@socketsecurity/cli 0.14.94 → 0.14.96
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/module-sync/cli.js +178 -159
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-bin.js +3 -14
- package/dist/module-sync/shadow-bin.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +68 -59
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js +16 -29
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/module-sync/vendor.d.ts +0 -0
- package/dist/module-sync/vendor.js +85829 -12598
- package/dist/module-sync/vendor.js.map +1 -1
- package/dist/require/cli.js +160 -140
- package/dist/require/cli.js.map +1 -1
- package/dist/require/shadow-bin.d.ts +5 -0
- package/dist/require/shadow-bin.js +104 -1
- package/dist/require/shadow-bin.js.map +1 -0
- package/dist/require/shadow-npm-inject.d.ts +1 -0
- package/dist/require/shadow-npm-inject.js +2335 -1
- package/dist/require/shadow-npm-inject.js.map +1 -0
- package/dist/require/shadow-npm-paths.d.ts +29 -0
- package/dist/require/shadow-npm-paths.js +454 -1
- package/dist/require/shadow-npm-paths.js.map +1 -0
- package/package.json +29 -29
- package/dist/blessed/lib/alias.js +0 -521
- package/dist/blessed/lib/blessed.js +0 -34
- package/dist/blessed/lib/colors.js +0 -492
- package/dist/blessed/lib/events.js +0 -197
- package/dist/blessed/lib/gpmclient.js +0 -247
- package/dist/blessed/lib/helpers.js +0 -172
- package/dist/blessed/lib/keys.js +0 -514
- package/dist/blessed/lib/program.js +0 -4532
- package/dist/blessed/lib/tput.js +0 -3113
- package/dist/blessed/lib/unicode.js +0 -914
- package/dist/blessed/lib/widget.js +0 -62
- package/dist/blessed/lib/widgets/ansiimage.js +0 -175
- package/dist/blessed/lib/widgets/bigtext.js +0 -172
- package/dist/blessed/lib/widgets/box.js +0 -36
- package/dist/blessed/lib/widgets/button.js +0 -64
- package/dist/blessed/lib/widgets/checkbox.js +0 -97
- package/dist/blessed/lib/widgets/element.js +0 -2873
- package/dist/blessed/lib/widgets/filemanager.js +0 -225
- package/dist/blessed/lib/widgets/form.js +0 -303
- package/dist/blessed/lib/widgets/image.js +0 -73
- package/dist/blessed/lib/widgets/input.js +0 -36
- package/dist/blessed/lib/widgets/layout.js +0 -251
- package/dist/blessed/lib/widgets/line.js +0 -61
- package/dist/blessed/lib/widgets/list.js +0 -654
- package/dist/blessed/lib/widgets/listbar.js +0 -454
- package/dist/blessed/lib/widgets/listtable.js +0 -267
- package/dist/blessed/lib/widgets/loading.js +0 -90
- package/dist/blessed/lib/widgets/log.js +0 -84
- package/dist/blessed/lib/widgets/message.js +0 -147
- package/dist/blessed/lib/widgets/node.js +0 -315
- package/dist/blessed/lib/widgets/overlayimage.js +0 -796
- package/dist/blessed/lib/widgets/progressbar.js +0 -168
- package/dist/blessed/lib/widgets/prompt.js +0 -129
- package/dist/blessed/lib/widgets/question.js +0 -131
- package/dist/blessed/lib/widgets/radiobutton.js +0 -64
- package/dist/blessed/lib/widgets/radioset.js +0 -38
- package/dist/blessed/lib/widgets/screen.js +0 -2487
- package/dist/blessed/lib/widgets/scrollablebox.js +0 -417
- package/dist/blessed/lib/widgets/scrollabletext.js +0 -37
- package/dist/blessed/lib/widgets/table.js +0 -385
- package/dist/blessed/lib/widgets/terminal.js +0 -454
- package/dist/blessed/lib/widgets/text.js +0 -37
- package/dist/blessed/lib/widgets/textarea.js +0 -378
- package/dist/blessed/lib/widgets/textbox.js +0 -81
- package/dist/blessed/lib/widgets/video.js +0 -132
- package/dist/blessed/usr/fonts/AUTHORS +0 -1
- package/dist/blessed/usr/fonts/LICENSE +0 -94
- package/dist/blessed/usr/fonts/README +0 -340
- package/dist/blessed/usr/fonts/ter-u14b.json +0 -17826
- package/dist/blessed/usr/fonts/ter-u14n.json +0 -17826
- package/dist/blessed/usr/linux +0 -0
- package/dist/blessed/usr/windows-ansi +0 -0
- package/dist/blessed/usr/xterm +0 -0
- package/dist/blessed/usr/xterm-256color +0 -0
- package/dist/blessed/usr/xterm.termcap +0 -243
- package/dist/blessed/usr/xterm.terminfo +0 -1977
- package/dist/blessed/vendor/tng.js +0 -1878
package/dist/module-sync/cli.js
CHANGED
|
@@ -12,57 +12,38 @@ function _socketInterop(e) {
|
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
const process$1 = require('node:process')
|
|
15
|
-
const
|
|
16
|
-
const
|
|
17
|
-
const updateNotifier = _socketInterop(require('tiny-updater'))
|
|
15
|
+
const require$$0$2 = require('node:url')
|
|
16
|
+
const vendor = require('./vendor.js')
|
|
18
17
|
const debug = require('@socketsecurity/registry/lib/debug')
|
|
19
18
|
const logger = require('@socketsecurity/registry/lib/logger')
|
|
20
19
|
const assert = require('node:assert')
|
|
21
20
|
const fs = require('node:fs/promises')
|
|
22
|
-
const commonTags = _socketInterop(require('common-tags'))
|
|
23
21
|
const strings = require('@socketsecurity/registry/lib/strings')
|
|
24
22
|
const shadowNpmInject = require('./shadow-npm-inject.js')
|
|
25
23
|
const constants = require('./constants.js')
|
|
26
|
-
const colors = _socketInterop(require('yoctocolors-cjs'))
|
|
27
24
|
const path$1 = require('node:path')
|
|
28
|
-
const meow = _socketInterop(require('meow'))
|
|
29
25
|
const objects = require('@socketsecurity/registry/lib/objects')
|
|
30
26
|
const path = require('@socketsecurity/registry/lib/path')
|
|
31
27
|
const regexps = require('@socketsecurity/registry/lib/regexps')
|
|
32
|
-
const yargsParse = _socketInterop(require('yargs-parser'))
|
|
33
28
|
const words = require('@socketsecurity/registry/lib/words')
|
|
34
|
-
const
|
|
29
|
+
const require$$0 = require('node:fs')
|
|
35
30
|
const shadowBin = require('./shadow-bin.js')
|
|
36
|
-
const open = _socketInterop(require('open'))
|
|
37
31
|
const prompts = require('@socketsecurity/registry/lib/prompts')
|
|
38
32
|
const shadowNpmPaths = require('./shadow-npm-paths.js')
|
|
39
|
-
const
|
|
40
|
-
const util = require('node:util')
|
|
41
|
-
const terminalLink = _socketInterop(require('terminal-link'))
|
|
33
|
+
const require$$0$1 = require('node:util')
|
|
42
34
|
const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
43
35
|
const registry = require('@socketsecurity/registry')
|
|
44
36
|
const npm = require('@socketsecurity/registry/lib/npm')
|
|
45
37
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
46
38
|
const spawn = require('@socketsecurity/registry/lib/spawn')
|
|
47
|
-
const rest = _socketInterop(require('@octokit/rest'))
|
|
48
|
-
const lockfile_fs = _socketInterop(require('@pnpm/lockfile.fs'))
|
|
49
|
-
const lockfile_detectDepTypes = _socketInterop(
|
|
50
|
-
require('@pnpm/lockfile.detect-dep-types')
|
|
51
|
-
)
|
|
52
|
-
const browserslist = _socketInterop(require('browserslist'))
|
|
53
|
-
const semver = _socketInterop(require('semver'))
|
|
54
|
-
const which = _socketInterop(require('which'))
|
|
55
39
|
const index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs')
|
|
56
40
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
57
41
|
const registryConstants = require('@socketsecurity/registry/lib/constants')
|
|
58
42
|
const isInteractive = require('@socketregistry/is-interactive/index.cjs')
|
|
59
|
-
const npa = _socketInterop(require('npm-package-arg'))
|
|
60
|
-
const tinyglobby = _socketInterop(require('tinyglobby'))
|
|
61
43
|
const promises = require('@socketsecurity/registry/lib/promises')
|
|
62
|
-
const yaml = _socketInterop(require('yaml'))
|
|
63
44
|
|
|
64
45
|
function failMsgWithBadge(badge, msg) {
|
|
65
|
-
return `${
|
|
46
|
+
return `${vendor.yoctocolorsCjsExports.bgRed(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.white(` ${badge}: `)))} ${vendor.yoctocolorsCjsExports.bold(msg)}`
|
|
66
47
|
}
|
|
67
48
|
|
|
68
49
|
function handleUnsuccessfulApiResponse(_name, sockSdkError) {
|
|
@@ -365,7 +346,7 @@ function renderJson(data) {
|
|
|
365
346
|
}
|
|
366
347
|
}
|
|
367
348
|
function renderMarkdown(data, days, repoSlug) {
|
|
368
|
-
return
|
|
349
|
+
return vendor.stripIndents`
|
|
369
350
|
# Socket Alert Analytics
|
|
370
351
|
|
|
371
352
|
These are the Socket.dev stats are analytics for the ${repoSlug ? `${repoSlug} repo` : 'org'} of the past ${days} days
|
|
@@ -405,7 +386,7 @@ ${[
|
|
|
405
386
|
]
|
|
406
387
|
]
|
|
407
388
|
.map(
|
|
408
|
-
([title, table]) =>
|
|
389
|
+
([title, table]) => vendor.stripIndents`
|
|
409
390
|
## ${title}
|
|
410
391
|
|
|
411
392
|
${table}
|
|
@@ -684,7 +665,7 @@ function handleBadInput(...checks) {
|
|
|
684
665
|
// If the message has newlines then format the first line with the input
|
|
685
666
|
// expectation and teh rest indented below it
|
|
686
667
|
msg.push(
|
|
687
|
-
` - ${lines[0]} (${d.test ?
|
|
668
|
+
` - ${lines[0]} (${d.test ? vendor.yoctocolorsCjsExports.green(d.pass) : vendor.yoctocolorsCjsExports.red(d.fail)})`
|
|
688
669
|
)
|
|
689
670
|
if (lines.length > 1) {
|
|
690
671
|
msg.push(...lines.slice(1).map(str => ` ${str}`))
|
|
@@ -757,7 +738,7 @@ async function meowWithSubcommands(subcommands, options) {
|
|
|
757
738
|
...commonFlags,
|
|
758
739
|
...additionalOptions.flags
|
|
759
740
|
}
|
|
760
|
-
const cli = meow(
|
|
741
|
+
const cli = vendor.meow(
|
|
761
742
|
`
|
|
762
743
|
Usage
|
|
763
744
|
$ ${name} <command>
|
|
@@ -889,7 +870,7 @@ function meowOrExit({
|
|
|
889
870
|
const command = `${parentName} ${config.commandName}`
|
|
890
871
|
|
|
891
872
|
// This exits if .printHelp() is called either by meow itself or by us.
|
|
892
|
-
const cli = meow({
|
|
873
|
+
const cli = vendor.meow({
|
|
893
874
|
argv,
|
|
894
875
|
description: config.description,
|
|
895
876
|
help: config.help(command, config),
|
|
@@ -918,7 +899,7 @@ function emitBanner(name) {
|
|
|
918
899
|
logger.logger.error(getAsciiHeader(name))
|
|
919
900
|
}
|
|
920
901
|
function getAsciiHeader(command) {
|
|
921
|
-
const cliVersion = '0.14.
|
|
902
|
+
const cliVersion = '0.14.96:b940b80:a8cd3de0:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
922
903
|
const nodeVersion = process$1.version
|
|
923
904
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
924
905
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -1364,9 +1345,9 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1364
1345
|
if (
|
|
1365
1346
|
yargv.type !== YARN$1 &&
|
|
1366
1347
|
nodejsPlatformTypes.has(yargv.type) &&
|
|
1367
|
-
|
|
1348
|
+
require$$0.existsSync(`./${YARN_LOCK}`)
|
|
1368
1349
|
) {
|
|
1369
|
-
if (
|
|
1350
|
+
if (require$$0.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
|
|
1370
1351
|
yargv.type = NPM$g
|
|
1371
1352
|
} else {
|
|
1372
1353
|
// Use synp to create a package-lock.json from the yarn.lock,
|
|
@@ -1392,12 +1373,14 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1392
1373
|
])
|
|
1393
1374
|
if (cleanupPackageLock) {
|
|
1394
1375
|
try {
|
|
1395
|
-
await
|
|
1376
|
+
await require$$0.promises.rm(`./${PACKAGE_LOCK_JSON}`)
|
|
1396
1377
|
} catch {}
|
|
1397
1378
|
}
|
|
1398
1379
|
const fullOutputPath = path$1.join(process$1.cwd(), yargv.output)
|
|
1399
|
-
if (
|
|
1400
|
-
logger.logger.log(
|
|
1380
|
+
if (require$$0.existsSync(fullOutputPath)) {
|
|
1381
|
+
logger.logger.log(
|
|
1382
|
+
vendor.yoctocolorsCjsExports.cyanBright(`${yargv.output} created!`)
|
|
1383
|
+
)
|
|
1401
1384
|
}
|
|
1402
1385
|
}
|
|
1403
1386
|
function argvToArray(argv) {
|
|
@@ -1600,7 +1583,7 @@ async function run$I(argv, importMeta, { parentName }) {
|
|
|
1600
1583
|
|
|
1601
1584
|
// TODO: Convert to meow.
|
|
1602
1585
|
const yargv = {
|
|
1603
|
-
...
|
|
1586
|
+
...vendor.yargsParser(argv, yargsConfig)
|
|
1604
1587
|
}
|
|
1605
1588
|
const unknown = yargv._
|
|
1606
1589
|
const { length: unknownLength } = unknown
|
|
@@ -2335,7 +2318,9 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2335
2318
|
logger.logger.log('')
|
|
2336
2319
|
return
|
|
2337
2320
|
}
|
|
2338
|
-
const link =
|
|
2321
|
+
const link = vendor.yoctocolorsCjsExports.underline(
|
|
2322
|
+
vendor.yoctocolorsCjsExports.cyan(`${data.html_report_url}`)
|
|
2323
|
+
)
|
|
2339
2324
|
logger.logger.log(`Available at: ${link}`)
|
|
2340
2325
|
if (
|
|
2341
2326
|
await prompts.confirm({
|
|
@@ -2343,7 +2328,7 @@ async function outputCreateNewScan(data, outputKind) {
|
|
|
2343
2328
|
default: false
|
|
2344
2329
|
})
|
|
2345
2330
|
) {
|
|
2346
|
-
await open(`${data.html_report_url}`)
|
|
2331
|
+
await vendor.open(`${data.html_report_url}`)
|
|
2347
2332
|
}
|
|
2348
2333
|
}
|
|
2349
2334
|
|
|
@@ -3330,35 +3315,35 @@ async function outputDependencies(data, { limit, offset, outputKind }) {
|
|
|
3330
3315
|
columns: [
|
|
3331
3316
|
{
|
|
3332
3317
|
field: 'namespace',
|
|
3333
|
-
name:
|
|
3318
|
+
name: vendor.yoctocolorsCjsExports.cyan('Namespace')
|
|
3334
3319
|
},
|
|
3335
3320
|
{
|
|
3336
3321
|
field: 'name',
|
|
3337
|
-
name:
|
|
3322
|
+
name: vendor.yoctocolorsCjsExports.cyan('Name')
|
|
3338
3323
|
},
|
|
3339
3324
|
{
|
|
3340
3325
|
field: 'version',
|
|
3341
|
-
name:
|
|
3326
|
+
name: vendor.yoctocolorsCjsExports.cyan('Version')
|
|
3342
3327
|
},
|
|
3343
3328
|
{
|
|
3344
3329
|
field: 'repository',
|
|
3345
|
-
name:
|
|
3330
|
+
name: vendor.yoctocolorsCjsExports.cyan('Repository')
|
|
3346
3331
|
},
|
|
3347
3332
|
{
|
|
3348
3333
|
field: 'branch',
|
|
3349
|
-
name:
|
|
3334
|
+
name: vendor.yoctocolorsCjsExports.cyan('Branch')
|
|
3350
3335
|
},
|
|
3351
3336
|
{
|
|
3352
3337
|
field: 'type',
|
|
3353
|
-
name:
|
|
3338
|
+
name: vendor.yoctocolorsCjsExports.cyan('Type')
|
|
3354
3339
|
},
|
|
3355
3340
|
{
|
|
3356
3341
|
field: 'direct',
|
|
3357
|
-
name:
|
|
3342
|
+
name: vendor.yoctocolorsCjsExports.cyan('Direct')
|
|
3358
3343
|
}
|
|
3359
3344
|
]
|
|
3360
3345
|
}
|
|
3361
|
-
logger.logger.log(
|
|
3346
|
+
logger.logger.log(vendor.srcExports(options, data.rows))
|
|
3362
3347
|
}
|
|
3363
3348
|
|
|
3364
3349
|
async function handleDependencies({ limit, offset, outputKind }) {
|
|
@@ -3485,7 +3470,7 @@ async function fetchDiffScan({ after, before, orgSlug }) {
|
|
|
3485
3470
|
async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
3486
3471
|
const dashboardUrl = result.diff_report_url
|
|
3487
3472
|
const dashboardMessage = dashboardUrl
|
|
3488
|
-
? `\n View this diff scan in the Socket dashboard: ${
|
|
3473
|
+
? `\n View this diff scan in the Socket dashboard: ${vendor.yoctocolorsCjsExports.cyan(dashboardUrl)}`
|
|
3489
3474
|
: ''
|
|
3490
3475
|
|
|
3491
3476
|
// When forcing json, or dumping to file, serialize to string such that it
|
|
@@ -3504,7 +3489,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3504
3489
|
}
|
|
3505
3490
|
if (file && file !== '-') {
|
|
3506
3491
|
logger.logger.log(`Writing json to \`${file}\``)
|
|
3507
|
-
|
|
3492
|
+
require$$0.writeFile(file, JSON.stringify(result, null, 2), err => {
|
|
3508
3493
|
if (err) {
|
|
3509
3494
|
logger.logger.fail(`Writing to \`${file}\` failed...`)
|
|
3510
3495
|
logger.logger.error(err)
|
|
@@ -3527,7 +3512,7 @@ async function outputDiffScan(result, { depth, file, outputKind }) {
|
|
|
3527
3512
|
|
|
3528
3513
|
logger.logger.log('Diff scan result:')
|
|
3529
3514
|
logger.logger.log(
|
|
3530
|
-
|
|
3515
|
+
require$$0$1.inspect(result, {
|
|
3531
3516
|
showHidden: false,
|
|
3532
3517
|
depth: depth > 0 ? depth : null,
|
|
3533
3518
|
colors: true,
|
|
@@ -3749,7 +3734,7 @@ const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
|
3749
3734
|
let _octokit
|
|
3750
3735
|
function getOctokit() {
|
|
3751
3736
|
if (_octokit === undefined) {
|
|
3752
|
-
_octokit = new
|
|
3737
|
+
_octokit = new vendor.Octokit({
|
|
3753
3738
|
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
3754
3739
|
auth: constants.ENV[SOCKET_SECURITY_GITHUB_PAT]
|
|
3755
3740
|
})
|
|
@@ -3823,7 +3808,6 @@ async function openGitHubPullRequest(
|
|
|
3823
3808
|
if (!pat) {
|
|
3824
3809
|
throw new Error('Missing SOCKET_SECURITY_GITHUB_PAT environment variable')
|
|
3825
3810
|
}
|
|
3826
|
-
const commitMsg = `chore: upgrade ${name} to ${version}`
|
|
3827
3811
|
const url = `https://x-access-token:${pat}@github.com/${owner}/${repo}`
|
|
3828
3812
|
await spawn.spawn('git', ['remote', 'set-url', 'origin', url], {
|
|
3829
3813
|
cwd
|
|
@@ -3832,8 +3816,8 @@ async function openGitHubPullRequest(
|
|
|
3832
3816
|
return await octokit.pulls.create({
|
|
3833
3817
|
owner,
|
|
3834
3818
|
repo,
|
|
3835
|
-
title:
|
|
3836
|
-
head:
|
|
3819
|
+
title: `chore: upgrade ${name} to ${version}`,
|
|
3820
|
+
head: branch,
|
|
3837
3821
|
base: baseBranch,
|
|
3838
3822
|
body: `[socket] Upgrade \`${name}\` to ${version}`
|
|
3839
3823
|
})
|
|
@@ -4061,7 +4045,7 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options_) {
|
|
|
4061
4045
|
...options.include
|
|
4062
4046
|
}
|
|
4063
4047
|
const { spinner } = options
|
|
4064
|
-
const depTypes =
|
|
4048
|
+
const depTypes = vendor.libExports$2.detectDepTypes(lockfile)
|
|
4065
4049
|
const pkgIds = Object.keys(depTypes)
|
|
4066
4050
|
let { length: remaining } = pkgIds
|
|
4067
4051
|
const alertsByPkgId = new Map()
|
|
@@ -4263,7 +4247,7 @@ async function pnpmFix(
|
|
|
4263
4247
|
pkgEnvDetails,
|
|
4264
4248
|
{ autoMerge, cwd, rangeStyle, spinner, test, testScript }
|
|
4265
4249
|
) {
|
|
4266
|
-
const lockfile = await
|
|
4250
|
+
const lockfile = await vendor.libExports$3.readWantedLockfile(cwd, {
|
|
4267
4251
|
ignoreIncompatible: false
|
|
4268
4252
|
})
|
|
4269
4253
|
if (!lockfile) {
|
|
@@ -4512,7 +4496,7 @@ const binByAgent = new Map([
|
|
|
4512
4496
|
async function getAgentExecPath(agent) {
|
|
4513
4497
|
const binName = binByAgent.get(agent)
|
|
4514
4498
|
return (
|
|
4515
|
-
(await
|
|
4499
|
+
(await vendor.libExports$1(binName, {
|
|
4516
4500
|
nothrow: true
|
|
4517
4501
|
})) ?? binName
|
|
4518
4502
|
)
|
|
@@ -4524,7 +4508,7 @@ async function getAgentVersion(agentExecPath, cwd) {
|
|
|
4524
4508
|
// Coerce version output into a valid semver version by passing it through
|
|
4525
4509
|
// semver.coerce which strips leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
4526
4510
|
// and tildes (~).
|
|
4527
|
-
|
|
4511
|
+
vendor.semverExports.coerce(
|
|
4528
4512
|
// All package managers support the "--version" flag.
|
|
4529
4513
|
(
|
|
4530
4514
|
await spawn.spawn(agentExecPath, ['--version'], {
|
|
@@ -4618,7 +4602,7 @@ async function detectPackageEnvironment({
|
|
|
4618
4602
|
cwd
|
|
4619
4603
|
})
|
|
4620
4604
|
const pkgPath =
|
|
4621
|
-
pkgJsonPath &&
|
|
4605
|
+
pkgJsonPath && require$$0.existsSync(pkgJsonPath)
|
|
4622
4606
|
? path$1.dirname(pkgJsonPath)
|
|
4623
4607
|
: undefined
|
|
4624
4608
|
const editablePkgJson = pkgPath
|
|
@@ -4672,7 +4656,7 @@ async function detectPackageEnvironment({
|
|
|
4672
4656
|
// Lazily access constants.minimumVersionByAgent.
|
|
4673
4657
|
const minSupportedAgentVersion = constants.minimumVersionByAgent.get(agent)
|
|
4674
4658
|
const minSupportedNodeVersion = maintainedNodeVersions.last
|
|
4675
|
-
const nodeVersion =
|
|
4659
|
+
const nodeVersion = vendor.semverExports.coerce(process$1.version)
|
|
4676
4660
|
let lockSrc
|
|
4677
4661
|
let pkgAgentRange
|
|
4678
4662
|
let pkgNodeRange
|
|
@@ -4686,8 +4670,8 @@ async function detectPackageEnvironment({
|
|
|
4686
4670
|
pkgAgentRange = engineAgentRange
|
|
4687
4671
|
// Roughly check agent range as semver.coerce will strip leading
|
|
4688
4672
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4689
|
-
const coerced =
|
|
4690
|
-
if (coerced &&
|
|
4673
|
+
const coerced = vendor.semverExports.coerce(pkgAgentRange)
|
|
4674
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinAgentVersion)) {
|
|
4691
4675
|
pkgMinAgentVersion = coerced.version
|
|
4692
4676
|
}
|
|
4693
4677
|
}
|
|
@@ -4695,22 +4679,23 @@ async function detectPackageEnvironment({
|
|
|
4695
4679
|
pkgNodeRange = engineNodeRange
|
|
4696
4680
|
// Roughly check Node range as semver.coerce will strip leading
|
|
4697
4681
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
4698
|
-
const coerced =
|
|
4699
|
-
if (coerced &&
|
|
4682
|
+
const coerced = vendor.semverExports.coerce(pkgNodeRange)
|
|
4683
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4700
4684
|
pkgMinNodeVersion = coerced.version
|
|
4701
4685
|
}
|
|
4702
4686
|
}
|
|
4703
4687
|
const browserslistQuery = pkgJson['browserslist']
|
|
4704
4688
|
if (Array.isArray(browserslistQuery)) {
|
|
4705
4689
|
// List Node targets in ascending version order.
|
|
4706
|
-
const browserslistNodeTargets =
|
|
4690
|
+
const browserslistNodeTargets = vendor
|
|
4691
|
+
.browserslistExports(browserslistQuery)
|
|
4707
4692
|
.filter(v => /^node /i.test(v))
|
|
4708
4693
|
.map(v => v.slice(5 /*'node '.length*/))
|
|
4709
4694
|
.sort(sorts.naturalCompare)
|
|
4710
4695
|
if (browserslistNodeTargets.length) {
|
|
4711
4696
|
// browserslistNodeTargets[0] is the lowest Node target version.
|
|
4712
|
-
const coerced =
|
|
4713
|
-
if (coerced &&
|
|
4697
|
+
const coerced = vendor.semverExports.coerce(browserslistNodeTargets[0])
|
|
4698
|
+
if (coerced && vendor.semverExports.lt(coerced, pkgMinNodeVersion)) {
|
|
4714
4699
|
pkgMinNodeVersion = coerced.version
|
|
4715
4700
|
}
|
|
4716
4701
|
}
|
|
@@ -4726,17 +4711,20 @@ async function detectPackageEnvironment({
|
|
|
4726
4711
|
// Does the system agent version meet our minimum supported agent version?
|
|
4727
4712
|
const agentSupported =
|
|
4728
4713
|
!!agentVersion &&
|
|
4729
|
-
|
|
4714
|
+
vendor.semverExports.satisfies(
|
|
4715
|
+
agentVersion,
|
|
4716
|
+
`>=${minSupportedAgentVersion}`
|
|
4717
|
+
)
|
|
4730
4718
|
|
|
4731
4719
|
// Does the system Node version meet our minimum supported Node version?
|
|
4732
|
-
const nodeSupported =
|
|
4720
|
+
const nodeSupported = vendor.semverExports.satisfies(
|
|
4733
4721
|
nodeVersion,
|
|
4734
4722
|
`>=${minSupportedNodeVersion}`
|
|
4735
4723
|
)
|
|
4736
4724
|
const npmBuggyOverrides =
|
|
4737
4725
|
agent === NPM$b &&
|
|
4738
4726
|
!!agentVersion &&
|
|
4739
|
-
|
|
4727
|
+
vendor.semverExports.lt(agentVersion, NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1)
|
|
4740
4728
|
return {
|
|
4741
4729
|
agent,
|
|
4742
4730
|
agentExecPath,
|
|
@@ -4759,13 +4747,13 @@ async function detectPackageEnvironment({
|
|
|
4759
4747
|
},
|
|
4760
4748
|
pkgSupports: {
|
|
4761
4749
|
// Does our minimum supported agent version meet the package's requirements?
|
|
4762
|
-
agent:
|
|
4750
|
+
agent: vendor.semverExports.satisfies(
|
|
4763
4751
|
minSupportedAgentVersion,
|
|
4764
4752
|
`>=${pkgMinAgentVersion}`
|
|
4765
4753
|
),
|
|
4766
4754
|
// Does our supported Node versions meet the package's requirements?
|
|
4767
4755
|
node: maintainedNodeVersions.some(v =>
|
|
4768
|
-
|
|
4756
|
+
vendor.semverExports.satisfies(v, `>=${pkgMinNodeVersion}`)
|
|
4769
4757
|
)
|
|
4770
4758
|
}
|
|
4771
4759
|
}
|
|
@@ -4913,12 +4901,12 @@ const config$z = {
|
|
|
4913
4901
|
autoMerge: {
|
|
4914
4902
|
type: 'boolean',
|
|
4915
4903
|
default: false,
|
|
4916
|
-
description: `Enable auto-merge for pull requests that Socket opens.\n See ${
|
|
4904
|
+
description: `Enable auto-merge for pull requests that Socket opens.\n See ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4917
4905
|
},
|
|
4918
4906
|
rangeStyle: {
|
|
4919
4907
|
type: 'string',
|
|
4920
4908
|
default: 'preserve',
|
|
4921
|
-
description:
|
|
4909
|
+
description: vendor.stripIndent`
|
|
4922
4910
|
Define how updated dependency versions should be written in package.json.
|
|
4923
4911
|
Available styles:
|
|
4924
4912
|
* caret - Use ^ range for compatible updates (e.g. ^1.2.3)
|
|
@@ -5027,11 +5015,11 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
|
|
|
5027
5015
|
const { NPM: NPM$9 } = registryConstants
|
|
5028
5016
|
function formatScore$1(score) {
|
|
5029
5017
|
if (score > 80) {
|
|
5030
|
-
return
|
|
5018
|
+
return vendor.yoctocolorsCjsExports.green(`${score}`)
|
|
5031
5019
|
} else if (score < 80 && score > 60) {
|
|
5032
|
-
return
|
|
5020
|
+
return vendor.yoctocolorsCjsExports.yellow(`${score}`)
|
|
5033
5021
|
}
|
|
5034
|
-
return
|
|
5022
|
+
return vendor.yoctocolorsCjsExports.red(`${score}`)
|
|
5035
5023
|
}
|
|
5036
5024
|
function outputPackageIssuesDetails(packageData, outputMarkdown) {
|
|
5037
5025
|
const issueDetails = packageData.filter(
|
|
@@ -5079,7 +5067,7 @@ function outputPackageInfo(
|
|
|
5079
5067
|
return
|
|
5080
5068
|
}
|
|
5081
5069
|
if (outputKind === 'markdown') {
|
|
5082
|
-
logger.logger.log(
|
|
5070
|
+
logger.logger.log(vendor.stripIndents`
|
|
5083
5071
|
# Package report for ${pkgName}
|
|
5084
5072
|
|
|
5085
5073
|
Package report card:
|
|
@@ -5136,8 +5124,8 @@ function outputPackageInfo(
|
|
|
5136
5124
|
}
|
|
5137
5125
|
if (outputKind !== 'markdown') {
|
|
5138
5126
|
logger.logger.log(
|
|
5139
|
-
|
|
5140
|
-
`\nOr rerun ${
|
|
5127
|
+
vendor.yoctocolorsCjsExports.dim(
|
|
5128
|
+
`\nOr rerun ${vendor.yoctocolorsCjsExports.italic(commandName)} using the ${vendor.yoctocolorsCjsExports.italic('--json')} flag to get full JSON output`
|
|
5141
5129
|
)
|
|
5142
5130
|
)
|
|
5143
5131
|
} else {
|
|
@@ -5268,7 +5256,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
|
|
|
5268
5256
|
apiProxy ??= shadowNpmInject.getConfigValue('apiProxy') ?? undefined
|
|
5269
5257
|
const apiToken =
|
|
5270
5258
|
(await prompts.password({
|
|
5271
|
-
message: `Enter your ${
|
|
5259
|
+
message: `Enter your ${vendor.terminalLinkExports('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
|
|
5272
5260
|
})) || SOCKET_PUBLIC_API_TOKEN
|
|
5273
5261
|
// Lazily access constants.spinner.
|
|
5274
5262
|
const { spinner } = constants
|
|
@@ -6014,7 +6002,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6014
6002
|
subArgs.push('--verbose')
|
|
6015
6003
|
}
|
|
6016
6004
|
const dir = cwd
|
|
6017
|
-
if (
|
|
6005
|
+
if (require$$0.existsSync(path$1.join(dir, 'build.sbt'))) {
|
|
6018
6006
|
logger.logger.log(
|
|
6019
6007
|
'Detected a Scala sbt build, running default Scala generator...'
|
|
6020
6008
|
)
|
|
@@ -6031,7 +6019,7 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6031
6019
|
})
|
|
6032
6020
|
return
|
|
6033
6021
|
}
|
|
6034
|
-
if (
|
|
6022
|
+
if (require$$0.existsSync(path$1.join(dir, 'gradlew'))) {
|
|
6035
6023
|
logger.logger.log(
|
|
6036
6024
|
'Detected a gradle build, running default gradle generator...'
|
|
6037
6025
|
)
|
|
@@ -6054,8 +6042,9 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6054
6042
|
}
|
|
6055
6043
|
|
|
6056
6044
|
// Show new help screen and exit.
|
|
6057
|
-
|
|
6058
|
-
|
|
6045
|
+
vendor
|
|
6046
|
+
.meow(
|
|
6047
|
+
`
|
|
6059
6048
|
$ ${parentName} ${config$t.commandName}
|
|
6060
6049
|
|
|
6061
6050
|
Unfortunately this script did not discover a supported language in the
|
|
@@ -6068,12 +6057,13 @@ async function run$t(argv, importMeta, { parentName }) {
|
|
|
6068
6057
|
If that doesn't work, see \`${parentName} <lang> --help\` for config details for
|
|
6069
6058
|
your target language.
|
|
6070
6059
|
`,
|
|
6071
|
-
|
|
6072
|
-
|
|
6073
|
-
|
|
6074
|
-
|
|
6075
|
-
|
|
6076
|
-
|
|
6060
|
+
{
|
|
6061
|
+
argv: [],
|
|
6062
|
+
description: config$t.description,
|
|
6063
|
+
importMeta
|
|
6064
|
+
}
|
|
6065
|
+
)
|
|
6066
|
+
.showHelp()
|
|
6077
6067
|
}
|
|
6078
6068
|
|
|
6079
6069
|
const { DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$p } = constants
|
|
@@ -6543,7 +6533,7 @@ async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
|
|
|
6543
6533
|
const yml = await shadowNpmInject.safeReadFile(workspacePath)
|
|
6544
6534
|
if (yml) {
|
|
6545
6535
|
try {
|
|
6546
|
-
workspacePatterns =
|
|
6536
|
+
workspacePatterns = vendor.distExports$1.parse(yml)?.packages
|
|
6547
6537
|
} catch {}
|
|
6548
6538
|
if (workspacePatterns) {
|
|
6549
6539
|
break
|
|
@@ -7013,10 +7003,10 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7013
7003
|
const depAliasMap = new Map()
|
|
7014
7004
|
const depEntries = getDependencyEntries(editablePkgJson)
|
|
7015
7005
|
const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
|
|
7016
|
-
|
|
7006
|
+
vendor.semverExports.satisfies(
|
|
7017
7007
|
// Roughly check Node range as semver.coerce will strip leading
|
|
7018
7008
|
// v's, carets (^), comparators (<,<=,>,>=,=), and tildes (~).
|
|
7019
|
-
|
|
7009
|
+
vendor.semverExports.coerce(data.engines.node),
|
|
7020
7010
|
pkgEnvDetails.pkgRequirements.node
|
|
7021
7011
|
)
|
|
7022
7012
|
)
|
|
@@ -7024,7 +7014,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7024
7014
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7025
7015
|
await promises.pEach(manifestEntries, 3, async ({ 1: data }) => {
|
|
7026
7016
|
const { name: sockRegPkgName, package: origPkgName, version } = data
|
|
7027
|
-
const major =
|
|
7017
|
+
const major = vendor.semverExports.major(version)
|
|
7028
7018
|
const sockOverridePrefix = `${NPM$1}:${sockRegPkgName}@`
|
|
7029
7019
|
const sockOverrideSpec = `${sockOverridePrefix}${pin ? version : `^${major}`}`
|
|
7030
7020
|
for (const { 1: depObj } of depEntries) {
|
|
@@ -7048,7 +7038,8 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7048
7038
|
thisSpec.startsWith(sockOverridePrefix) &&
|
|
7049
7039
|
// Check the validity of the spec by passing it through npa and
|
|
7050
7040
|
// seeing if it will coerce to a version.
|
|
7051
|
-
|
|
7041
|
+
vendor.semverExports.coerce(vendor.npaExports(thisSpec).rawSpec)
|
|
7042
|
+
?.version
|
|
7052
7043
|
)
|
|
7053
7044
|
) {
|
|
7054
7045
|
thisSpec = sockOverrideSpec
|
|
@@ -7105,20 +7096,22 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7105
7096
|
if (thisSpec.startsWith(sockOverridePrefix)) {
|
|
7106
7097
|
if (
|
|
7107
7098
|
pin &&
|
|
7108
|
-
|
|
7099
|
+
vendor.semverExports.major(
|
|
7109
7100
|
// Check the validity of the spec by passing it through npa
|
|
7110
7101
|
// and seeing if it will coerce to a version. semver.coerce
|
|
7111
7102
|
// will strip leading v's, carets (^), comparators (<,<=,>,>=,=),
|
|
7112
7103
|
// and tildes (~). If not coerced to a valid version then
|
|
7113
7104
|
// default to the manifest entry version.
|
|
7114
|
-
|
|
7105
|
+
vendor.semverExports.coerce(
|
|
7106
|
+
vendor.npaExports(thisSpec).rawSpec
|
|
7107
|
+
)?.version ?? version
|
|
7115
7108
|
) !== major
|
|
7116
7109
|
) {
|
|
7117
7110
|
const otherVersion = (
|
|
7118
7111
|
await packages.fetchPackageManifest(thisSpec)
|
|
7119
7112
|
)?.version
|
|
7120
7113
|
if (otherVersion && otherVersion !== version) {
|
|
7121
|
-
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${
|
|
7114
|
+
newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${vendor.semverExports.major(otherVersion)}`}`
|
|
7122
7115
|
}
|
|
7123
7116
|
}
|
|
7124
7117
|
} else {
|
|
@@ -7136,11 +7129,14 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
|
|
|
7136
7129
|
}
|
|
7137
7130
|
})
|
|
7138
7131
|
if (workspaceGlobs) {
|
|
7139
|
-
const workspacePkgJsonPaths = await
|
|
7140
|
-
|
|
7141
|
-
|
|
7142
|
-
|
|
7143
|
-
|
|
7132
|
+
const workspacePkgJsonPaths = await vendor.distExports.glob(
|
|
7133
|
+
workspaceGlobs,
|
|
7134
|
+
{
|
|
7135
|
+
absolute: true,
|
|
7136
|
+
cwd: pkgPath,
|
|
7137
|
+
ignore: ['**/node_modules/**', '**/bower_components/**']
|
|
7138
|
+
}
|
|
7139
|
+
)
|
|
7144
7140
|
// Chunk package names to process them in parallel 3 at a time.
|
|
7145
7141
|
await promises.pEach(
|
|
7146
7142
|
workspacePkgJsonPaths,
|
|
@@ -7377,7 +7373,7 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7377
7373
|
}
|
|
7378
7374
|
logger.logger.log('# Organizations\n')
|
|
7379
7375
|
logger.logger.log(
|
|
7380
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7376
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7381
7377
|
)
|
|
7382
7378
|
logger.logger.log(
|
|
7383
7379
|
`| Name${' '.repeat(mw1 - 4)} | ID${' '.repeat(mw2 - 2)} | Plan${' '.repeat(mw3 - 4)} |`
|
|
@@ -7397,12 +7393,12 @@ async function outputOrganizationList(data, outputKind = 'text') {
|
|
|
7397
7393
|
}
|
|
7398
7394
|
default: {
|
|
7399
7395
|
logger.logger.log(
|
|
7400
|
-
`List of organizations associated with your API key, ending with: ${
|
|
7396
|
+
`List of organizations associated with your API key, ending with: ${vendor.yoctocolorsCjsExports.italic(lastFiveOfApiToken)}\n`
|
|
7401
7397
|
)
|
|
7402
7398
|
// Just dump
|
|
7403
7399
|
for (const o of organizations) {
|
|
7404
7400
|
logger.logger.log(
|
|
7405
|
-
`- Name: ${
|
|
7401
|
+
`- Name: ${vendor.yoctocolorsCjsExports.bold(o.name ?? 'undefined')}, ID: ${vendor.yoctocolorsCjsExports.bold(o.id)}, Plan: ${vendor.yoctocolorsCjsExports.bold(o.plan)}`
|
|
7406
7402
|
)
|
|
7407
7403
|
}
|
|
7408
7404
|
}
|
|
@@ -8391,7 +8387,7 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8391
8387
|
return true // not found
|
|
8392
8388
|
})
|
|
8393
8389
|
if (outputKind === 'markdown') {
|
|
8394
|
-
logger.logger.log(
|
|
8390
|
+
logger.logger.log(vendor.stripIndents`
|
|
8395
8391
|
# Shallow Package Report
|
|
8396
8392
|
|
|
8397
8393
|
This report contains the response for requesting data on some package url(s).
|
|
@@ -8405,14 +8401,16 @@ function outputPurlsShallowScore(purls, packageData, outputKind) {
|
|
|
8405
8401
|
`)
|
|
8406
8402
|
return
|
|
8407
8403
|
}
|
|
8408
|
-
logger.logger.log(
|
|
8404
|
+
logger.logger.log(
|
|
8405
|
+
'\n' + vendor.yoctocolorsCjsExports.bold('Shallow Package Score') + '\n'
|
|
8406
|
+
)
|
|
8409
8407
|
logger.logger.log(
|
|
8410
8408
|
'Please note: The listed scores are ONLY for the package itself. It does NOT\n' +
|
|
8411
8409
|
' reflect the scores of any dependencies, transitive or otherwise.'
|
|
8412
8410
|
)
|
|
8413
8411
|
if (missing.length) {
|
|
8414
8412
|
logger.logger.log(
|
|
8415
|
-
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' +
|
|
8413
|
+
`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' + vendor.yoctocolorsCjsExports.bold(purl)).join('')}`
|
|
8416
8414
|
)
|
|
8417
8415
|
}
|
|
8418
8416
|
packageData.forEach(data => {
|
|
@@ -8432,7 +8430,7 @@ function formatReportCard(data, color) {
|
|
|
8432
8430
|
const alertString = getAlertString(data.alerts, !color)
|
|
8433
8431
|
const purl = 'pkg:' + data.type + '/' + data.name + '@' + data.version
|
|
8434
8432
|
return [
|
|
8435
|
-
'Package: ' + (color ?
|
|
8433
|
+
'Package: ' + (color ? vendor.yoctocolorsCjsExports.bold(purl) : purl),
|
|
8436
8434
|
'',
|
|
8437
8435
|
...Object.entries(scoreResult).map(
|
|
8438
8436
|
score =>
|
|
@@ -8448,16 +8446,18 @@ function formatScore(score, noColor = false, pad = false) {
|
|
|
8448
8446
|
return padded
|
|
8449
8447
|
}
|
|
8450
8448
|
if (score >= 80) {
|
|
8451
|
-
return
|
|
8449
|
+
return vendor.yoctocolorsCjsExports.green(padded)
|
|
8452
8450
|
}
|
|
8453
8451
|
if (score >= 60) {
|
|
8454
|
-
return
|
|
8452
|
+
return vendor.yoctocolorsCjsExports.yellow(padded)
|
|
8455
8453
|
}
|
|
8456
|
-
return
|
|
8454
|
+
return vendor.yoctocolorsCjsExports.red(padded)
|
|
8457
8455
|
}
|
|
8458
8456
|
function getAlertString(alerts, noColor = false) {
|
|
8459
8457
|
if (!alerts?.length) {
|
|
8460
|
-
return noColor
|
|
8458
|
+
return noColor
|
|
8459
|
+
? `- Alerts: none!`
|
|
8460
|
+
: `- Alerts: ${vendor.yoctocolorsCjsExports.green('none')}!`
|
|
8461
8461
|
}
|
|
8462
8462
|
const bad = alerts
|
|
8463
8463
|
.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle')
|
|
@@ -8487,22 +8487,32 @@ function getAlertString(alerts, noColor = false) {
|
|
|
8487
8487
|
)
|
|
8488
8488
|
}
|
|
8489
8489
|
return (
|
|
8490
|
-
`- Alerts (${
|
|
8490
|
+
`- Alerts (${vendor.yoctocolorsCjsExports.red(bad.length.toString())}/${vendor.yoctocolorsCjsExports.yellow(mid.length.toString())}/${low.length}):` +
|
|
8491
8491
|
' '.repeat(Math.max(0, 20 - colorless.length)) +
|
|
8492
8492
|
' ' +
|
|
8493
8493
|
[
|
|
8494
8494
|
bad
|
|
8495
8495
|
.map(alert =>
|
|
8496
|
-
|
|
8496
|
+
vendor.yoctocolorsCjsExports.red(
|
|
8497
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8498
|
+
alert.type
|
|
8499
|
+
)
|
|
8497
8500
|
)
|
|
8498
8501
|
.join(', '),
|
|
8499
8502
|
mid
|
|
8500
8503
|
.map(alert =>
|
|
8501
|
-
|
|
8504
|
+
vendor.yoctocolorsCjsExports.yellow(
|
|
8505
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8506
|
+
alert.type
|
|
8507
|
+
)
|
|
8502
8508
|
)
|
|
8503
8509
|
.join(', '),
|
|
8504
8510
|
low
|
|
8505
|
-
.map(
|
|
8511
|
+
.map(
|
|
8512
|
+
alert =>
|
|
8513
|
+
vendor.yoctocolorsCjsExports.dim(`[${alert.severity}] `) +
|
|
8514
|
+
alert.type
|
|
8515
|
+
)
|
|
8506
8516
|
.join(', ')
|
|
8507
8517
|
]
|
|
8508
8518
|
.filter(Boolean)
|
|
@@ -9120,27 +9130,27 @@ async function outputListRepos(data, outputKind) {
|
|
|
9120
9130
|
columns: [
|
|
9121
9131
|
{
|
|
9122
9132
|
field: 'id',
|
|
9123
|
-
name:
|
|
9133
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9124
9134
|
},
|
|
9125
9135
|
{
|
|
9126
9136
|
field: 'name',
|
|
9127
|
-
name:
|
|
9137
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9128
9138
|
},
|
|
9129
9139
|
{
|
|
9130
9140
|
field: 'visibility',
|
|
9131
|
-
name:
|
|
9141
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9132
9142
|
},
|
|
9133
9143
|
{
|
|
9134
9144
|
field: 'default_branch',
|
|
9135
|
-
name:
|
|
9145
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9136
9146
|
},
|
|
9137
9147
|
{
|
|
9138
9148
|
field: 'archived',
|
|
9139
|
-
name:
|
|
9149
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9140
9150
|
}
|
|
9141
9151
|
]
|
|
9142
9152
|
}
|
|
9143
|
-
logger.logger.log(
|
|
9153
|
+
logger.logger.log(vendor.srcExports(options, data.results))
|
|
9144
9154
|
}
|
|
9145
9155
|
|
|
9146
9156
|
async function handleListRepos({
|
|
@@ -9485,35 +9495,35 @@ async function outputViewRepo(data, outputKind) {
|
|
|
9485
9495
|
columns: [
|
|
9486
9496
|
{
|
|
9487
9497
|
field: 'id',
|
|
9488
|
-
name:
|
|
9498
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
9489
9499
|
},
|
|
9490
9500
|
{
|
|
9491
9501
|
field: 'name',
|
|
9492
|
-
name:
|
|
9502
|
+
name: vendor.yoctocolorsCjsExports.magenta('Name')
|
|
9493
9503
|
},
|
|
9494
9504
|
{
|
|
9495
9505
|
field: 'visibility',
|
|
9496
|
-
name:
|
|
9506
|
+
name: vendor.yoctocolorsCjsExports.magenta('Visibility')
|
|
9497
9507
|
},
|
|
9498
9508
|
{
|
|
9499
9509
|
field: 'default_branch',
|
|
9500
|
-
name:
|
|
9510
|
+
name: vendor.yoctocolorsCjsExports.magenta('Default branch')
|
|
9501
9511
|
},
|
|
9502
9512
|
{
|
|
9503
9513
|
field: 'homepage',
|
|
9504
|
-
name:
|
|
9514
|
+
name: vendor.yoctocolorsCjsExports.magenta('Homepage')
|
|
9505
9515
|
},
|
|
9506
9516
|
{
|
|
9507
9517
|
field: 'archived',
|
|
9508
|
-
name:
|
|
9518
|
+
name: vendor.yoctocolorsCjsExports.magenta('Archived')
|
|
9509
9519
|
},
|
|
9510
9520
|
{
|
|
9511
9521
|
field: 'created_at',
|
|
9512
|
-
name:
|
|
9522
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
9513
9523
|
}
|
|
9514
9524
|
]
|
|
9515
9525
|
}
|
|
9516
|
-
logger.logger.log(
|
|
9526
|
+
logger.logger.log(vendor.srcExports(options, [data]))
|
|
9517
9527
|
}
|
|
9518
9528
|
|
|
9519
9529
|
async function handleViewRepo(orgSlug, repoName, outputKind) {
|
|
@@ -10118,26 +10128,28 @@ async function outputListScans(data, outputKind) {
|
|
|
10118
10128
|
columns: [
|
|
10119
10129
|
{
|
|
10120
10130
|
field: 'id',
|
|
10121
|
-
name:
|
|
10131
|
+
name: vendor.yoctocolorsCjsExports.magenta('ID')
|
|
10122
10132
|
},
|
|
10123
10133
|
{
|
|
10124
10134
|
field: 'report_url',
|
|
10125
|
-
name:
|
|
10135
|
+
name: vendor.yoctocolorsCjsExports.magenta('Scan URL')
|
|
10126
10136
|
},
|
|
10127
10137
|
{
|
|
10128
10138
|
field: 'branch',
|
|
10129
|
-
name:
|
|
10139
|
+
name: vendor.yoctocolorsCjsExports.magenta('Branch')
|
|
10130
10140
|
},
|
|
10131
10141
|
{
|
|
10132
10142
|
field: 'created_at',
|
|
10133
|
-
name:
|
|
10143
|
+
name: vendor.yoctocolorsCjsExports.magenta('Created at')
|
|
10134
10144
|
}
|
|
10135
10145
|
]
|
|
10136
10146
|
}
|
|
10137
10147
|
const formattedResults = data.results.map(d => {
|
|
10138
10148
|
return {
|
|
10139
10149
|
id: d.id,
|
|
10140
|
-
report_url:
|
|
10150
|
+
report_url: vendor.yoctocolorsCjsExports.underline(
|
|
10151
|
+
`${d.html_report_url}`
|
|
10152
|
+
),
|
|
10141
10153
|
created_at: d.created_at
|
|
10142
10154
|
? new Date(d.created_at).toLocaleDateString('en-us', {
|
|
10143
10155
|
year: 'numeric',
|
|
@@ -10148,7 +10160,7 @@ async function outputListScans(data, outputKind) {
|
|
|
10148
10160
|
branch: d.branch
|
|
10149
10161
|
}
|
|
10150
10162
|
})
|
|
10151
|
-
logger.logger.log(
|
|
10163
|
+
logger.logger.log(vendor.srcExports(options, formattedResults))
|
|
10152
10164
|
}
|
|
10153
10165
|
|
|
10154
10166
|
async function handleListScans({
|
|
@@ -11149,7 +11161,7 @@ async function run$1(argv, importMeta, { parentName }) {
|
|
|
11149
11161
|
}
|
|
11150
11162
|
|
|
11151
11163
|
function addSocketWrapper(file) {
|
|
11152
|
-
return
|
|
11164
|
+
return require$$0.appendFile(
|
|
11153
11165
|
file,
|
|
11154
11166
|
'alias npm="socket npm"\nalias npx="socket npx"\n',
|
|
11155
11167
|
err => {
|
|
@@ -11158,7 +11170,7 @@ function addSocketWrapper(file) {
|
|
|
11158
11170
|
}
|
|
11159
11171
|
// TODO: pretty sure you need to source the file or restart
|
|
11160
11172
|
// any terminal session before changes are reflected.
|
|
11161
|
-
logger.logger.log(
|
|
11173
|
+
logger.logger.log(vendor.stripIndents`
|
|
11162
11174
|
The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
|
|
11163
11175
|
If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
11164
11176
|
`)
|
|
@@ -11167,7 +11179,7 @@ If you want to disable it at any time, run \`socket wrapper --disable\`
|
|
|
11167
11179
|
}
|
|
11168
11180
|
|
|
11169
11181
|
function checkSocketWrapperSetup(file) {
|
|
11170
|
-
const fileContent =
|
|
11182
|
+
const fileContent = require$$0.readFileSync(file, 'utf8')
|
|
11171
11183
|
const linesWithSocketAlias = fileContent
|
|
11172
11184
|
.split('\n')
|
|
11173
11185
|
.filter(
|
|
@@ -11186,10 +11198,11 @@ async function postinstallWrapper() {
|
|
|
11186
11198
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11187
11199
|
const { bashRcPath, zshRcPath } = constants
|
|
11188
11200
|
const socketWrapperEnabled =
|
|
11189
|
-
(
|
|
11190
|
-
|
|
11201
|
+
(require$$0.existsSync(bashRcPath) &&
|
|
11202
|
+
checkSocketWrapperSetup(bashRcPath)) ||
|
|
11203
|
+
(require$$0.existsSync(zshRcPath) && checkSocketWrapperSetup(zshRcPath))
|
|
11191
11204
|
if (!socketWrapperEnabled) {
|
|
11192
|
-
await installSafeNpm(
|
|
11205
|
+
await installSafeNpm(vendor.stripIndents`
|
|
11193
11206
|
The Socket CLI is now successfully installed! 🎉
|
|
11194
11207
|
|
|
11195
11208
|
To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.
|
|
@@ -11214,10 +11227,10 @@ async function installSafeNpm(query) {
|
|
|
11214
11227
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11215
11228
|
const { bashRcPath, zshRcPath } = constants
|
|
11216
11229
|
try {
|
|
11217
|
-
if (
|
|
11230
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11218
11231
|
addSocketWrapper(bashRcPath)
|
|
11219
11232
|
}
|
|
11220
|
-
if (
|
|
11233
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11221
11234
|
addSocketWrapper(zshRcPath)
|
|
11222
11235
|
}
|
|
11223
11236
|
} catch (e) {
|
|
@@ -11229,7 +11242,7 @@ async function installSafeNpm(query) {
|
|
|
11229
11242
|
}
|
|
11230
11243
|
|
|
11231
11244
|
function removeSocketWrapper(file) {
|
|
11232
|
-
return
|
|
11245
|
+
return require$$0.readFile(file, 'utf8', function (err, data) {
|
|
11233
11246
|
if (err) {
|
|
11234
11247
|
logger.logger.fail('There was an error removing the alias:')
|
|
11235
11248
|
logger.logger.error(err)
|
|
@@ -11241,7 +11254,7 @@ function removeSocketWrapper(file) {
|
|
|
11241
11254
|
l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"'
|
|
11242
11255
|
)
|
|
11243
11256
|
const updatedFileContent = linesWithoutSocketAlias.join('\n')
|
|
11244
|
-
|
|
11257
|
+
require$$0.writeFile(file, updatedFileContent, function (err) {
|
|
11245
11258
|
if (err) {
|
|
11246
11259
|
logger.logger.error(err)
|
|
11247
11260
|
return
|
|
@@ -11329,21 +11342,27 @@ async function run(argv, importMeta, { parentName }) {
|
|
|
11329
11342
|
// Lazily access constants.bashRcPath and constants.zshRcPath.
|
|
11330
11343
|
const { bashRcPath, zshRcPath } = constants
|
|
11331
11344
|
if (enable) {
|
|
11332
|
-
if (
|
|
11345
|
+
if (
|
|
11346
|
+
require$$0.existsSync(bashRcPath) &&
|
|
11347
|
+
!checkSocketWrapperSetup(bashRcPath)
|
|
11348
|
+
) {
|
|
11333
11349
|
addSocketWrapper(bashRcPath)
|
|
11334
11350
|
}
|
|
11335
|
-
if (
|
|
11351
|
+
if (
|
|
11352
|
+
require$$0.existsSync(zshRcPath) &&
|
|
11353
|
+
!checkSocketWrapperSetup(zshRcPath)
|
|
11354
|
+
) {
|
|
11336
11355
|
addSocketWrapper(zshRcPath)
|
|
11337
11356
|
}
|
|
11338
11357
|
} else {
|
|
11339
|
-
if (
|
|
11358
|
+
if (require$$0.existsSync(bashRcPath)) {
|
|
11340
11359
|
removeSocketWrapper(bashRcPath)
|
|
11341
11360
|
}
|
|
11342
|
-
if (
|
|
11361
|
+
if (require$$0.existsSync(zshRcPath)) {
|
|
11343
11362
|
removeSocketWrapper(zshRcPath)
|
|
11344
11363
|
}
|
|
11345
11364
|
}
|
|
11346
|
-
if (!
|
|
11365
|
+
if (!require$$0.existsSync(bashRcPath) && !require$$0.existsSync(zshRcPath)) {
|
|
11347
11366
|
logger.logger.fail(
|
|
11348
11367
|
'There was an issue setting up the alias in your bash profile'
|
|
11349
11368
|
)
|
|
@@ -11354,10 +11373,10 @@ const { SOCKET_CLI_BIN_NAME } = constants
|
|
|
11354
11373
|
|
|
11355
11374
|
// TODO: Add autocompletion using https://socket.dev/npm/package/omelette
|
|
11356
11375
|
void (async () => {
|
|
11357
|
-
await
|
|
11376
|
+
await vendor.updater({
|
|
11358
11377
|
name: SOCKET_CLI_BIN_NAME,
|
|
11359
11378
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11360
|
-
version: '0.14.
|
|
11379
|
+
version: '0.14.96',
|
|
11361
11380
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11362
11381
|
})
|
|
11363
11382
|
try {
|
|
@@ -11394,7 +11413,7 @@ void (async () => {
|
|
|
11394
11413
|
argv: process$1.argv.slice(2),
|
|
11395
11414
|
name: SOCKET_CLI_BIN_NAME,
|
|
11396
11415
|
importMeta: {
|
|
11397
|
-
url: `${
|
|
11416
|
+
url: `${require$$0$2.pathToFileURL(__filename)}`
|
|
11398
11417
|
}
|
|
11399
11418
|
}
|
|
11400
11419
|
)
|
|
@@ -11412,8 +11431,8 @@ void (async () => {
|
|
|
11412
11431
|
errorBody = e.body
|
|
11413
11432
|
} else if (e instanceof Error) {
|
|
11414
11433
|
errorTitle = 'Unexpected error'
|
|
11415
|
-
errorMessage =
|
|
11416
|
-
errorBody =
|
|
11434
|
+
errorMessage = vendor.messageWithCauses(e)
|
|
11435
|
+
errorBody = vendor.stackWithCauses(e)
|
|
11417
11436
|
} else {
|
|
11418
11437
|
errorTitle = 'Unexpected error with no details'
|
|
11419
11438
|
}
|
|
@@ -11425,5 +11444,5 @@ void (async () => {
|
|
|
11425
11444
|
await shadowNpmInject.captureException(e)
|
|
11426
11445
|
}
|
|
11427
11446
|
})()
|
|
11428
|
-
//# debugId=
|
|
11447
|
+
//# debugId=98a204be-dc7b-4215-8459-2b077524373f
|
|
11429
11448
|
//# sourceMappingURL=cli.js.map
|