@socketsecurity/cli 0.14.94 → 0.14.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/module-sync/cli.js +176 -156
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-bin.js +3 -14
- package/dist/module-sync/shadow-bin.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +68 -59
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js +16 -29
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/module-sync/vendor.d.ts +0 -0
- package/dist/module-sync/vendor.js +85829 -12598
- package/dist/module-sync/vendor.js.map +1 -1
- package/dist/require/cli.js +158 -137
- package/dist/require/cli.js.map +1 -1
- package/dist/require/shadow-bin.d.ts +5 -0
- package/dist/require/shadow-bin.js +104 -1
- package/dist/require/shadow-bin.js.map +1 -0
- package/dist/require/shadow-npm-inject.d.ts +1 -0
- package/dist/require/shadow-npm-inject.js +2335 -1
- package/dist/require/shadow-npm-inject.js.map +1 -0
- package/dist/require/shadow-npm-paths.d.ts +29 -0
- package/dist/require/shadow-npm-paths.js +454 -1
- package/dist/require/shadow-npm-paths.js.map +1 -0
- package/package.json +29 -29
- package/dist/blessed/lib/alias.js +0 -521
- package/dist/blessed/lib/blessed.js +0 -34
- package/dist/blessed/lib/colors.js +0 -492
- package/dist/blessed/lib/events.js +0 -197
- package/dist/blessed/lib/gpmclient.js +0 -247
- package/dist/blessed/lib/helpers.js +0 -172
- package/dist/blessed/lib/keys.js +0 -514
- package/dist/blessed/lib/program.js +0 -4532
- package/dist/blessed/lib/tput.js +0 -3113
- package/dist/blessed/lib/unicode.js +0 -914
- package/dist/blessed/lib/widget.js +0 -62
- package/dist/blessed/lib/widgets/ansiimage.js +0 -175
- package/dist/blessed/lib/widgets/bigtext.js +0 -172
- package/dist/blessed/lib/widgets/box.js +0 -36
- package/dist/blessed/lib/widgets/button.js +0 -64
- package/dist/blessed/lib/widgets/checkbox.js +0 -97
- package/dist/blessed/lib/widgets/element.js +0 -2873
- package/dist/blessed/lib/widgets/filemanager.js +0 -225
- package/dist/blessed/lib/widgets/form.js +0 -303
- package/dist/blessed/lib/widgets/image.js +0 -73
- package/dist/blessed/lib/widgets/input.js +0 -36
- package/dist/blessed/lib/widgets/layout.js +0 -251
- package/dist/blessed/lib/widgets/line.js +0 -61
- package/dist/blessed/lib/widgets/list.js +0 -654
- package/dist/blessed/lib/widgets/listbar.js +0 -454
- package/dist/blessed/lib/widgets/listtable.js +0 -267
- package/dist/blessed/lib/widgets/loading.js +0 -90
- package/dist/blessed/lib/widgets/log.js +0 -84
- package/dist/blessed/lib/widgets/message.js +0 -147
- package/dist/blessed/lib/widgets/node.js +0 -315
- package/dist/blessed/lib/widgets/overlayimage.js +0 -796
- package/dist/blessed/lib/widgets/progressbar.js +0 -168
- package/dist/blessed/lib/widgets/prompt.js +0 -129
- package/dist/blessed/lib/widgets/question.js +0 -131
- package/dist/blessed/lib/widgets/radiobutton.js +0 -64
- package/dist/blessed/lib/widgets/radioset.js +0 -38
- package/dist/blessed/lib/widgets/screen.js +0 -2487
- package/dist/blessed/lib/widgets/scrollablebox.js +0 -417
- package/dist/blessed/lib/widgets/scrollabletext.js +0 -37
- package/dist/blessed/lib/widgets/table.js +0 -385
- package/dist/blessed/lib/widgets/terminal.js +0 -454
- package/dist/blessed/lib/widgets/text.js +0 -37
- package/dist/blessed/lib/widgets/textarea.js +0 -378
- package/dist/blessed/lib/widgets/textbox.js +0 -81
- package/dist/blessed/lib/widgets/video.js +0 -132
- package/dist/blessed/usr/fonts/AUTHORS +0 -1
- package/dist/blessed/usr/fonts/LICENSE +0 -94
- package/dist/blessed/usr/fonts/README +0 -340
- package/dist/blessed/usr/fonts/ter-u14b.json +0 -17826
- package/dist/blessed/usr/fonts/ter-u14n.json +0 -17826
- package/dist/blessed/usr/linux +0 -0
- package/dist/blessed/usr/windows-ansi +0 -0
- package/dist/blessed/usr/xterm +0 -0
- package/dist/blessed/usr/xterm-256color +0 -0
- package/dist/blessed/usr/xterm.termcap +0 -243
- package/dist/blessed/usr/xterm.terminfo +0 -1977
- package/dist/blessed/vendor/tng.js +0 -1878
package/dist/module-sync/cli.js
CHANGED
|
@@ -12,57 +12,38 @@ function _socketInterop(e) {
|
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
const process$1 = require('node:process')
|
|
15
|
-
const
|
|
16
|
-
const
|
|
17
|
-
const updateNotifier = _socketInterop(require('tiny-updater'))
|
|
15
|
+
const require$$0$2 = require('node:url')
|
|
16
|
+
const vendor = require('./vendor.js')
|
|
18
17
|
const debug = require('@socketsecurity/registry/lib/debug')
|
|
19
18
|
const logger = require('@socketsecurity/registry/lib/logger')
|
|
20
19
|
const assert = require('node:assert')
|
|
21
20
|
const fs = require('node:fs/promises')
|
|
22
|
-
const commonTags = _socketInterop(require('common-tags'))
|
|
23
21
|
const strings = require('@socketsecurity/registry/lib/strings')
|
|
24
22
|
const shadowNpmInject = require('./shadow-npm-inject.js')
|
|
25
23
|
const constants = require('./constants.js')
|
|
26
|
-
const colors = _socketInterop(require('yoctocolors-cjs'))
|
|
27
24
|
const path$1 = require('node:path')
|
|
28
|
-
const meow = _socketInterop(require('meow'))
|
|
29
25
|
const objects = require('@socketsecurity/registry/lib/objects')
|
|
30
26
|
const path = require('@socketsecurity/registry/lib/path')
|
|
31
27
|
const regexps = require('@socketsecurity/registry/lib/regexps')
|
|
32
|
-
const yargsParse = _socketInterop(require('yargs-parser'))
|
|
33
28
|
const words = require('@socketsecurity/registry/lib/words')
|
|
34
|
-
const
|
|
29
|
+
const require$$0 = require('node:fs')
|
|
35
30
|
const shadowBin = require('./shadow-bin.js')
|
|
36
|
-
const open = _socketInterop(require('open'))
|
|
37
31
|
const prompts = require('@socketsecurity/registry/lib/prompts')
|
|
38
32
|
const shadowNpmPaths = require('./shadow-npm-paths.js')
|
|
39
|
-
const
|
|
40
|
-
const util = require('node:util')
|
|
41
|
-
const terminalLink = _socketInterop(require('terminal-link'))
|
|
33
|
+
const require$$0$1 = require('node:util')
|
|
42
34
|
const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
43
35
|
const registry = require('@socketsecurity/registry')
|
|
44
36
|
const npm = require('@socketsecurity/registry/lib/npm')
|
|
45
37
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
46
38
|
const spawn = require('@socketsecurity/registry/lib/spawn')
|
|
47
|
-
const rest = _socketInterop(require('@octokit/rest'))
|
|
48
|
-
const lockfile_fs = _socketInterop(require('@pnpm/lockfile.fs'))
|
|
49
|
-
const lockfile_detectDepTypes = _socketInterop(
|
|
50
|
-
require('@pnpm/lockfile.detect-dep-types')
|
|
51
|
-
)
|
|
52
|
-
const browserslist = _socketInterop(require('browserslist'))
|
|
53
|
-
const semver = _socketInterop(require('semver'))
|
|
54
|
-
const which = _socketInterop(require('which'))
|
|
55
39
|
const index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs')
|
|
56
40
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
57
41
|
const registryConstants = require('@socketsecurity/registry/lib/constants')
|
|
58
42
|
const isInteractive = require('@socketregistry/is-interactive/index.cjs')
|
|
59
|
-
const npa = _socketInterop(require('npm-package-arg'))
|
|
60
|
-
const tinyglobby = _socketInterop(require('tinyglobby'))
|
|
61
43
|
const promises = require('@socketsecurity/registry/lib/promises')
|
|
62
|
-
const yaml = _socketInterop(require('yaml'))
|
|
63
44
|
|
|
64
45
|
function failMsgWithBadge(badge, msg) {
|
|
65
|
-
return `${
|
|
46
|
+
return `${vendor.yoctocolorsCjsExports.bgRed(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.white(` ${badge}: `)))} ${vendor.yoctocolorsCjsExports.bold(msg)}`
|
|
66
47
|
}
|
|
67
48
|
|
|
68
49
|
function handleUnsuccessfulApiResponse(_name, sockSdkError) {
|
|
@@ -365,7 +346,7 @@ function renderJson(data) {
|
|
|
365
346
|
}
|
|
366
347
|
}
|
|
367
348
|
function renderMarkdown(data, days, repoSlug) {
|
|
368
|
-
return
|
|
349
|
+
return vendor.stripIndents`
|
|
369
350
|
# Socket Alert Analytics
|
|
370
351
|
|
|
371
352
|
These are the Socket.dev stats are analytics for the ${repoSlug ? `${repoSlug} repo` : 'org'} of the past ${days} days
|
|
@@ -405,7 +386,7 @@ ${[
|
|
|
405
386
|
]
|
|
406
387
|
]
|
|
407
388
|
.map(
|
|
408
|
-
([title, table]) =>
|
|
389
|
+
([title, table]) => vendor.stripIndents`
|
|
409
390
|
## ${title}
|
|
410
391
|
|
|
411
392
|
${table}
|
|
@@ -684,7 +665,7 @@ function handleBadInput(...checks) {
|
|
|
684
665
|
// If the message has newlines then format the first line with the input
|
|
685
666
|
// expectation and teh rest indented below it
|
|
686
667
|
msg.push(
|
|
687
|
-
` - ${lines[0]} (${d.test ?
|
|
668
|
+
` - ${lines[0]} (${d.test ? vendor.yoctocolorsCjsExports.green(d.pass) : vendor.yoctocolorsCjsExports.red(d.fail)})`
|
|
688
669
|
)
|
|
689
670
|
if (lines.length > 1) {
|
|
690
671
|
msg.push(...lines.slice(1).map(str => ` ${str}`))
|
|
@@ -757,7 +738,7 @@ async function meowWithSubcommands(subcommands, options) {
|
|
|
757
738
|
...commonFlags,
|
|
758
739
|
...additionalOptions.flags
|
|
759
740
|
}
|
|
760
|
-
const cli = meow(
|
|
741
|
+
const cli = vendor.meow(
|
|
761
742
|
`
|
|
762
743
|
Usage
|
|
763
744
|
$ ${name} <command>
|
|
@@ -889,7 +870,7 @@ function meowOrExit({
|
|
|
889
870
|
const command = `${parentName} ${config.commandName}`
|
|
890
871
|
|
|
891
872
|
// This exits if .printHelp() is called either by meow itself or by us.
|
|
892
|
-
const cli = meow({
|
|
873
|
+
const cli = vendor.meow({
|
|
893
874
|
argv,
|
|
894
875
|
description: config.description,
|
|
895
876
|
help: config.help(command, config),
|
|
@@ -918,7 +899,7 @@ function emitBanner(name) {
|
|
|
918
899
|
logger.logger.error(getAsciiHeader(name))
|
|
919
900
|
}
|
|
920
901
|
function getAsciiHeader(command) {
|
|
921
|
-
const cliVersion = '0.14.
|
|
902
|
+
const cliVersion = '0.14.95:3360fca:4844779e:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
922
903
|
const nodeVersion = process$1.version
|
|
923
904
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
924
905
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -1364,9 +1345,9 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1364
1345
|
if (
|
|
1365
1346
|
yargv.type !== YARN$1 &&
|
|
1366
1347
|
nodejsPlatformTypes.has(yargv.type) &&
|
|
1367
|
-
|
|
1348
|
+
require$$0.existsSync(`./${YARN_LOCK}`)
|
|
1368
1349
|
) {
|
|
1369
|
-
if (
|
|
1350
|
+
if (require$$0.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
|
|
1370
1351
|
yargv.type = NPM$g
|
|
1371
1352
|
} else {
|
|
1372
1353
|
// Use synp to create a package-lock.json from the yarn.lock,
|
|
@@ -1392,12 +1373,14 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1392
1373
|
])
|
|
1393
1374
|
if (cleanupPackageLock) {
|
|
1394
1375
|
try {
|
|
1395
|
-
await
|
|
1376
|
+
await require$$0.promises.rm(`./${PACKAGE_LOCK_JSON}`)
|
|
1396
1377
|
} catch {}
|
|
1397
1378
|
}
|
|
1398
1379
|
const fullOutputPath = path$1.join(process$1.cwd(), yargv.output)
|
|
1399
|
-
if (
|
|
1400
|
-
logger.logger.log(
|
|
1380
|
+
if (require$$0.existsSync(fullOutputPath)) {
|
|
1381
|
+
logger.logger.log(
|
|
1382
|
+
vendor.yoctocolorsCjsExports.cyanBright(`${yargv.output} created!`)
|
|
1383
|
+
)
|
|
1401
1384
|
}
|
|
1402
1385
|
}
|
|
1403
1386
|
function argvToArray(argv) {
|
|
@@ -1600,7 +1583,7 @@ async function run$I(argv, importMeta, { parentName }) {
|
|
|
1600
1583
|
|
|
1601
1584
|
// TODO: Convert to meow.
|
|
1602
1585
|
const yargv = {
|
|
1603
|
-
...
|
|
1586
|
+
...vendor.yargsParser(argv, yargsConfig)
|
|
1604
1587
|
}
|
|
1605
1588
|
const unknown = yargv._
|
|
1606
1589
|
const { length: unknownLength } = unknown
|
|
@@ -2335,7 +2318,9 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2335
2318
|
logger.logger.log('')
|
|
2336
2319
|
return
|
|
2337
2320
|
}
|
|
2338
|
-
const link =
|
|
2321
|
+
const link = vendor.yoctocolorsCjsExports.underline(
|
|
2322
|
+
vendor.yoctocolorsCjsExports.cyan(`${data.html_report_url}`)
|
|
2323
|
+
)
|
|
2339
2324
|
logger.logger.log(`Available at: ${link}`)
|
|
2340
2325
|
if (
|
|
2341
2326
|
await prompts.confirm({
|
|
@@ -2343,7 +2328,7 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2343
2328
|
default: false
|
|
2344
2329
|
})
|
|
2345
2330
|
) {
|
|
2346
|
-
await open(`${data.html_report_url}`)
|
|
2331
|
+
await vendor.open(`${data.html_report_url}`)
|
|
2347
2332
|
}
|
|
2348
2333
|
}
|
|
2349
2334
|
|
|
@@ -3330,35 +3315,35 @@ async function outputDependencies(data, { limit, offset, outputKind }) {
|
|
|
3330
3315
|
columns: [
|
|
3331
3316
|
{
|
|
3332
3317
|
field: 'namespace',
|
|
3333
|
-
name:
|
|
3318
|
+
name: vendor.yoctocolorsCjsExports.cyan('Namespace')
|
|
3334
3319
|
},
|
|
3335
3320
|
{
|
|
3336
3321
|
field: 'name',
|
|
3337
|
-
name:
|
|
3322
|
+
name: vendor.yoctocolorsCjsExports.cyan('Name')
|
|
3338
3323
|
},
|
|
3339
3324
|
{
|
|
3340
3325
|
field: 'version',
|
|
3341
|
-
name:
|
|
3326
|
+
name: vendor.yoctocolorsCjsExports.cyan('Version')
|
|
3342
3327
|
},
|
|
3343
3328
|
{
|
|
3344
3329
|
field: 'repository',
|
|
3345
|
-
name:
|
|
3330
|
+
name: vendor.yoctocolorsCjsExports.cyan('Repository')
|
|
3346
3331
|
},
|
|
3347
3332
|
{
|
|
3348
3333
|
field: 'branch',
|
|
3349
|
-
name:
|
|
3334
|
+
name: vendor.yoctocolorsCjsExports.cyan('Branch')
|
|
3350
3335
|
},
|
|
3351
3336
|
{
|
|
3352
3337
|
field: 'type',
|
|
3353
|
-
name:
|
|
3338
|
+
name: vendor.yoctocolorsCjsExports.cyan('Type')
|
|
3354
3339
|
},
|
|
3355
3340
|
{
|
|
3356
3341
|
field: 'direct',
|
|
3357
|
-
name:
|
|
3342
|
+
name: vendor.yoctocolorsCjsExports.cyan('Direct')
|
|
3358
3343
|
}
|
|
3359
3344
|
]
|
|
3360
3345
|
}
|
|
3361
|
-
logger.logger.log(
|
|
3346
|
+
logger.logger.log(vendor.srcExports(options, data.rows))
|
|
3362
3347
|
}
|
|
3363
3348
|
|
|
3364
3349
|
async function handleDependencies({ limit, offset, outputKind }) {
|
|
@@ -3485,7 +3470,7 @@ async function fetchDiffScan({ after, before, orgSlug }) {
|
|
|
3485
3470
|
async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
3486
3471
|
const dashboardUrl = result.diff_report_url
|
|
3487
3472
|
const dashboardMessage = dashboardUrl
|
|
3488
|
-
? `\n View this diff scan in the Socket dashboard: ${
|
|
3473
|
+
? `\n View this diff scan in the Socket dashboard: ${vendor.yoctocolorsCjsExports.cyan(dashboardUrl)}`
|
|
3489
3474
|
: ''
|
|
3490
3475
|
|
|
3491
3476
|
// When forcing json, or dumping to file, serialize to string such that it
|
|
@@ -3504,7 +3489,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3504
3489
|
}
|
|
3505
3490
|
if (file && file !== '-') {
|
|
3506
3491
|
logger.logger.log(`Writing json to \`${file}\``)
|
|
3507
|
-
|
|
3492
|
+
require$$0.writeFile(file, JSON.stringify(result, null, 2), err => {
|
|
3508
3493
|
if (err) {
|
|
3509
3494
|
logger.logger.fail(`Writing to \`${file}\` failed...`)
|
|
3510
3495
|
logger.logger.error(err)
|
|
@@ -3527,7 +3512,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3527
3512
|
|
|
3528
3513
|
logger.logger.log('Diff scan result:')
|
|
3529
3514
|
logger.logger.log(
|
|
3530
|
-
|
|
3515
|
+
require$$0$1.inspect(result, {
|
|
3531
3516
|
showHidden: false,
|
|
3532
3517
|
depth: depth > 0 ? depth : null,
|
|
3533
3518
|
colors: true,
|
|
@@ -3749,7 +3734,7 @@ const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
|
3749
3734
|
let _octokit
|
|
3750
3735
|
function getOctokit() {
|
|
3751
3736
|
if (_octokit === undefined) {
|
|
3752
|
-
_octokit = new
|
|
3737
|
+
_octokit = new vendor.Octokit({
|
|
3753
3738
|
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
3754
3739
|
auth: constants.ENV[SOCKET_SECURITY_GITHUB_PAT]
|
|
3755
3740
|
})
|
|
@@ -4061,7 +4046,7 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
|
4061
4046
|
...options.include
|
|
4062
4047
|
}
|
|
4063
4048
|
const { spinner } = options
|
|
4064
|
-
const depTypes =
|
|
4049
|
+
const depTypes = vendor.libExports$2.detectDepTypes(lockfile)
|
|
4065
4050
|
const pkgIds = Object.keys(depTypes)
|
|
4066
4051
|
let { length: remaining } = pkgIds
|
|
4067
4052
|
const alertsByPkgId = new Map()
|
|
@@ -4263,7 +4248,7 @@ async function pnpmFix(
|
|
|
4263
4248
|
pkgEnvDetails,
|
|
4264
4249
|
{ autoMerge, cwd, rangeStyle, spinner, test, testScript }
|
|
4265
4250
|
) {
|
|
4266
|
-
const lockfile = await
|
|
4251
|
+
const lockfile = await vendor.libExports$3.readWantedLockfile(cwd, {
|
|
4267
4252
|
ignoreIncompatible: false
|
|
4268
4253
|
})
|
|
4269
4254
|
if (!lockfile) {
|
|
@@ -4512,7 +4497,7 @@ const binByAgent = new Map([
|
|
|
4512
4497
|
async function getAgentExecPath(agent) {
|
|
4513
4498
|
const binName = binByAgent.get(agent)
|
|
4514
4499
|
return (
|
|
4515
|
-
(await
|
|
4500
|
+
(await vendor.libExports$1(binName, {
|
|
4516
4501
|
nothrow: true
|
|
4517
4502
|
})) ?? binName
|
|
4518
4503
|
)
|
|
@@ -4524,7 +4509,7 @@ async function getAgentVersion(agentExecPath, cwd) {
|
|
|
4524
4509
|
// Coerce version output into a valid semver version by passing it through
|
|
4525
4510
|
// semver.coerce which strips leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
4526
4511
|
// and tildes (~).
|
|
4527
|
-
|
|
4512
|
+
vendor.semverExports.coerce(
|
|
4528
4513
|
// All package managers support the "--version" flag.
|
|
4529
4514
|
(
|
|
4530
4515
|
await spawn.spawn(agentExecPath, ['--version'], {
|
|
@@ -4618,7 +4603,7 @@ async function detectPackageEnvironment({
|
|
|
4618
4603
|
cwd
|
|
4619
4604
|
})
|
|
4620
4605
|
const pkgPath =
|
|
4621
|
-
pkgJsonPath &&
|
|
4606
|
+
pkgJsonPath && require$$0.existsSync(pkgJsonPath)
|
|
4622
4607
|
? path$1.dirname(pkgJsonPath)
|
|
4623
4608
|
: undefined
|
|
4624
4609
|
const editablePkgJson = pkgPath
|
|
@@ -4672,7 +4657,7 @@ async function detectPackageEnvironment({
|
|
|
4672
4657
|
// Lazily access constants.minimumVersionByAgent.
|
|
4673
4658
|
const minSupportedAgentVersion = constants.minimumVersionByAgent.get(agent)
|
|
4674
4659
|
const minSupportedNodeVersion = maintainedNodeVersions.last
|
|
4675
|
-
const nodeVersion =
|
|
4660
|
+
const nodeVersion = vendor.semverExports.coerce(process$1.version)
|
|
4676
4661
|
let lockSrc
|
|
4677
4662
|
let pkgAgentRange
|
|
4678
4663
|
let pkgNodeRange
|
|
@@ -4686,8 +4671,8 @@ async function detectPackageEnvironment({
|
|
|
4686
4671
|
pkgAgentRange = engineAgentRange
|
|
4687
4672
|
// Roughly check agent range as semver.coerce will strip leading
|
|
4688
4673
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4689
|
-
const coerced =
|
|
4690
|
-
if (coerced &&
|
|
4674
|
+
const coerced = vendor.semverExports.coerce(pkgAgentRange)
|
|
4675
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinAgentVersion)) {
|
|
4691
4676
|
pkgMinAgentVersion = coerced.version
|
|
4692
4677
|
}
|
|
4693
4678
|
}
|
|
@@ -4695,22 +4680,23 @@ async function detectPackageEnvironment({
|
|
|
4695
4680
|
pkgNodeRange = engineNodeRange
|
|
4696
4681
|
// Roughly check Node range as semver.coerce will strip leading
|
|
4697
4682
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4698
|
-
const coerced =
|
|
4699
|
-
if (coerced &&
|
|
4683
|
+
const coerced = vendor.semverExports.coerce(pkgNodeRange)
|
|
4684
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4700
4685
|
pkgMinNodeVersion = coerced.version
|
|
4701
4686
|
}
|
|
4702
4687
|
}
|
|
4703
4688
|
const browserslistQuery = pkgJson['browserslist']
|
|
4704
4689
|
if (Array.isArray(browserslistQuery)) {
|
|
4705
4690
|
// List Node targets in ascending version order.
|
|
4706
|
-
const browserslistNodeTargets =
|
|
4691
|
+
const browserslistNodeTargets = vendor
|
|
4692
|
+
.browserslistExports(browserslistQuery)
|
|
4707
4693
|
.filter(v => /^node /i.test(v))
|
|
4708
4694
|
.map(v => v.slice(5 /*'node '.length*/))
|
|
4709
4695
|
.sort(sorts.naturalCompare)
|
|
4710
4696
|
if (browserslistNodeTargets.length) {
|
|
4711
4697
|
// browserslistNodeTargets[0] is the lowest Node target version.
|
|
4712
|
-
const coerced =
|
|
4713
|
-
if (coerced &&
|
|
4698
|
+
const coerced = vendor.semverExports.coerce(browserslistNodeTargets[0])
|
|
4699
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4714
4700
|
pkgMinNodeVersion = coerced.version
|
|
4715
4701
|
}
|
|
4716
4702
|
}
|
|
@@ -4726,17 +4712,20 @@ async function detectPackageEnvironment({
|
|
|
4726
4712
|
// Does the system agent version meet our minimum supported agent version?
|
|
4727
4713
|
const agentSupported =
|
|
4728
4714
|
!!agentVersion &&
|
|
4729
|
-
|
|
4715
|
+
vendor.semverExports.satisfies(
|
|
4716
|
+
agentVersion,
|
|
4717
|
+
`>=${minSupportedAgentVersion}`
|
|
4718
|
+
)
|
|
4730
4719
|
|
|
4731
4720
|
// Does the system Node version meet our minimum supported Node version?
|
|
4732
|
-
const nodeSupported =
|
|
4721
|
+
const nodeSupported = vendor.semverExports.satisfies(
|
|
4733
4722
|
nodeVersion,
|
|
4734
4723
|
`>=${minSupportedNodeVersion}`
|
|
4735
4724
|
)
|
|
4736
4725
|
const npmBuggyOverrides =
|
|
4737
4726
|
agent === NPM$b &&
|
|
4738
4727
|
!!agentVersion &&
|
|
4739
|
-
|
|
4728
|
+
vendor.semverExports.lt(agentVersion, NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1)
|
|
4740
4729
|
return {
|
|
4741
4730
|
agent,
|
|
4742
4731
|
agentExecPath,
|
|
@@ -4759,13 +4748,13 @@ async function detectPackageEnvironment({
|
|
|
4759
4748
|
},
|
|
4760
4749
|
pkgSupports: {
|
|
4761
4750
|
// Does our minimum supported agent version meet the package's requirements?
|
|
4762
|
-
agent:
|
|
4751
|
+
agent: vendor.semverExports.satisfies(
|
|
4763
4752
|
minSupportedAgentVersion,
|
|
4764
4753
|
`>=${pkgMinAgentVersion}`
|
|
4765
4754
|
),
|
|
4766
4755
|
// Does our supported Node versions meet the package's requirements?
|
|
4767
4756
|
node: maintainedNodeVersions.some(v =>
|
|
4768
|
-
|
|
4757
|
+
vendor.semverExports.satisfies(v, `>=${pkgMinNodeVersion}`)
|
|
4769
4758
|
)
|
|
4770
4759
|
}
|
|
4771
4760
|
}
|
|
@@ -4913,12 +4902,12 @@ const config$z = {
|
|
|
4913
4902
|
autoMerge: {
|
|
4914
4903
|
type: 'boolean',
|
|
4915
4904
|
default: false,
|
|
4916
|
-
description: `Enable auto-merge for pull requests that Socket opens.\n See ${
|
|
4905
|
+
description: `Enable auto-merge for pull requests that Socket opens.\n See ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4917
4906
|
},
|
|
4918
4907
|
rangeStyle: {
|
|
4919
4908
|
type: 'string',
|
|
4920
4909
|
default: 'preserve',
|
|
4921
|
-
description:
|
|
4910
|
+
description: vendor.stripIndent`
|
|
4922
4911
|
Define how updated dependency versions should be written in package.json.
|
|
4923
4912
|
Available styles:
|
|
4924
4913
|
* caret - Use ^ range for compatible updates (e.g. ^1.2.3)
|
|
@@ -5027,11 +5016,11 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
|
|
|
5027
5016
|
const { NPM: NPM$9 } = registryConstants
|
|
5028
5017
|
function formatScore$1(score) {
|
|
5029
5018
|
if (score > 80) {
|
|
5030
|
-
return
|
|
5019
|
+
return vendor.yoctocolorsCjsExports.green(`${score}`)
|
|
5031
5020
|
} else if (score < 80 && score > 60) {
|
|
5032
|
-
return
|
|
5021
|
+
return vendor.yoctocolorsCjsExports.yellow(`${score}`)
|
|
5033
5022
|
}
|
|
5034
|
-
return
|
|
5023
|
+
return vendor.yoctocolorsCjsExports.red(`${score}`)
|
|
5035
5024
|
}
|
|
5036
5025
|
function outputPackageIssuesDetails(packageData, outputMarkdown) {
|
|
5037
5026
|
const issueDetails = packageData.filter(
|
|
@@ -5079,7 +5068,7 @@ function outputPackageInfo(
|
|
|
5079
5068
|
return
|
|
5080
5069
|
}
|
|
5081
5070
|
if (outputKind === 'markdown') {
|
|
5082
|
-
logger.logger.log(
|
|
5071
|
+
logger.logger.log(vendor.stripIndents`
|
|
5083
5072
|
# Package report for ${pkgName}
|
|
5084
5073
|
|
|
5085
5074
|
Package report card:
|
|
@@ -5136,8 +5125,8 @@ function outputPackageInfo(
|
|
|
5136
5125
|
}
|
|
5137
5126
|
if (outputKind !== 'markdown') {
|
|
5138
5127
|
logger.logger.log(
|
|
5139
|
-
|
|
5140
|
-
`\nOr rerun ${
|
|
5128
|
+
vendor.yoctocolorsCjsExports.dim(
|
|
5129
|
+
`\nOr rerun ${vendor.yoctocolorsCjsExports.italic(commandName)} using the ${vendor.yoctocolorsCjsExports.italic('--json')} flag to get full JSON output`
|
|
5141
5130
|
)
|
|
5142
5131
|
)
|
|
5143
5132
|
} else {
|
|
@@ -5268,7 +5257,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
|
|
|
5268
5257
|
apiProxy ??= shadowNpmInject.getConfigValue('apiProxy') ?? undefined
|
|
5269
5258
|
const apiToken =
|
|
5270
5259
|
(await prompts.password({
|
|
5271
|
-
message: `Enter your ${
|
|
5260
|
+
message: `Enter your ${vendor.terminalLinkExports('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
|
|
5272
5261
|
})) || SOCKET_PUBLIC_API_TOKEN
|
|
5273
5262
|
// Lazily access constants.spinner.
|
|
5274
5263
|
const { spinner } = constants
|
|
@@ -6014,7 +6003,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6014
6003
|
subArgs.push('--verbose')
|
|
6015
6004
|
}
|
|
6016
6005
|
const dir = cwd
|
|
6017
|
-
if (
|
|
6006
|
+
if (require$$0.existsSync(path$1.join(dir, 'build.sbt'))) {
|
|
6018
6007
|
logger.logger.log(
|
|
6019
6008
|
'Detected a Scala sbt build, running default Scala generator...'
|
|
6020
6009
|
)
|
|
@@ -6031,7 +6020,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6031
6020
|
})
|
|
6032
6021
|
return
|
|
6033
6022
|
}
|
|
6034
|
-
if (
|
|
6023
|
+
if (require$$0.existsSync(path$1.join(dir, 'gradlew'))) {
|
|
6035
6024
|
logger.logger.log(
|
|
6036
6025
|
'Detected a gradle build, running default gradle generator...'
|
|
6037
6026
|
)
|
|
@@ -6054,8 +6043,9 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6054
6043
|
}
|
|
6055
6044
|
|
|
6056
6045
|
// Show new help screen and exit.
|
|
6057
|
-
|
|
6058
|
-
|
|
6046
|
+
vendor
|
|
6047
|
+
.meow(
|
|
6048
|
+
`
|
|
6059
6049
|
$ ${parentName} ${config$t.commandName}
|
|
6060
6050
|
|
|
6061
6051
|
Unfortunately this script did not discover a supported language in the
|
|
@@ -6068,12 +6058,13 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6068
6058
|
If that doesn't work, see \`${parentName} <lang> --help\` for config details for
|
|
6069
6059
|
your target language.
|
|
6070
6060
|
`,
|
|
6071
|
-
|
|
6072
|
-
|
|
6073
|
-
|
|
6074
|
-
|
|
6075
|
-
|
|
6076
|
-
|
|
6061
|
+
{
|
|
6062
|
+
argv: [],
|
|
6063
|
+
description: config$t.description,
|
|
6064
|
+
importMeta
|
|
6065
|
+
}
|
|
6066
|
+
)
|
|
6067
|
+
.showHelp()
|
|
6077
6068
|
}
|
|
6078
6069
|
|
|
6079
6070
|
const { DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$p } = constants
|
|
@@ -6543,7 +6534,7 @@ async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
|
|
|
6543
6534
|
const yml = await shadowNpmInject.safeReadFile(workspacePath)
|
|
6544
6535
|
if (yml) {
|
|
6545
6536
|
try {
|
|
6546
|
-
workspacePatterns =
|
|
6537
|
+
workspacePatterns = vendor.distExports$1.parse(yml)?.packages
|
|
6547
6538
|
} catch {}
|
|
6548
6539
|
if (workspacePatterns) {
|
|
6549
6540
|
break
|
|
@@ -7013,10 +7004,10 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7013
7004
|
const depAliasMap = new Map()
|
|
7014
7005
|
const depEntries = getDependencyEntries(editablePkgJson)
|
|
7015
7006
|
const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
|
|
7016
|
-
|
|
7007
|
+
vendor.semverExports.satisfies(
|
|
7017
7008
|
// Roughly check Node range as semver.coerce will strip leading
|
|
7018
7009
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
7019
|
-
|
|
7010
|
+
vendor.semverExports.coerce(data.engines.node),
|
|
7020
7011
|
pkgEnvDetails.pkgRequirements.node
|
|
7021
7012
|
)
|
|
7022
7013
|
)
|
|
@@ -7024,7 +7015,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7024
7015
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7025
7016
|
await promises.pEach(manifestEntries, 3, async ({ 1: data }) => {
|
|
7026
7017
|
const { name: sockRegPkgName, package: origPkgName, version } = data
|
|
7027
|
-
const major =
|
|
7018
|
+
const major = vendor.semverExports.major(version)
|
|
7028
7019
|
const sockOverridePrefix = `${NPM$1}:${sockRegPkgName}@`
|
|
7029
7020
|
const sockOverrideSpec = `${sockOverridePrefix}${pin ? version : `^${major}`}`
|
|
7030
7021
|
for (const { 1: depObj } of depEntries) {
|
|
@@ -7048,7 +7039,8 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7048
7039
|
thisSpec.startsWith(sockOverridePrefix) &&
|
|
7049
7040
|
// Check the validity of the spec by passing it through npa and
|
|
7050
7041
|
// seeing if it will coerce to a version.
|
|
7051
|
-
|
|
7042
|
+
vendor.semverExports.coerce(vendor.npaExports(thisSpec).rawSpec)
|
|
7043
|
+
?.version
|
|
7052
7044
|
)
|
|
7053
7045
|
) {
|
|
7054
7046
|
thisSpec = sockOverrideSpec
|
|
@@ -7105,20 +7097,22 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7105
7097
|
if (thisSpec.startsWith(sockOverridePrefix)) {
|
|
7106
7098
|
if (
|
|
7107
7099
|
pin &&
|
|
7108
|
-
|
|
7100
|
+
vendor.semverExports.major(
|
|
7109
7101
|
// Check the validity of the spec by passing it through npa
|
|
7110
7102
|
// and seeing if it will coerce to a version. semver.coerce
|
|
7111
7103
|
// will strip leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
7112
7104
|
// and tildes (~). If not coerced to a valid version then
|
|
7113
7105
|
// default to the manifest entry version.
|
|
7114
|
-
|
|
7106
|
+
vendor.semverExports.coerce(
|
|
7107
|
+
vendor.npaExports(thisSpec).rawSpec
|
|
7108
|
+
)?.version ?? version
|
|
7115
7109
|
) !== major
|
|
7116
7110
|
) {
|
|
7117
7111
|
const otherVersion = (
|
|
7118
7112
|
await packages.fetchPackageManifest(thisSpec)
|
|
7119
7113
|
)?.version
|
|
7120
7114
|
if (otherVersion && otherVersion !== version) {
|
|
7121
|
-
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${
|
|
7115
|
+
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${vendor.semverExports.major(otherVersion)}`}`
|
|
7122
7116
|
}
|
|
7123
7117
|
}
|
|
7124
7118
|
} else {
|
|
@@ -7136,11 +7130,14 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7136
7130
|
}
|
|
7137
7131
|
})
|
|
7138
7132
|
if (workspaceGlobs) {
|
|
7139
|
-
const workspacePkgJsonPaths = await
|
|
7140
|
-
|
|
7141
|
-
|
|
7142
|
-
|
|
7143
|
-
|
|
7133
|
+
const workspacePkgJsonPaths = await vendor.distExports.glob(
|
|
7134
|
+
workspaceGlobs,
|
|
7135
|
+
{
|
|
7136
|
+
absolute: true,
|
|
7137
|
+
cwd: pkgPath,
|
|
7138
|
+
ignore: ['**/node_modules/**', '**/bower_components/**']
|
|
7139
|
+
}
|
|
7140
|
+
)
|
|
7144
7141
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7145
7142
|
await promises.pEach(
|
|
7146
7143
|
workspacePkgJsonPaths,
|
|
@@ -7377,7 +7374,7 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7377
7374
|
}
|
|
7378
7375
|
logger.logger.log('# Organizations\n')
|
|
7379
7376
|
logger.logger.log(
|
|
7380
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7377
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7381
7378
|
)
|
|
7382
7379
|
logger.logger.log(
|
|
7383
7380
|
`| Name${' '.repeat(mw1 - 4)} | ID${' '.repeat(mw2 - 2)} | Plan${' '.repeat(mw3 - 4)} |`
|
|
@@ -7397,12 +7394,12 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7397
7394
|
}
|
|
7398
7395
|
default: {
|
|
7399
7396
|
logger.logger.log(
|
|
7400
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7397
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7401
7398
|
)
|
|
7402
7399
|
// Just dump
|
|
7403
7400
|
for (const o of organizations) {
|
|
7404
7401
|
logger.logger.log(
|
|
7405
|
-
`- Name: ${
|
|
7402
|
+
`- Name: ${vendor.yoctocolorsCjsExports.bold(o.name ?? 'undefined')}, ID: ${vendor.yoctocolorsCjsExports.bold(o.id)}, Plan: ${vendor.yoctocolorsCjsExports.bold(o.plan)}`
|
|
7406
7403
|
)
|
|
7407
7404
|
}
|
|
7408
7405
|
}
|
|
@@ -8391,7 +8388,7 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8391
8388
|
return true // not found
|
|
8392
8389
|
})
|
|
8393
8390
|
if (outputKind === 'markdown') {
|
|
8394
|
-
logger.logger.log(
|
|
8391
|
+
logger.logger.log(vendor.stripIndents`
|
|
8395
8392
|
# Shallow Package Report
|
|
8396
8393
|
|
|
8397
8394
|
This report contains the response for requesting data on some package url(s).
|
|
@@ -8405,14 +8402,16 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8405
8402
|
`)
|
|
8406
8403
|
return
|
|
8407
8404
|
}
|
|
8408
|
-
logger.logger.log(
|
|
8405
|
+
logger.logger.log(
|
|
8406
|
+
'\n' + vendor.yoctocolorsCjsExports.bold('Shallow Package Score') + '\n'
|
|
8407
|
+
)
|
|
8409
8408
|
logger.logger.log(
|
|
8410
8409
|
'Please note: The listed scores are ONLY for the package itself. It does NOT\n' +
|
|
8411
8410
|
' reflect the scores of any dependencies, transitive or otherwise.'
|
|
8412
8411
|
)
|
|
8413
8412
|
if (missing.length) {
|
|
8414
8413
|
logger.logger.log(
|
|
8415
|
-
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' +
|
|
8414
|
+
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' + vendor.yoctocolorsCjsExports.bold(purl)).join('')}`
|
|
8416
8415
|
)
|
|
8417
8416
|
}
|
|
8418
8417
|
packageData.forEach(data => {
|
|
@@ -8432,7 +8431,7 @@ function formatReportCard(data, color) {
|
|
|
8432
8431
|
const alertString = getAlertString(data.alerts, !color)
|
|
8433
8432
|
const purl = 'pkg:' + data.type + '/' + data.name + '@' + data.version
|
|
8434
8433
|
return [
|
|
8435
|
-
'Package: ' + (color ?
|
|
8434
|
+
'Package: ' + (color ? vendor.yoctocolorsCjsExports.bold(purl) : purl),
|
|
8436
8435
|
'',
|
|
8437
8436
|
...Object.entries(scoreResult).map(
|
|
8438
8437
|
score =>
|
|
@@ -8448,16 +8447,18 @@ function formatScore(score, noColor = false, pad = false) {
|
|
|
8448
8447
|
return padded
|
|
8449
8448
|
}
|
|
8450
8449
|
if (score >= 80) {
|
|
8451
|
-
return
|
|
8450
|
+
return vendor.yoctocolorsCjsExports.green(padded)
|
|
8452
8451
|
}
|
|
8453
8452
|
if (score >= 60) {
|
|
8454
|
-
return
|
|
8453
|
+
return vendor.yoctocolorsCjsExports.yellow(padded)
|
|
8455
8454
|
}
|
|
8456
|
-
return
|
|
8455
|
+
return vendor.yoctocolorsCjsExports.red(padded)
|
|
8457
8456
|
}
|
|
8458
8457
|
function getAlertString(alerts, noColor = false) {
|
|
8459
8458
|
if (!alerts?.length) {
|
|
8460
|
-
return noColor
|
|
8459
|
+
return noColor
|
|
8460
|
+
? `- Alerts: none!`
|
|
8461
|
+
: `- Alerts: ${vendor.yoctocolorsCjsExports.green('none')}!`
|
|
8461
8462
|
}
|
|
8462
8463
|
const bad = alerts
|
|
8463
8464
|
.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle')
|
|
@@ -8487,22 +8488,32 @@ function getAlertString(alerts, noColor = false) {
|
|
|
8487
8488
|
)
|
|
8488
8489
|
}
|
|
8489
8490
|
return (
|
|
8490
|
-
`- Alerts (${
|
|
8491
|
+
`- Alerts (${vendor.yoctocolorsCjsExports.red(bad.length.toString())}/${vendor.yoctocolorsCjsExports.yellow(mid.length.toString())}/${low.length}):` +
|
|
8491
8492
|
' '.repeat(Math.max(0, 20 - colorless.length)) +
|
|
8492
8493
|
' ' +
|
|
8493
8494
|
[
|
|
8494
8495
|
bad
|
|
8495
8496
|
.map(alert =>
|
|
8496
|
-
|
|
8497
|
+
vendor.yoctocolorsCjsExports.red(
|
|
8498
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8499
|
+
alert.type
|
|
8500
|
+
)
|
|
8497
8501
|
)
|
|
8498
8502
|
.join(', '),
|
|
8499
8503
|
mid
|
|
8500
8504
|
.map(alert =>
|
|
8501
|
-
|
|
8505
|
+
vendor.yoctocolorsCjsExports.yellow(
|
|
8506
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8507
|
+
alert.type
|
|
8508
|
+
)
|
|
8502
8509
|
)
|
|
8503
8510
|
.join(', '),
|
|
8504
8511
|
low
|
|
8505
|
-
.map(
|
|
8512
|
+
.map(
|
|
8513
|
+
alert =>
|
|
8514
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8515
|
+
alert.type
|
|
8516
|
+
)
|
|
8506
8517
|
.join(', ')
|
|
8507
8518
|
]
|
|
8508
8519
|
.filter(Boolean)
|
|
@@ -9120,27 +9131,27 @@ async function outputListRepos(data, outputKind) {
|
|
|
9120
9131
|
columns: [
|
|
9121
9132
|
{
|
|
9122
9133
|
field: 'id',
|
|
9123
|
-
name:
|
|
9134
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9124
9135
|
},
|
|
9125
9136
|
{
|
|
9126
9137
|
field: 'name',
|
|
9127
|
-
name:
|
|
9138
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9128
9139
|
},
|
|
9129
9140
|
{
|
|
9130
9141
|
field: 'visibility',
|
|
9131
|
-
name:
|
|
9142
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9132
9143
|
},
|
|
9133
9144
|
{
|
|
9134
9145
|
field: 'default_branch',
|
|
9135
|
-
name:
|
|
9146
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9136
9147
|
},
|
|
9137
9148
|
{
|
|
9138
9149
|
field: 'archived',
|
|
9139
|
-
name:
|
|
9150
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9140
9151
|
}
|
|
9141
9152
|
]
|
|
9142
9153
|
}
|
|
9143
|
-
logger.logger.log(
|
|
9154
|
+
logger.logger.log(vendor.srcExports(options, data.results))
|
|
9144
9155
|
}
|
|
9145
9156
|
|
|
9146
9157
|
async function handleListRepos({
|
|
@@ -9485,35 +9496,35 @@ async function outputViewRepo(data, outputKind) {
|
|
|
9485
9496
|
columns: [
|
|
9486
9497
|
{
|
|
9487
9498
|
field: 'id',
|
|
9488
|
-
name:
|
|
9499
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9489
9500
|
},
|
|
9490
9501
|
{
|
|
9491
9502
|
field: 'name',
|
|
9492
|
-
name:
|
|
9503
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9493
9504
|
},
|
|
9494
9505
|
{
|
|
9495
9506
|
field: 'visibility',
|
|
9496
|
-
name:
|
|
9507
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9497
9508
|
},
|
|
9498
9509
|
{
|
|
9499
9510
|
field: 'default_branch',
|
|
9500
|
-
name:
|
|
9511
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9501
9512
|
},
|
|
9502
9513
|
{
|
|
9503
9514
|
field: 'homepage',
|
|
9504
|
-
name:
|
|
9515
|
+
name: vendor.yoctocolorsCjsExports.magenta('Homepage')
|
|
9505
9516
|
},
|
|
9506
9517
|
{
|
|
9507
9518
|
field: 'archived',
|
|
9508
|
-
name:
|
|
9519
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9509
9520
|
},
|
|
9510
9521
|
{
|
|
9511
9522
|
field: 'created_at',
|
|
9512
|
-
name:
|
|
9523
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
9513
9524
|
}
|
|
9514
9525
|
]
|
|
9515
9526
|
}
|
|
9516
|
-
logger.logger.log(
|
|
9527
|
+
logger.logger.log(vendor.srcExports(options, [data]))
|
|
9517
9528
|
}
|
|
9518
9529
|
|
|
9519
9530
|
async function handleViewRepo(orgSlug, repoName, outputKind) {
|
|
@@ -10118,26 +10129,28 @@ async function outputListScans(data, outputKind) {
|
|
|
10118
10129
|
columns: [
|
|
10119
10130
|
{
|
|
10120
10131
|
field: 'id',
|
|
10121
|
-
name:
|
|
10132
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
10122
10133
|
},
|
|
10123
10134
|
{
|
|
10124
10135
|
field: 'report_url',
|
|
10125
|
-
name:
|
|
10136
|
+
name: vendor.yoctocolorsCjsExports.magenta('Scan URL')
|
|
10126
10137
|
},
|
|
10127
10138
|
{
|
|
10128
10139
|
field: 'branch',
|
|
10129
|
-
name:
|
|
10140
|
+
name: vendor.yoctocolorsCjsExports.magenta('Branch')
|
|
10130
10141
|
},
|
|
10131
10142
|
{
|
|
10132
10143
|
field: 'created_at',
|
|
10133
|
-
name:
|
|
10144
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
10134
10145
|
}
|
|
10135
10146
|
]
|
|
10136
10147
|
}
|
|
10137
10148
|
const formattedResults = data.results.map(d => {
|
|
10138
10149
|
return {
|
|
10139
10150
|
id: d.id,
|
|
10140
|
-
report_url:
|
|
10151
|
+
report_url: vendor.yoctocolorsCjsExports.underline(
|
|
10152
|
+
`${d.html_report_url}`
|
|
10153
|
+
),
|
|
10141
10154
|
created_at: d.created_at
|
|
10142
10155
|
? new Date(d.created_at).toLocaleDateString('en-us', {
|
|
10143
10156
|
year: 'numeric',
|
|
@@ -10148,7 +10161,7 @@ async function outputListScans(data, outputKind) {
|
|
|
10148
10161
|
branch: d.branch
|
|
10149
10162
|
}
|
|
10150
10163
|
})
|
|
10151
|
-
logger.logger.log(
|
|
10164
|
+
logger.logger.log(vendor.srcExports(options, formattedResults))
|
|
10152
10165
|
}
|
|
10153
10166
|
|
|
10154
10167
|
async function handleListScans({
|
|
@@ -11149,7 +11162,7 @@ async function run$1(argv, importMeta, { parentName }) {
|
|
|
11149
11162
|
}
|
|
11150
11163
|
|
|
11151
11164
|
function addSocketWrapper(file) {
|
|
11152
|
-
return
|
|
11165
|
+
return require$$0.appendFile(
|
|
11153
11166
|
file,
|
|
11154
11167
|
'alias npm="socket npm"\nalias npx="socket npx"\n',
|
|
11155
11168
|
err => {
|
|
@@ -11158,7 +11171,7 @@ function addSocketWrapper(file) {
|
|
|
11158
11171
|
}
|
|
11159
11172
|
// TODO: pretty sure you need to source the file or restart
|
|
11160
11173
|
// any terminal session before changes are reflected.
|
|
11161
|
-
logger.logger.log(
|
|
11174
|
+
logger.logger.log(vendor.stripIndents`
|
|
11162
11175
|
The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
|
|
11163
11176
|
If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
11164
11177
|
`)
|
|
@@ -11167,7 +11180,7 @@ If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
|
11167
11180
|
}
|
|
11168
11181
|
|
|
11169
11182
|
function checkSocketWrapperSetup(file) {
|
|
11170
|
-
const fileContent =
|
|
11183
|
+
const fileContent = require$$0.readFileSync(file, 'utf8')
|
|
11171
11184
|
const linesWithSocketAlias = fileContent
|
|
11172
11185
|
.split('\n')
|
|
11173
11186
|
.filter(
|
|
@@ -11186,10 +11199,11 @@ async function postinstallWrapper() {
|
|
|
11186
11199
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11187
11200
|
const { bashRcPath, zshRcPath } = constants
|
|
11188
11201
|
const socketWrapperEnabled =
|
|
11189
|
-
(
|
|
11190
|
-
|
|
11202
|
+
(require$$0.existsSync(bashRcPath) &&
|
|
11203
|
+
checkSocketWrapperSetup(bashRcPath)) ||
|
|
11204
|
+
(require$$0.existsSync(zshRcPath) && checkSocketWrapperSetup(zshRcPath))
|
|
11191
11205
|
if (!socketWrapperEnabled) {
|
|
11192
|
-
await installSafeNpm(
|
|
11206
|
+
await installSafeNpm(vendor.stripIndents`
|
|
11193
11207
|
The Socket CLI is now successfully installed! 🎉
|
|
11194
11208
|
|
|
11195
11209
|
To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.
|
|
@@ -11214,10 +11228,10 @@ async function installSafeNpm(query) {
|
|
|
11214
11228
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11215
11229
|
const { bashRcPath, zshRcPath } = constants
|
|
11216
11230
|
try {
|
|
11217
|
-
if (
|
|
11231
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11218
11232
|
addSocketWrapper(bashRcPath)
|
|
11219
11233
|
}
|
|
11220
|
-
if (
|
|
11234
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11221
11235
|
addSocketWrapper(zshRcPath)
|
|
11222
11236
|
}
|
|
11223
11237
|
} catch (e) {
|
|
@@ -11229,7 +11243,7 @@ async function installSafeNpm(query) {
|
|
|
11229
11243
|
}
|
|
11230
11244
|
|
|
11231
11245
|
function removeSocketWrapper(file) {
|
|
11232
|
-
return
|
|
11246
|
+
return require$$0.readFile(file, 'utf8', function (err, data) {
|
|
11233
11247
|
if (err) {
|
|
11234
11248
|
logger.logger.fail('There was an error removing the alias:')
|
|
11235
11249
|
logger.logger.error(err)
|
|
@@ -11241,7 +11255,7 @@ function removeSocketWrapper(file) {
|
|
|
11241
11255
|
l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"'
|
|
11242
11256
|
)
|
|
11243
11257
|
const updatedFileContent = linesWithoutSocketAlias.join('\n')
|
|
11244
|
-
|
|
11258
|
+
require$$0.writeFile(file, updatedFileContent, function (err) {
|
|
11245
11259
|
if (err) {
|
|
11246
11260
|
logger.logger.error(err)
|
|
11247
11261
|
return
|
|
@@ -11329,21 +11343,27 @@ async function run(argv, importMeta, { parentName }) {
|
|
|
11329
11343
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11330
11344
|
const { bashRcPath, zshRcPath } = constants
|
|
11331
11345
|
if (enable) {
|
|
11332
|
-
if (
|
|
11346
|
+
if (
|
|
11347
|
+
require$$0.existsSync(bashRcPath) &&
|
|
11348
|
+
!checkSocketWrapperSetup(bashRcPath)
|
|
11349
|
+
) {
|
|
11333
11350
|
addSocketWrapper(bashRcPath)
|
|
11334
11351
|
}
|
|
11335
|
-
if (
|
|
11352
|
+
if (
|
|
11353
|
+
require$$0.existsSync(zshRcPath) &&
|
|
11354
|
+
!checkSocketWrapperSetup(zshRcPath)
|
|
11355
|
+
) {
|
|
11336
11356
|
addSocketWrapper(zshRcPath)
|
|
11337
11357
|
}
|
|
11338
11358
|
} else {
|
|
11339
|
-
if (
|
|
11359
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11340
11360
|
removeSocketWrapper(bashRcPath)
|
|
11341
11361
|
}
|
|
11342
|
-
if (
|
|
11362
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11343
11363
|
removeSocketWrapper(zshRcPath)
|
|
11344
11364
|
}
|
|
11345
11365
|
}
|
|
11346
|
-
if (!
|
|
11366
|
+
if (!require$$0.existsSync(bashRcPath) && !require$$0.existsSync(zshRcPath)) {
|
|
11347
11367
|
logger.logger.fail(
|
|
11348
11368
|
'There was an issue setting up the alias in your bash profile'
|
|
11349
11369
|
)
|
|
@@ -11354,10 +11374,10 @@ const { SOCKET_CLI_BIN_NAME } = constants
|
|
|
11354
11374
|
|
|
11355
11375
|
// TODO: Add autocompletion using https://socket.dev/npm/package/omelette
|
|
11356
11376
|
void (async () => {
|
|
11357
|
-
await
|
|
11377
|
+
await vendor.updater({
|
|
11358
11378
|
name: SOCKET_CLI_BIN_NAME,
|
|
11359
11379
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11360
|
-
version: '0.14.
|
|
11380
|
+
version: '0.14.95',
|
|
11361
11381
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11362
11382
|
})
|
|
11363
11383
|
try {
|
|
@@ -11394,7 +11414,7 @@ void (async () => {
|
|
|
11394
11414
|
argv: process$1.argv.slice(2),
|
|
11395
11415
|
name: SOCKET_CLI_BIN_NAME,
|
|
11396
11416
|
importMeta: {
|
|
11397
|
-
url: `${
|
|
11417
|
+
url: `${require$$0$2.pathToFileURL(__filename)}`
|
|
11398
11418
|
}
|
|
11399
11419
|
}
|
|
11400
11420
|
)
|
|
@@ -11412,8 +11432,8 @@ void (async () => {
|
|
|
11412
11432
|
errorBody = e.body
|
|
11413
11433
|
} else if (e instanceof Error) {
|
|
11414
11434
|
errorTitle = 'Unexpected error'
|
|
11415
|
-
errorMessage =
|
|
11416
|
-
errorBody =
|
|
11435
|
+
errorMessage = vendor.messageWithCauses(e)
|
|
11436
|
+
errorBody = vendor.stackWithCauses(e)
|
|
11417
11437
|
} else {
|
|
11418
11438
|
errorTitle = 'Unexpected error with no details'
|
|
11419
11439
|
}
|
|
@@ -11425,5 +11445,5 @@ void (async () => {
|
|
|
11425
11445
|
await shadowNpmInject.captureException(e)
|
|
11426
11446
|
}
|
|
11427
11447
|
})()
|
|
11428
|
-
//# debugId=
|
|
11448
|
+
//# debugId=4e21884a-80c4-4f38-8597-4b9f4bfb5852
|
|
11429
11449
|
//# sourceMappingURL=cli.js.map
|