@socketsecurity/lib 5.0.0 → 5.0.1

package/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.0.1](https://github.com/SocketDev/socket-lib/releases/tag/v5.0.1) - 2025-12-11
+
+### Added
+
+- **http-request**: Enhanced `httpDownload()` with automatic progress logging via Logger integration
+  - New `logger` option: Pass a Logger instance for automatic progress tracking
+  - New `progressInterval` option: Configure progress reporting frequency (default: 10%)
+  - Progress format: `Progress: XX% (Y.Y MB / Z.Z MB)`
+  - `onProgress` callback takes precedence over `logger` when both are provided
+  - Commit: [`91e5db5`](https://github.com/SocketDev/socket-lib/commit/91e5db5)
+
 ## [5.0.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.0.0) - 2025-12-04
 
 ### Added

package/README.md

@@ -2,7 +2,7 @@
 
 [![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/lib)](https://socket.dev/npm/package/@socketsecurity/lib)
 [![CI](https://github.com/SocketDev/socket-lib/actions/workflows/ci.yml/badge.svg)](https://github.com/SocketDev/socket-lib/actions/workflows/ci.yml)
-![Coverage](https://img.shields.io/badge/coverage-83.78%25-brightgreen)
+![Coverage](https://img.shields.io/badge/coverage-84.10%25-brightgreen)
 
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 [![Follow @socket.dev on Bluesky](https://img.shields.io/badge/Follow-@socket.dev-1DA1F2?style=social&logo=bluesky)](https://bsky.app/profile/socket.dev)

package/dist/fs.d.ts

@@ -578,51 +578,63 @@ export declare function readJson(filepath: PathLike, options?: ReadJsonOptions |
 export declare function readJsonSync(filepath: PathLike, options?: ReadJsonOptions | string | undefined): import("./json/types").JsonValue;
 /**
  * Safely delete a file or directory asynchronously with built-in protections.
- * Uses `del` for safer deletion that prevents removing cwd and above by default.
- * Automatically uses force: true for temp directory, cacache, and ~/.socket subdirectories.
+ *
+ * Uses [`del`](https://socket.dev/npm/package/del/overview/8.0.1) for safer deletion with these safety features:
+ * - By default, prevents deleting the current working directory (cwd) and above
+ * - Allows deleting within cwd (descendant paths) without force option
+ * - Automatically uses force: true for temp directory, cacache, and ~/.socket subdirectories
+ * - Protects against accidental deletion of parent directories via `../` paths
  *
  * @param filepath - Path or array of paths to delete (supports glob patterns)
  * @param options - Deletion options including force, retries, and recursion
+ * @param options.force - Set to true to allow deleting cwd and above (use with caution)
  * @throws {Error} When attempting to delete protected paths without force option
  *
  * @example
  * ```ts
- * // Delete a single file
- * await safeDelete('./temp-file.txt')
- *
- * // Delete a directory recursively
- * await safeDelete('./build', { recursive: true })
+ * // Delete files within cwd (safe by default)
+ * await safeDelete('./build')
+ * await safeDelete('./dist')
  *
- * // Delete multiple paths
- * await safeDelete(['./dist', './coverage'])
+ * // Delete with glob patterns
+ * await safeDelete(['./temp/**', '!./temp/keep.txt'])
  *
  * // Delete with custom retry settings
  * await safeDelete('./flaky-dir', { maxRetries: 5, retryDelay: 500 })
+ *
+ * // Force delete cwd or above (requires explicit force: true)
+ * await safeDelete('../parent-dir', { force: true })
  * ```
  */
 export declare function safeDelete(filepath: PathLike | PathLike[], options?: RemoveOptions | undefined): Promise<void>;
 /**
  * Safely delete a file or directory synchronously with built-in protections.
- * Uses `del` for safer deletion that prevents removing cwd and above by default.
- * Automatically uses force: true for temp directory, cacache, and ~/.socket subdirectories.
+ *
+ * Uses [`del`](https://socket.dev/npm/package/del/overview/8.0.1) for safer deletion with these safety features:
+ * - By default, prevents deleting the current working directory (cwd) and above
+ * - Allows deleting within cwd (descendant paths) without force option
+ * - Automatically uses force: true for temp directory, cacache, and ~/.socket subdirectories
+ * - Protects against accidental deletion of parent directories via `../` paths
  *
  * @param filepath - Path or array of paths to delete (supports glob patterns)
  * @param options - Deletion options including force, retries, and recursion
+ * @param options.force - Set to true to allow deleting cwd and above (use with caution)
  * @throws {Error} When attempting to delete protected paths without force option
  *
  * @example
  * ```ts
- * // Delete a single file
- * safeDeleteSync('./temp-file.txt')
+ * // Delete files within cwd (safe by default)
+ * safeDeleteSync('./build')
+ * safeDeleteSync('./dist')
  *
- * // Delete a directory recursively
- * safeDeleteSync('./build', { recursive: true })
+ * // Delete with glob patterns
+ * safeDeleteSync(['./temp/**', '!./temp/keep.txt'])
  *
- * // Delete multiple paths with globs
- * safeDeleteSync(['./dist/**', './coverage/**'])
+ * // Delete multiple paths
+ * safeDeleteSync(['./coverage', './reports'])
  *
- * // Force delete a protected path (use with caution)
- * safeDeleteSync('./important', { force: true })
+ * // Force delete cwd or above (requires explicit force: true)
+ * safeDeleteSync('../parent-dir', { force: true })
  * ```
  */
 export declare function safeDeleteSync(filepath: PathLike | PathLike[], options?: RemoveOptions | undefined): void;

package/dist/http-request.d.ts

@@ -1,3 +1,4 @@
+import type { Logger } from './logger.js';
 /**
  * Configuration options for HTTP/HTTPS requests.
  */
@@ -270,9 +271,31 @@ export interface HttpDownloadOptions {
      * ```
      */
     headers?: Record<string, string> | undefined;
+    /**
+     * Logger instance for automatic progress logging.
+     * When provided with `progressInterval`, will automatically log download progress.
+     * If both `onProgress` and `logger` are provided, `onProgress` takes precedence.
+     *
+     * @example
+     * ```ts
+     * import { getDefaultLogger } from '@socketsecurity/lib/logger'
+     *
+     * const logger = getDefaultLogger()
+     * await httpDownload('https://example.com/file.zip', '/tmp/file.zip', {
+     *   logger,
+     *   progressInterval: 10  // Log every 10%
+     * })
+     * // Output:
+     * //   Progress: 10% (5.2 MB / 52.0 MB)
+     * //   Progress: 20% (10.4 MB / 52.0 MB)
+     * //   ...
+     * ```
+     */
+    logger?: Logger | undefined;
     /**
      * Callback for tracking download progress.
      * Called periodically as data is received.
+     * Takes precedence over `logger` if both are provided.
      *
      * @param downloaded - Number of bytes downloaded so far
      * @param total - Total file size in bytes (from Content-Length header)
@@ -288,6 +311,29 @@ export interface HttpDownloadOptions {
      * ```
      */
     onProgress?: ((downloaded: number, total: number) => void) | undefined;
+    /**
+     * Progress reporting interval as a percentage (0-100).
+     * Only used when `logger` is provided.
+     * Progress will be logged each time the download advances by this percentage.
+     *
+     * @default 10
+     *
+     * @example
+     * ```ts
+     * // Log every 10%
+     * await httpDownload('https://example.com/file.zip', '/tmp/file.zip', {
+     *   logger: getDefaultLogger(),
+     *   progressInterval: 10
+     * })
+     *
+     * // Log every 25%
+     * await httpDownload('https://example.com/file.zip', '/tmp/file.zip', {
+     *   logger: getDefaultLogger(),
+     *   progressInterval: 25
+     * })
+     * ```
+     */
+    progressInterval?: number | undefined;
     /**
      * Number of retry attempts for failed downloads.
      * Uses exponential backoff: delay = `retryDelay` * 2^attempt.

package/dist/http-request.js

@@ -184,17 +184,34 @@ async function httpRequestAttempt(url, options) {
 async function httpDownload(url, destPath, options) {
   const {
     headers = {},
+    logger,
     onProgress,
+    progressInterval = 10,
     retries = 0,
     retryDelay = 1e3,
     timeout = 12e4
   } = { __proto__: null, ...options };
+  let progressCallback;
+  if (onProgress) {
+    progressCallback = onProgress;
+  } else if (logger) {
+    let lastPercent = 0;
+    progressCallback = (downloaded, total) => {
+      const percent = Math.floor(downloaded / total * 100);
+      if (percent >= lastPercent + progressInterval) {
+        logger.log(
+          `  Progress: ${percent}% (${(downloaded / 1024 / 1024).toFixed(1)} MB / ${(total / 1024 / 1024).toFixed(1)} MB)`
+        );
+        lastPercent = percent;
+      }
+    };
+  }
   let lastError;
   for (let attempt = 0; attempt <= retries; attempt++) {
     try {
       return await httpDownloadAttempt(url, destPath, {
         headers,
-        onProgress,
+        onProgress: progressCallback,
         timeout
       });
     } catch (e) {

package/dist/json/edit.js

@@ -22,6 +22,7 @@ __export(edit_exports, {
   getEditableJsonClass: () => getEditableJsonClass
 });
 module.exports = __toCommonJS(edit_exports);
+var import_promises = require("node:timers/promises");
 var import_format = require("./format");
 const identSymbol = import_format.INDENT_SYMBOL;
 const newlineSymbol = import_format.NEWLINE_SYMBOL;
@@ -40,15 +41,31 @@ async function retryWrite(filepath, content, retries = 3, baseDelay = 10) {
   for (let attempt = 0; attempt <= retries; attempt++) {
     try {
       await fsPromises.writeFile(filepath, content);
+      if (process.platform === "win32") {
+        await (0, import_promises.setTimeout)(50);
+        let accessRetries = 0;
+        const maxAccessRetries = 5;
+        while (accessRetries < maxAccessRetries) {
+          try {
+            await fsPromises.access(filepath);
+            await (0, import_promises.setTimeout)(10);
+            break;
+          } catch {
+            const delay = 20 * (accessRetries + 1);
+            await (0, import_promises.setTimeout)(delay);
+            accessRetries++;
+          }
+        }
+      }
       return;
     } catch (err) {
       const isLastAttempt = attempt === retries;
-      const isEperm = err instanceof Error && "code" in err && (err.code === "EPERM" || err.code === "EBUSY");
-      if (!isEperm || isLastAttempt) {
+      const isRetriableError = err instanceof Error && "code" in err && (err.code === "EPERM" || err.code === "EBUSY" || err.code === "ENOENT");
+      if (!isRetriableError || isLastAttempt) {
         throw err;
       }
       const delay = baseDelay * 2 ** attempt;
-      await new Promise((resolve) => setTimeout(resolve, delay));
+      await (0, import_promises.setTimeout)(delay);
     }
   }
 }
@@ -57,7 +74,21 @@ function parseJson(content) {
 }
 async function readFile(filepath) {
   const { promises: fsPromises } = /* @__PURE__ */ getFs();
-  return await fsPromises.readFile(filepath, "utf8");
+  const maxRetries = process.platform === "win32" ? 5 : 1;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    try {
+      return await fsPromises.readFile(filepath, "utf8");
+    } catch (err) {
+      const isLastAttempt = attempt === maxRetries;
+      const isEnoent = err instanceof Error && "code" in err && err.code === "ENOENT";
+      if (!isEnoent || isLastAttempt) {
+        throw err;
+      }
+      const delay = process.platform === "win32" ? 50 * (attempt + 1) : 20;
+      await (0, import_promises.setTimeout)(delay);
+    }
+  }
+  throw new Error("Unreachable code");
 }
 // @__NO_SIDE_EFFECTS__
 function getEditableJsonClass() {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@socketsecurity/lib",
-  "version": "5.0.0",
-  "packageManager": "pnpm@10.22.0",
+  "version": "5.0.1",
+  "packageManager": "pnpm@10.25.0",
   "license": "MIT",
   "description": "Core utilities and infrastructure for Socket.dev security tools",
   "keywords": [
@@ -677,7 +677,7 @@
   ],
   "engines": {
     "node": ">=22",
-    "pnpm": ">=10.22.0"
+    "pnpm": ">=10.25.0"
   },
   "sideEffects": false,
   "scripts": {
@@ -742,6 +742,7 @@
     "lint-staged": "15.2.11",
     "magic-string": "0.30.17",
     "make-fetch-happen": "15.0.2",
+    "nock": "14.0.10",
     "normalize-package-data": "8.0.0",
     "npm-package-arg": "13.0.0",
     "pacote": "21.0.1",
@@ -750,7 +751,7 @@
     "spdx-correct": "3.2.0",
     "spdx-expression-parse": "4.0.0",
     "streaming-iterables": "8.0.1",
-    "taze": "19.6.0",
+    "taze": "19.9.2",
     "trash": "10.0.0",
     "type-coverage": "2.29.7",
     "typescript": "5.9.2",