npm - @socketsecurity/lib - Versions diffs - 2.10.1 → 2.10.3 - Mend

@socketsecurity/lib 2.10.1 → 2.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +24 -0
package/dist/dlx-package.js +6 -6
package/dist/dlx-package.js.map +3 -3
package/dist/external/@socketregistry/packageurl-js.js +2 -5
package/dist/memoization.d.ts +6 -6
package/dist/memoization.js.map +1 -1
package/dist/performance.d.ts +10 -10
package/dist/performance.js.map +1 -1
package/dist/spinner.d.ts +8 -8
package/dist/spinner.js.map +1 -1
package/dist/suppress-warnings.d.ts +4 -4
package/dist/suppress-warnings.js.map +1 -1
package/dist/tables.d.ts +2 -2
package/dist/tables.js.map +1 -1
package/dist/versions.js +1 -1
package/dist/versions.js.map +3 -3
package/package.json +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,30 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.10.3](https://github.com/SocketDev/socket-lib/releases/tag/v2.10.3) - 2025-10-31
+### Fixed
+- Updated `@socketregistry/packageurl-js` to 1.3.1 to resolve an unintended external dependency
+- **Documentation**: Corrected JSDoc `@example` import paths from `@socketsecurity/registry` to `@socketsecurity/lib` across utility modules
+  - Updated examples in `memoization.ts`, `performance.ts`, `spinner.ts`, `suppress-warnings.ts`, and `tables.ts`
+  - Ensures documentation reflects correct package name after v1.0.0 rename
+## [2.10.2](https://github.com/SocketDev/socket-lib/releases/tag/v2.10.2) - 2025-10-31
+### Changed
+- **Package spec parsing**: Refactored to use official `npm-package-arg` library for robust handling of all npm package specification formats (versions, ranges, tags, git URLs)
+  - Improves reliability when parsing complex package specs
+  - Better handles edge cases in version ranges and scoped packages
+  - Falls back to simple parsing if npm-package-arg fails
+### Fixed
+- **Scoped package version parsing**: Fixed critical bug where parsePackageSpec was stripping the `@` prefix from scoped packages with versions
+  - Example: `@coana-tech/cli@~14.12.51` was incorrectly parsed as `coana-tech/cli@~14.12.51`
+  - Caused package installation failures for scoped packages in DLX system
 ## [2.10.1](https://github.com/SocketDev/socket-lib/releases/tag/v2.10.1) - 2025-10-31
 ### Fixed

package/dist/dlx-package.js CHANGED Viewed

@@ -1,10 +1,10 @@
 /* Socket Lib - Built with esbuild */
-var v=Object.create;var h=Object.defineProperty;var $=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var I=Object.getPrototypeOf,_=Object.prototype.hasOwnProperty;var N=(e,n)=>{for(var t in n)h(e,t,{get:n[t],enumerable:!0})},w=(e,n,t,i)=>{if(n&&typeof n=="object"||typeof n=="function")for(let r of C(n))!_.call(e,r)&&r!==t&&h(e,r,{get:()=>n[r],enumerable:!(i=$(n,r))||i.enumerable});return e};var y=(e,n,t)=>(t=e!=null?v(I(e)):{},w(n||!e||!e.__esModule?h(t,"default",{value:e,enumerable:!0}):t,e)),T=e=>w(h({},"__esModule",{value:!0}),e);var V={};N(V,{dlxPackage:()=>M,downloadPackage:()=>j,executePackage:()=>S});module.exports=T(V);var d=require("node:fs"),p=y(require("node:path")),k=require("./constants/platform"),P=require("./constants/packages"),E=require("./dlx"),x=y(require("./external/pacote")),b=require("./fs"),u=require("./path"),D=require("./paths"),O=require("./process-lock"),R=require("./spawn");const A=/[~^><=xX* ]|\|\|/;function J(e){if(e.startsWith("@")){const t=e.split("@");return t.length===3?{name:t[1],version:t[2]}:t.length===2?{name:`@${t[1]}`,version:void 0}:{name:`@${t[1]}`,version:t[2]}}const n=e.lastIndexOf("@");return n===-1?{name:e,version:void 0}:{name:e.slice(0,n),version:e.slice(n+1)}}async function F(e,n,t){const i=(0,E.generateCacheKey)(n),r=(0,u.normalizePath)(p.default.join((0,D.getSocketDlxDir)(),i)),c=(0,u.normalizePath)(p.default.join(r,"node_modules",e));try{await d.promises.mkdir(r,{recursive:!0})}catch(a){const o=a.code;throw o==="EACCES"||o==="EPERM"?new Error(`Permission denied creating package directory: ${r}
-Please check directory permissions or run with appropriate access.`,{cause:a}):o==="EROFS"?new Error(`Cannot create package directory on read-only filesystem: ${r}
-Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`,{cause:a}):new Error(`Failed to create package directory: ${r}`,{cause:a})}const l=p.default.join(r,"concurrency.lock");return await O.processLock.withLock(l,async()=>{if(!t&&(0,d.existsSync)(c)){const o=p.default.join(c,"package.json");if((0,d.existsSync)(o))return{installed:!1,packageDir:r}}const a=(0,P.getPacoteCachePath)();try{await x.default.extract(n,c,{cache:a||p.default.join(r,".cache")})}catch(o){const s=o.code;throw s==="E404"||s==="ETARGET"?new Error(`Package not found: ${n}
+var v=Object.create;var y=Object.defineProperty;var _=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var C=Object.getPrototypeOf,I=Object.prototype.hasOwnProperty;var T=(n,e)=>{for(var t in e)y(n,t,{get:e[t],enumerable:!0})},w=(n,e,t,a)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of $(e))!I.call(n,r)&&r!==t&&y(n,r,{get:()=>e[r],enumerable:!(a=_(e,r))||a.enumerable});return n};var A=(n,e,t)=>(t=n!=null?v(C(n)):{},w(e||!n||!n.__esModule?y(t,"default",{value:n,enumerable:!0}):t,n)),N=n=>w(y({},"__esModule",{value:!0}),n);var B={};T(B,{dlxPackage:()=>L,downloadPackage:()=>R,executePackage:()=>j});module.exports=N(B);var l=require("node:fs"),d=A(require("node:path")),P=require("./constants/platform"),E=require("./constants/packages"),x=require("./dlx"),b=require("./fs"),u=require("./path"),D=require("./paths"),O=require("./process-lock"),S=require("./spawn");let k;function J(){return k===void 0&&(k=require("./external/npm-package-arg")),k}let h;function F(){return h===void 0&&(h=require("./external/pacote")),h}const K=/[~^><=xX* ]|\|\|/;function M(n){try{const t=J()(n),a=t.type==="tag"||t.type==="version"||t.type==="range"?t.fetchSpec:void 0;return{name:t.name||n,version:a}}catch{const e=n.lastIndexOf("@");return e===-1||n.startsWith("@")?{name:n,version:void 0}:{name:n.slice(0,e),version:n.slice(e+1)}}}async function V(n,e,t){const a=(0,x.generateCacheKey)(e),r=(0,u.normalizePath)(d.default.join((0,D.getSocketDlxDir)(),a)),c=(0,u.normalizePath)(d.default.join(r,"node_modules",n));try{await l.promises.mkdir(r,{recursive:!0})}catch(i){const o=i.code;throw o==="EACCES"||o==="EPERM"?new Error(`Permission denied creating package directory: ${r}
+Please check directory permissions or run with appropriate access.`,{cause:i}):o==="EROFS"?new Error(`Cannot create package directory on read-only filesystem: ${r}
+Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`,{cause:i}):new Error(`Failed to create package directory: ${r}`,{cause:i})}const p=d.default.join(r,"concurrency.lock");return await O.processLock.withLock(p,async()=>{if(!t&&(0,l.existsSync)(c)){const o=d.default.join(c,"package.json");if((0,l.existsSync)(o))return{installed:!1,packageDir:r}}const i=(0,E.getPacoteCachePath)();try{await F().extract(e,c,{cache:i||d.default.join(r,".cache")})}catch(o){const s=o.code;throw s==="E404"||s==="ETARGET"?new Error(`Package not found: ${e}
 Verify the package exists on npm registry and check the version.
-Visit https://www.npmjs.com/package/${e} to see available versions.`,{cause:o}):s==="ENOTFOUND"||s==="ETIMEDOUT"||s==="EAI_AGAIN"?new Error(`Network error installing ${n}
-Check your internet connection and try again.`,{cause:o}):new Error(`Failed to install package: ${n}
+Visit https://www.npmjs.com/package/${n} to see available versions.`,{cause:o}):s==="ENOTFOUND"||s==="ETIMEDOUT"||s==="EAI_AGAIN"?new Error(`Network error installing ${e}
+Check your internet connection and try again.`,{cause:o}):new Error(`Failed to install package: ${e}
 Destination: ${c}
-Check npm registry connectivity or package name.`,{cause:o})}return{installed:!0,packageDir:r}},{staleMs:5e3,touchIntervalMs:2e3})}function K(e,n,t){const i=(0,u.normalizePath)(p.default.join(e,"node_modules",n)),r=p.default.join(i,"package.json"),l=(0,b.readJsonSync)(r).bin;let a;if(typeof l=="string")a=l;else if(typeof l=="object"&&l!==null){const o=l,s=Object.keys(o);if(s.length===1)a=o[s[0]];else{const m=n.split("/").pop(),g=[t,m,n.replace(/^@[^/]+\//,"")].filter(Boolean);for(const f of g)if(f&&o[f]){a=o[f];break}!a&&s.length>0&&(a=o[s[0]])}}if(!a)throw new Error(`No binary found for package "${n}"`);return(0,u.normalizePath)(p.default.join(i,a))}async function M(e,n,t){const i=await j(n),r=S(i.binaryPath,e,n?.spawnOptions,t);return{...i,spawnPromise:r}}async function j(e){const{binaryName:n,force:t,package:i}={__proto__:null,...e},{name:r,version:c}=J(i),l=c!==void 0&&A.test(c),a=t!==void 0?t:l,o=c?`${r}@${c}`:r,{installed:s,packageDir:m}=await F(r,o,a),g=K(m,r,n);if(!k.WIN32&&(0,d.existsSync)(g)){const{chmodSync:f}=require("node:fs");try{f(g,493)}catch{}}return{binaryPath:g,installed:s,packageDir:m}}function S(e,n,t,i){return(0,R.spawn)(e,n,t,i)}0&&(module.exports={dlxPackage,downloadPackage,executePackage});
+Check npm registry connectivity or package name.`,{cause:o})}return{installed:!0,packageDir:r}},{staleMs:5e3,touchIntervalMs:2e3})}function q(n,e,t){const a=(0,u.normalizePath)(d.default.join(n,"node_modules",e)),r=d.default.join(a,"package.json"),p=(0,b.readJsonSync)(r).bin;let i;if(typeof p=="string")i=p;else if(typeof p=="object"&&p!==null){const o=p,s=Object.keys(o);if(s.length===1)i=o[s[0]];else{const m=e.split("/").pop(),g=[t,m,e.replace(/^@[^/]+\//,"")].filter(Boolean);for(const f of g)if(f&&o[f]){i=o[f];break}!i&&s.length>0&&(i=o[s[0]])}}if(!i)throw new Error(`No binary found for package "${e}"`);return(0,u.normalizePath)(d.default.join(a,i))}async function L(n,e,t){const a=await R(e),r=j(a.binaryPath,n,e?.spawnOptions,t);return{...a,spawnPromise:r}}async function R(n){const{binaryName:e,force:t,package:a}={__proto__:null,...n},{name:r,version:c}=M(a),p=c!==void 0&&K.test(c),i=t!==void 0?t:p,o=c?`${r}@${c}`:r,{installed:s,packageDir:m}=await V(r,o,i),g=q(m,r,e);if(!P.WIN32&&(0,l.existsSync)(g)){const{chmodSync:f}=require("node:fs");try{f(g,493)}catch{}}return{binaryPath:g,installed:s,packageDir:m}}function j(n,e,t,a){return(0,S.spawn)(n,e,t,a)}0&&(module.exports={dlxPackage,downloadPackage,executePackage});
 //# sourceMappingURL=dlx-package.js.map

package/dist/dlx-package.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../src/dlx-package.ts"],
-  "sourcesContent": ["/**\n * @fileoverview DLX package execution - Install and execute npm packages.\n *\n * This module provides functionality to install and execute npm packages\n * in the ~/.socket/_dlx directory, similar to npx but with Socket's own cache.\n *\n * Uses content-addressed storage like npm's _npx:\n * - Hash is generated from package spec (name@version)\n * - Each unique spec gets its own directory: ~/.socket/_dlx/<hash>/\n * - Allows caching multiple versions of the same package\n *\n * Concurrency protection:\n * - Uses process-lock to prevent concurrent installation corruption\n * - Lock file created at ~/.socket/_dlx/<hash>/concurrency.lock\n * - Uses npm npx's concurrency.lock naming convention (5s stale, 2s touching)\n * - Prevents multiple processes from corrupting the same package installation\n *\n * Version range handling:\n * - Exact versions (1.0.0) use cache if available\n * - Range versions (^1.0.0, ~1.0.0) auto-force to get latest within range\n * - User can override with explicit force: false\n *\n * Key difference from dlx-binary.ts:\n * - dlx-binary.ts: Downloads standalone binaries from URLs\n * - dlx-package.ts: Installs npm packages from registries\n *\n * Implementation:\n * - Uses pacote for package installation (no npm CLI required)\n * - Split into downloadPackage() and executePackage() for flexibility\n * - dlxPackage() combines both for convenience\n */\n\nimport { existsSync, promises as fs } from 'node:fs'\nimport path from 'node:path'\n\nimport { WIN32 } from './constants/platform'\nimport { getPacoteCachePath } from './constants/packages'\nimport { generateCacheKey } from './dlx'\nimport pacote from './external/pacote'\nimport { readJsonSync } from './fs'\nimport { normalizePath } from './path'\nimport { getSocketDlxDir } from './paths'\nimport { processLock } from './process-lock'\nimport type { SpawnExtra, SpawnOptions } from './spawn'\nimport { spawn } from './spawn'\n\n/**\n * Regex to check if a version string contains range operators.\n * Matches any version with range operators: ~, ^, >, <, =, x, X, *, spaces, or ||.\n */\nconst rangeOperatorsRegExp = /[~^><=xX* ]|\\|\\|/\n\nexport interface DownloadPackageResult {\n  /** Path to the installed package directory. */\n  packageDir: string\n  /** Path to the binary. */\n  binaryPath: string\n  /** Whether the package was newly installed. */\n  installed: boolean\n}\n\nexport interface DlxPackageOptions {\n  /**\n   * Package to install (e.g., '@cyclonedx/cdxgen@10.0.0').\n   */\n  package: string\n  /**\n   * Binary name to execute (optional - auto-detected in most cases).\n   *\n   * Auto-detection logic:\n   * 1. If package has only one binary, uses it automatically\n   * 2. Tries user-provided binaryName\n   * 3. Tries last segment of package name (e.g., 'cli' from '@socketsecurity/cli')\n   * 4. Falls back to first binary\n   *\n   * Only needed when package has multiple binaries and auto-detection fails.\n   *\n   * @example\n   * // Auto-detected (single binary)\n   * { package: '@socketsecurity/cli' }  // Finds 'socket' binary automatically\n   *\n   * // Explicit (multiple binaries)\n   * { package: 'some-tool', binaryName: 'specific-tool' }\n   */\n  binaryName?: string | undefined\n  /**\n   * Force reinstallation even if package exists.\n   */\n  force?: boolean | undefined\n  /**\n   * Additional spawn options for the execution.\n   */\n  spawnOptions?: SpawnOptions | undefined\n}\n\nexport interface DlxPackageResult {\n  /** Path to the installed package directory. */\n  packageDir: string\n  /** Path to the binary that was executed. */\n  binaryPath: string\n  /** Whether the package was newly installed. */\n  installed: boolean\n  /** The spawn promise for the running process. */\n  spawnPromise: ReturnType<typeof spawn>\n}\n\n/**\n * Parse package spec into name and version.\n * Examples:\n * - 'lodash@4.17.21' \u2192 { name: 'lodash', version: '4.17.21' }\n * - '@scope/pkg@1.0.0' \u2192 { name: '@scope/pkg', version: '1.0.0' }\n * - 'lodash' \u2192 { name: 'lodash', version: undefined }\n */\nfunction parsePackageSpec(spec: string): {\n  name: string\n  version: string | undefined\n} {\n  // Handle scoped packages (@scope/name@version).\n  if (spec.startsWith('@')) {\n    const parts = spec.split('@')\n    if (parts.length === 3) {\n      // @scope@version -> Invalid, but handle gracefully.\n      return { name: parts[1], version: parts[2] }\n    }\n    if (parts.length === 2) {\n      // @scope/name with no version.\n      return { name: `@${parts[1]}`, version: undefined }\n    }\n    // @scope/name@version.\n    const scopeAndName = `@${parts[1]}`\n    return { name: scopeAndName, version: parts[2] }\n  }\n\n  // Handle unscoped packages (name@version).\n  const atIndex = spec.lastIndexOf('@')\n  if (atIndex === -1) {\n    return { name: spec, version: undefined }\n  }\n\n  return {\n    name: spec.slice(0, atIndex),\n    version: spec.slice(atIndex + 1),\n  }\n}\n\n/**\n * Install package to ~/.socket/_dlx/<hash>/ if not already installed.\n * Uses pacote for installation (no npm CLI required).\n * Protected by process lock to prevent concurrent installation corruption.\n */\nasync function ensurePackageInstalled(\n  packageName: string,\n  packageSpec: string,\n  force: boolean,\n): Promise<{ installed: boolean; packageDir: string }> {\n  const cacheKey = generateCacheKey(packageSpec)\n  const packageDir = normalizePath(path.join(getSocketDlxDir(), cacheKey))\n  const installedDir = normalizePath(\n    path.join(packageDir, 'node_modules', packageName),\n  )\n\n  // Ensure package directory exists before creating lock.\n  // The lock directory will be created inside this directory.\n  try {\n    await fs.mkdir(packageDir, { recursive: true })\n  } catch (e) {\n    const code = (e as NodeJS.ErrnoException).code\n    if (code === 'EACCES' || code === 'EPERM') {\n      throw new Error(\n        `Permission denied creating package directory: ${packageDir}\\n` +\n          'Please check directory permissions or run with appropriate access.',\n        { cause: e },\n      )\n    }\n    if (code === 'EROFS') {\n      throw new Error(\n        `Cannot create package directory on read-only filesystem: ${packageDir}\\n` +\n          'Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.',\n        { cause: e },\n      )\n    }\n    throw new Error(`Failed to create package directory: ${packageDir}`, {\n      cause: e,\n    })\n  }\n\n  // Use process lock to prevent concurrent installations.\n  // Uses npm npx's concurrency.lock naming convention.\n  const lockPath = path.join(packageDir, 'concurrency.lock')\n\n  return await processLock.withLock(\n    lockPath,\n    async () => {\n      // Double-check if already installed (unless force).\n      // Another process may have installed while waiting for lock.\n      if (!force && existsSync(installedDir)) {\n        // Verify package.json exists.\n        const pkgJsonPath = path.join(installedDir, 'package.json')\n        if (existsSync(pkgJsonPath)) {\n          return { installed: false, packageDir }\n        }\n      }\n\n      // Use pacote to extract the package.\n      // Pacote leverages npm cache when available but doesn't require npm CLI.\n      const pacoteCachePath = getPacoteCachePath()\n      try {\n        await pacote.extract(packageSpec, installedDir, {\n          // Use consistent pacote cache path (respects npm cache locations when available).\n          cache: pacoteCachePath || path.join(packageDir, '.cache'),\n        })\n      } catch (e) {\n        const code = (e as any).code\n        if (code === 'E404' || code === 'ETARGET') {\n          throw new Error(\n            `Package not found: ${packageSpec}\\n` +\n              'Verify the package exists on npm registry and check the version.\\n' +\n              `Visit https://www.npmjs.com/package/${packageName} to see available versions.`,\n            { cause: e },\n          )\n        }\n        if (\n          code === 'ENOTFOUND' ||\n          code === 'ETIMEDOUT' ||\n          code === 'EAI_AGAIN'\n        ) {\n          throw new Error(\n            `Network error installing ${packageSpec}\\n` +\n              'Check your internet connection and try again.',\n            { cause: e },\n          )\n        }\n        throw new Error(\n          `Failed to install package: ${packageSpec}\\n` +\n            `Destination: ${installedDir}\\n` +\n            'Check npm registry connectivity or package name.',\n          { cause: e },\n        )\n      }\n\n      return { installed: true, packageDir }\n    },\n    {\n      // Align with npm npx locking strategy.\n      staleMs: 5000,\n      touchIntervalMs: 2000,\n    },\n  )\n}\n\n/**\n * Find the binary path for an installed package.\n * Intelligently handles packages with single or multiple binaries.\n */\nfunction findBinaryPath(\n  packageDir: string,\n  packageName: string,\n  binaryName?: string,\n): string {\n  const installedDir = normalizePath(\n    path.join(packageDir, 'node_modules', packageName),\n  )\n  const pkgJsonPath = path.join(installedDir, 'package.json')\n\n  // Read package.json to find bin entry.\n  const pkgJson = readJsonSync(pkgJsonPath) as Record<string, unknown>\n  const bin = pkgJson['bin']\n\n  let binPath: string | undefined\n\n  if (typeof bin === 'string') {\n    // Single binary - use it directly.\n    binPath = bin\n  } else if (typeof bin === 'object' && bin !== null) {\n    const binObj = bin as Record<string, string>\n    const binKeys = Object.keys(binObj)\n\n    // If only one binary, use it regardless of name.\n    if (binKeys.length === 1) {\n      binPath = binObj[binKeys[0]!]\n    } else {\n      // Multiple binaries - try to find the right one:\n      // 1. User-provided binaryName\n      // 2. Last segment of package name (e.g., 'cli' from '@socketsecurity/cli')\n      // 3. Full package name without scope (e.g., 'cli' from '@socketsecurity/cli')\n      // 4. First binary as fallback\n      const lastSegment = packageName.split('/').pop()\n      const candidates = [\n        binaryName,\n        lastSegment,\n        packageName.replace(/^@[^/]+\\//, ''),\n      ].filter(Boolean)\n\n      for (const candidate of candidates) {\n        if (candidate && binObj[candidate]) {\n          binPath = binObj[candidate]\n          break\n        }\n      }\n\n      // Fallback to first binary if nothing matched.\n      if (!binPath && binKeys.length > 0) {\n        binPath = binObj[binKeys[0]!]\n      }\n    }\n  }\n\n  if (!binPath) {\n    throw new Error(`No binary found for package \"${packageName}\"`)\n  }\n\n  return normalizePath(path.join(installedDir, binPath))\n}\n\n/**\n * Execute a package via DLX - install if needed and run its binary.\n *\n * This is the Socket equivalent of npx/pnpm dlx/yarn dlx, but using\n * our own cache directory (~/.socket/_dlx) and installation logic.\n *\n * Auto-forces reinstall for version ranges to get latest within range.\n *\n * @example\n * ```typescript\n * // Download and execute cdxgen\n * const result = await dlxPackage(\n *   ['--version'],\n *   { package: '@cyclonedx/cdxgen@10.0.0' }\n * )\n * await result.spawnPromise\n * ```\n */\nexport async function dlxPackage(\n  args: readonly string[] | string[],\n  options?: DlxPackageOptions | undefined,\n  spawnExtra?: SpawnExtra | undefined,\n): Promise<DlxPackageResult> {\n  // Download the package.\n  const downloadResult = await downloadPackage(options!)\n\n  // Execute the binary.\n  const spawnPromise = executePackage(\n    downloadResult.binaryPath,\n    args,\n    options?.spawnOptions,\n    spawnExtra,\n  )\n\n  return {\n    ...downloadResult,\n    spawnPromise,\n  }\n}\n\n/**\n * Download and install a package without executing it.\n * This is useful for self-update or when you need the package files\n * but don't want to run the binary immediately.\n *\n * @example\n * ```typescript\n * // Install @socketsecurity/cli without running it\n * const result = await downloadPackage({\n *   package: '@socketsecurity/cli@1.2.0',\n *   force: true\n * })\n * console.log('Installed to:', result.packageDir)\n * console.log('Binary at:', result.binaryPath)\n * ```\n */\nexport async function downloadPackage(\n  options: DlxPackageOptions,\n): Promise<DownloadPackageResult> {\n  const {\n    binaryName,\n    force: userForce,\n    package: packageSpec,\n  } = {\n    __proto__: null,\n    ...options,\n  } as DlxPackageOptions\n\n  // Parse package spec.\n  const { name: packageName, version: packageVersion } =\n    parsePackageSpec(packageSpec)\n\n  // Auto-force for version ranges to get latest within range.\n  // User can still override with explicit force: false if they want cache.\n  const isVersionRange =\n    packageVersion !== undefined && rangeOperatorsRegExp.test(packageVersion)\n  const force = userForce !== undefined ? userForce : isVersionRange\n\n  // Build full package spec for installation.\n  const fullPackageSpec = packageVersion\n    ? `${packageName}@${packageVersion}`\n    : packageName\n\n  // Ensure package is installed.\n  const { installed, packageDir } = await ensurePackageInstalled(\n    packageName,\n    fullPackageSpec,\n    force,\n  )\n\n  // Find binary path.\n  const binaryPath = findBinaryPath(packageDir, packageName, binaryName)\n\n  // Make binary executable on Unix systems.\n  if (!WIN32 && existsSync(binaryPath)) {\n    const { chmodSync } = require('node:fs')\n    try {\n      chmodSync(binaryPath, 0o755)\n    } catch {\n      // Ignore chmod errors.\n    }\n  }\n\n  return {\n    binaryPath,\n    installed,\n    packageDir,\n  }\n}\n\n/**\n * Execute a package's binary.\n * The package must already be installed (use downloadPackage first).\n *\n * @example\n * ```typescript\n * // Execute an already-installed package\n * const downloaded = await downloadPackage({ package: 'cowsay@1.5.0' })\n * const result = await executePackage(\n *   downloaded.binaryPath,\n *   ['Hello World'],\n *   { stdio: 'inherit' }\n * )\n * ```\n */\nexport function executePackage(\n  binaryPath: string,\n  args: readonly string[] | string[],\n  spawnOptions?: SpawnOptions | undefined,\n  spawnExtra?: SpawnExtra | undefined,\n): ReturnType<typeof spawn> {\n  return spawn(binaryPath, args, spawnOptions, spawnExtra)\n}\n"],
-  "mappings": ";6iBAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,gBAAAE,EAAA,oBAAAC,EAAA,mBAAAC,IAAA,eAAAC,EAAAL,GAgCA,IAAAM,EAA2C,mBAC3CC,EAAiB,wBAEjBC,EAAsB,gCACtBC,EAAmC,gCACnCC,EAAiC,iBACjCC,EAAmB,gCACnBC,EAA6B,gBAC7BC,EAA8B,kBAC9BC,EAAgC,mBAChCC,EAA4B,0BAE5BC,EAAsB,mBAMtB,MAAMC,EAAuB,mBA+D7B,SAASC,EAAiBC,EAGxB,CAEA,GAAIA,EAAK,WAAW,GAAG,EAAG,CACxB,MAAMC,EAAQD,EAAK,MAAM,GAAG,EAC5B,OAAIC,EAAM,SAAW,EAEZ,CAAE,KAAMA,EAAM,CAAC,EAAG,QAASA,EAAM,CAAC,CAAE,EAEzCA,EAAM,SAAW,EAEZ,CAAE,KAAM,IAAIA,EAAM,CAAC,CAAC,GAAI,QAAS,MAAU,EAI7C,CAAE,KADY,IAAIA,EAAM,CAAC,CAAC,GACJ,QAASA,EAAM,CAAC,CAAE,CACjD,CAGA,MAAMC,EAAUF,EAAK,YAAY,GAAG,EACpC,OAAIE,IAAY,GACP,CAAE,KAAMF,EAAM,QAAS,MAAU,EAGnC,CACL,KAAMA,EAAK,MAAM,EAAGE,CAAO,EAC3B,QAASF,EAAK,MAAME,EAAU,CAAC,CACjC,CACF,CAOA,eAAeC,EACbC,EACAC,EACAC,EACqD,CACrD,MAAMC,KAAW,oBAAiBF,CAAW,EACvCG,KAAa,iBAAc,EAAAC,QAAK,QAAK,mBAAgB,EAAGF,CAAQ,CAAC,EACjEG,KAAe,iBACnB,EAAAD,QAAK,KAAKD,EAAY,eAAgBJ,CAAW,CACnD,EAIA,GAAI,CACF,MAAM,EAAAO,SAAG,MAAMH,EAAY,CAAE,UAAW,EAAK,CAAC,CAChD,OAASI,EAAG,CACV,MAAMC,EAAQD,EAA4B,KAC1C,MAAIC,IAAS,UAAYA,IAAS,QAC1B,IAAI,MACR,iDAAiDL,CAAU;AAAA,oEAE3D,CAAE,MAAOI,CAAE,CACb,EAEEC,IAAS,QACL,IAAI,MACR,4DAA4DL,CAAU;AAAA,iFAEtE,CAAE,MAAOI,CAAE,CACb,EAEI,IAAI,MAAM,uCAAuCJ,CAAU,GAAI,CACnE,MAAOI,CACT,CAAC,CACH,CAIA,MAAME,EAAW,EAAAL,QAAK,KAAKD,EAAY,kBAAkB,EAEzD,OAAO,MAAM,cAAY,SACvBM,EACA,SAAY,CAGV,GAAI,CAACR,MAAS,cAAWI,CAAY,EAAG,CAEtC,MAAMK,EAAc,EAAAN,QAAK,KAAKC,EAAc,cAAc,EAC1D,MAAI,cAAWK,CAAW,EACxB,MAAO,CAAE,UAAW,GAAO,WAAAP,CAAW,CAE1C,CAIA,MAAMQ,KAAkB,sBAAmB,EAC3C,GAAI,CACF,MAAM,EAAAC,QAAO,QAAQZ,EAAaK,EAAc,CAE9C,MAAOM,GAAmB,EAAAP,QAAK,KAAKD,EAAY,QAAQ,CAC1D,CAAC,CACH,OAASI,EAAG,CACV,MAAMC,EAAQD,EAAU,KACxB,MAAIC,IAAS,QAAUA,IAAS,UACxB,IAAI,MACR,sBAAsBR,CAAW;AAAA;AAAA,sCAEQD,CAAW,8BACpD,CAAE,MAAOQ,CAAE,CACb,EAGAC,IAAS,aACTA,IAAS,aACTA,IAAS,YAEH,IAAI,MACR,4BAA4BR,CAAW;AAAA,+CAEvC,CAAE,MAAOO,CAAE,CACb,EAEI,IAAI,MACR,8BAA8BP,CAAW;AAAA,eACvBK,CAAY;AAAA,kDAE9B,CAAE,MAAOE,CAAE,CACb,CACF,CAEA,MAAO,CAAE,UAAW,GAAM,WAAAJ,CAAW,CACvC,EACA,CAEE,QAAS,IACT,gBAAiB,GACnB,CACF,CACF,CAMA,SAASU,EACPV,EACAJ,EACAe,EACQ,CACR,MAAMT,KAAe,iBACnB,EAAAD,QAAK,KAAKD,EAAY,eAAgBJ,CAAW,CACnD,EACMW,EAAc,EAAAN,QAAK,KAAKC,EAAc,cAAc,EAIpDU,KADU,gBAAaL,CAAW,EACpB,IAEpB,IAAIM,EAEJ,GAAI,OAAOD,GAAQ,SAEjBC,EAAUD,UACD,OAAOA,GAAQ,UAAYA,IAAQ,KAAM,CAClD,MAAME,EAASF,EACTG,EAAU,OAAO,KAAKD,CAAM,EAGlC,GAAIC,EAAQ,SAAW,EACrBF,EAAUC,EAAOC,EAAQ,CAAC,CAAE,MACvB,CAML,MAAMC,EAAcpB,EAAY,MAAM,GAAG,EAAE,IAAI,EACzCqB,EAAa,CACjBN,EACAK,EACApB,EAAY,QAAQ,YAAa,EAAE,CACrC,EAAE,OAAO,OAAO,EAEhB,UAAWsB,KAAaD,EACtB,GAAIC,GAAaJ,EAAOI,CAAS,EAAG,CAClCL,EAAUC,EAAOI,CAAS,EAC1B,KACF,CAIE,CAACL,GAAWE,EAAQ,OAAS,IAC/BF,EAAUC,EAAOC,EAAQ,CAAC,CAAE,EAEhC,CACF,CAEA,GAAI,CAACF,EACH,MAAM,IAAI,MAAM,gCAAgCjB,CAAW,GAAG,EAGhE,SAAO,iBAAc,EAAAK,QAAK,KAAKC,EAAcW,CAAO,CAAC,CACvD,CAoBA,eAAsBtC,EACpB4C,EACAC,EACAC,EAC2B,CAE3B,MAAMC,EAAiB,MAAM9C,EAAgB4C,CAAQ,EAG/CG,EAAe9C,EACnB6C,EAAe,WACfH,EACAC,GAAS,aACTC,CACF,EAEA,MAAO,CACL,GAAGC,EACH,aAAAC,CACF,CACF,CAkBA,eAAsB/C,EACpB4C,EACgC,CAChC,KAAM,CACJ,WAAAT,EACA,MAAOa,EACP,QAAS3B,CACX,EAAI,CACF,UAAW,KACX,GAAGuB,CACL,EAGM,CAAE,KAAMxB,EAAa,QAAS6B,CAAe,EACjDlC,EAAiBM,CAAW,EAIxB6B,EACJD,IAAmB,QAAanC,EAAqB,KAAKmC,CAAc,EACpE3B,EAAQ0B,IAAc,OAAYA,EAAYE,EAG9CC,EAAkBF,EACpB,GAAG7B,CAAW,IAAI6B,CAAc,GAChC7B,EAGE,CAAE,UAAAgC,EAAW,WAAA5B,CAAW,EAAI,MAAML,EACtCC,EACA+B,EACA7B,CACF,EAGM+B,EAAanB,EAAeV,EAAYJ,EAAae,CAAU,EAGrE,GAAI,CAAC,YAAS,cAAWkB,CAAU,EAAG,CACpC,KAAM,CAAE,UAAAC,CAAU,EAAI,QAAQ,SAAS,EACvC,GAAI,CACFA,EAAUD,EAAY,GAAK,CAC7B,MAAQ,CAER,CACF,CAEA,MAAO,CACL,WAAAA,EACA,UAAAD,EACA,WAAA5B,CACF,CACF,CAiBO,SAASvB,EACdoD,EACAV,EACAY,EACAV,EAC0B,CAC1B,SAAO,SAAMQ,EAAYV,EAAMY,EAAcV,CAAU,CACzD",
-  "names": ["dlx_package_exports", "__export", "dlxPackage", "downloadPackage", "executePackage", "__toCommonJS", "import_node_fs", "import_node_path", "import_platform", "import_packages", "import_dlx", "import_pacote", "import_fs", "import_path", "import_paths", "import_process_lock", "import_spawn", "rangeOperatorsRegExp", "parsePackageSpec", "spec", "parts", "atIndex", "ensurePackageInstalled", "packageName", "packageSpec", "force", "cacheKey", "packageDir", "path", "installedDir", "fs", "e", "code", "lockPath", "pkgJsonPath", "pacoteCachePath", "pacote", "findBinaryPath", "binaryName", "bin", "binPath", "binObj", "binKeys", "lastSegment", "candidates", "candidate", "args", "options", "spawnExtra", "downloadResult", "spawnPromise", "userForce", "packageVersion", "isVersionRange", "fullPackageSpec", "installed", "binaryPath", "chmodSync", "spawnOptions"]
+  "sourcesContent": ["/**\n * @fileoverview DLX package execution - Install and execute npm packages.\n *\n * This module provides functionality to install and execute npm packages\n * in the ~/.socket/_dlx directory, similar to npx but with Socket's own cache.\n *\n * Uses content-addressed storage like npm's _npx:\n * - Hash is generated from package spec (name@version)\n * - Each unique spec gets its own directory: ~/.socket/_dlx/<hash>/\n * - Allows caching multiple versions of the same package\n *\n * Concurrency protection:\n * - Uses process-lock to prevent concurrent installation corruption\n * - Lock file created at ~/.socket/_dlx/<hash>/concurrency.lock\n * - Uses npm npx's concurrency.lock naming convention (5s stale, 2s touching)\n * - Prevents multiple processes from corrupting the same package installation\n *\n * Version range handling:\n * - Exact versions (1.0.0) use cache if available\n * - Range versions (^1.0.0, ~1.0.0) auto-force to get latest within range\n * - User can override with explicit force: false\n *\n * Key difference from dlx-binary.ts:\n * - dlx-binary.ts: Downloads standalone binaries from URLs\n * - dlx-package.ts: Installs npm packages from registries\n *\n * Implementation:\n * - Uses pacote for package installation (no npm CLI required)\n * - Split into downloadPackage() and executePackage() for flexibility\n * - dlxPackage() combines both for convenience\n */\n\nimport { existsSync, promises as fs } from 'node:fs'\nimport path from 'node:path'\n\nimport { WIN32 } from './constants/platform'\nimport { getPacoteCachePath } from './constants/packages'\nimport { generateCacheKey } from './dlx'\nimport { readJsonSync } from './fs'\nimport { normalizePath } from './path'\nimport { getSocketDlxDir } from './paths'\nimport { processLock } from './process-lock'\nimport type { SpawnExtra, SpawnOptions } from './spawn'\nimport { spawn } from './spawn'\n\nlet _npmPackageArg: typeof import('npm-package-arg') | undefined\n/*@__NO_SIDE_EFFECTS__*/\nfunction getNpmPackageArg() {\n  if (_npmPackageArg === undefined) {\n    _npmPackageArg = /*@__PURE__*/ require('./external/npm-package-arg')\n  }\n  return _npmPackageArg as typeof import('npm-package-arg')\n}\n\nlet _pacote: typeof import('pacote') | undefined\n/*@__NO_SIDE_EFFECTS__*/\nfunction getPacote() {\n  if (_pacote === undefined) {\n    _pacote = /*@__PURE__*/ require('./external/pacote')\n  }\n  return _pacote as typeof import('pacote')\n}\n\n/**\n * Regex to check if a version string contains range operators.\n * Matches any version with range operators: ~, ^, >, <, =, x, X, *, spaces, or ||.\n */\nconst rangeOperatorsRegExp = /[~^><=xX* ]|\\|\\|/\n\nexport interface DownloadPackageResult {\n  /** Path to the installed package directory. */\n  packageDir: string\n  /** Path to the binary. */\n  binaryPath: string\n  /** Whether the package was newly installed. */\n  installed: boolean\n}\n\nexport interface DlxPackageOptions {\n  /**\n   * Package to install (e.g., '@cyclonedx/cdxgen@10.0.0').\n   */\n  package: string\n  /**\n   * Binary name to execute (optional - auto-detected in most cases).\n   *\n   * Auto-detection logic:\n   * 1. If package has only one binary, uses it automatically\n   * 2. Tries user-provided binaryName\n   * 3. Tries last segment of package name (e.g., 'cli' from '@socketsecurity/cli')\n   * 4. Falls back to first binary\n   *\n   * Only needed when package has multiple binaries and auto-detection fails.\n   *\n   * @example\n   * // Auto-detected (single binary)\n   * { package: '@socketsecurity/cli' }  // Finds 'socket' binary automatically\n   *\n   * // Explicit (multiple binaries)\n   * { package: 'some-tool', binaryName: 'specific-tool' }\n   */\n  binaryName?: string | undefined\n  /**\n   * Force reinstallation even if package exists.\n   */\n  force?: boolean | undefined\n  /**\n   * Additional spawn options for the execution.\n   */\n  spawnOptions?: SpawnOptions | undefined\n}\n\nexport interface DlxPackageResult {\n  /** Path to the installed package directory. */\n  packageDir: string\n  /** Path to the binary that was executed. */\n  binaryPath: string\n  /** Whether the package was newly installed. */\n  installed: boolean\n  /** The spawn promise for the running process. */\n  spawnPromise: ReturnType<typeof spawn>\n}\n\n/**\n * Parse package spec into name and version using npm-package-arg.\n * Examples:\n * - 'lodash@4.17.21' \u2192 { name: 'lodash', version: '4.17.21' }\n * - '@scope/pkg@1.0.0' \u2192 { name: '@scope/pkg', version: '1.0.0' }\n * - 'lodash' \u2192 { name: 'lodash', version: undefined }\n */\nfunction parsePackageSpec(spec: string): {\n  name: string\n  version: string | undefined\n} {\n  try {\n    const npa = getNpmPackageArg()\n    const parsed = npa(spec)\n\n    // Extract version from different types of specs.\n    // For registry specs, use fetchSpec (the version/range).\n    // For git/file/etc, version will be undefined.\n    const version =\n      parsed.type === 'tag'\n        ? parsed.fetchSpec\n        : parsed.type === 'version' || parsed.type === 'range'\n          ? parsed.fetchSpec\n          : undefined\n\n    return {\n      name: parsed.name || spec,\n      version,\n    }\n  } catch {\n    // Fallback to simple parsing if npm-package-arg fails.\n    const atIndex = spec.lastIndexOf('@')\n    if (atIndex === -1 || spec.startsWith('@')) {\n      // No version or scoped package without version.\n      return { name: spec, version: undefined }\n    }\n    return {\n      name: spec.slice(0, atIndex),\n      version: spec.slice(atIndex + 1),\n    }\n  }\n}\n\n/**\n * Install package to ~/.socket/_dlx/<hash>/ if not already installed.\n * Uses pacote for installation (no npm CLI required).\n * Protected by process lock to prevent concurrent installation corruption.\n */\nasync function ensurePackageInstalled(\n  packageName: string,\n  packageSpec: string,\n  force: boolean,\n): Promise<{ installed: boolean; packageDir: string }> {\n  const cacheKey = generateCacheKey(packageSpec)\n  const packageDir = normalizePath(path.join(getSocketDlxDir(), cacheKey))\n  const installedDir = normalizePath(\n    path.join(packageDir, 'node_modules', packageName),\n  )\n\n  // Ensure package directory exists before creating lock.\n  // The lock directory will be created inside this directory.\n  try {\n    await fs.mkdir(packageDir, { recursive: true })\n  } catch (e) {\n    const code = (e as NodeJS.ErrnoException).code\n    if (code === 'EACCES' || code === 'EPERM') {\n      throw new Error(\n        `Permission denied creating package directory: ${packageDir}\\n` +\n          'Please check directory permissions or run with appropriate access.',\n        { cause: e },\n      )\n    }\n    if (code === 'EROFS') {\n      throw new Error(\n        `Cannot create package directory on read-only filesystem: ${packageDir}\\n` +\n          'Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.',\n        { cause: e },\n      )\n    }\n    throw new Error(`Failed to create package directory: ${packageDir}`, {\n      cause: e,\n    })\n  }\n\n  // Use process lock to prevent concurrent installations.\n  // Uses npm npx's concurrency.lock naming convention.\n  const lockPath = path.join(packageDir, 'concurrency.lock')\n\n  return await processLock.withLock(\n    lockPath,\n    async () => {\n      // Double-check if already installed (unless force).\n      // Another process may have installed while waiting for lock.\n      if (!force && existsSync(installedDir)) {\n        // Verify package.json exists.\n        const pkgJsonPath = path.join(installedDir, 'package.json')\n        if (existsSync(pkgJsonPath)) {\n          return { installed: false, packageDir }\n        }\n      }\n\n      // Use pacote to extract the package.\n      // Pacote leverages npm cache when available but doesn't require npm CLI.\n      const pacoteCachePath = getPacoteCachePath()\n      try {\n        await getPacote().extract(packageSpec, installedDir, {\n          // Use consistent pacote cache path (respects npm cache locations when available).\n          cache: pacoteCachePath || path.join(packageDir, '.cache'),\n        })\n      } catch (e) {\n        const code = (e as any).code\n        if (code === 'E404' || code === 'ETARGET') {\n          throw new Error(\n            `Package not found: ${packageSpec}\\n` +\n              'Verify the package exists on npm registry and check the version.\\n' +\n              `Visit https://www.npmjs.com/package/${packageName} to see available versions.`,\n            { cause: e },\n          )\n        }\n        if (\n          code === 'ENOTFOUND' ||\n          code === 'ETIMEDOUT' ||\n          code === 'EAI_AGAIN'\n        ) {\n          throw new Error(\n            `Network error installing ${packageSpec}\\n` +\n              'Check your internet connection and try again.',\n            { cause: e },\n          )\n        }\n        throw new Error(\n          `Failed to install package: ${packageSpec}\\n` +\n            `Destination: ${installedDir}\\n` +\n            'Check npm registry connectivity or package name.',\n          { cause: e },\n        )\n      }\n\n      return { installed: true, packageDir }\n    },\n    {\n      // Align with npm npx locking strategy.\n      staleMs: 5000,\n      touchIntervalMs: 2000,\n    },\n  )\n}\n\n/**\n * Find the binary path for an installed package.\n * Intelligently handles packages with single or multiple binaries.\n */\nfunction findBinaryPath(\n  packageDir: string,\n  packageName: string,\n  binaryName?: string,\n): string {\n  const installedDir = normalizePath(\n    path.join(packageDir, 'node_modules', packageName),\n  )\n  const pkgJsonPath = path.join(installedDir, 'package.json')\n\n  // Read package.json to find bin entry.\n  const pkgJson = readJsonSync(pkgJsonPath) as Record<string, unknown>\n  const bin = pkgJson['bin']\n\n  let binPath: string | undefined\n\n  if (typeof bin === 'string') {\n    // Single binary - use it directly.\n    binPath = bin\n  } else if (typeof bin === 'object' && bin !== null) {\n    const binObj = bin as Record<string, string>\n    const binKeys = Object.keys(binObj)\n\n    // If only one binary, use it regardless of name.\n    if (binKeys.length === 1) {\n      binPath = binObj[binKeys[0]!]\n    } else {\n      // Multiple binaries - try to find the right one:\n      // 1. User-provided binaryName\n      // 2. Last segment of package name (e.g., 'cli' from '@socketsecurity/cli')\n      // 3. Full package name without scope (e.g., 'cli' from '@socketsecurity/cli')\n      // 4. First binary as fallback\n      const lastSegment = packageName.split('/').pop()\n      const candidates = [\n        binaryName,\n        lastSegment,\n        packageName.replace(/^@[^/]+\\//, ''),\n      ].filter(Boolean)\n\n      for (const candidate of candidates) {\n        if (candidate && binObj[candidate]) {\n          binPath = binObj[candidate]\n          break\n        }\n      }\n\n      // Fallback to first binary if nothing matched.\n      if (!binPath && binKeys.length > 0) {\n        binPath = binObj[binKeys[0]!]\n      }\n    }\n  }\n\n  if (!binPath) {\n    throw new Error(`No binary found for package \"${packageName}\"`)\n  }\n\n  return normalizePath(path.join(installedDir, binPath))\n}\n\n/**\n * Execute a package via DLX - install if needed and run its binary.\n *\n * This is the Socket equivalent of npx/pnpm dlx/yarn dlx, but using\n * our own cache directory (~/.socket/_dlx) and installation logic.\n *\n * Auto-forces reinstall for version ranges to get latest within range.\n *\n * @example\n * ```typescript\n * // Download and execute cdxgen\n * const result = await dlxPackage(\n *   ['--version'],\n *   { package: '@cyclonedx/cdxgen@10.0.0' }\n * )\n * await result.spawnPromise\n * ```\n */\nexport async function dlxPackage(\n  args: readonly string[] | string[],\n  options?: DlxPackageOptions | undefined,\n  spawnExtra?: SpawnExtra | undefined,\n): Promise<DlxPackageResult> {\n  // Download the package.\n  const downloadResult = await downloadPackage(options!)\n\n  // Execute the binary.\n  const spawnPromise = executePackage(\n    downloadResult.binaryPath,\n    args,\n    options?.spawnOptions,\n    spawnExtra,\n  )\n\n  return {\n    ...downloadResult,\n    spawnPromise,\n  }\n}\n\n/**\n * Download and install a package without executing it.\n * This is useful for self-update or when you need the package files\n * but don't want to run the binary immediately.\n *\n * @example\n * ```typescript\n * // Install @socketsecurity/cli without running it\n * const result = await downloadPackage({\n *   package: '@socketsecurity/cli@1.2.0',\n *   force: true\n * })\n * console.log('Installed to:', result.packageDir)\n * console.log('Binary at:', result.binaryPath)\n * ```\n */\nexport async function downloadPackage(\n  options: DlxPackageOptions,\n): Promise<DownloadPackageResult> {\n  const {\n    binaryName,\n    force: userForce,\n    package: packageSpec,\n  } = {\n    __proto__: null,\n    ...options,\n  } as DlxPackageOptions\n\n  // Parse package spec.\n  const { name: packageName, version: packageVersion } =\n    parsePackageSpec(packageSpec)\n\n  // Auto-force for version ranges to get latest within range.\n  // User can still override with explicit force: false if they want cache.\n  const isVersionRange =\n    packageVersion !== undefined && rangeOperatorsRegExp.test(packageVersion)\n  const force = userForce !== undefined ? userForce : isVersionRange\n\n  // Build full package spec for installation.\n  const fullPackageSpec = packageVersion\n    ? `${packageName}@${packageVersion}`\n    : packageName\n\n  // Ensure package is installed.\n  const { installed, packageDir } = await ensurePackageInstalled(\n    packageName,\n    fullPackageSpec,\n    force,\n  )\n\n  // Find binary path.\n  const binaryPath = findBinaryPath(packageDir, packageName, binaryName)\n\n  // Make binary executable on Unix systems.\n  if (!WIN32 && existsSync(binaryPath)) {\n    const { chmodSync } = require('node:fs')\n    try {\n      chmodSync(binaryPath, 0o755)\n    } catch {\n      // Ignore chmod errors.\n    }\n  }\n\n  return {\n    binaryPath,\n    installed,\n    packageDir,\n  }\n}\n\n/**\n * Execute a package's binary.\n * The package must already be installed (use downloadPackage first).\n *\n * @example\n * ```typescript\n * // Execute an already-installed package\n * const downloaded = await downloadPackage({ package: 'cowsay@1.5.0' })\n * const result = await executePackage(\n *   downloaded.binaryPath,\n *   ['Hello World'],\n *   { stdio: 'inherit' }\n * )\n * ```\n */\nexport function executePackage(\n  binaryPath: string,\n  args: readonly string[] | string[],\n  spawnOptions?: SpawnOptions | undefined,\n  spawnExtra?: SpawnExtra | undefined,\n): ReturnType<typeof spawn> {\n  return spawn(binaryPath, args, spawnOptions, spawnExtra)\n}\n"],
+  "mappings": ";6iBAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,gBAAAE,EAAA,oBAAAC,EAAA,mBAAAC,IAAA,eAAAC,EAAAL,GAgCA,IAAAM,EAA2C,mBAC3CC,EAAiB,wBAEjBC,EAAsB,gCACtBC,EAAmC,gCACnCC,EAAiC,iBACjCC,EAA6B,gBAC7BC,EAA8B,kBAC9BC,EAAgC,mBAChCC,EAA4B,0BAE5BC,EAAsB,mBAEtB,IAAIC,EAEJ,SAASC,GAAmB,CAC1B,OAAID,IAAmB,SACrBA,EAA+B,QAAQ,4BAA4B,GAE9DA,CACT,CAEA,IAAIE,EAEJ,SAASC,GAAY,CACnB,OAAID,IAAY,SACdA,EAAwB,QAAQ,mBAAmB,GAE9CA,CACT,CAMA,MAAME,EAAuB,mBA+D7B,SAASC,EAAiBC,EAGxB,CACA,GAAI,CAEF,MAAMC,EADMN,EAAiB,EACVK,CAAI,EAKjBE,EACJD,EAAO,OAAS,OAEZA,EAAO,OAAS,WAAaA,EAAO,OAAS,QAD7CA,EAAO,UAGL,OAER,MAAO,CACL,KAAMA,EAAO,MAAQD,EACrB,QAAAE,CACF,CACF,MAAQ,CAEN,MAAMC,EAAUH,EAAK,YAAY,GAAG,EACpC,OAAIG,IAAY,IAAMH,EAAK,WAAW,GAAG,EAEhC,CAAE,KAAMA,EAAM,QAAS,MAAU,EAEnC,CACL,KAAMA,EAAK,MAAM,EAAGG,CAAO,EAC3B,QAASH,EAAK,MAAMG,EAAU,CAAC,CACjC,CACF,CACF,CAOA,eAAeC,EACbC,EACAC,EACAC,EACqD,CACrD,MAAMC,KAAW,oBAAiBF,CAAW,EACvCG,KAAa,iBAAc,EAAAC,QAAK,QAAK,mBAAgB,EAAGF,CAAQ,CAAC,EACjEG,KAAe,iBACnB,EAAAD,QAAK,KAAKD,EAAY,eAAgBJ,CAAW,CACnD,EAIA,GAAI,CACF,MAAM,EAAAO,SAAG,MAAMH,EAAY,CAAE,UAAW,EAAK,CAAC,CAChD,OAASI,EAAG,CACV,MAAMC,EAAQD,EAA4B,KAC1C,MAAIC,IAAS,UAAYA,IAAS,QAC1B,IAAI,MACR,iDAAiDL,CAAU;AAAA,oEAE3D,CAAE,MAAOI,CAAE,CACb,EAEEC,IAAS,QACL,IAAI,MACR,4DAA4DL,CAAU;AAAA,iFAEtE,CAAE,MAAOI,CAAE,CACb,EAEI,IAAI,MAAM,uCAAuCJ,CAAU,GAAI,CACnE,MAAOI,CACT,CAAC,CACH,CAIA,MAAME,EAAW,EAAAL,QAAK,KAAKD,EAAY,kBAAkB,EAEzD,OAAO,MAAM,cAAY,SACvBM,EACA,SAAY,CAGV,GAAI,CAACR,MAAS,cAAWI,CAAY,EAAG,CAEtC,MAAMK,EAAc,EAAAN,QAAK,KAAKC,EAAc,cAAc,EAC1D,MAAI,cAAWK,CAAW,EACxB,MAAO,CAAE,UAAW,GAAO,WAAAP,CAAW,CAE1C,CAIA,MAAMQ,KAAkB,sBAAmB,EAC3C,GAAI,CACF,MAAMpB,EAAU,EAAE,QAAQS,EAAaK,EAAc,CAEnD,MAAOM,GAAmB,EAAAP,QAAK,KAAKD,EAAY,QAAQ,CAC1D,CAAC,CACH,OAASI,EAAG,CACV,MAAMC,EAAQD,EAAU,KACxB,MAAIC,IAAS,QAAUA,IAAS,UACxB,IAAI,MACR,sBAAsBR,CAAW;AAAA;AAAA,sCAEQD,CAAW,8BACpD,CAAE,MAAOQ,CAAE,CACb,EAGAC,IAAS,aACTA,IAAS,aACTA,IAAS,YAEH,IAAI,MACR,4BAA4BR,CAAW;AAAA,+CAEvC,CAAE,MAAOO,CAAE,CACb,EAEI,IAAI,MACR,8BAA8BP,CAAW;AAAA,eACvBK,CAAY;AAAA,kDAE9B,CAAE,MAAOE,CAAE,CACb,CACF,CAEA,MAAO,CAAE,UAAW,GAAM,WAAAJ,CAAW,CACvC,EACA,CAEE,QAAS,IACT,gBAAiB,GACnB,CACF,CACF,CAMA,SAASS,EACPT,EACAJ,EACAc,EACQ,CACR,MAAMR,KAAe,iBACnB,EAAAD,QAAK,KAAKD,EAAY,eAAgBJ,CAAW,CACnD,EACMW,EAAc,EAAAN,QAAK,KAAKC,EAAc,cAAc,EAIpDS,KADU,gBAAaJ,CAAW,EACpB,IAEpB,IAAIK,EAEJ,GAAI,OAAOD,GAAQ,SAEjBC,EAAUD,UACD,OAAOA,GAAQ,UAAYA,IAAQ,KAAM,CAClD,MAAME,EAASF,EACTG,EAAU,OAAO,KAAKD,CAAM,EAGlC,GAAIC,EAAQ,SAAW,EACrBF,EAAUC,EAAOC,EAAQ,CAAC,CAAE,MACvB,CAML,MAAMC,EAAcnB,EAAY,MAAM,GAAG,EAAE,IAAI,EACzCoB,EAAa,CACjBN,EACAK,EACAnB,EAAY,QAAQ,YAAa,EAAE,CACrC,EAAE,OAAO,OAAO,EAEhB,UAAWqB,KAAaD,EACtB,GAAIC,GAAaJ,EAAOI,CAAS,EAAG,CAClCL,EAAUC,EAAOI,CAAS,EAC1B,KACF,CAIE,CAACL,GAAWE,EAAQ,OAAS,IAC/BF,EAAUC,EAAOC,EAAQ,CAAC,CAAE,EAEhC,CACF,CAEA,GAAI,CAACF,EACH,MAAM,IAAI,MAAM,gCAAgChB,CAAW,GAAG,EAGhE,SAAO,iBAAc,EAAAK,QAAK,KAAKC,EAAcU,CAAO,CAAC,CACvD,CAoBA,eAAsBzC,EACpB+C,EACAC,EACAC,EAC2B,CAE3B,MAAMC,EAAiB,MAAMjD,EAAgB+C,CAAQ,EAG/CG,EAAejD,EACnBgD,EAAe,WACfH,EACAC,GAAS,aACTC,CACF,EAEA,MAAO,CACL,GAAGC,EACH,aAAAC,CACF,CACF,CAkBA,eAAsBlD,EACpB+C,EACgC,CAChC,KAAM,CACJ,WAAAT,EACA,MAAOa,EACP,QAAS1B,CACX,EAAI,CACF,UAAW,KACX,GAAGsB,CACL,EAGM,CAAE,KAAMvB,EAAa,QAAS4B,CAAe,EACjDlC,EAAiBO,CAAW,EAIxB4B,EACJD,IAAmB,QAAanC,EAAqB,KAAKmC,CAAc,EACpE1B,EAAQyB,IAAc,OAAYA,EAAYE,EAG9CC,EAAkBF,EACpB,GAAG5B,CAAW,IAAI4B,CAAc,GAChC5B,EAGE,CAAE,UAAA+B,EAAW,WAAA3B,CAAW,EAAI,MAAML,EACtCC,EACA8B,EACA5B,CACF,EAGM8B,EAAanB,EAAeT,EAAYJ,EAAac,CAAU,EAGrE,GAAI,CAAC,YAAS,cAAWkB,CAAU,EAAG,CACpC,KAAM,CAAE,UAAAC,CAAU,EAAI,QAAQ,SAAS,EACvC,GAAI,CACFA,EAAUD,EAAY,GAAK,CAC7B,MAAQ,CAER,CACF,CAEA,MAAO,CACL,WAAAA,EACA,UAAAD,EACA,WAAA3B,CACF,CACF,CAiBO,SAAS3B,EACduD,EACAV,EACAY,EACAV,EAC0B,CAC1B,SAAO,SAAMQ,EAAYV,EAAMY,EAAcV,CAAU,CACzD",
+  "names": ["dlx_package_exports", "__export", "dlxPackage", "downloadPackage", "executePackage", "__toCommonJS", "import_node_fs", "import_node_path", "import_platform", "import_packages", "import_dlx", "import_fs", "import_path", "import_paths", "import_process_lock", "import_spawn", "_npmPackageArg", "getNpmPackageArg", "_pacote", "getPacote", "rangeOperatorsRegExp", "parsePackageSpec", "spec", "parsed", "version", "atIndex", "ensurePackageInstalled", "packageName", "packageSpec", "force", "cacheKey", "packageDir", "path", "installedDir", "fs", "e", "code", "lockPath", "pkgJsonPath", "pacoteCachePath", "findBinaryPath", "binaryName", "bin", "binPath", "binObj", "binKeys", "lastSegment", "candidates", "candidate", "args", "options", "spawnExtra", "downloadResult", "spawnPromise", "userForce", "packageVersion", "isVersionRange", "fullPackageSpec", "installed", "binaryPath", "chmodSync", "spawnOptions"]
 }