
6505
6511
|
type: YARN_CLASSIC$4,
|
|
6506
6512
|
overrides
|
|
@@ -6512,12 +6518,12 @@ const overridesDataByAgent = new Map([
|
|
|
6512
6518
|
[PNPM$5, getOverridesDataPnpm],
|
|
6513
6519
|
[VLT$3, getOverridesDataVlt],
|
|
6514
6520
|
[YARN_BERRY$3, getOverridesDataYarn],
|
|
6515
|
-
[YARN_CLASSIC$4,
|
|
6521
|
+
[YARN_CLASSIC$4, getOverridesDataYarnClassic]
|
|
6516
6522
|
])
|
|
6517
6523
|
|
|
6518
6524
|
const { PNPM: PNPM$4 } = constants
|
|
6519
6525
|
const PNPM_WORKSPACE = `${PNPM$4}-workspace`
|
|
6520
|
-
async function getWorkspaceGlobs(agent, pkgPath,
|
|
6526
|
+
async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
|
|
6521
6527
|
let workspacePatterns
|
|
6522
6528
|
if (agent === PNPM$4) {
|
|
6523
6529
|
for (const workspacePath of [
|
|
@@ -6536,7 +6542,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
|
|
|
6536
6542
|
}
|
|
6537
6543
|
}
|
|
6538
6544
|
} else {
|
|
6539
|
-
workspacePatterns =
|
|
6545
|
+
workspacePatterns = editablePkgJson.content['workspaces']
|
|
6540
6546
|
}
|
|
6541
6547
|
return Array.isArray(workspacePatterns)
|
|
6542
6548
|
? workspacePatterns
|
|
@@ -6809,8 +6815,7 @@ function getHighestEntryIndex(entries, keys) {
|
|
|
6809
6815
|
return getEntryIndexes(entries, keys).at(-1) ?? -1
|
|
6810
6816
|
}
|
|
6811
6817
|
function updatePkgJsonField(editablePkgJson, field, value) {
|
|
6812
|
-
const
|
|
6813
|
-
const oldValue = pkgJson[field]
|
|
6818
|
+
const oldValue = editablePkgJson.content[field]
|
|
6814
6819
|
if (oldValue) {
|
|
6815
6820
|
// The field already exists so we simply update the field value.
|
|
6816
6821
|
if (field === PNPM$1) {
|
|
@@ -6861,7 +6866,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
|
|
|
6861
6866
|
// Since the field doesn't exist we want to insert it into the package.json
|
|
6862
6867
|
// in a place that makes sense, e.g. close to the "dependencies" field. If
|
|
6863
6868
|
// we can't find a place to insert the field we'll add it to the bottom.
|
|
6864
|
-
const entries = Object.entries(
|
|
6869
|
+
const entries = Object.entries(editablePkgJson.content)
|
|
6865
6870
|
let insertIndex = -1
|
|
6866
6871
|
let isPlacingHigher = false
|
|
6867
6872
|
if (field === OVERRIDES) {
|
|
@@ -6960,9 +6965,12 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
6960
6965
|
editable: true
|
|
6961
6966
|
})
|
|
6962
6967
|
}
|
|
6963
|
-
const { content: pkgJson } = editablePkgJson
|
|
6964
6968
|
const workspaceName = path$1.relative(rootPath, pkgPath)
|
|
6965
|
-
const workspaceGlobs = await getWorkspaceGlobs(
|
|
6969
|
+
const workspaceGlobs = await getWorkspaceGlobs(
|
|
6970
|
+
agent,
|
|
6971
|
+
pkgPath,
|
|
6972
|
+
editablePkgJson
|
|
6973
|
+
)
|
|
6966
6974
|
const isRoot = pkgPath === rootPath
|
|
6967
6975
|
const isLockScanned = isRoot && !prod
|
|
6968
6976
|
const isWorkspace = !!workspaceGlobs
|
|
@@ -6982,19 +6990,19 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
6982
6990
|
)
|
|
6983
6991
|
}
|
|
6984
6992
|
const overridesDataObjects = []
|
|
6985
|
-
if (
|
|
6986
|
-
overridesDataObjects.push(overridesDataByAgent.get(agent)(
|
|
6993
|
+
if (editablePkgJson.content['private'] || isWorkspace) {
|
|
6994
|
+
overridesDataObjects.push(overridesDataByAgent.get(agent)(editablePkgJson))
|
|
6987
6995
|
} else {
|
|
6988
6996
|
overridesDataObjects.push(
|
|
6989
|
-
overridesDataByAgent.get(NPM$1)(
|
|
6990
|
-
overridesDataByAgent.get(YARN_CLASSIC)(
|
|
6997
|
+
overridesDataByAgent.get(NPM$1)(editablePkgJson),
|
|
6998
|
+
overridesDataByAgent.get(YARN_CLASSIC)(editablePkgJson)
|
|
6991
6999
|
)
|
|
6992
7000
|
}
|
|
6993
7001
|
spinner?.setText(
|
|
6994
7002
|
`Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`
|
|
6995
7003
|
)
|
|
6996
7004
|
const depAliasMap = new Map()
|
|
6997
|
-
const depEntries = getDependencyEntries(
|
|
7005
|
+
const depEntries = getDependencyEntries(editablePkgJson)
|
|
6998
7006
|
const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
|
|
6999
7007
|
semver.satisfies(
|
|
7000
7008
|
// Roughly check Node range as semver.coerce will strip leading
|
|
@@ -11337,7 +11345,7 @@ void (async () => {
|
|
|
11337
11345
|
await vendor.updater({
|
|
11338
11346
|
name: SOCKET_CLI_BIN_NAME,
|
|
11339
11347
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11340
|
-
version: '0.14.
|
|
11348
|
+
version: '0.14.87',
|
|
11341
11349
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11342
11350
|
})
|
|
11343
11351
|
try {
|
|
@@ -11405,5 +11413,5 @@ void (async () => {
|
|
|
11405
11413
|
await shadowNpmInject.captureException(e)
|
|
11406
11414
|
}
|
|
11407
11415
|
})()
|
|
11408
|
-
//# debugId=
|
|
11416
|
+
//# debugId=edc81af1-3c95-4c28-8036-f282cefb6b5d
|
|
11409
11417
|
//# sourceMappingURL=cli.js.map
|