@socketsecurity/lib 5.11.0 → 5.11.2

package/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.11.2](https://github.com/SocketDev/socket-lib/releases/tag/v5.11.2) - 2026-03-24
+
+### Added
+
+- **http-request**: Custom CA certificate support for TLS connections
+  - `httpRequest`, `httpJson`, `httpText` accept `ca` option for custom certificate authorities
+  - `httpDownload` accepts `ca` option, threaded through redirects and retries
+  - `fetchChecksums` accepts `ca` option, passed through to underlying request
+  - Enables SSL_CERT_FILE support when NODE_EXTRA_CA_CERTS is unavailable at process startup
+
+## [5.11.1](https://github.com/SocketDev/socket-lib/releases/tag/v5.11.1) - 2026-03-24
+
+### Added
+
+- **dlx/binary**: Added `sha256` option to `dlxBinary()`, `downloadBinary()`, and `downloadBinaryFile()`
+  - Enables SHA-256 checksum verification for binary downloads via httpDownload
+  - Verification happens during download (fails early if checksum mismatches)
+  - Complements existing `integrity` option (SRI sha512 format, verified post-download)
+
 ## [5.11.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.11.0) - 2026-03-23
 
 ### Added

package/dist/agent.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var agent_exports = {};
 __export(agent_exports, {
@@ -34,6 +44,7 @@ __export(agent_exports, {
   isPnpmLoglevelFlag: () => isPnpmLoglevelFlag
 });
 module.exports = __toCommonJS(agent_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_agents = require("./constants/agents");
 var import_node = require("./constants/node");
 var import_platform = require("./constants/platform");
@@ -230,7 +241,7 @@ function execScript(scriptName, args, options) {
     return (0, import_spawn.spawn)(scriptName, resolvedArgs, spawnOptions);
   }
   const useNodeRun = !prepost && (0, import_node.supportsNodeRun)();
-  const cwd = (0, import_objects.getOwn)(spawnOptions, "cwd") ?? process.cwd();
+  const cwd = (0, import_objects.getOwn)(spawnOptions, "cwd") ?? import_node_process.default.cwd();
   const pnpmLockPath = (0, import_fs.findUpSync)(import_agents.PNPM_LOCK_YAML, { cwd });
   if (pnpmLockPath) {
     return execPnpm(["run", scriptName, ...resolvedArgs], spawnOptions);

package/dist/archives.js

@@ -39,6 +39,7 @@ module.exports = __toCommonJS(archives_exports);
 var import_node_fs = require("node:fs");
 var import_promises = require("node:stream/promises");
 var import_node_zlib = require("node:zlib");
+var import_node_process = __toESM(require("node:process"));
 var import_adm_zip = __toESM(require("./external/adm-zip.js"));
 var import_tar_fs = __toESM(require("./external/tar-fs.js"));
 var import_fs = require("./fs.js");
@@ -96,7 +97,7 @@ async function extractTar(archivePath, outputDir, options = {}) {
       }
       if (header.type === "symlink" || header.type === "link") {
         destroyScheduled = true;
-        process.nextTick(() => {
+        import_node_process.default.nextTick(() => {
           extractStream.destroy(
             new Error(
               `Symlink detected in archive: ${header.name}. Symlinks are not supported for security reasons.`
@@ -107,7 +108,7 @@ async function extractTar(archivePath, outputDir, options = {}) {
       }
       if (header.size && header.size > maxFileSize) {
         destroyScheduled = true;
-        process.nextTick(() => {
+        import_node_process.default.nextTick(() => {
           extractStream.destroy(
             new Error(
               `File size exceeds limit: ${header.name} (${header.size} bytes > ${maxFileSize} bytes)`
@@ -120,7 +121,7 @@ async function extractTar(archivePath, outputDir, options = {}) {
         totalExtractedSize += header.size;
         if (totalExtractedSize > maxTotalSize) {
           destroyScheduled = true;
-          process.nextTick(() => {
+          import_node_process.default.nextTick(() => {
             extractStream.destroy(
               new Error(
                 `Total extracted size exceeds limit: ${totalExtractedSize} bytes > ${maxTotalSize} bytes`
@@ -161,7 +162,7 @@ async function extractTarGz(archivePath, outputDir, options = {}) {
       }
       if (header.type === "symlink" || header.type === "link") {
         destroyScheduled = true;
-        process.nextTick(() => {
+        import_node_process.default.nextTick(() => {
           extractStream.destroy(
             new Error(
               `Symlink detected in archive: ${header.name}. Symlinks are not supported for security reasons.`
@@ -172,7 +173,7 @@ async function extractTarGz(archivePath, outputDir, options = {}) {
       }
       if (header.size && header.size > maxFileSize) {
         destroyScheduled = true;
-        process.nextTick(() => {
+        import_node_process.default.nextTick(() => {
           extractStream.destroy(
             new Error(
               `File size exceeds limit: ${header.name} (${header.size} bytes > ${maxFileSize} bytes)`
@@ -185,7 +186,7 @@ async function extractTarGz(archivePath, outputDir, options = {}) {
         totalExtractedSize += header.size;
         if (totalExtractedSize > maxTotalSize) {
           destroyScheduled = true;
-          process.nextTick(() => {
+          import_node_process.default.nextTick(() => {
             extractStream.destroy(
               new Error(
                 `Total extracted size exceeds limit: ${totalExtractedSize} bytes > ${maxTotalSize} bytes`

package/dist/argv/flags.d.ts

@@ -1,10 +1,3 @@
-/**
- * Common flag utilities for Socket CLI applications.
- * Provides consistent flag checking across all Socket projects.
- */
-/**
- * Flag values object from parsed arguments.
- */
 export interface FlagValues {
     [key: string]: unknown;
     quiet?: boolean;

package/dist/argv/flags.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var flags_exports = {};
 __export(flags_exports, {
@@ -37,7 +47,8 @@ __export(flags_exports, {
   isWatch: () => isWatch
 });
 module.exports = __toCommonJS(flags_exports);
-const processArg = [...process.argv];
+var import_node_process = __toESM(require("node:process"));
+const processArg = [...import_node_process.default.argv];
 function getLogLevel(input) {
   if (isQuiet(input)) {
     return "silent";

package/dist/argv/parse.js

@@ -36,12 +36,13 @@ __export(parse_exports, {
   parseArgsWithDefaults: () => parseArgsWithDefaults
 });
 module.exports = __toCommonJS(parse_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_yargs_parser = __toESM(require("../external/yargs-parser"));
 function parseArgs(config = {}) {
   const {
     allowNegative = false,
     allowPositionals = true,
-    args = process.argv.slice(2),
+    args = import_node_process.default.argv.slice(2),
     configuration,
     options = {},
     strict = true
@@ -142,7 +143,7 @@ const commonParseArgsConfig = {
   strict: false
 };
 function getPositionalArgs(startIndex = 2) {
-  const args = process.argv.slice(startIndex);
+  const args = import_node_process.default.argv.slice(startIndex);
   const positionals = [];
   let i = 0;
   while (i < args.length) {
@@ -155,7 +156,7 @@ function getPositionalArgs(startIndex = 2) {
   }
   return positionals;
 }
-function hasFlag(flag, argv = process.argv) {
+function hasFlag(flag, argv = import_node_process.default.argv) {
   const flagVariants = [
     `--${flag}`,
     // Short flag.

package/dist/bin.js

@@ -42,6 +42,7 @@ __export(bin_exports, {
   whichSync: () => whichSync
 });
 module.exports = __toCommonJS(bin_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_home = require("./env/home");
 var import_windows = require("./env/windows");
 var import_xdg = require("./env/xdg");
@@ -135,7 +136,7 @@ function findRealBin(binName, commonPaths = []) {
 function findRealNpm() {
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const nodeDir = path.dirname(process.execPath);
+  const nodeDir = path.dirname(import_node_process.default.execPath);
   const npmInNodeDir = path.join(nodeDir, "npm");
   if (fs.existsSync(npmInNodeDir)) {
     return npmInNodeDir;

package/dist/constants/node.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var node_exports = {};
 __export(node_exports, {
@@ -41,8 +51,9 @@ __export(node_exports, {
   supportsProcessSend: () => supportsProcessSend
 });
 module.exports = __toCommonJS(node_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_maintained_node_versions = require("./maintained-node-versions");
-const NODE_VERSION = process.version;
+const NODE_VERSION = import_node_process.default.version;
 function getNodeVersion() {
   return NODE_VERSION;
 }
@@ -105,7 +116,7 @@ function getNodeDisableSigusr1Flags() {
   return _nodeDisableSigusr1Flags;
 }
 function supportsProcessSend() {
-  return typeof process.send === "function";
+  return typeof import_node_process.default.send === "function";
 }
 let _nodeHardenFlags;
 let _nodePermissionFlags;
@@ -152,7 +163,7 @@ function getNodeNoWarningsFlags() {
   return _nodeNoWarningsFlags;
 }
 function getExecPath() {
-  return process.execPath;
+  return import_node_process.default.execPath;
 }
 const NODE_SEA_FUSE = "NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2";
 const ESNEXT = "esnext";

package/dist/cover/code.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,12 +18,21 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var code_exports = {};
 __export(code_exports, {
   getCodeCoverage: () => getCodeCoverage
 });
 module.exports = __toCommonJS(code_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_fs = require("../fs");
 var import_objects = require("../objects");
 var import_spawn = require("../spawn");
@@ -45,7 +56,7 @@ async function getCodeCoverage(options) {
   const path = /* @__PURE__ */ getPath();
   const opts = {
     __proto__: null,
-    coveragePath: path.join(process.cwd(), "coverage/coverage-final.json"),
+    coveragePath: path.join(import_node_process.default.cwd(), "coverage/coverage-final.json"),
     generateIfMissing: false,
     ...options
   };
@@ -58,7 +69,7 @@ async function getCodeCoverage(options) {
   if (!coverageExists) {
     if (generateIfMissing) {
       await (0, import_spawn.spawn)("vitest", ["run", "--coverage"], {
-        cwd: process.cwd(),
+        cwd: import_node_process.default.cwd(),
         stdio: "inherit"
       });
     } else {

package/dist/cover/type.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,17 +18,26 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var type_exports = {};
 __export(type_exports, {
   getTypeCoverage: () => getTypeCoverage
 });
 module.exports = __toCommonJS(type_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_spawn = require("../spawn");
 async function getTypeCoverage(options) {
   const opts = {
     __proto__: null,
-    cwd: process.cwd(),
+    cwd: import_node_process.default.cwd(),
     generateIfMissing: false,
     ...options
   };

package/dist/dlx/binary.d.ts

@@ -13,6 +13,12 @@ export interface DlxBinaryOptions {
      * Expected SRI integrity hash (sha512-<base64>) for verification.
      */
     integrity?: string | undefined;
+    /**
+     * Expected SHA-256 hex checksum for verification.
+     * Passed to httpDownload for inline verification during download.
+     * This is more secure than post-download verification as it fails early.
+     */
+    sha256?: string | undefined;
     /**
      * Cache TTL in milliseconds (default: 7 days).
      */
@@ -127,8 +133,14 @@ export declare function downloadBinary(options: Omit<DlxBinaryOptions, 'spawnOpt
  * Download a file from a URL with integrity checking and concurrent download protection.
  * Uses processLock to prevent multiple processes from downloading the same binary simultaneously.
  * Internal helper function for downloading binary files.
+ *
+ * Supports two integrity verification methods:
+ * - sha256: Hex SHA-256 checksum (verified inline during download via httpDownload)
+ * - integrity: SRI format sha512-<base64> (verified post-download)
+ *
+ * The sha256 option is preferred as it fails early during download if the checksum doesn't match.
  */
-export declare function downloadBinaryFile(url: string, destPath: string, integrity?: string | undefined): Promise<string>;
+export declare function downloadBinaryFile(url: string, destPath: string, integrity?: string | undefined, sha256?: string | undefined): Promise<string>;
 /**
  * Execute a cached binary without re-downloading.
  * Similar to executePackage from dlx-package.

package/dist/dlx/binary.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var binary_exports = {};
 __export(binary_exports, {
@@ -31,6 +41,7 @@ __export(binary_exports, {
   writeBinaryCacheMetadata: () => writeBinaryCacheMetadata
 });
 module.exports = __toCommonJS(binary_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_platform = require("../constants/platform");
 var import_time = require("../constants/time");
 var import_cache = require("./cache");
@@ -111,6 +122,7 @@ async function dlxBinary(args, options, spawnExtra) {
     force: userForce = false,
     integrity,
     name,
+    sha256,
     spawnOptions,
     url,
     yes
@@ -119,7 +131,7 @@ async function dlxBinary(args, options, spawnExtra) {
   const path = /* @__PURE__ */ getPath();
   const force = yes === true ? true : userForce;
   const cacheDir = getDlxCachePath();
-  const binaryName = name || `binary-${process.platform}-${(0, import_platform.getArch)()}`;
+  const binaryName = name || `binary-${import_node_process.default.platform}-${(0, import_platform.getArch)()}`;
   const spec = `${url}:${binaryName}`;
   const cacheKey = (0, import_cache.generateCacheKey)(spec);
   const cacheEntryDir = path.join(cacheDir, cacheKey);
@@ -168,7 +180,12 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
         { cause: e }
       );
     }
-    computedIntegrity = await downloadBinaryFile(url, binaryPath, integrity);
+    computedIntegrity = await downloadBinaryFile(
+      url,
+      binaryPath,
+      integrity,
+      sha256
+    );
     const stats = await fs.promises.stat(binaryPath);
     await writeBinaryCacheMetadata(
       cacheEntryDir,
@@ -183,7 +200,7 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
     ...spawnOptions,
     env: {
       ...spawnOptions?.env,
-      PATH: `${cacheEntryDir}${(/* @__PURE__ */ getPath()).delimiter}${process.env["PATH"] || ""}`
+      PATH: `${cacheEntryDir}${(/* @__PURE__ */ getPath()).delimiter}${import_node_process.default.env["PATH"] || ""}`
     },
     shell: true
   } : spawnOptions;
@@ -200,12 +217,13 @@ async function downloadBinary(options) {
     force = false,
     integrity,
     name,
+    sha256,
     url
   } = { __proto__: null, ...options };
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
   const cacheDir = getDlxCachePath();
-  const binaryName = name || `binary-${process.platform}-${(0, import_platform.getArch)()}`;
+  const binaryName = name || `binary-${import_node_process.default.platform}-${(0, import_platform.getArch)()}`;
   const spec = `${url}:${binaryName}`;
   const cacheKey = (0, import_cache.generateCacheKey)(spec);
   const cacheEntryDir = path.join(cacheDir, cacheKey);
@@ -240,7 +258,8 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
     const computedIntegrity = await downloadBinaryFile(
       url,
       binaryPath,
-      integrity
+      integrity,
+      sha256
     );
     const stats = await fs.promises.stat(binaryPath);
     await writeBinaryCacheMetadata(
@@ -257,7 +276,7 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
     downloaded
   };
 }
-async function downloadBinaryFile(url, destPath, integrity) {
+async function downloadBinaryFile(url, destPath, integrity, sha256) {
   const crypto = /* @__PURE__ */ getCrypto();
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
@@ -275,7 +294,7 @@ async function downloadBinaryFile(url, destPath, integrity) {
         }
       }
       try {
-        await (0, import_http_request.httpDownload)(url, destPath);
+        await (0, import_http_request.httpDownload)(url, destPath, sha256 ? { sha256 } : void 0);
       } catch (e) {
         throw new Error(
           `Failed to download binary from ${url}
@@ -313,7 +332,7 @@ function executeBinary(binaryPath, args, spawnOptions, spawnExtra) {
     ...spawnOptions,
     env: {
       ...spawnOptions?.env,
-      PATH: `${cacheEntryDir}${path.delimiter}${process.env["PATH"] || ""}`
+      PATH: `${cacheEntryDir}${path.delimiter}${import_node_process.default.env["PATH"] || ""}`
     },
     shell: true
   } : spawnOptions;
@@ -406,7 +425,7 @@ async function writeBinaryCacheMetadata(cacheEntryPath, cacheKey, url, integrity
     }
   };
   const fs = /* @__PURE__ */ getFs();
-  const tmpPath = `${metaPath}.tmp.${process.pid}`;
+  const tmpPath = `${metaPath}.tmp.${import_node_process.default.pid}`;
   await fs.promises.writeFile(tmpPath, JSON.stringify(metadata, null, 2));
   await fs.promises.rename(tmpPath, metaPath);
 }

package/dist/env/package-manager.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var package_manager_exports = {};
 __export(package_manager_exports, {
@@ -24,6 +34,7 @@ __export(package_manager_exports, {
   getPackageManagerUserAgent: () => getPackageManagerUserAgent
 });
 module.exports = __toCommonJS(package_manager_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_rewire = require("./rewire");
 // @__NO_SIDE_EFFECTS__
 function detectPackageManager() {
@@ -34,7 +45,7 @@ function detectPackageManager() {
       return match[1];
     }
   }
-  const argv0 = process.argv[0];
+  const argv0 = import_node_process.default.argv[0];
   if (argv0) {
     if (argv0.includes("/pnpm/") || argv0.includes("\\pnpm\\")) {
       return "pnpm";

package/dist/env/rewire.js

@@ -1,8 +1,10 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var rewire_exports = {};
 __export(rewire_exports, {
@@ -29,6 +39,7 @@ __export(rewire_exports, {
   withEnvSync: () => withEnvSync
 });
 module.exports = __toCommonJS(rewire_exports);
+var import_node_process = __toESM(require("node:process"));
 var import_objects = require("../objects");
 var import_helpers = require("./helpers");
 let _async_hooks;
@@ -44,7 +55,7 @@ const isolatedOverridesStorage = new AsyncLocalStorage();
 const sharedOverridesSymbol = Symbol.for(
   "@socketsecurity/lib/env/rewire/test-overrides"
 );
-const isVitestEnv = (0, import_helpers.envAsBoolean)(process.env.VITEST);
+const isVitestEnv = (0, import_helpers.envAsBoolean)(import_node_process.default.env.VITEST);
 if (isVitestEnv && !globalThis[sharedOverridesSymbol]) {
   globalThis[sharedOverridesSymbol] = /* @__PURE__ */ new Map();
 }
@@ -60,7 +71,7 @@ function getEnvValue(key) {
   if (sharedOverrides?.has(key)) {
     return sharedOverrides.get(key);
   }
-  return process.env[key];
+  return import_node_process.default.env[key];
 }
 function hasOverride(key) {
   const isolatedOverrides = isolatedOverridesStorage.getStore();
@@ -74,7 +85,7 @@ function isInEnv(key) {
   if (sharedOverrides?.has(key)) {
     return true;
   }
-  return (0, import_objects.hasOwn)(process.env, key);
+  return (0, import_objects.hasOwn)(import_node_process.default.env, key);
 }
 function resetEnv() {
   sharedOverrides?.clear();

package/dist/fs.d.ts

@@ -1,7 +1,3 @@
-/**
- * @fileoverview File system utilities with cross-platform path handling.
- * Provides enhanced fs operations, glob matching, and directory traversal functions.
- */
 import type { Abortable } from 'events';
 import type { MakeDirectoryOptions, ObjectEncodingOptions, OpenMode, PathLike } from 'fs';
 import type { JsonReviver } from './json/types';