@socketsecurity/lib 5.18.2 → 5.19.0

package/dist/http-request.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -33,158 +34,50 @@ __export(http_request_exports, {
 });
 module.exports = __toCommonJS(http_request_exports);
 var import_socket = require("./constants/socket");
-var import_fs = require("./fs.js");
-let _fs;
-// @__NO_SIDE_EFFECTS__
-function getFs() {
-  if (_fs === void 0) {
-    _fs = require("fs");
+var import_fs = require("./fs");
+class HttpResponseError extends Error {
+  response;
+  constructor(response, message) {
+    const statusCode = response.status ?? "unknown";
+    const statusMessage = response.statusText || "No status message";
+    super(message ?? `HTTP ${statusCode}: ${statusMessage}`);
+    this.name = "HttpResponseError";
+    this.response = response;
+    Error.captureStackTrace(this, HttpResponseError);
   }
-  return _fs;
 }
+let _fs;
 let _crypto;
 let _http;
 let _https;
 // @__NO_SIDE_EFFECTS__
 function getCrypto() {
   if (_crypto === void 0) {
-    _crypto = require("crypto");
+    _crypto = require("node:crypto");
   }
   return _crypto;
 }
 // @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("node:fs");
+  }
+  return _fs;
+}
+// @__NO_SIDE_EFFECTS__
 function getHttp() {
   if (_http === void 0) {
-    _http = require("http");
+    _http = require("node:http");
   }
   return _http;
 }
 // @__NO_SIDE_EFFECTS__
 function getHttps() {
   if (_https === void 0) {
-    _https = require("https");
+    _https = require("node:https");
   }
   return _https;
 }
-async function readIncomingResponse(msg) {
-  const chunks = [];
-  for await (const chunk of msg) {
-    chunks.push(chunk);
-  }
-  const body = Buffer.concat(chunks);
-  const status = msg.statusCode ?? 0;
-  const statusText = msg.statusMessage ?? "";
-  return {
-    arrayBuffer: () => body.buffer.slice(
-      body.byteOffset,
-      body.byteOffset + body.byteLength
-    ),
-    body,
-    headers: msg.headers,
-    json: () => JSON.parse(body.toString("utf8")),
-    ok: status >= 200 && status < 300,
-    rawResponse: msg,
-    status,
-    statusText,
-    text: () => body.toString("utf8")
-  };
-}
-class HttpResponseError extends Error {
-  response;
-  constructor(response, message) {
-    const statusCode = response.status ?? "unknown";
-    const statusMessage = response.statusText || "No status message";
-    super(message ?? `HTTP ${statusCode}: ${statusMessage}`);
-    this.name = "HttpResponseError";
-    this.response = response;
-    Error.captureStackTrace(this, HttpResponseError);
-  }
-}
-function parseRetryAfterHeader(value) {
-  if (!value) {
-    return void 0;
-  }
-  const raw = Array.isArray(value) ? value[0] : value;
-  if (!raw) {
-    return void 0;
-  }
-  const trimmed = raw.trim();
-  if (/^\d+$/.test(trimmed)) {
-    const seconds = Number(trimmed);
-    return seconds * 1e3;
-  }
-  const date = new Date(raw);
-  if (!Number.isNaN(date.getTime())) {
-    const delayMs = date.getTime() - Date.now();
-    if (delayMs > 0) {
-      return delayMs;
-    }
-  }
-  return void 0;
-}
-function sanitizeHeaders(headers) {
-  if (!headers) {
-    return {};
-  }
-  const sensitiveHeaders = /* @__PURE__ */ new Set([
-    "authorization",
-    "cookie",
-    "proxy-authorization",
-    "proxy-authenticate",
-    "set-cookie",
-    "www-authenticate"
-  ]);
-  const result = { __proto__: null };
-  for (const key of Object.keys(headers)) {
-    const value = headers[key];
-    if (sensitiveHeaders.has(key.toLowerCase())) {
-      result[key] = "[REDACTED]";
-    } else if (Array.isArray(value)) {
-      result[key] = value.join(", ");
-    } else if (value !== void 0 && value !== null) {
-      result[key] = String(value);
-    }
-  }
-  return result;
-}
-function parseChecksums(text) {
-  const checksums = { __proto__: null };
-  for (const line of text.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith("#")) {
-      continue;
-    }
-    const bsdMatch = trimmed.match(
-      /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/
-    );
-    if (bsdMatch) {
-      checksums[bsdMatch[1]] = bsdMatch[2].toLowerCase();
-      continue;
-    }
-    const gnuMatch = trimmed.match(/^([a-fA-F0-9]{64})\s+(.+)$/);
-    if (gnuMatch) {
-      checksums[gnuMatch[2]] = gnuMatch[1].toLowerCase();
-    }
-  }
-  return checksums;
-}
-async function fetchChecksums(url, options) {
-  const {
-    ca,
-    headers = {},
-    timeout = 3e4
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const response = await httpRequest(url, { ca, headers, timeout });
-  if (!response.ok) {
-    throw new Error(
-      `Failed to fetch checksums from ${url}: ${response.status} ${response.statusText}`
-    );
-  }
-  return parseChecksums(response.body.toString("utf8"));
-}
 async function httpDownloadAttempt(url, destPath, options) {
   const {
     ca,
@@ -204,7 +97,8 @@ async function httpDownloadAttempt(url, destPath, options) {
     timeout
   });
   if (!response.ok) {
-    throw new Error(
+    throw new HttpResponseError(
+      response,
       `Download failed: HTTP ${response.status} ${response.statusText}`
     );
   }
@@ -220,8 +114,13 @@ async function httpDownloadAttempt(url, destPath, options) {
   return await new Promise((resolve, reject) => {
     let downloadedSize = 0;
     const fileStream = createWriteStream(destPath);
+    const cleanupPartial = () => {
+      (/* @__PURE__ */ getFs()).promises.unlink(destPath).catch(() => {
+      });
+    };
     fileStream.on("error", (error) => {
-      fileStream.close();
+      fileStream.destroy();
+      cleanupPartial();
       reject(
         new Error(`Failed to write file: ${error.message}`, { cause: error })
       );
@@ -245,33 +144,13 @@ async function httpDownloadAttempt(url, destPath, options) {
       });
     });
     res.on("error", (error) => {
-      fileStream.close();
+      fileStream.destroy();
+      cleanupPartial();
       reject(error);
     });
     res.pipe(fileStream);
   });
 }
-function enrichErrorMessage(url, method, error) {
-  const code = error.code;
-  let message = `${method} request failed: ${url}`;
-  if (code === "ECONNREFUSED") {
-    message += "\n\u2192 Connection refused. Server is unreachable.\n\u2192 Check: Network connectivity and firewall settings.";
-  } else if (code === "ENOTFOUND") {
-    message += "\n\u2192 DNS lookup failed. Cannot resolve hostname.\n\u2192 Check: Internet connection and DNS settings.";
-  } else if (code === "ETIMEDOUT") {
-    message += "\n\u2192 Connection timed out. Network or server issue.\n\u2192 Try: Check network connectivity and retry.";
-  } else if (code === "ECONNRESET") {
-    message += "\n\u2192 Connection reset by server. Possible network interruption.\n\u2192 Try: Retry the request.";
-  } else if (code === "EPIPE") {
-    message += "\n\u2192 Broken pipe. Server closed connection unexpectedly.\n\u2192 Check: Authentication credentials and permissions.";
-  } else if (code === "CERT_HAS_EXPIRED" || code === "UNABLE_TO_VERIFY_LEAF_SIGNATURE") {
-    message += "\n\u2192 SSL/TLS certificate error.\n\u2192 Check: System time and date are correct.\n\u2192 Try: Update CA certificates on your system.";
-  } else if (code) {
-    message += `
-\u2192 Error code: ${code}`;
-  }
-  return message;
-}
 async function httpRequestAttempt(url, options) {
   const {
     body,
@@ -369,13 +248,29 @@ async function httpRequestAttempt(url, options) {
             );
             return;
           }
+          let redirectHeaders = headers;
+          if (new URL(url).origin !== redirectParsed.origin) {
+            redirectHeaders = { __proto__: null };
+            const stripped = /* @__PURE__ */ new Set([
+              "authorization",
+              "cookie",
+              "proxy-authorization",
+              "proxy-authenticate"
+            ]);
+            for (const key of Object.keys(headers)) {
+              if (!stripped.has(key.toLowerCase())) {
+                ;
+                redirectHeaders[key] = headers[key];
+              }
+            }
+          }
           settled = true;
           resolve(
             httpRequestAttempt(redirectUrl, {
               body,
               ca,
               followRedirects,
-              headers,
+              headers: redirectHeaders,
               hooks,
               maxRedirects: maxRedirects - 1,
               maxResponseSize,
@@ -502,6 +397,44 @@ async function httpRequestAttempt(url, options) {
     }
   });
 }
+function enrichErrorMessage(url, method, error) {
+  const code = error.code;
+  let message = `${method} request failed: ${url}`;
+  if (code === "ECONNREFUSED") {
+    message += "\n\u2192 Connection refused. Server is unreachable.\n\u2192 Check: Network connectivity and firewall settings.";
+  } else if (code === "ENOTFOUND") {
+    message += "\n\u2192 DNS lookup failed. Cannot resolve hostname.\n\u2192 Check: Internet connection and DNS settings.";
+  } else if (code === "ETIMEDOUT") {
+    message += "\n\u2192 Connection timed out. Network or server issue.\n\u2192 Try: Check network connectivity and retry.";
+  } else if (code === "ECONNRESET") {
+    message += "\n\u2192 Connection reset by server. Possible network interruption.\n\u2192 Try: Retry the request.";
+  } else if (code === "EPIPE") {
+    message += "\n\u2192 Broken pipe. Server closed connection unexpectedly.\n\u2192 Check: Authentication credentials and permissions.";
+  } else if (code === "CERT_HAS_EXPIRED" || code === "UNABLE_TO_VERIFY_LEAF_SIGNATURE") {
+    message += "\n\u2192 SSL/TLS certificate error.\n\u2192 Check: System time and date are correct.\n\u2192 Try: Update CA certificates on your system.";
+  } else if (code) {
+    message += `
+\u2192 Error code: ${code}`;
+  }
+  return message;
+}
+async function fetchChecksums(url, options) {
+  const {
+    ca,
+    headers = {},
+    timeout = 3e4
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const response = await httpRequest(url, { ca, headers, timeout });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to fetch checksums from ${url}: ${response.status} ${response.statusText}`
+    );
+  }
+  return parseChecksums(response.body.toString("utf8"));
+}
 async function httpDownload(url, destPath, options) {
   const {
     ca,
@@ -609,7 +542,7 @@ async function httpJson(url, options) {
     ...restOptions
   });
   if (!response.ok) {
-    throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+    throw new HttpResponseError(response);
   }
   try {
     return response.json();
@@ -707,10 +640,103 @@ async function httpText(url, options) {
     ...restOptions
   });
   if (!response.ok) {
-    throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+    throw new HttpResponseError(response);
   }
   return response.text();
 }
+function parseChecksums(text) {
+  const checksums = { __proto__: null };
+  for (const line of text.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) {
+      continue;
+    }
+    const bsdMatch = trimmed.match(
+      /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/
+    );
+    if (bsdMatch) {
+      checksums[bsdMatch[1]] = bsdMatch[2].toLowerCase();
+      continue;
+    }
+    const gnuMatch = trimmed.match(/^([a-fA-F0-9]{64})\s+(.+)$/);
+    if (gnuMatch) {
+      checksums[gnuMatch[2]] = gnuMatch[1].toLowerCase();
+    }
+  }
+  return checksums;
+}
+function parseRetryAfterHeader(value) {
+  if (!value) {
+    return void 0;
+  }
+  const raw = Array.isArray(value) ? value[0] : value;
+  if (!raw) {
+    return void 0;
+  }
+  const trimmed = raw.trim();
+  if (/^\d+$/.test(trimmed)) {
+    const seconds = Number(trimmed);
+    return seconds * 1e3;
+  }
+  const date = new Date(raw);
+  if (!Number.isNaN(date.getTime())) {
+    const delayMs = date.getTime() - Date.now();
+    if (delayMs > 0) {
+      return delayMs;
+    }
+  }
+  return void 0;
+}
+async function readIncomingResponse(msg) {
+  const chunks = [];
+  for await (const chunk of msg) {
+    chunks.push(chunk);
+  }
+  const body = Buffer.concat(chunks);
+  const status = msg.statusCode ?? 0;
+  const statusText = msg.statusMessage ?? "";
+  return {
+    arrayBuffer: () => body.buffer.slice(
+      body.byteOffset,
+      body.byteOffset + body.byteLength
+    ),
+    body,
+    headers: msg.headers,
+    json: () => JSON.parse(body.toString("utf8")),
+    ok: status >= 200 && status < 300,
+    rawResponse: msg,
+    status,
+    statusText,
+    text: () => body.toString("utf8")
+  };
+}
+function sanitizeHeaders(headers) {
+  if (!headers) {
+    return {};
+  }
+  const sensitiveHeaders = /* @__PURE__ */ new Set([
+    "authorization",
+    "cookie",
+    "proxy-authorization",
+    "proxy-authenticate",
+    "set-cookie",
+    "www-authenticate"
+  ]);
+  const result = {
+    __proto__: null
+  };
+  for (const key of Object.keys(headers)) {
+    const value = headers[key];
+    if (sensitiveHeaders.has(key.toLowerCase())) {
+      result[key] = "[REDACTED]";
+    } else if (Array.isArray(value)) {
+      result[key] = value.join(", ");
+    } else if (value !== void 0 && value !== null) {
+      result[key] = String(value);
+    }
+  }
+  return result;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   HttpResponseError,

package/dist/ipc-cli.d.ts

@@ -0,0 +1,28 @@
+/**
+ * @fileoverview Socket CLI child-process IPC object getter.
+ * Lazily builds an `IpcObject` from `SOCKET_CLI_*` environment variables so
+ * child processes can read flags and tokens forwarded by the parent Socket
+ * CLI without re-parsing `process.env` each call. Complements the filesystem
+ * stub IPC in `@socketsecurity/lib/ipc` (`getIpcStubPath`, `writeIpcStub`)
+ * for cases where data exceeds env-var size limits.
+ */
+export interface IpcObject {
+    SOCKET_CLI_FIX?: string | undefined;
+    SOCKET_CLI_OPTIMIZE?: boolean | undefined;
+    SOCKET_CLI_SHADOW_ACCEPT_RISKS?: boolean | undefined;
+    SOCKET_CLI_SHADOW_API_TOKEN?: string | undefined;
+    SOCKET_CLI_SHADOW_BIN?: string | undefined;
+    SOCKET_CLI_SHADOW_PROGRESS?: boolean | undefined;
+    SOCKET_CLI_SHADOW_SILENT?: boolean | undefined;
+}
+/**
+ * Get IPC data forwarded by a parent Socket CLI via `SOCKET_CLI_*` env vars.
+ * Call without arguments to receive the full frozen `IpcObject`, or pass a
+ * key to read a single field. The object is lazily built and cached; keys
+ * that weren't set in the environment are returned as `undefined`.
+ *
+ * @param key - Optional `IpcObject` field name to read
+ * @returns The full `IpcObject` or the value at `key` (possibly `undefined`).
+ */
+export declare function getIpc(): Promise<IpcObject>;
+export declare function getIpc<K extends keyof IpcObject>(key: K): Promise<IpcObject[K]>;

package/dist/{utils/get-ipc.js → ipc-cli.js}

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -17,11 +18,11 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var get_ipc_exports = {};
-__export(get_ipc_exports, {
+var ipc_cli_exports = {};
+__export(ipc_cli_exports, {
   getIpc: () => getIpc
 });
-module.exports = __toCommonJS(get_ipc_exports);
+module.exports = __toCommonJS(ipc_cli_exports);
 let _ipcObject;
 async function getIpc(key) {
   if (_ipcObject === void 0) {