@socketsecurity/lib 5.18.1 → 5.19.0

package/dist/dlx/package.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -42,7 +43,6 @@ __export(package_exports, {
 module.exports = __toCommonJS(package_exports);
 var import_platform = require("../constants/platform");
 var import_socket = require("../constants/socket");
-var import_cache = require("./cache");
 var import_arborist = __toESM(require("../external/@npmcli/arborist"));
 var import_libnpmexec = __toESM(require("../external/libnpmexec"));
 var import_npm_package_arg = __toESM(require("../external/npm-package-arg"));
@@ -52,23 +52,90 @@ var import_normalize = require("../paths/normalize");
 var import_socket2 = require("../paths/socket");
 var import_process_lock = require("../process-lock");
 var import_spawn = require("../spawn");
+var import_cache = require("./cache");
 let _fs;
+let _path;
+const rangeOperatorsRegExp = /[~^><=xX* ]|\|\|/;
+const FIREWALL_API_URL = "https://firewall-api.socket.dev/purl";
+const FIREWALL_TIMEOUT = 1e4;
+const FIREWALL_BLOCK_SEVERITIES = /* @__PURE__ */ new Set([
+  "critical",
+  "high"
+]);
+const binaryPathCache = /* @__PURE__ */ new Map();
+async function checkFirewallPurls(arb, requestedPackage) {
+  const idealTree = arb.idealTree;
+  if (!idealTree) {
+    return;
+  }
+  const purls = [];
+  for (const node of idealTree.inventory.values()) {
+    if (node.isProjectRoot) {
+      continue;
+    }
+    const { name, version } = node.package;
+    if (!name || !version) {
+      continue;
+    }
+    purls.push({ purl: npmPurl(name, version), name, version });
+  }
+  if (purls.length === 0) {
+    return;
+  }
+  const blocked = [];
+  await Promise.allSettled(
+    purls.map(async ({ name, purl, version }) => {
+      try {
+        const data = await (0, import_http_request.httpJson)(
+          `${FIREWALL_API_URL}/${encodeURIComponent(purl)}`,
+          {
+            headers: { "User-Agent": import_socket.SOCKET_LIB_USER_AGENT },
+            timeout: FIREWALL_TIMEOUT,
+            retries: 1,
+            retryDelay: 500
+          }
+        );
+        const blocking = (data.alerts ?? []).filter(
+          (a) => a.severity && FIREWALL_BLOCK_SEVERITIES.has(a.severity)
+        );
+        if (blocking.length > 0) {
+          blocked.push({
+            name,
+            version,
+            alerts: blocking.map(
+              (a) => `${a.severity}: ${a.type ?? a.key ?? "unknown"}`
+            )
+          });
+        }
+      } catch {
+      }
+    })
+  );
+  if (blocked.length > 0) {
+    const details = blocked.map((b) => `  ${b.name}@${b.version}: ${b.alerts.join(", ")}`).join("\n");
+    throw new Error(
+      `Socket Firewall blocked installation of "${requestedPackage}".
+The following dependencies have security alerts:
+${details}
+
+Visit https://socket.dev for more information.`
+    );
+  }
+}
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
-    _fs = require("fs");
+    _fs = require("node:fs");
   }
   return _fs;
 }
-let _path;
 // @__NO_SIDE_EFFECTS__
 function getPath() {
   if (_path === void 0) {
-    _path = require("path");
+    _path = require("node:path");
   }
   return _path;
 }
-const rangeOperatorsRegExp = /[~^><=xX* ]|\|\|/;
 async function dlxPackage(args, options, spawnExtra) {
   const downloadResult = await downloadPackage(options);
   const spawnPromise = executePackage(
@@ -86,6 +153,8 @@ async function downloadPackage(options) {
   const {
     binaryName,
     force: userForce,
+    hash,
+    lockfile,
     package: packageSpec,
     yes
   } = {
@@ -99,7 +168,8 @@ async function downloadPackage(options) {
   const { installed, packageDir } = await ensurePackageInstalled(
     packageName,
     fullPackageSpec,
-    force
+    force,
+    { hash, lockfile }
   );
   const binaryPath = findBinaryPath(packageDir, packageName, binaryName);
   makePackageBinsExecutable(packageDir, packageName);
@@ -109,7 +179,7 @@ async function downloadPackage(options) {
     packageDir
   };
 }
-async function ensurePackageInstalled(packageName, packageSpec, force) {
+async function ensurePackageInstalled(packageName, packageSpec, force, install) {
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
   const cacheKey = (0, import_cache.generateCacheKey)(packageSpec);
@@ -149,6 +219,29 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
           return { installed: false, packageDir };
         }
       }
+      if (install?.lockfile !== void 0) {
+        const spec = install.lockfile;
+        const lockDest = path.join(packageDir, "package-lock.json");
+        let isContent;
+        let value;
+        if (typeof spec === "string") {
+          isContent = spec.trimStart().startsWith("{");
+          value = spec;
+        } else {
+          isContent = spec.type === "content";
+          value = spec.value;
+        }
+        if (isContent) {
+          fs.writeFileSync(lockDest, value, "utf8");
+        } else {
+          fs.copyFileSync(value, lockDest);
+        }
+        fs.writeFileSync(
+          path.join(packageDir, ".npmrc"),
+          "ignore-scripts=true\naudit=false\nfund=false\nsave=false\n",
+          "utf8"
+        );
+      }
       try {
         const arb = new import_arborist.default({
           path: packageDir,
@@ -174,7 +267,7 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
         if (e instanceof Error && e.message.startsWith("Socket Firewall blocked")) {
           throw e;
         }
-        const code = e.code;
+        const code = e?.code;
         if (code === "E404" || code === "ETARGET") {
           throw new Error(
             `Package not found: ${packageSpec}
@@ -303,76 +396,11 @@ function makePackageBinsExecutable(packageDir, packageName) {
   } catch {
   }
 }
-const FIREWALL_API_URL = "https://firewall-api.socket.dev/purl";
-const FIREWALL_TIMEOUT = 1e4;
-const FIREWALL_BLOCK_SEVERITIES = /* @__PURE__ */ new Set([
-  "critical",
-  "high"
-]);
 function npmPurl(name, version) {
   const encoded = name.startsWith("@") ? `%40${name.slice(1)}` : name;
   const encodedVersion = version.replace(/\+/g, "%2B");
   return `pkg:npm/${encoded}@${encodedVersion}`;
 }
-async function checkFirewallPurls(arb, requestedPackage) {
-  const idealTree = arb.idealTree;
-  if (!idealTree) {
-    return;
-  }
-  const purls = [];
-  for (const node of idealTree.inventory.values()) {
-    if (node.isProjectRoot) {
-      continue;
-    }
-    const { name, version } = node.package;
-    if (!name || !version) {
-      continue;
-    }
-    purls.push({ purl: npmPurl(name, version), name, version });
-  }
-  if (purls.length === 0) {
-    return;
-  }
-  const blocked = [];
-  await Promise.allSettled(
-    purls.map(async ({ name, purl, version }) => {
-      try {
-        const data = await (0, import_http_request.httpJson)(
-          `${FIREWALL_API_URL}/${encodeURIComponent(purl)}`,
-          {
-            headers: { "User-Agent": import_socket.SOCKET_LIB_USER_AGENT },
-            timeout: FIREWALL_TIMEOUT,
-            retries: 1,
-            retryDelay: 500
-          }
-        );
-        const blocking = (data.alerts ?? []).filter(
-          (a) => a.severity && FIREWALL_BLOCK_SEVERITIES.has(a.severity)
-        );
-        if (blocking.length > 0) {
-          blocked.push({
-            name,
-            version,
-            alerts: blocking.map(
-              (a) => `${a.severity}: ${a.type ?? a.key ?? "unknown"}`
-            )
-          });
-        }
-      } catch {
-      }
-    })
-  );
-  if (blocked.length > 0) {
-    const details = blocked.map((b) => `  ${b.name}@${b.version}: ${b.alerts.join(", ")}`).join("\n");
-    throw new Error(
-      `Socket Firewall blocked installation of "${requestedPackage}".
-The following dependencies have security alerts:
-${details}
-
-Visit https://socket.dev for more information.`
-    );
-  }
-}
 function parsePackageSpec(spec) {
   try {
     const parsed = (0, import_npm_package_arg.default)(spec);
@@ -392,7 +420,6 @@ function parsePackageSpec(spec) {
     };
   }
 }
-const binaryPathCache = /* @__PURE__ */ new Map();
 function resolveBinaryPath(basePath) {
   if (!import_platform.WIN32) {
     return basePath;

package/dist/dlx/packages.d.ts

@@ -1,3 +1,4 @@
+/** @fileoverview Package management utilities for DLX installations. */
 /**
  * Check if a package is installed in DLX.
  *
@@ -9,17 +10,6 @@
  * ```
  */
 export declare function isDlxPackageInstalled(packageName: string): boolean;
-/**
- * Check if a package is installed in DLX asynchronously.
- *
- * @example
- * ```typescript
- * if (await isDlxPackageInstalledAsync('prettier')) {
- *   console.log('prettier is installed')
- * }
- * ```
- */
-export declare function isDlxPackageInstalledAsync(packageName: string): Promise<boolean>;
 /**
  * List all packages installed in DLX.
  *

package/dist/dlx/packages.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -20,7 +21,6 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var packages_exports = {};
 __export(packages_exports, {
   isDlxPackageInstalled: () => isDlxPackageInstalled,
-  isDlxPackageInstalledAsync: () => isDlxPackageInstalledAsync,
   listDlxPackages: () => listDlxPackages,
   listDlxPackagesAsync: () => listDlxPackagesAsync,
   removeDlxPackage: () => removeDlxPackage,
@@ -34,7 +34,7 @@ let _fs;
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
-    _fs = require("fs");
+    _fs = require("node:fs");
   }
   return _fs;
 }
@@ -42,15 +42,6 @@ function isDlxPackageInstalled(packageName) {
   const fs = /* @__PURE__ */ getFs();
   return fs.existsSync((0, import_paths.getDlxInstalledPackageDir)(packageName));
 }
-async function isDlxPackageInstalledAsync(packageName) {
-  const fs = /* @__PURE__ */ getFs();
-  try {
-    await fs.promises.access((0, import_paths.getDlxInstalledPackageDir)(packageName));
-    return true;
-  } catch {
-    return false;
-  }
-}
 function listDlxPackages() {
   try {
     return (0, import_fs.readDirNamesSync)((0, import_socket.getSocketDlxDir)(), { sort: true });
@@ -80,10 +71,9 @@ async function removeDlxPackage(packageName) {
   }
 }
 function removeDlxPackageSync(packageName) {
-  const fs = /* @__PURE__ */ getFs();
   const packageDir = (0, import_paths.getDlxPackageDir)(packageName);
   try {
-    fs.rmSync(packageDir, { recursive: true, force: true });
+    (0, import_fs.safeDeleteSync)(packageDir, { recursive: true, force: true });
   } catch (e) {
     const code = e.code;
     if (code === "EACCES" || code === "EPERM") {
@@ -117,7 +107,6 @@ Check permissions and ensure no programs are using this directory.`,
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   isDlxPackageInstalled,
-  isDlxPackageInstalledAsync,
   listDlxPackages,
   listDlxPackagesAsync,
   removeDlxPackage,

package/dist/dlx/paths.d.ts

@@ -1,3 +1,4 @@
+/** @fileoverview Path utilities for DLX package installations. */
 /**
  * Get the installed package directory within DLX node_modules.
  *

package/dist/dlx/paths.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -32,7 +33,7 @@ let _path;
 // @__NO_SIDE_EFFECTS__
 function getPath() {
   if (_path === void 0) {
-    _path = require("path");
+    _path = require("node:path");
   }
   return _path;
 }

package/dist/effects/pulse-frames.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/effects/text-shimmer.d.ts

@@ -1,5 +1,17 @@
+/**
+ * @fileoverview Text shimmer animation utilities.
+ * Provides animated highlight effects for spinner text with configurable directions:
+ * - LTR (left-to-right): Shimmer wave moves from left to right
+ * - RTL (right-to-left): Shimmer wave moves from right to left
+ * - Bidirectional: Alternates between LTR and RTL each cycle
+ * - Random: Picks a random direction each cycle
+ * - None: No shimmer animation
+ *
+ * The shimmer effect creates a bright wave that travels across the text,
+ * with characters near the wave appearing nearly white and fading to the
+ * base color as they get further from the wave position.
+ */
 import type { ShimmerColorGradient, ShimmerColorRgb, ShimmerDirection, ShimmerState } from './types';
-// Re-export types for backward compatibility.
 export type { ShimmerColor, ShimmerColorGradient, ShimmerColorInherit, ShimmerColorRgb, ShimmerConfig, ShimmerDirection, ShimmerState, } from './types';
 /**
  * Detected text formatting styles from ANSI codes.
@@ -11,7 +23,6 @@ type TextStyles = {
     strikethrough: boolean;
     underline: boolean;
 };
-// Internal options for applyShimmer function.
 type ShimmerOptions = {
     readonly color?: ShimmerColorRgb | ShimmerColorGradient | undefined;
     readonly direction?: ShimmerDirection | undefined;

package/dist/effects/text-shimmer.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -31,8 +32,20 @@ module.exports = __toCommonJS(text_shimmer_exports);
 var import_ansi = require("../ansi");
 var import_arrays = require("../arrays");
 var import_ci = require("../env/ci");
-var import_utils = require("../themes/utils");
 var import_themes = require("../themes/themes");
+var import_utils = require("../themes/utils");
+const COLOR_INHERIT = "inherit";
+const DIR_LTR = "ltr";
+const DIR_NONE = "none";
+const DIR_RANDOM = "random";
+const DIR_RTL = "rtl";
+const MODE_BI = "bi";
+function blendColors(color1, color2, factor) {
+  const r = Math.round(color1[0] + (color2[0] - color1[0]) * factor);
+  const g = Math.round(color1[1] + (color2[1] - color1[1]) * factor);
+  const b = Math.round(color1[2] + (color2[2] - color1[2]) * factor);
+  return [r, g, b];
+}
 function detectStyles(text) {
   return {
     __proto__: null,
@@ -48,43 +61,21 @@ function detectStyles(text) {
     underline: /\x1b\[4m/.test(text)
   };
 }
-function stylesToAnsi(styles) {
-  let codes = "";
-  if (styles.bold) {
-    codes += "\x1B[1m";
-  }
-  if (styles.dim) {
-    codes += "\x1B[2m";
-  }
-  if (styles.italic) {
-    codes += "\x1B[3m";
-  }
-  if (styles.underline) {
-    codes += "\x1B[4m";
-  }
-  if (styles.strikethrough) {
-    codes += "\x1B[9m";
+function getShimmerPos(textLength, step, currentDir, shimmerWidth = 2.5) {
+  const totalSteps = textLength + shimmerWidth + 2;
+  if (currentDir === DIR_RTL) {
+    return textLength - step % totalSteps;
   }
-  return codes;
+  return step % totalSteps;
 }
-const COLOR_INHERIT = "inherit";
-const DIR_LTR = "ltr";
-const DIR_NONE = "none";
-const DIR_RANDOM = "random";
-const DIR_RTL = "rtl";
-const MODE_BI = "bi";
-function shimmerIntensity(distance, shimmerWidth = 2.5) {
-  if (distance > shimmerWidth) {
-    return 0;
+function pickDirection(direction) {
+  if (direction === DIR_RANDOM) {
+    return Math.random() < 0.5 ? DIR_LTR : DIR_RTL;
   }
-  const normalized = distance / shimmerWidth;
-  return (1 - normalized) ** 2.5;
-}
-function blendColors(color1, color2, factor) {
-  const r = Math.round(color1[0] + (color2[0] - color1[0]) * factor);
-  const g = Math.round(color1[1] + (color2[1] - color1[1]) * factor);
-  const b = Math.round(color1[2] + (color2[2] - color1[2]) * factor);
-  return [r, g, b];
+  if (direction === DIR_RTL) {
+    return DIR_RTL;
+  }
+  return DIR_LTR;
 }
 function renderChar(char, index, shimmerPos, baseColor, styles) {
   const distance = Math.abs(index - shimmerPos);
@@ -104,21 +95,31 @@ function renderChar(char, index, shimmerPos, baseColor, styles) {
   const color = `\x1B[38;2;${blended[0]};${blended[1]};${blended[2]}m`;
   return `${styleCode}${color}${char}${import_ansi.ANSI_RESET}`;
 }
-function getShimmerPos(textLength, step, currentDir, shimmerWidth = 2.5) {
-  const totalSteps = textLength + shimmerWidth + 2;
-  if (currentDir === DIR_RTL) {
-    return textLength - step % totalSteps;
+function shimmerIntensity(distance, shimmerWidth = 2.5) {
+  if (distance > shimmerWidth) {
+    return 0;
   }
-  return step % totalSteps;
+  const normalized = distance / shimmerWidth;
+  return (1 - normalized) ** 2.5;
 }
-function pickDirection(direction) {
-  if (direction === DIR_RANDOM) {
-    return Math.random() < 0.5 ? DIR_LTR : DIR_RTL;
+function stylesToAnsi(styles) {
+  let codes = "";
+  if (styles.bold) {
+    codes += "\x1B[1m";
   }
-  if (direction === DIR_RTL) {
-    return DIR_RTL;
+  if (styles.dim) {
+    codes += "\x1B[2m";
   }
-  return DIR_LTR;
+  if (styles.italic) {
+    codes += "\x1B[3m";
+  }
+  if (styles.underline) {
+    codes += "\x1B[4m";
+  }
+  if (styles.strikethrough) {
+    codes += "\x1B[9m";
+  }
+  return codes;
 }
 function applyShimmer(text, state, options) {
   const opts = { __proto__: null, ...options };
@@ -127,6 +128,9 @@ function applyShimmer(text, state, options) {
   let color;
   if (opts.theme) {
     const theme = typeof opts.theme === "string" ? import_themes.THEMES[opts.theme] : opts.theme;
+    if (!theme) {
+      throw new Error(`Unknown theme: ${opts.theme}`);
+    }
     const themeColor = (0, import_utils.resolveColor)(
       theme.colors.primary,
       theme.colors

package/dist/effects/types.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/effects/ultra.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/env/ci.d.ts

@@ -1,3 +1,9 @@
+/**
+ * @fileoverview CI environment variable getter.
+ * Exports `getCI()`, which returns whether the `CI` environment variable is
+ * present (using the rewire helper so tests can override without touching
+ * `process.env`).
+ */
 /**
  * Returns whether the CI environment variable is set.
  *
@@ -12,5 +18,4 @@
  * }
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getCI(): boolean;

package/dist/env/ci.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/env/debug.d.ts

@@ -1,3 +1,8 @@
+/**
+ * @fileoverview DEBUG environment variable getter.
+ * Exports `getDebug()`, which returns the raw `DEBUG` filter string used by
+ * the `debug` package (or `undefined` when unset).
+ */
 /**
  * Returns the value of the DEBUG environment variable.
  *
@@ -11,5 +16,4 @@
  * // e.g. 'socket:*' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getDebug(): string | undefined;

package/dist/env/debug.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/env/github.d.ts

@@ -1,3 +1,22 @@
+/**
+ * @fileoverview GitHub Actions environment variable getters.
+ * Provides access to GitHub Actions CI/CD environment variables.
+ */
+/**
+ * GH_TOKEN environment variable.
+ * Alternative GitHub authentication token for API access (used by GitHub CLI).
+ *
+ * @returns The GH CLI token, or `undefined` if not set
+ *
+ * @example
+ * ```typescript
+ * import { getGhToken } from '@socketsecurity/lib/env/github'
+ *
+ * const token = getGhToken()
+ * // e.g. 'gho_abc123...' or undefined
+ * ```
+ */
+export declare function getGhToken(): string | undefined;
 /**
  * GITHUB_API_URL environment variable.
  * GitHub API URL (e.g., https://api.github.com).
@@ -12,7 +31,6 @@
  * // e.g. 'https://api.github.com' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubApiUrl(): string | undefined;
 /**
  * GITHUB_BASE_REF environment variable.
@@ -28,7 +46,6 @@ export declare function getGithubApiUrl(): string | undefined;
  * // e.g. 'main' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubBaseRef(): string | undefined;
 /**
  * GITHUB_REF_NAME environment variable.
@@ -44,7 +61,6 @@ export declare function getGithubBaseRef(): string | undefined;
  * // e.g. 'feature/my-branch' or 'v1.0.0'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubRefName(): string | undefined;
 /**
  * GITHUB_REF_TYPE environment variable.
@@ -60,7 +76,6 @@ export declare function getGithubRefName(): string | undefined;
  * // e.g. 'branch' or 'tag'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubRefType(): string | undefined;
 /**
  * GITHUB_REPOSITORY environment variable.
@@ -76,7 +91,6 @@ export declare function getGithubRefType(): string | undefined;
  * // e.g. 'SocketDev/socket-cli' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubRepository(): string | undefined;
 /**
  * GITHUB_SERVER_URL environment variable.
@@ -92,7 +106,6 @@ export declare function getGithubRepository(): string | undefined;
  * // e.g. 'https://github.com' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubServerUrl(): string | undefined;
 /**
  * GITHUB_TOKEN environment variable.
@@ -108,21 +121,4 @@ export declare function getGithubServerUrl(): string | undefined;
  * // e.g. 'ghp_abc123...' or undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getGithubToken(): string | undefined;
-/**
- * GH_TOKEN environment variable.
- * Alternative GitHub authentication token for API access (used by GitHub CLI).
- *
- * @returns The GH CLI token, or `undefined` if not set
- *
- * @example
- * ```typescript
- * import { getGhToken } from '@socketsecurity/lib/env/github'
- *
- * const token = getGhToken()
- * // e.g. 'gho_abc123...' or undefined
- * ```
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getGhToken(): string | undefined;