@socketsecurity/lib 5.11.2 → 5.11.3

package/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.11.3](https://github.com/SocketDev/socket-lib/releases/tag/v5.11.3) - 2026-03-26
+
+### Fixed
+
+- **build**: Deduplicate shared deps across external bundles (#110)
+- **quality**: Comprehensive quality scan fixes across codebase (#111)
+- **releases**: Add in-memory TTL cache for GitHub API responses
+- **releases**: Guard against missing assets in GitHub release response (#112)
+- **process-lock**: Fix Windows path separator handling for lock directory creation (#112)
+
 ## [5.11.2](https://github.com/SocketDev/socket-lib/releases/tag/v5.11.2) - 2026-03-24
 
 ### Added

package/dist/abort.js

@@ -51,9 +51,7 @@ function createTimeoutSignal(ms) {
   if (ms <= 0) {
     throw new TypeError("timeout must be a positive number");
   }
-  const controller = new AbortController();
-  setTimeout(() => controller.abort(), ms);
-  return controller.signal;
+  return AbortSignal.timeout(Math.ceil(ms));
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/ansi.js

@@ -39,7 +39,7 @@ const ANSI_REGEX = /\x1b\[[0-9;]*m/g;
 // @__NO_SIDE_EFFECTS__
 function ansiRegex(options) {
   const { onlyFirst } = options ?? {};
-  const ST = "(?:\\u0007\\u001B\\u005C|\\u009C)";
+  const ST = "(?:\\u0007|\\u001B\\u005C|\\u009C)";
   const osc = `(?:\\u001B\\][\\s\\S]*?${ST})`;
   const csi = "[\\u001B\\u009B][[\\]()#;?]*(?:\\d{1,4}(?:[;:]\\d{0,4})*)?[\\dA-PR-TZcf-nq-uy=><~]";
   const pattern = `${osc}|${csi}`;

package/dist/argv/parse.js

@@ -157,12 +157,7 @@ function getPositionalArgs(startIndex = 2) {
   return positionals;
 }
 function hasFlag(flag, argv = import_node_process.default.argv) {
-  const flagVariants = [
-    `--${flag}`,
-    // Short flag.
-    `-${flag.charAt(0)}`
-  ];
-  return flagVariants.some((variant) => argv.includes(variant));
+  return argv.includes(`--${flag}`);
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/cache-with-ttl.js

@@ -90,9 +90,16 @@ function createTtlCache(options) {
     }
     const cacheEntry = await cacache.safeGet(fullKey);
     if (cacheEntry) {
-      const entry = JSON.parse(
-        cacheEntry.data.toString("utf8")
-      );
+      let entry;
+      try {
+        entry = JSON.parse(cacheEntry.data.toString("utf8"));
+      } catch {
+        try {
+          await cacache.remove(fullKey);
+        } catch {
+        }
+        return void 0;
+      }
       if (!isExpired(entry)) {
         if (opts.memoize) {
           memoCache.set(fullKey, entry);

package/dist/dlx/manifest.js

@@ -45,6 +45,8 @@ function getPath() {
   }
   return _path;
 }
+const fs = /* @__PURE__ */ getFs();
+const path = /* @__PURE__ */ getPath();
 const logger = (0, import_logger.getDefaultLogger)();
 const MANIFEST_FILE_NAME = ".dlx-manifest.json";
 function isBinaryEntry(entry) {
@@ -57,7 +59,7 @@ class DlxManifest {
   manifestPath;
   lockPath;
   constructor(options = {}) {
-    this.manifestPath = options.manifestPath ?? (/* @__PURE__ */ getPath()).join((0, import_socket.getSocketDlxDir)(), MANIFEST_FILE_NAME);
+    this.manifestPath = options.manifestPath ?? path.join((0, import_socket.getSocketDlxDir)(), MANIFEST_FILE_NAME);
     this.lockPath = `${this.manifestPath}.lock`;
   }
   /**
@@ -66,7 +68,7 @@ class DlxManifest {
    */
   readManifest() {
     try {
-      if (!(/* @__PURE__ */ getFs()).existsSync(this.manifestPath)) {
+      if (!fs.existsSync(this.manifestPath)) {
         return /* @__PURE__ */ Object.create(null);
       }
       const rawContent = (0, import_fs.readFileUtf8Sync)(this.manifestPath);
@@ -87,7 +89,7 @@ class DlxManifest {
    * @private
    */
   async writeManifest(data) {
-    const manifestDir = (/* @__PURE__ */ getPath()).dirname(this.manifestPath);
+    const manifestDir = path.dirname(this.manifestPath);
     try {
       (0, import_fs.safeMkdirSync)(manifestDir, { recursive: true });
     } catch (error) {
@@ -98,18 +100,12 @@ class DlxManifest {
     const content = JSON.stringify(data, null, 2);
     const tempPath = `${this.manifestPath}.tmp`;
     try {
-      (/* @__PURE__ */ getFs()).writeFileSync(tempPath, content, "utf8");
-      (/* @__PURE__ */ getFs()).writeFileSync(this.manifestPath, content, "utf8");
-      try {
-        if ((/* @__PURE__ */ getFs()).existsSync(tempPath)) {
-          (/* @__PURE__ */ getFs()).unlinkSync(tempPath);
-        }
-      } catch {
-      }
+      fs.writeFileSync(tempPath, content, "utf8");
+      fs.renameSync(tempPath, this.manifestPath);
     } catch (error) {
       try {
-        if ((/* @__PURE__ */ getFs()).existsSync(tempPath)) {
-          (/* @__PURE__ */ getFs()).unlinkSync(tempPath);
+        if (fs.existsSync(tempPath)) {
+          fs.unlinkSync(tempPath);
         }
       } catch {
       }
@@ -122,17 +118,16 @@ class DlxManifest {
   async clear(name) {
     await import_process_lock.processLock.withLock(this.lockPath, async () => {
       try {
-        if (!(/* @__PURE__ */ getFs()).existsSync(this.manifestPath)) {
+        if (!fs.existsSync(this.manifestPath)) {
           return;
         }
-        const content = (/* @__PURE__ */ getFs()).readFileSync(this.manifestPath, "utf8");
+        const content = fs.readFileSync(this.manifestPath, "utf8");
         if (!content.trim()) {
           return;
         }
         const data = JSON.parse(content);
         delete data[name];
-        const updatedContent = JSON.stringify(data, null, 2);
-        (/* @__PURE__ */ getFs()).writeFileSync(this.manifestPath, updatedContent, "utf8");
+        await this.writeManifest(data);
       } catch (error) {
         logger.warn(
           `Failed to clear cache for ${name}: ${error instanceof Error ? error.message : String(error)}`
@@ -146,8 +141,8 @@ class DlxManifest {
   async clearAll() {
     await import_process_lock.processLock.withLock(this.lockPath, async () => {
       try {
-        if ((/* @__PURE__ */ getFs()).existsSync(this.manifestPath)) {
-          (/* @__PURE__ */ getFs()).unlinkSync(this.manifestPath);
+        if (fs.existsSync(this.manifestPath)) {
+          fs.unlinkSync(this.manifestPath);
         }
       } catch (error) {
         logger.warn(
@@ -173,7 +168,7 @@ class DlxManifest {
    */
   getAllPackages() {
     try {
-      if (!(/* @__PURE__ */ getFs()).existsSync(this.manifestPath)) {
+      if (!fs.existsSync(this.manifestPath)) {
         return [];
       }
       const rawContent = (0, import_fs.readFileUtf8Sync)(this.manifestPath);
@@ -219,8 +214,8 @@ class DlxManifest {
     await import_process_lock.processLock.withLock(this.lockPath, async () => {
       let data = /* @__PURE__ */ Object.create(null);
       try {
-        if ((/* @__PURE__ */ getFs()).existsSync(this.manifestPath)) {
-          const content2 = (/* @__PURE__ */ getFs()).readFileSync(this.manifestPath, "utf8");
+        if (fs.existsSync(this.manifestPath)) {
+          const content2 = fs.readFileSync(this.manifestPath, "utf8");
           if (content2.trim()) {
             data = JSON.parse(content2);
           }
@@ -231,7 +226,7 @@ class DlxManifest {
         );
       }
       data[name] = record;
-      const manifestDir = (/* @__PURE__ */ getPath()).dirname(this.manifestPath);
+      const manifestDir = path.dirname(this.manifestPath);
       try {
         (0, import_fs.safeMkdirSync)(manifestDir, { recursive: true });
       } catch (error) {
@@ -242,18 +237,12 @@ class DlxManifest {
       const content = JSON.stringify(data, null, 2);
       const tempPath = `${this.manifestPath}.tmp`;
       try {
-        (/* @__PURE__ */ getFs()).writeFileSync(tempPath, content, "utf8");
-        (/* @__PURE__ */ getFs()).writeFileSync(this.manifestPath, content, "utf8");
-        try {
-          if ((/* @__PURE__ */ getFs()).existsSync(tempPath)) {
-            (/* @__PURE__ */ getFs()).unlinkSync(tempPath);
-          }
-        } catch {
-        }
+        fs.writeFileSync(tempPath, content, "utf8");
+        fs.renameSync(tempPath, this.manifestPath);
       } catch (error) {
         try {
-          if ((/* @__PURE__ */ getFs()).existsSync(tempPath)) {
-            (/* @__PURE__ */ getFs()).unlinkSync(tempPath);
+          if (fs.existsSync(tempPath)) {
+            fs.unlinkSync(tempPath);
           }
         } catch {
         }

package/dist/external/@npmcli/package-json.js

@@ -235,7 +235,7 @@ var require_update_workspaces = __commonJS({
 var require_debug = __commonJS({
   "node_modules/.pnpm/semver@7.7.2/node_modules/semver/internal/debug.js"(exports2, module2) {
     "use strict";
-    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => void 0 : () => {
+    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {
     };
     module2.exports = debug;
   }
@@ -889,7 +889,7 @@ var require_commonjs = __commonJS({
     var warned = /* @__PURE__ */ new Set();
     var PROCESS = typeof process === "object" && !!process ? process : {};
     var emitWarning = /* @__PURE__ */ __name((msg, type, code, fn) => {
-      typeof PROCESS.emitWarning === "function" ? PROCESS.emitWarning(msg, type, code, fn) : void 0;
+      typeof PROCESS.emitWarning === "function" ? PROCESS.emitWarning(msg, type, code, fn) : console.error(`[${code}] ${type}: ${msg}`);
     }, "emitWarning");
     var AC = globalThis.AbortController;
     var AS = globalThis.AbortSignal;
@@ -3903,7 +3903,7 @@ var require_commonjs2 = __commonJS({
         this.parseNegate();
         this.globSet = [...new Set(this.braceExpand())];
         if (options.debug) {
-          this.debug = (...args) => void 0;
+          this.debug = (...args) => console.error(...args);
         }
         this.debug(this.pattern, this.globSet);
         const rawGlobParts = this.globSet.map((s) => this.slashSplit(s));
@@ -10656,9 +10656,11 @@ var require_retry_operation = __commonJS({
       this._fn(this._attempts);
     };
     RetryOperation.prototype.try = function(fn) {
+      /* @__PURE__ */ console.log("Using RetryOperation.try() is deprecated");
       this.attempt(fn);
     };
     RetryOperation.prototype.start = function(fn) {
+      /* @__PURE__ */ console.log("Using RetryOperation.start() is deprecated");
       this.attempt(fn);
     };
     RetryOperation.prototype.start = RetryOperation.prototype.try;

package/dist/external/adm-zip.js

@@ -578,6 +578,7 @@ var require_fattr = __commonJS({
         _obj.readonly = (128 & _stat.mode) === 0;
         _obj.hidden = pth.basename(_path)[0] === ".";
       } else {
+        /* @__PURE__ */ console.warn("Invalid path: " + _path);
       }
       return {
         get directory() {

package/dist/external/debug.js

@@ -159,9 +159,9 @@ var require_ms = __commonJS({
   }
 });
 
-// node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/common.js
+// node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/common.js
 var require_common = __commonJS({
-  "node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/common.js"(exports2, module2) {
+  "node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/common.js"(exports2, module2) {
     function setup(env2) {
       createDebug.debug = createDebug;
       createDebug.default = createDebug;
@@ -336,6 +336,7 @@ var require_common = __commonJS({
       }
       __name(coerce, "coerce");
       function destroy() {
+        /* @__PURE__ */ console.warn("Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.");
       }
       __name(destroy, "destroy");
       createDebug.enable(createDebug.load());
@@ -346,9 +347,9 @@ var require_common = __commonJS({
   }
 });
 
-// node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/browser.js
+// node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/browser.js
 var require_browser = __commonJS({
-  "node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/browser.js"(exports2, module2) {
+  "node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/browser.js"(exports2, module2) {
     exports2.formatArgs = formatArgs;
     exports2.save = save;
     exports2.load = load;
@@ -359,6 +360,7 @@ var require_browser = __commonJS({
       return () => {
         if (!warned) {
           warned = true;
+          /* @__PURE__ */ console.warn("Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.");
         }
       };
     })();
@@ -519,7 +521,7 @@ var require_browser = __commonJS({
   }
 });
 
-// node_modules/.pnpm/supports-color@10.0.0/node_modules/supports-color/index.js
+// node_modules/.pnpm/supports-color@10.2.2/node_modules/supports-color/index.js
 var supports_color_exports = {};
 __export(supports_color_exports, {
   createSupportsColor: () => createSupportsColor,
@@ -613,6 +615,12 @@ function _supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
   if (env.TERM === "xterm-kitty") {
     return 3;
   }
+  if (env.TERM === "xterm-ghostty") {
+    return 3;
+  }
+  if (env.TERM === "wezterm") {
+    return 3;
+  }
   if ("TERM_PROGRAM" in env) {
     const version = Number.parseInt((env.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
     switch (env.TERM_PROGRAM) {
@@ -644,7 +652,7 @@ function createSupportsColor(stream, options = {}) {
 }
 var import_node_process, import_node_os, import_node_tty, env, flagForceColor, supportsColor, supports_color_default;
 var init_supports_color = __esm({
-  "node_modules/.pnpm/supports-color@10.0.0/node_modules/supports-color/index.js"() {
+  "node_modules/.pnpm/supports-color@10.2.2/node_modules/supports-color/index.js"() {
     import_node_process = __toESM(require("node:process"), 1);
     import_node_os = __toESM(require("node:os"), 1);
     import_node_tty = __toESM(require("node:tty"), 1);
@@ -667,9 +675,9 @@ var init_supports_color = __esm({
   }
 });
 
-// node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/node.js
+// node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/node.js
 var require_node = __commonJS({
-  "node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/node.js"(exports2, module2) {
+  "node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/node.js"(exports2, module2) {
     var tty2 = require("tty");
     var util = require("util");
     exports2.init = init;
@@ -848,9 +856,9 @@ var require_node = __commonJS({
   }
 });
 
-// node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/index.js
+// node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/index.js
 var require_src = __commonJS({
-  "node_modules/.pnpm/debug@4.4.3_supports-color@10.0.0/node_modules/debug/src/index.js"(exports2, module2) {
+  "node_modules/.pnpm/debug@4.4.3_supports-color@10.2.2/node_modules/debug/src/index.js"(exports2, module2) {
     if (typeof process === "undefined" || process.type === "renderer" || false || process.__nwjs) {
       module2.exports = require_browser();
     } else {

package/dist/external/external-pack.js

@@ -317,7 +317,7 @@ var require_cjs = __commonJS({
   }
 });
 
-// node_modules/.pnpm/supports-color@10.0.0/node_modules/supports-color/index.js
+// node_modules/.pnpm/supports-color@10.2.2/node_modules/supports-color/index.js
 var supports_color_exports = {};
 __export(supports_color_exports, {
   createSupportsColor: () => createSupportsColor,
@@ -411,6 +411,12 @@ function _supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
   if (env.TERM === "xterm-kitty") {
     return 3;
   }
+  if (env.TERM === "xterm-ghostty") {
+    return 3;
+  }
+  if (env.TERM === "wezterm") {
+    return 3;
+  }
   if ("TERM_PROGRAM" in env) {
     const version = Number.parseInt((env.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
     switch (env.TERM_PROGRAM) {
@@ -442,7 +448,7 @@ function createSupportsColor(stream, options = {}) {
 }
 var import_node_process, import_node_os, import_node_tty, env, flagForceColor, supportsColor, supports_color_default;
 var init_supports_color = __esm({
-  "node_modules/.pnpm/supports-color@10.0.0/node_modules/supports-color/index.js"() {
+  "node_modules/.pnpm/supports-color@10.2.2/node_modules/supports-color/index.js"() {
     import_node_process = __toESM(require("node:process"), 1);
     import_node_os = __toESM(require("node:os"), 1);
     import_node_tty = __toESM(require("node:tty"), 1);

package/dist/external/libnpmexec.js

@@ -11,9 +11,9 @@ var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
 
-// node_modules/.pnpm/libnpmexec@10.2.3_supports-color@10.0.0/node_modules/libnpmexec/lib/get-bin-from-manifest.js
+// node_modules/.pnpm/libnpmexec@10.2.3_supports-color@10.2.2/node_modules/libnpmexec/lib/get-bin-from-manifest.js
 var require_get_bin_from_manifest = __commonJS({
-  "node_modules/.pnpm/libnpmexec@10.2.3_supports-color@10.0.0/node_modules/libnpmexec/lib/get-bin-from-manifest.js"(exports2, module2) {
+  "node_modules/.pnpm/libnpmexec@10.2.3_supports-color@10.2.2/node_modules/libnpmexec/lib/get-bin-from-manifest.js"(exports2, module2) {
     var getBinFromManifest2 = /* @__PURE__ */ __name((mani) => {
       const bin = mani.bin || {};
       if (new Set(Object.values(bin)).size === 1) {