@socketsecurity/cli 0.14.86 → 0.14.88

package/dist/require/cli.js

@@ -912,7 +912,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.86:69093e9:6be0e47e:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.88:959a4cc:c95f3852:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3900,7 +3900,6 @@ async function npmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
   await arb.buildIdealTree()
   for (const { 0: name, 1: infos } of infoByPkg) {
     const hasUpgrade = !!registry.getManifestData(NPM$f, name)
@@ -3952,19 +3951,20 @@ async function npmFix(
           targetVersion = node.package.version
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
@@ -3974,6 +3974,7 @@ async function npmFix(
               editablePkgJson,
               arb.idealTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -4291,7 +4292,6 @@ async function pnpmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
   let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
@@ -4341,14 +4341,18 @@ async function pnpmFix(
         let installed = false
         let saved = false
         if (targetVersion && targetPackument) {
-          const oldPnpm = pkgJson[PNPM$9]
-          const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
+          const oldPnpm = editablePkgJson.content[PNPM$9]
+          const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
           const oldOverrides = oldPnpm?.[OVERRIDES$2]
-          const overridesCount = oldOverrides
+          const oldOverridesCount = oldOverrides
             ? Object.keys(oldOverrides).length
             : 0
           const overrideKey = `${node.name}@${vulnerableVersionRange}`
-          const overrideRange = `^${targetVersion}`
+          const overrideRange = shadowNpmInject.applyRange(
+            oldOverrides?.[overrideKey] ?? targetVersion,
+            targetVersion,
+            rangeStyle
+          )
           const fixSpec = `${name}@${overrideRange}`
           const updateData = {
             [PNPM$9]: {
@@ -4360,11 +4364,11 @@ async function pnpmFix(
             }
           }
           const revertData = {
-            [PNPM$9]: pnpmKeyCount
+            [PNPM$9]: oldPnpmKeyCount
               ? {
                   ...oldPnpm,
                   [OVERRIDES$2]:
-                    overridesCount === 1
+                    oldOverridesCount === 1
                       ? undefined
                       : {
                           [overrideKey]: undefined,
@@ -4372,19 +4376,20 @@ async function pnpmFix(
                         }
                 }
               : undefined,
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
@@ -4395,6 +4400,7 @@ async function pnpmFix(
               editablePkgJson,
               actualTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -4448,6 +4454,7 @@ async function pnpmFix(
             // eslint-disable-next-line no-await-in-loop
             prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
           } catch (e) {
+            console.log(e)
             logger.logger.error('Failed to open pull request', e)
           }
           if (prResponse && autoMerge) {
@@ -6395,13 +6402,13 @@ const depsIncludesByAgent = new Map([
   [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]
 ])
 
-function getDependencyEntries(pkgJson) {
+function getDependencyEntries(editablePkgJson) {
   const {
     dependencies,
     devDependencies,
     optionalDependencies,
     peerDependencies
-  } = pkgJson
+  } = editablePkgJson.content
   return [
     [
       'dependencies',
@@ -6452,8 +6459,8 @@ const {
   YARN_BERRY: YARN_BERRY$3,
   YARN_CLASSIC: YARN_CLASSIC$4
 } = constants
-function getOverridesDataBun(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataBun(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6462,8 +6469,8 @@ function getOverridesDataBun(pkgJson) {
 
 // npm overrides documentation:
 // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
-function getOverridesDataNpm(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataNpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: NPM$5,
     overrides
@@ -6472,15 +6479,15 @@ function getOverridesDataNpm(pkgJson) {
 
 // pnpm overrides documentation:
 // https://pnpm.io/package_json#pnpmoverrides
-function getOverridesDataPnpm(pkgJson) {
-  const overrides = pkgJson?.pnpm?.[OVERRIDES$1] ?? {}
+function getOverridesDataPnpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[PNPM$5]?.[OVERRIDES$1] ?? {}
   return {
     type: PNPM$5,
     overrides
   }
 }
-function getOverridesDataVlt(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataVlt(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: VLT$3,
     overrides
@@ -6489,8 +6496,8 @@ function getOverridesDataVlt(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://yarnpkg.com/configuration/manifest#resolutions
-function getOverridesDataYarn(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarn(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6499,8 +6506,8 @@ function getOverridesDataYarn(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://classic.yarnpkg.com/en/docs/selective-version-resolutions
-function getOverridesDataClassic(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarnClassic(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_CLASSIC$4,
     overrides
@@ -6512,12 +6519,12 @@ const overridesDataByAgent = new Map([
   [PNPM$5, getOverridesDataPnpm],
   [VLT$3, getOverridesDataVlt],
   [YARN_BERRY$3, getOverridesDataYarn],
-  [YARN_CLASSIC$4, getOverridesDataClassic]
+  [YARN_CLASSIC$4, getOverridesDataYarnClassic]
 ])
 
 const { PNPM: PNPM$4 } = constants
 const PNPM_WORKSPACE = `${PNPM$4}-workspace`
-async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
+async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
   let workspacePatterns
   if (agent === PNPM$4) {
     for (const workspacePath of [
@@ -6536,7 +6543,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
       }
     }
   } else {
-    workspacePatterns = pkgJson['workspaces']
+    workspacePatterns = editablePkgJson.content['workspaces']
   }
   return Array.isArray(workspacePatterns)
     ? workspacePatterns
@@ -6809,8 +6816,7 @@ function getHighestEntryIndex(entries, keys) {
   return getEntryIndexes(entries, keys).at(-1) ?? -1
 }
 function updatePkgJsonField(editablePkgJson, field, value) {
-  const { content: pkgJson } = editablePkgJson
-  const oldValue = pkgJson[field]
+  const oldValue = editablePkgJson.content[field]
   if (oldValue) {
     // The field already exists so we simply update the field value.
     if (field === PNPM$1) {
@@ -6861,7 +6867,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
   // Since the field doesn't exist we want to insert it into the package.json
   // in a place that makes sense, e.g. close to the "dependencies" field. If
   // we can't find a place to insert the field we'll add it to the bottom.
-  const entries = Object.entries(pkgJson)
+  const entries = Object.entries(editablePkgJson.content)
   let insertIndex = -1
   let isPlacingHigher = false
   if (field === OVERRIDES) {
@@ -6960,9 +6966,12 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
       editable: true
     })
   }
-  const { content: pkgJson } = editablePkgJson
   const workspaceName = path$1.relative(rootPath, pkgPath)
-  const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson)
+  const workspaceGlobs = await getWorkspaceGlobs(
+    agent,
+    pkgPath,
+    editablePkgJson
+  )
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
   const isWorkspace = !!workspaceGlobs
@@ -6982,19 +6991,19 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
     )
   }
   const overridesDataObjects = []
-  if (pkgJson['private'] || isWorkspace) {
-    overridesDataObjects.push(overridesDataByAgent.get(agent)(pkgJson))
+  if (editablePkgJson.content['private'] || isWorkspace) {
+    overridesDataObjects.push(overridesDataByAgent.get(agent)(editablePkgJson))
   } else {
     overridesDataObjects.push(
-      overridesDataByAgent.get(NPM$1)(pkgJson),
-      overridesDataByAgent.get(YARN_CLASSIC)(pkgJson)
+      overridesDataByAgent.get(NPM$1)(editablePkgJson),
+      overridesDataByAgent.get(YARN_CLASSIC)(editablePkgJson)
     )
   }
   spinner?.setText(
     `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`
   )
   const depAliasMap = new Map()
-  const depEntries = getDependencyEntries(pkgJson)
+  const depEntries = getDependencyEntries(editablePkgJson)
   const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
     semver.satisfies(
       // Roughly check Node range as semver.coerce will strip leading
@@ -11337,7 +11346,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.86',
+    version: '0.14.88',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11405,5 +11414,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=358951ff-4438-4565-a758-09112312f1b8
+//# debugId=dda21afa-14de-4943-ba06-841d32c7c3d5
 //# sourceMappingURL=cli.js.map