@socketsecurity/lib 5.18.1 → 5.19.0

package/dist/dlx/arborist.d.ts

@@ -0,0 +1,134 @@
+/**
+ * @fileoverview Safe Arborist wrapper for dlx installs and lockfile-only
+ * resolution.
+ *
+ * Every Arborist invocation in this module is configured with a fixed set
+ * of security-hardening options mirroring socket-cli v1.1.79 SafeArborist:
+ *
+ *   - audit:         false   — no network call to the npm audit endpoint
+ *   - fund:          false   — no collection/display of funding URLs
+ *   - ignoreScripts: true    — no preinstall/install/postinstall scripts
+ *   - progress:      false   — no progress bar on stdout
+ *   - saveBundle:    false   — never update bundledDependencies
+ *   - silent:        true    — suppress Arborist's default log output
+ *
+ * `save` varies by operation: {@link safeIdealTree} uses `save: true` so
+ * Arborist writes `package-lock.json`; {@link safeReify} uses `save: false`
+ * so the caller's `package.json` is never rewritten.
+ *
+ * A `.npmrc` with the equivalent settings is also written into the
+ * install directory as a belt-and-suspenders defense for any downstream
+ * tool that reads it.
+ */
+/**
+ * Shared options for the safe-arborist operations below.
+ */
+export interface SafeArboristOptions {
+    /**
+     * Install directory. Arborist reads `package.json` (and, for reify,
+     * `package-lock.json`) from this directory and creates `node_modules`
+     * here when installing.
+     *
+     * Must already exist before calling. The caller is responsible for its
+     * lifecycle (including cleanup of tmp directories).
+     */
+    path: string;
+    /**
+     * Refuse to resolve any version published after this date. Passed to
+     * Arborist (and pacote) as the `before` option. Matches npm's
+     * `min-release-age` semantics once a caller converts days → Date.
+     */
+    before?: Date | undefined;
+    /**
+     * Suppress Arborist's default log output.
+     * @default true
+     */
+    quiet?: boolean | undefined;
+}
+/**
+ * Result of {@link safeIdealTree}.
+ */
+export interface SafeIdealTreeResult {
+    /**
+     * SRI integrity of the top-level resolved package as advertised by the
+     * registry (sourced from Arborist's idealTree, not from a tarball).
+     */
+    integrity: string;
+    /** Resolved package name. */
+    name: string;
+    /** Resolved package version. */
+    version: string;
+    /** `package-lock.json` JSON content written by Arborist. */
+    lockfile: string;
+}
+/**
+ * Options for {@link safeReify}.
+ */
+export interface SafeReifyOptions extends SafeArboristOptions {
+    /**
+     * When true, Arborist reifies against the existing `package-lock.json`
+     * in `path` without rewriting it. When false, Arborist may update the
+     * lockfile to match resolved dependencies.
+     *
+     * Pin-mode callers set this to true so committed lockfiles are the
+     * authoritative resolution.
+     *
+     * @default true
+     */
+    packageLock?: boolean | undefined;
+}
+/**
+ * Run Arborist in `packageLockOnly` mode against a directory that already
+ * contains a `package.json` with a single dependency. Resolves the graph
+ * against the registry and writes `package-lock.json` into `path`, but
+ * does NOT install into `node_modules`.
+ *
+ * Used by snapshot/bootstrap flows to obtain a lockfile + top-level
+ * integrity without paying for a full install.
+ *
+ * Uses `save: true` (rather than our usual `save: false`) so Arborist
+ * actually writes the lockfile — without that flag, `reify()` in
+ * `packageLockOnly` mode with no `add` list skips the write.
+ */
+export declare function safeIdealTree(options: SafeArboristOptions): Promise<SafeIdealTreeResult>;
+/**
+ * Install into `node_modules` using Arborist's reify operation. Honors
+ * the committed `package-lock.json` in `path` when `packageLock: true`.
+ *
+ * Does not fetch registry metadata for versions already pinned by the
+ * lockfile — arborist uses the lockfile's `integrity` strings to fetch
+ * tarballs by ssri. This is the strongest form of pinning pnpm/npm
+ * offer.
+ */
+export declare function safeReify(options: SafeReifyOptions): Promise<void>;
+/**
+ * Options for {@link writeSafeNpmrc}. Optional release-age hints are
+ * echoed into the generated `.npmrc` as defense-in-depth for any
+ * downstream tool that shells out to npm/pnpm in the directory.
+ */
+export interface WriteSafeNpmrcOptions {
+    /** npm `min-release-age` (days). Mutually exclusive with minReleaseMins. */
+    minReleaseDays?: number | undefined;
+    /** pnpm `minimumReleaseAge` (minutes). Mutually exclusive with minReleaseDays. */
+    minReleaseMins?: number | undefined;
+}
+/**
+ * Write a hardened `.npmrc` into `path`. Used by both preview and pin
+ * flows as a second layer of protection alongside the Arborist options.
+ *
+ * Content written (always):
+ *   ignore-scripts=true
+ *   audit=false
+ *   fund=false
+ *   save=false
+ *   save-bundle=false
+ *   progress=false
+ *
+ * When {@link WriteSafeNpmrcOptions.minReleaseDays} is set, also writes:
+ *   min-release-age=<days>
+ *
+ * When {@link WriteSafeNpmrcOptions.minReleaseMins} is set, also writes
+ * the pnpm-style equivalent:
+ *   minimum-release-age=<minutes>
+ */
+export declare function writeSafeNpmrc(installPath: string, options?: WriteSafeNpmrcOptions | undefined): Promise<void>;

package/dist/dlx/arborist.js

@@ -0,0 +1,177 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var arborist_exports = {};
+__export(arborist_exports, {
+  safeIdealTree: () => safeIdealTree,
+  safeReify: () => safeReify,
+  writeSafeNpmrc: () => writeSafeNpmrc
+});
+module.exports = __toCommonJS(arborist_exports);
+var import_arborist = __toESM(require("../external/@npmcli/arborist"));
+var import_socket = require("../paths/socket");
+let _fs;
+// @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("node:fs");
+  }
+  return _fs;
+}
+let _path;
+// @__NO_SIDE_EFFECTS__
+function getPath() {
+  if (_path === void 0) {
+    _path = require("node:path");
+  }
+  return _path;
+}
+function getBaseArboristOptions(installPath, quiet) {
+  return {
+    __proto__: null,
+    path: installPath,
+    cache: (0, import_socket.getSocketCacacheDir)(),
+    audit: false,
+    fund: false,
+    ignoreScripts: true,
+    progress: false,
+    save: false,
+    saveBundle: false,
+    silent: quiet
+  };
+}
+function readSingleDependency(packageJsonPath) {
+  const fs = /* @__PURE__ */ getFs();
+  const raw = fs.readFileSync(packageJsonPath, "utf8");
+  const pkg = JSON.parse(raw);
+  const deps = pkg.dependencies ?? {};
+  const names = Object.keys(deps);
+  if (names.length !== 1) {
+    throw new Error(
+      `safeIdealTree expects exactly one top-level dependency in ${packageJsonPath}, found ${names.length}`
+    );
+  }
+  return names[0];
+}
+function readTopLevelFromIdealTree(tree, targetName) {
+  const root = tree;
+  const inventory = root?.inventory;
+  if (!inventory || typeof inventory.values !== "function") {
+    throw new Error("Arborist idealTree missing inventory");
+  }
+  for (const node of inventory.values()) {
+    if (node.isProjectRoot) {
+      continue;
+    }
+    if (node.name === targetName && node.depth === 1) {
+      if (!node.version || !node.integrity) {
+        throw new Error(
+          `Arborist idealTree node for ${targetName} missing version/integrity`
+        );
+      }
+      return {
+        name: node.name,
+        version: node.version,
+        integrity: node.integrity
+      };
+    }
+  }
+  throw new Error(
+    `Arborist idealTree inventory has no top-level node for ${targetName}`
+  );
+}
+async function safeIdealTree(options) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  const { before, path: installPath, quiet = true } = options;
+  const targetName = readSingleDependency(
+    path.join(installPath, "package.json")
+  );
+  const arb = new import_arborist.default({
+    ...getBaseArboristOptions(installPath, quiet),
+    ...before !== void 0 ? { before } : {},
+    packageLockOnly: true,
+    save: true
+  });
+  const tree = await arb.buildIdealTree();
+  await arb.reify();
+  const top = readTopLevelFromIdealTree(tree, targetName);
+  const lockfile = await fs.promises.readFile(
+    path.join(installPath, "package-lock.json"),
+    "utf8"
+  );
+  return { ...top, lockfile };
+}
+async function safeReify(options) {
+  const { packageLock = true, path: installPath, quiet = true } = options;
+  const arb = new import_arborist.default({
+    ...getBaseArboristOptions(installPath, quiet),
+    packageLock
+  });
+  await arb.reify();
+}
+async function writeSafeNpmrc(installPath, options) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  const { minReleaseDays, minReleaseMins } = {
+    __proto__: null,
+    ...options
+  };
+  if (minReleaseDays !== void 0 && minReleaseMins !== void 0) {
+    throw new Error(
+      "writeSafeNpmrc: minReleaseDays and minReleaseMins are mutually exclusive"
+    );
+  }
+  const lines = [
+    "ignore-scripts=true",
+    "audit=false",
+    "fund=false",
+    "save=false",
+    "save-bundle=false",
+    "progress=false"
+  ];
+  if (minReleaseDays !== void 0) {
+    lines.push(`min-release-age=${minReleaseDays}`);
+  }
+  if (minReleaseMins !== void 0) {
+    lines.push(`minimum-release-age=${minReleaseMins}`);
+  }
+  await fs.promises.writeFile(
+    path.join(installPath, ".npmrc"),
+    lines.join("\n") + "\n",
+    "utf8"
+  );
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  safeIdealTree,
+  safeReify,
+  writeSafeNpmrc
+});

package/dist/dlx/binary.d.ts

@@ -1,4 +1,7 @@
+/** @fileoverview DLX binary execution utilities for Socket ecosystem. */
+import { getSocketDlxDir } from '../paths/socket';
 import { spawn } from '../spawn';
+import type { HashSpec } from './integrity';
 import type { SpawnExtra, SpawnOptions } from '../spawn';
 export interface DlxBinaryOptions {
     /**
@@ -9,14 +12,27 @@ export interface DlxBinaryOptions {
      * Optional name for the cached binary (defaults to URL hash).
      */
     name?: string | undefined;
+    /**
+     * Expected hash for verification. Accepts either:
+     * - A bare sha512 SRI string (`sha512-<base64>`), sniffed as integrity.
+     * - A bare sha256 hex string (64 hex chars), sniffed as checksum.
+     * - An explicit `{ type: 'integrity' | 'checksum', value }` object.
+     *
+     * This is the preferred field. `integrity` and `sha256` remain as
+     * lower-level escapes; if both `hash` and one of those is set, `hash`
+     * wins for the matching flavor.
+     */
+    hash?: HashSpec | undefined;
     /**
      * Expected SRI integrity hash (sha512-<base64>) for verification.
+     * Lower-level alternative to `hash`.
      */
     integrity?: string | undefined;
     /**
      * Expected SHA-256 hex checksum for verification.
      * Passed to httpDownload for inline verification during download.
      * This is more secure than post-download verification as it fails early.
+     * Lower-level alternative to `hash`.
      */
     sha256?: string | undefined;
     /**
@@ -199,26 +215,26 @@ export declare function downloadBinaryFile(url: string, destPath: string, integr
  */
 export declare function executeBinary(binaryPath: string, args: readonly string[] | string[], spawnOptions?: SpawnOptions | undefined, spawnExtra?: SpawnExtra | undefined): ReturnType<typeof spawn>;
 /**
- * Get the DLX binary cache directory path.
- * Returns normalized path for cross-platform compatibility.
- * Uses same directory as dlx-package for unified DLX storage.
+ * Get metadata file path for a cached binary.
  *
  * @example
  * ```typescript
- * const cachePath = getDlxCachePath()
+ * const metaPath = getBinaryCacheMetadataPath('/tmp/dlx-cache/a1b2c3d4')
+ * // '/tmp/dlx-cache/a1b2c3d4/.dlx-metadata.json'
  * ```
  */
-export declare function getDlxCachePath(): string;
+export declare function getBinaryCacheMetadataPath(cacheEntryPath: string): string;
 /**
- * Get metadata file path for a cached binary.
+ * Get the DLX binary cache directory path.
+ * Alias of `getSocketDlxDir` — DLX binary cache uses the same directory
+ * as dlx-package for unified DLX storage.
  *
  * @example
  * ```typescript
- * const metaPath = getBinaryCacheMetadataPath('/tmp/dlx-cache/a1b2c3d4')
- * // '/tmp/dlx-cache/a1b2c3d4/.dlx-metadata.json'
+ * const cachePath = getDlxCachePath()
  * ```
  */
-export declare function getBinaryCacheMetadataPath(cacheEntryPath: string): string;
+export declare const getDlxCachePath: typeof getSocketDlxDir;
 /**
  * Check if a cached binary is still valid.
  *

package/dist/dlx/binary.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -44,19 +45,20 @@ module.exports = __toCommonJS(binary_exports);
 var import_node_process = __toESM(require("node:process"));
 var import_platform = require("../constants/platform");
 var import_time = require("../constants/time");
-var import_cache = require("./cache");
-var import_http_request = require("../http-request");
 var import_fs = require("../fs");
+var import_http_request = require("../http-request");
 var import_objects = require("../objects");
 var import_normalize = require("../paths/normalize");
 var import_socket = require("../paths/socket");
 var import_process_lock = require("../process-lock");
 var import_spawn = require("../spawn");
+var import_cache = require("./cache");
+var import_integrity = require("./integrity");
 let _crypto;
 // @__NO_SIDE_EFFECTS__
 function getCrypto() {
   if (_crypto === void 0) {
-    _crypto = require("crypto");
+    _crypto = require("node:crypto");
   }
   return _crypto;
 }
@@ -64,7 +66,7 @@ let _fs;
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
-    _fs = require("fs");
+    _fs = require("node:fs");
   }
   return _fs;
 }
@@ -72,7 +74,7 @@ let _path;
 // @__NO_SIDE_EFFECTS__
 function getPath() {
   if (_path === void 0) {
-    _path = require("path");
+    _path = require("node:path");
   }
   return _path;
 }
@@ -120,13 +122,24 @@ async function dlxBinary(args, options, spawnExtra) {
   const {
     cacheTtl = import_time.DLX_BINARY_CACHE_TTL,
     force: userForce = false,
-    integrity,
+    hash,
+    integrity: rawIntegrity,
     name,
-    sha256,
+    sha256: rawSha256,
     spawnOptions,
     url,
     yes
   } = { __proto__: null, ...options };
+  let integrity = rawIntegrity;
+  let sha256 = rawSha256;
+  if (hash !== void 0) {
+    const normalized = (0, import_integrity.normalizeHash)(hash);
+    if (normalized.type === "integrity") {
+      integrity = normalized.value;
+    } else {
+      sha256 = normalized.value;
+    }
+  }
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
   const force = yes === true ? true : userForce;
@@ -215,11 +228,22 @@ async function downloadBinary(options) {
   const {
     cacheTtl = import_time.DLX_BINARY_CACHE_TTL,
     force = false,
-    integrity,
+    hash,
+    integrity: rawIntegrity,
     name,
-    sha256,
+    sha256: rawSha256,
     url
   } = { __proto__: null, ...options };
+  let integrity = rawIntegrity;
+  let sha256 = rawSha256;
+  if (hash !== void 0) {
+    const normalized = (0, import_integrity.normalizeHash)(hash);
+    if (normalized.type === "integrity") {
+      integrity = normalized.value;
+    } else {
+      sha256 = normalized.value;
+    }
+  }
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
   const cacheDir = getDlxCachePath();
@@ -344,12 +368,10 @@ function executeBinary(binaryPath, args, spawnOptions, spawnExtra) {
   } : spawnOptions;
   return (0, import_spawn.spawn)(binaryPath, args, finalSpawnOptions, spawnExtra);
 }
-function getDlxCachePath() {
-  return (0, import_socket.getSocketDlxDir)();
-}
 function getBinaryCacheMetadataPath(cacheEntryPath) {
   return (/* @__PURE__ */ getPath()).join(cacheEntryPath, ".dlx-metadata.json");
 }
+const getDlxCachePath = import_socket.getSocketDlxDir;
 async function isBinaryCacheValid(cacheEntryPath, cacheTtl) {
   const fs = /* @__PURE__ */ getFs();
   try {

package/dist/dlx/cache.d.ts

@@ -1,3 +1,4 @@
+/** @fileoverview Cache key generation utilities for DLX package installations. */
 /**
  * Generate a cache directory name using npm/npx approach.
  * Uses first 16 characters of SHA-512 hash (like npm/npx).

package/dist/dlx/cache.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -26,7 +27,7 @@ let _crypto;
 // @__NO_SIDE_EFFECTS__
 function getCrypto() {
   if (_crypto === void 0) {
-    _crypto = require("crypto");
+    _crypto = require("node:crypto");
   }
   return _crypto;
 }

package/dist/dlx/detect.d.ts

@@ -1,3 +1,18 @@
+/**
+ * @fileoverview Executable type detection for DLX and local filesystem paths.
+ *
+ * Provides utilities to detect whether a path is a Node.js package or native
+ * binary executable. Supports both DLX cache paths and local filesystem paths.
+ *
+ * Key Functions:
+ * - detectExecutableType: Generic entry point for any path
+ * - detectDlxExecutableType: DLX cache specific detection
+ * - detectLocalExecutableType: Local filesystem specific detection
+ *
+ * Detection Strategies:
+ * - DLX cache: Check for node_modules/ directory
+ * - Local paths: Check for package.json with bin field, then file extension
+ */
 export type ExecutableType = 'package' | 'binary' | 'unknown';
 export interface ExecutableDetectionResult {
     type: ExecutableType;

package/dist/dlx/detect.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -31,20 +32,6 @@ var import_paths = require("./paths");
 var import_socket = require("../paths/socket");
 let _fs;
 let _path;
-// @__NO_SIDE_EFFECTS__
-function getFs() {
-  if (_fs === void 0) {
-    _fs = require("fs");
-  }
-  return _fs;
-}
-// @__NO_SIDE_EFFECTS__
-function getPath() {
-  if (_path === void 0) {
-    _path = require("path");
-  }
-  return _path;
-}
 const NODE_JS_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".mjs", ".cjs"]);
 const packageJsonPathCache = /* @__PURE__ */ new Map();
 const packageJsonContentCache = /* @__PURE__ */ new Map();
@@ -75,18 +62,39 @@ function findPackageJson(filePath) {
   packageJsonPathCache.set(startDir, null);
   return void 0;
 }
+// @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("node:fs");
+  }
+  return _fs;
+}
+// @__NO_SIDE_EFFECTS__
+function getPath() {
+  if (_path === void 0) {
+    _path = require("node:path");
+  }
+  return _path;
+}
 function readPackageJson(packageJsonPath) {
   const fs = /* @__PURE__ */ getFs();
+  let mtimeMs = 0;
+  try {
+    mtimeMs = fs.statSync(packageJsonPath).mtimeMs;
+  } catch {
+    packageJsonContentCache.delete(packageJsonPath);
+    return null;
+  }
   const cached = packageJsonContentCache.get(packageJsonPath);
-  if (cached !== void 0) {
-    return cached;
+  if (cached !== void 0 && cached.mtimeMs === mtimeMs) {
+    return cached.content;
   }
   try {
     const content = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
-    packageJsonContentCache.set(packageJsonPath, content);
+    packageJsonContentCache.set(packageJsonPath, { mtimeMs, content });
     return content;
   } catch {
-    packageJsonContentCache.set(packageJsonPath, null);
+    packageJsonContentCache.set(packageJsonPath, { mtimeMs, content: null });
     return null;
   }
 }
@@ -96,7 +104,7 @@ function detectDlxExecutableType(filePath) {
   const dlxDir = (0, import_socket.getSocketDlxDir)();
   const absolutePath = path.resolve(filePath);
   const relativePath = path.relative(dlxDir, absolutePath);
-  const cacheKey = relativePath.split(path.sep)[0];
+  const cacheKey = relativePath.split(path.sep)[0] ?? "";
   const cacheDir = path.join(dlxDir, cacheKey);
   if (fs.existsSync(path.join(cacheDir, "node_modules"))) {
     return {
@@ -121,7 +129,7 @@ function detectLocalExecutableType(filePath) {
   const packageJsonPath = findPackageJson(filePath);
   if (packageJsonPath !== void 0) {
     const packageJson = readPackageJson(packageJsonPath);
-    if (packageJson?.bin) {
+    if (packageJson?.["bin"]) {
       return {
         type: "package",
         method: "package-json",

package/dist/dlx/dir.d.ts

@@ -1,3 +1,4 @@
+/** @fileoverview Directory management utilities for DLX installations. */
 /**
  * Clear all DLX package installations.
  *
@@ -27,17 +28,6 @@ export declare function clearDlxSync(): void;
  * ```
  */
 export declare function dlxDirExists(): boolean;
-/**
- * Check if the DLX directory exists asynchronously.
- *
- * @example
- * ```typescript
- * if (await dlxDirExistsAsync()) {
- *   console.log('DLX directory is present')
- * }
- * ```
- */
-export declare function dlxDirExistsAsync(): Promise<boolean>;
 /**
  * Ensure the DLX directory exists, creating it if necessary.
  *

package/dist/dlx/dir.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -22,7 +23,6 @@ __export(dir_exports, {
   clearDlx: () => clearDlx,
   clearDlxSync: () => clearDlxSync,
   dlxDirExists: () => dlxDirExists,
-  dlxDirExistsAsync: () => dlxDirExistsAsync,
   ensureDlxDir: () => ensureDlxDir,
   ensureDlxDirSync: () => ensureDlxDirSync
 });
@@ -35,7 +35,7 @@ let _fs;
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
-    _fs = require("fs");
+    _fs = require("node:fs");
   }
   return _fs;
 }
@@ -53,15 +53,6 @@ function dlxDirExists() {
   const fs = /* @__PURE__ */ getFs();
   return fs.existsSync((0, import_socket.getSocketDlxDir)());
 }
-async function dlxDirExistsAsync() {
-  const fs = /* @__PURE__ */ getFs();
-  try {
-    await fs.promises.access((0, import_socket.getSocketDlxDir)());
-    return true;
-  } catch {
-    return false;
-  }
-}
 async function ensureDlxDir() {
   await (0, import_fs.safeMkdir)((0, import_socket.getSocketDlxDir)());
 }
@@ -73,7 +64,6 @@ function ensureDlxDirSync() {
   clearDlx,
   clearDlxSync,
   dlxDirExists,
-  dlxDirExistsAsync,
   ensureDlxDir,
   ensureDlxDirSync
 });