@socketsecurity/lib 4.0.1 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/constants/node.d.ts +3 -1
  3. package/dist/constants/node.js +31 -24
  4. package/dist/constants/process.d.ts +0 -5
  5. package/dist/constants/process.js +2 -12
  6. package/dist/debug.js +6 -6
  7. package/dist/spawn.d.ts +4 -3
  8. package/dist/spawn.js +2 -1
  9. package/dist/stdio/prompts.js +3 -2
  10. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.1.0](https://github.com/SocketDev/socket-lib/releases/tag/v4.1.0) - 2025-11-17
9
+
10
+ ### Added
11
+
12
+ - **constants/node**: New version helper functions for cleaner version detection
13
+ - `getNodeMinorVersion()`: Extract minor version number
14
+ - `getNodePatchVersion()`: Extract patch version number
15
+
16
+ ### Fixed
17
+
18
+ - **constants/node**: Improve Node.js flag management in `getNodeHardenFlags()`
19
+ - Properly guard `--experimental-permission` for Node 20-23 only
20
+ - Properly guard `--permission` for Node 24+ only
21
+ - Properly guard `--force-node-api-uncaught-exceptions-policy` for Node 22+ (was incorrectly applied to all versions)
22
+ - Automatically include permission grants from `getNodePermissionFlags()` for Node 24+
23
+ - Remove `--experimental-policy` flag (no policy file provided)
24
+
8
25
  ## [4.0.1](https://github.com/SocketDev/socket-lib/releases/tag/v4.0.1) - 2025-11-17
9
26
 
10
27
  ### Changed
package/dist/constants/node.d.ts CHANGED
@@ -1,6 +1,8 @@
1
1
  // Version detection.
2
2
  export declare function getNodeVersion(): string;
3
3
  export declare function getNodeMajorVersion(): number;
4
+ export declare function getNodeMinorVersion(): number;
5
+ export declare function getNodePatchVersion(): number;
4
6
  // Maintained Node.js versions.
5
7
  export declare function getMaintainedNodeVersions(): readonly string[] & {
6
8
  current: string;
@@ -18,8 +20,8 @@ export declare function supportsNodeRun(): boolean;
18
20
  export declare function supportsNodeDisableSigusr1Flag(): boolean;
19
21
  export declare function getNodeDisableSigusr1Flags(): string[];
20
22
  export declare function supportsProcessSend(): boolean;
21
- export declare function getNodeHardenFlags(): string[];
22
23
  export declare function getNodePermissionFlags(): string[];
24
+ export declare function getNodeHardenFlags(): string[];
23
25
  export declare function getNodeNoWarningsFlags(): string[];
24
26
  // Execution path.
25
27
  export declare function getExecPath(): string;
package/dist/constants/node.js CHANGED
@@ -26,7 +26,9 @@ __export(node_exports, {
26
26
  getNodeDisableSigusr1Flags: () => getNodeDisableSigusr1Flags,
27
27
  getNodeHardenFlags: () => getNodeHardenFlags,
28
28
  getNodeMajorVersion: () => getNodeMajorVersion,
29
+ getNodeMinorVersion: () => getNodeMinorVersion,
29
30
  getNodeNoWarningsFlags: () => getNodeNoWarningsFlags,
31
+ getNodePatchVersion: () => getNodePatchVersion,
30
32
  getNodePermissionFlags: () => getNodePermissionFlags,
31
33
  getNodeVersion: () => getNodeVersion,
32
34
  supportsNodeCompileCacheApi: () => supportsNodeCompileCacheApi,
@@ -45,7 +47,13 @@ function getNodeVersion() {
45
47
  return NODE_VERSION;
46
48
  }
47
49
  function getNodeMajorVersion() {
48
- return Number.parseInt(NODE_VERSION.slice(1).split(".")[0] || "0", 10);
50
+ return Number.parseInt(NODE_VERSION.slice(1).split(".")[0] ?? "0", 10);
51
+ }
52
+ function getNodeMinorVersion() {
53
+ return Number.parseInt(NODE_VERSION.split(".")[1] ?? "0", 10);
54
+ }
55
+ function getNodePatchVersion() {
56
+ return Number.parseInt(NODE_VERSION.split(".")[2] ?? "0", 10);
49
57
  }
50
58
  function getMaintainedNodeVersions() {
51
59
  return import_maintained_node_versions.maintainedNodeVersions;
@@ -68,24 +76,22 @@ function supportsNodePermissionFlag() {
68
76
  }
69
77
  function supportsNodeRequireModule() {
70
78
  const major = getNodeMajorVersion();
71
- return major >= 23 || major === 22 && Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10) >= 12;
79
+ return major >= 23 || major === 22 && getNodeMinorVersion() >= 12;
72
80
  }
73
81
  function supportsNodeRun() {
74
82
  const major = getNodeMajorVersion();
75
- return major >= 23 || major === 22 && Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10) >= 11;
83
+ return major >= 23 || major === 22 && getNodeMinorVersion() >= 11;
76
84
  }
77
85
  function supportsNodeDisableSigusr1Flag() {
78
86
  const major = getNodeMajorVersion();
87
+ const minor = getNodeMinorVersion();
79
88
  if (major >= 24) {
80
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
81
89
  return minor >= 8;
82
90
  }
83
91
  if (major === 23) {
84
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
85
92
  return minor >= 7;
86
93
  }
87
94
  if (major === 22) {
88
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
89
95
  return minor >= 14;
90
96
  }
91
97
  return false;
@@ -101,24 +107,6 @@ function supportsProcessSend() {
101
107
  return typeof process.send === "function";
102
108
  }
103
109
  let _nodeHardenFlags;
104
- function getNodeHardenFlags() {
105
- if (_nodeHardenFlags === void 0) {
106
- const major = getNodeMajorVersion();
107
- const flags = [
108
- "--disable-proto=delete",
109
- // Node.js 24+ uses --permission instead of --experimental-permission.
110
- // The permission model graduated from experimental to production-ready.
111
- major >= 24 ? "--permission" : "--experimental-permission",
112
- // Force uncaught exceptions policy for N-API addons (Node.js 22+).
113
- "--force-node-api-uncaught-exceptions-policy"
114
- ];
115
- if (major < 24) {
116
- flags.push("--experimental-policy");
117
- }
118
- _nodeHardenFlags = flags;
119
- }
120
- return _nodeHardenFlags;
121
- }
122
110
  let _nodePermissionFlags;
123
111
  function getNodePermissionFlags() {
124
112
  if (_nodePermissionFlags === void 0) {
@@ -138,6 +126,23 @@ function getNodePermissionFlags() {
138
126
  }
139
127
  return _nodePermissionFlags;
140
128
  }
129
+ function getNodeHardenFlags() {
130
+ if (_nodeHardenFlags === void 0) {
131
+ const major = getNodeMajorVersion();
132
+ const flags = ["--disable-proto=delete"];
133
+ if (major >= 24) {
134
+ flags.push("--permission");
135
+ flags.push(...getNodePermissionFlags());
136
+ } else if (major >= 20) {
137
+ flags.push("--experimental-permission");
138
+ }
139
+ if (major >= 22) {
140
+ flags.push("--force-node-api-uncaught-exceptions-policy");
141
+ }
142
+ _nodeHardenFlags = flags;
143
+ }
144
+ return _nodeHardenFlags;
145
+ }
141
146
  let _nodeNoWarningsFlags;
142
147
  function getNodeNoWarningsFlags() {
143
148
  if (_nodeNoWarningsFlags === void 0) {
@@ -159,7 +164,9 @@ const ESNEXT = "esnext";
159
164
  getNodeDisableSigusr1Flags,
160
165
  getNodeHardenFlags,
161
166
  getNodeMajorVersion,
167
+ getNodeMinorVersion,
162
168
  getNodeNoWarningsFlags,
169
+ getNodePatchVersion,
163
170
  getNodePermissionFlags,
164
171
  getNodeVersion,
165
172
  supportsNodeCompileCacheApi,
package/dist/constants/process.d.ts CHANGED
@@ -1,7 +1,2 @@
1
- /**
2
- * Process control: abort signals and UI utilities.
3
- */
4
- import type { Spinner } from '../spinner';
5
1
  export declare function getAbortController(): AbortController;
6
2
  export declare function getAbortSignal(): AbortSignal;
7
- export declare function getSpinner(): Spinner | null;
package/dist/constants/process.js CHANGED
@@ -20,11 +20,9 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
20
20
  var process_exports = {};
21
21
  __export(process_exports, {
22
22
  getAbortController: () => getAbortController,
23
- getAbortSignal: () => getAbortSignal,
24
- getSpinner: () => getSpinner
23
+ getAbortSignal: () => getAbortSignal
25
24
  });
26
25
  module.exports = __toCommonJS(process_exports);
27
- var import_spinner = require("../spinner");
28
26
  let _abortController;
29
27
  function getAbortController() {
30
28
  if (_abortController === void 0) {
@@ -35,16 +33,8 @@ function getAbortController() {
35
33
  function getAbortSignal() {
36
34
  return getAbortController().signal;
37
35
  }
38
- let _spinner;
39
- function getSpinner() {
40
- if (_spinner === void 0) {
41
- _spinner = (0, import_spinner.Spinner)() ?? null;
42
- }
43
- return _spinner ?? null;
44
- }
45
36
  // Annotate the CommonJS export names for ESM import in node:
46
37
  0 && (module.exports = {
47
38
  getAbortController,
48
- getAbortSignal,
49
- getSpinner
39
+ getAbortSignal
50
40
  });
package/dist/debug.js CHANGED
@@ -43,16 +43,16 @@ __export(debug_exports, {
43
43
  isDebugNs: () => isDebugNs
44
44
  });
45
45
  module.exports = __toCommonJS(debug_exports);
46
- var import_process = require("./constants/process");
47
46
  var import_debug = require("./env/debug");
48
47
  var import_socket = require("./env/socket");
49
48
  var import_is_unicode_supported = __toESM(require("./external/@socketregistry/is-unicode-supported"));
50
49
  var import_debug2 = __toESM(require("./external/debug"));
51
50
  var import_logger = require("./logger");
52
51
  var import_objects = require("./objects");
52
+ var import_spinner = require("./spinner");
53
53
  var import_strings = require("./strings");
54
- const logger = (0, import_logger.getDefaultLogger)();
55
54
  const ReflectApply = Reflect.apply;
55
+ const logger = (0, import_logger.getDefaultLogger)();
56
56
  const debugByNamespace = /* @__PURE__ */ new Map();
57
57
  // @__NO_SIDE_EFFECTS__
58
58
  function getDebugJsInstance(namespace) {
@@ -176,7 +176,7 @@ function debugDirNs(namespacesOrOpts, obj, inspectOpts) {
176
176
  };
177
177
  }
178
178
  }
179
- const spinnerInstance = options.spinner || (0, import_process.getSpinner)();
179
+ const spinnerInstance = options.spinner || (0, import_spinner.getDefaultSpinner)();
180
180
  const wasSpinning = spinnerInstance?.isSpinning;
181
181
  spinnerInstance?.stop();
182
182
  logger.info(`[DEBUG] ${callerName} ${pointingTriangle} object inspection:`);
@@ -205,7 +205,7 @@ function debugNs(namespacesOrOpts, ...args) {
205
205
  ),
206
206
  ...args.slice(1)
207
207
  ] : args;
208
- const spinnerInstance = options.spinner || (0, import_process.getSpinner)();
208
+ const spinnerInstance = options.spinner || (0, import_spinner.getDefaultSpinner)();
209
209
  const wasSpinning = spinnerInstance?.isSpinning;
210
210
  spinnerInstance?.stop();
211
211
  ReflectApply(logger.info, logger, logArgs);
@@ -232,7 +232,7 @@ function debugLogNs(namespacesOrOpts, ...args) {
232
232
  ),
233
233
  ...args.slice(1)
234
234
  ] : [`[DEBUG] ${callerName} ${pointingTriangle}`, ...args];
235
- const spinnerInstance = options.spinner || (0, import_process.getSpinner)();
235
+ const spinnerInstance = options.spinner || (0, import_spinner.getDefaultSpinner)();
236
236
  const wasSpinning = spinnerInstance?.isSpinning;
237
237
  spinnerInstance?.stop();
238
238
  ReflectApply(logger.info, logger, logArgs);
@@ -253,7 +253,7 @@ function debugCacheNs(namespacesOrOpts, operation, key, meta) {
253
253
  }
254
254
  const prefix = `[CACHE] ${callerName} ${pointingTriangle} ${operation}: ${key}`;
255
255
  const logArgs = meta !== void 0 ? [prefix, meta] : [prefix];
256
- const spinnerInstance = options.spinner || (0, import_process.getSpinner)();
256
+ const spinnerInstance = options.spinner || (0, import_spinner.getDefaultSpinner)();
257
257
  const wasSpinning = spinnerInstance?.isSpinning;
258
258
  spinnerInstance?.stop();
259
259
  ReflectApply(logger.info, logger, logArgs);
package/dist/spawn.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import type { EventEmitter } from 'node:events';
1
2
  // Define BufferEncoding type for TypeScript compatibility.
2
3
  type BufferEncoding = globalThis.BufferEncoding;
3
4
  /**
@@ -31,7 +32,7 @@ export type PromiseSpawnOptions = {
31
32
  * This is a Promise that resolves with process exit information and output,
32
33
  * with additional properties for accessing the running process and stdin stream.
33
34
  *
34
- * @property {ChildProcessType} process - The running child process instance
35
+ * @property {ChildProcess} process - The running child process instance
35
36
  * @property {WritableStreamType | null} stdin - Writable stream for process stdin, or `null` if not piped
36
37
  *
37
38
  * @example
@@ -48,7 +49,7 @@ export type PromiseSpawnResult = Promise<{
48
49
  stdout: string | Buffer;
49
50
  stderr: string | Buffer;
50
51
  }> & {
51
- process: ChildProcessType;
52
+ process: ChildProcess;
52
53
  stdin: WritableStreamType | null;
53
54
  };
54
55
  /**
@@ -218,7 +219,7 @@ interface NodeSpawnOptions {
218
219
  }
219
220
  // Duplicated from Node.js child_process.ChildProcess
220
221
  // This represents a spawned child process
221
- interface ChildProcessType {
222
+ interface ChildProcess extends EventEmitter {
222
223
  stdin: NodeJS.WritableStream | null;
223
224
  stdout: NodeJS.ReadableStream | null;
224
225
  stderr: NodeJS.ReadableStream | null;
package/dist/spawn.js CHANGED
@@ -42,9 +42,10 @@ var import_arrays = require("./arrays");
42
42
  var import_bin = require("./bin");
43
43
  var import_normalize = require("./paths/normalize");
44
44
  var import_objects = require("./objects");
45
+ var import_spinner = require("./spinner");
45
46
  var import_strings = require("./strings");
46
47
  const abortSignal = (0, import_process.getAbortSignal)();
47
- const spinner = (0, import_process.getSpinner)();
48
+ const spinner = (0, import_spinner.getDefaultSpinner)();
48
49
  const windowsScriptExtRegExp = /\.(?:cmd|bat|ps1)$/i;
49
50
  let _child_process;
50
51
  // @__NO_SIDE_EFFECTS__
package/dist/stdio/prompts.js CHANGED
@@ -48,12 +48,13 @@ var import_input = __toESM(require("../external/@inquirer/input"));
48
48
  var import_password = __toESM(require("../external/@inquirer/password"));
49
49
  var searchModule = __toESM(require("../external/@inquirer/search"));
50
50
  var selectModuleImport = __toESM(require("../external/@inquirer/select"));
51
+ var import_yoctocolors_cjs = __toESM(require("../external/yoctocolors-cjs"));
52
+ var import_spinner = require("../spinner");
51
53
  var import_context = require("../themes/context");
52
54
  var import_themes = require("../themes/themes");
53
55
  var import_utils = require("../themes/utils");
54
- var import_yoctocolors_cjs = __toESM(require("../external/yoctocolors-cjs"));
55
56
  const abortSignal = (0, import_process.getAbortSignal)();
56
- const spinner = (0, import_process.getSpinner)();
57
+ const spinner = (0, import_spinner.getDefaultSpinner)();
57
58
  const searchRaw = searchModule.default;
58
59
  const selectModule = selectModuleImport;
59
60
  const selectRaw = selectModule.default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@socketsecurity/lib",
3
- "version": "4.0.1",
3
+ "version": "4.2.0",
4
4
  "packageManager": "pnpm@10.22.0",
5
5
  "license": "MIT",
6
6
  "description": "Core utilities and infrastructure for Socket.dev security tools",
@@ -690,7 +690,7 @@
690
690
  "@socketregistry/is-unicode-supported": "1.0.5",
691
691
  "@socketregistry/packageurl-js": "1.3.5",
692
692
  "@socketregistry/yocto-spinner": "1.0.25",
693
- "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@4.0.0",
693
+ "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@4.1.0",
694
694
  "@types/node": "24.9.2",
695
695
  "@typescript/native-preview": "7.0.0-dev.20250920.1",
696
696
  "@vitest/coverage-v8": "4.0.3",