@socketsecurity/lib 5.18.2 → 5.19.0

package/dist/packages/exports.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -27,8 +28,8 @@ __export(exports_exports, {
   resolvePackageJsonEntryExports: () => resolvePackageJsonEntryExports
 });
 module.exports = __toCommonJS(exports_exports);
-var import_core = require("../constants/core");
 var import_arrays = require("../arrays");
+var import_core = require("../constants/core");
 var import_objects = require("../objects");
 // @__NO_SIDE_EFFECTS__
 function findTypesForSubpath(entryExports, subpath) {
@@ -68,15 +69,6 @@ function findTypesForSubpath(entryExports, subpath) {
   return void 0;
 }
 // @__NO_SIDE_EFFECTS__
-function getSubpaths(entryExports) {
-  if (!(0, import_objects.isObject)(entryExports)) {
-    return [];
-  }
-  return Object.getOwnPropertyNames(entryExports).filter(
-    (key) => key.startsWith(".")
-  );
-}
-// @__NO_SIDE_EFFECTS__
 function getExportFilePaths(entryExports) {
   if (!(0, import_objects.isObject)(entryExports)) {
     return [];
@@ -114,6 +106,15 @@ function getExportFilePaths(entryExports) {
   return [...new Set(paths)].filter((p) => p.startsWith("./"));
 }
 // @__NO_SIDE_EFFECTS__
+function getSubpaths(entryExports) {
+  if (!(0, import_objects.isObject)(entryExports)) {
+    return [];
+  }
+  return Object.getOwnPropertyNames(entryExports).filter(
+    (key) => key.startsWith(".")
+  );
+}
+// @__NO_SIDE_EFFECTS__
 function isConditionalExports(entryExports) {
   if (!(0, import_objects.isObjectObject)(entryExports)) {
     return false;

package/dist/packages/isolation.d.ts

@@ -1,3 +1,7 @@
+/**
+ * @fileoverview Package isolation utilities for testing.
+ * Provides tools to set up isolated test environments for packages.
+ */
 import type { PackageJson } from '../packages';
 export type IsolatePackageOptions = {
     imports?: Record<string, string> | undefined;

package/dist/packages/isolation.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -32,41 +33,36 @@ __export(isolation_exports, {
   isolatePackage: () => isolatePackage
 });
 module.exports = __toCommonJS(isolation_exports);
-var import_platform = require("../constants/platform");
 var import_npm_package_arg = __toESM(require("../external/npm-package-arg"));
-var import_spawn = require("../spawn");
+var import_platform = require("../constants/platform");
 var import_normalize = require("../paths/normalize");
-var import_operations = require("./operations");
 var import_socket = require("../paths/socket");
+var import_spawn = require("../spawn");
+var import_operations = require("./operations");
+const FS_CP_OPTIONS = {
+  dereference: true,
+  errorOnExist: false,
+  filter: (src) => !src.includes("node_modules") && !src.endsWith(".DS_Store"),
+  force: true,
+  recursive: true,
+  ...import_platform.WIN32 ? { maxRetries: 3, retryDelay: 100 } : {}
+};
 let _fs;
+let _path;
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
-    _fs = require("fs");
+    _fs = require("node:fs");
   }
   return _fs;
 }
-let _path;
 // @__NO_SIDE_EFFECTS__
 function getPath() {
   if (_path === void 0) {
-    _path = require("path");
+    _path = require("node:path");
   }
   return _path;
 }
-const FS_CP_OPTIONS = {
-  dereference: true,
-  errorOnExist: false,
-  filter: (src) => !src.includes("node_modules") && !src.endsWith(".DS_Store"),
-  force: true,
-  recursive: true,
-  ...import_platform.WIN32 ? { maxRetries: 3, retryDelay: 100 } : {}
-};
-async function resolveRealPath(pathStr) {
-  const fs = /* @__PURE__ */ getFs();
-  const path = /* @__PURE__ */ getPath();
-  return await fs.promises.realpath(pathStr).catch(() => path.resolve(pathStr));
-}
 async function mergePackageJson(pkgJsonPath, originalPkgJson) {
   const fs = /* @__PURE__ */ getFs();
   let pkgJson;
@@ -81,6 +77,11 @@ async function mergePackageJson(pkgJsonPath, originalPkgJson) {
   const mergedPkgJson = originalPkgJson ? { ...originalPkgJson, ...pkgJson } : pkgJson;
   return mergedPkgJson;
 }
+async function resolveRealPath(pathStr) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  return await fs.promises.realpath(pathStr).catch(() => path.resolve(pathStr));
+}
 async function isolatePackage(packageSpec, options) {
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();

package/dist/packages/licenses.d.ts

@@ -1,5 +1,7 @@
+/**
+ * @fileoverview SPDX license parsing and analysis utilities.
+ */
 import type { LicenseNode } from '../packages';
-// Duplicated from spdx-expression-parse - AST node types.
 export interface SpdxLicenseNode {
     license: string;
     plus?: boolean | undefined;
@@ -11,7 +13,6 @@ export interface SpdxBinaryOperationNode {
     right: SpdxLicenseNode | SpdxBinaryOperationNode;
 }
 export type SpdxAstNode = SpdxLicenseNode | SpdxBinaryOperationNode;
-// Internal AST node types with type discriminator.
 export interface InternalLicenseNode extends SpdxLicenseNode {
     type: 'License';
 }
@@ -36,7 +37,6 @@ export interface LicenseVisitor {
  * // incompatible contains only the GPL-3.0 node
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function collectIncompatibleLicenses(licenseNodes: LicenseNode[]): LicenseNode[];
 /**
  * Collect warnings from license nodes.
@@ -47,7 +47,6 @@ export declare function collectIncompatibleLicenses(licenseNodes: LicenseNode[])
  * collectLicenseWarnings(nodes) // ['Package is unlicensed']
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function collectLicenseWarnings(licenseNodes: LicenseNode[]): string[];
 /**
  * Create an AST node from a raw node.
@@ -59,7 +58,6 @@ export declare function collectLicenseWarnings(licenseNodes: LicenseNode[]): str
  * // node.type === 'License'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function createAstNode(rawNode: SpdxAstNode): InternalAstNode;
 /**
  * Create a binary operation AST node.
@@ -75,7 +73,6 @@ export declare function createAstNode(rawNode: SpdxAstNode): InternalAstNode;
  * // node.type === 'BinaryOperation'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function createBinaryOperationNode(rawNodeParam: SpdxBinaryOperationNode): InternalBinaryOperationNode;
 /**
  * Create a license AST node.
@@ -86,7 +83,6 @@ export declare function createBinaryOperationNode(rawNodeParam: SpdxBinaryOperat
  * // node.type === 'License' && node.license === 'MIT'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function createLicenseNode(rawNode: SpdxLicenseNode): InternalLicenseNode;
 /**
  * Parse an SPDX license expression into an AST.
@@ -97,7 +93,6 @@ export declare function createLicenseNode(rawNode: SpdxLicenseNode): InternalLic
  * // ast is a BinaryOperation node with MIT and Apache-2.0 leaves
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function parseSpdxExp(spdxExp: string): SpdxAstNode | undefined;
 /**
  * Parse package license field into structured license nodes.
@@ -108,7 +103,6 @@ export declare function parseSpdxExp(spdxExp: string): SpdxAstNode | undefined;
  * // [{ license: 'MIT' }]
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolvePackageLicenses(licenseFieldValue: string, where: string): LicenseNode[];
 /**
  * Traverse SPDX license AST and invoke visitor callbacks for each node.
@@ -123,5 +117,4 @@ export declare function resolvePackageLicenses(licenseFieldValue: string, where:
  * // licenses === ['MIT', 'Apache-2.0']
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function visitLicenses(ast: SpdxAstNode, visitor: LicenseVisitor): void;

package/dist/packages/licenses.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -50,7 +51,7 @@ let _path;
 // @__NO_SIDE_EFFECTS__
 function getPath() {
   if (_path === void 0) {
-    _path = require("path");
+    _path = require("node:path");
   }
   return _path;
 }

package/dist/packages/manifest.d.ts

@@ -1,3 +1,6 @@
+/**
+ * @fileoverview Package manifest and packument fetching utilities.
+ */
 import type { PackageJson, PacoteOptions } from '../packages';
 /**
  * Create a package.json object for a Socket registry package.
@@ -10,7 +13,6 @@ import type { PackageJson, PacoteOptions } from '../packages';
  * })
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function createPackageJson(sockRegPkgName: string, directory: string, options?: PackageJson | undefined): PackageJson;
 /**
  * Fetch the manifest for a package.
@@ -20,7 +22,6 @@ export declare function createPackageJson(sockRegPkgName: string, directory: str
  * const manifest = await fetchPackageManifest('lodash@4.17.21')
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function fetchPackageManifest(pkgNameOrId: string, options?: PacoteOptions): Promise<unknown>;
 /**
  * Fetch the packument (package document) for a package.
@@ -30,5 +31,4 @@ export declare function fetchPackageManifest(pkgNameOrId: string, options?: Paco
  * const packument = await fetchPackagePackument('lodash')
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function fetchPackagePackument(pkgNameOrId: string, options?: PacoteOptions): Promise<unknown>;

package/dist/packages/manifest.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/packages/normalize.d.ts

@@ -1,3 +1,6 @@
+/**
+ * @fileoverview Package.json normalization utilities.
+ */
 import type { NormalizeOptions, PackageJson } from '../packages';
 /**
  * Normalize a package.json object with standard npm package normalization.
@@ -8,7 +11,6 @@ import type { NormalizeOptions, PackageJson } from '../packages';
  * const normalized = normalizePackageJson(pkgJson)
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function normalizePackageJson(pkgJson: PackageJson, options?: NormalizeOptions): PackageJson;
 /**
  * Extract escaped scope from a Socket registry package name.
@@ -19,7 +21,6 @@ export declare function normalizePackageJson(pkgJson: PackageJson, options?: Nor
  * resolveEscapedScope('lodash')      // undefined
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolveEscapedScope(sockRegPkgName: string): string | undefined;
 /**
  * Resolve original package name from Socket registry package name.
@@ -29,7 +30,6 @@ export declare function resolveEscapedScope(sockRegPkgName: string): string | un
  * resolveOriginalPackageName('@socketregistry/is-number') // 'is-number'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolveOriginalPackageName(sockRegPkgName: string): string;
 /**
  * Convert escaped scope to standard npm scope format.
@@ -39,5 +39,4 @@ export declare function resolveOriginalPackageName(sockRegPkgName: string): stri
  * unescapeScope('babel__') // '@babel'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function unescapeScope(escapedScope: string): string;

package/dist/packages/normalize.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/packages/operations.d.ts

@@ -1,3 +1,6 @@
+/**
+ * @fileoverview Package operations including extraction, packing, and I/O.
+ */
 import type { ExtractOptions, NormalizeOptions, PackageJson, PacoteOptions, ReadPackageJsonOptions } from '../packages';
 /**
  * Extract a package to a destination directory.
@@ -7,7 +10,6 @@ import type { ExtractOptions, NormalizeOptions, PackageJson, PacoteOptions, Read
  * await extractPackage('lodash@4.17.21', { dest: '/tmp/lodash' })
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function extractPackage(pkgNameOrId: string, options?: ExtractOptions, callback?: (destPath: string) => Promise<unknown>): Promise<void>;
 /**
  * Find package extensions for a given package.
@@ -17,7 +19,6 @@ export declare function extractPackage(pkgNameOrId: string, options?: ExtractOpt
  * const extensions = findPackageExtensions('my-pkg', '1.0.0')
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function findPackageExtensions(pkgName: string, pkgVer: string): unknown;
 /**
  * Get the release tag for a version.
@@ -29,7 +30,6 @@ export declare function findPackageExtensions(pkgName: string, pkgVer: string):
  * getReleaseTag('lodash')           // ''
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getReleaseTag(spec: string): string;
 /**
  * Pack a package tarball using pacote.
@@ -39,7 +39,6 @@ export declare function getReleaseTag(spec: string): string;
  * const tarball = await packPackage('lodash@4.17.21')
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function packPackage(spec: string, options?: PacoteOptions): Promise<unknown>;
 /**
  * Read and parse a package.json file asynchronously.
@@ -50,7 +49,6 @@ export declare function packPackage(spec: string, options?: PacoteOptions): Prom
  * console.log(pkgJson?.name)
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function readPackageJson(filepath: string, options?: ReadPackageJsonOptions): Promise<PackageJson | undefined>;
 /**
  * Read and parse package.json from a file path synchronously.
@@ -61,7 +59,6 @@ export declare function readPackageJson(filepath: string, options?: ReadPackageJ
  * console.log(pkgJson?.name)
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function readPackageJsonSync(filepath: string, options?: NormalizeOptions & {
     editable?: boolean;
     throws?: boolean;
@@ -74,7 +71,6 @@ export declare function readPackageJsonSync(filepath: string, options?: Normaliz
  * const url = await resolveGitHubTgzUrl('my-pkg@1.0.0', '/tmp/my-project')
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolveGitHubTgzUrl(pkgNameOrId: string, where?: unknown): Promise<string>;
 /**
  * Resolve full package name from a PURL object with custom delimiter.
@@ -85,7 +81,6 @@ export declare function resolveGitHubTgzUrl(pkgNameOrId: string, where?: unknown
  * resolvePackageName({ name: 'lodash' })                     // 'lodash'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolvePackageName(purlObj: {
     name: string;
     namespace?: string;
@@ -99,7 +94,5 @@ export declare function resolvePackageName(purlObj: {
  * resolveRegistryPackageName('lodash')      // 'lodash'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function resolveRegistryPackageName(pkgName: string): string;
-// Re-export types from lib/packages.
 export type { PackageJson } from '../packages';

package/dist/packages/operations.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/packages/provenance.d.ts

@@ -1,21 +1,23 @@
+/**
+ * @fileoverview Package provenance and attestation verification utilities.
+ */
 import type { ProvenanceOptions } from '../packages';
 /**
- * Convert raw attestation data to user-friendly provenance details.
+ * Fetch package provenance information from npm registry.
  *
  * @example
  * ```typescript
- * const details = getProvenanceDetails(attestationData)
- * // { level: 'trusted', repository: '...', commitSha: '...' }
+ * const provenance = await fetchPackageProvenance('lodash', '4.17.21')
  * ```
  */
-export declare function getProvenanceDetails(attestationData: unknown): unknown;
+export declare function fetchPackageProvenance(pkgName: string, pkgVersion: string, options?: ProvenanceOptions): Promise<unknown>;
 /**
- * Fetch package provenance information from npm registry.
+ * Convert raw attestation data to user-friendly provenance details.
  *
  * @example
  * ```typescript
- * const provenance = await fetchPackageProvenance('lodash', '4.17.21')
+ * const details = getProvenanceDetails(attestationData)
+ * // { level: 'trusted', repository: '...', commitSha: '...' }
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function fetchPackageProvenance(pkgName: string, pkgVersion: string, options?: ProvenanceOptions): Promise<unknown>;
+export declare function getProvenanceDetails(attestationData: unknown): unknown;

package/dist/packages/provenance.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -42,29 +43,6 @@ const ArrayIsArray = Array.isArray;
 const SLSA_PROVENANCE_V0_2 = "https://slsa.dev/provenance/v0.2";
 const SLSA_PROVENANCE_V1_0 = "https://slsa.dev/provenance/v1";
 let _fetcher;
-// @__NO_SIDE_EFFECTS__
-function getFetcher() {
-  if (_fetcher === void 0) {
-    _fetcher = import_make_fetch_happen.default.defaults({
-      cachePath: (0, import_packages.getPacoteCachePath)(),
-      // Prefer-offline: Staleness checks for cached data will be bypassed, but
-      // missing data will be requested from the server.
-      // https://github.com/npm/make-fetch-happen?tab=readme-ov-file#--optscache
-      cache: "force-cache"
-    });
-  }
-  return _fetcher;
-}
-function getAttestations(attestationData) {
-  const data = attestationData;
-  if (!data.attestations || !ArrayIsArray(data.attestations)) {
-    return [];
-  }
-  return data.attestations.filter((attestation) => {
-    const att = attestation;
-    return att.predicateType === SLSA_PROVENANCE_V0_2 || att.predicateType === SLSA_PROVENANCE_V1_0;
-  });
-}
 function findProvenance(attestations) {
   for (const attestation of attestations) {
     const att = attestation;
@@ -94,6 +72,29 @@ function findProvenance(attestations) {
   }
   return void 0;
 }
+function getAttestations(attestationData) {
+  const data = attestationData;
+  if (!data.attestations || !ArrayIsArray(data.attestations)) {
+    return [];
+  }
+  return data.attestations.filter((attestation) => {
+    const att = attestation;
+    return att.predicateType === SLSA_PROVENANCE_V0_2 || att.predicateType === SLSA_PROVENANCE_V1_0;
+  });
+}
+// @__NO_SIDE_EFFECTS__
+function getFetcher() {
+  if (_fetcher === void 0) {
+    _fetcher = import_make_fetch_happen.default.defaults({
+      cachePath: (0, import_packages.getPacoteCachePath)(),
+      // Prefer-offline: Staleness checks for cached data will be bypassed, but
+      // missing data will be requested from the server.
+      // https://github.com/npm/make-fetch-happen?tab=readme-ov-file#--optscache
+      cache: "force-cache"
+    });
+  }
+  return _fetcher;
+}
 function isTrustedPublisher(value) {
   if (typeof value !== "string" || !value) {
     return false;
@@ -120,6 +121,37 @@ function isTrustedPublisher(value) {
   }
   return value.includes("github") || value.includes("gitlab");
 }
+// @__NO_SIDE_EFFECTS__
+async function fetchPackageProvenance(pkgName, pkgVersion, options) {
+  const { signal, timeout = 1e4 } = {
+    __proto__: null,
+    ...options
+  };
+  if (signal?.aborted) {
+    return void 0;
+  }
+  const timeoutSignal = (0, import_abort.createTimeoutSignal)(timeout);
+  const compositeSignal = (0, import_abort.createCompositeAbortSignal)(signal, timeoutSignal);
+  const fetcher = /* @__PURE__ */ getFetcher();
+  try {
+    const response = await fetcher(
+      // The npm registry attestations API endpoint.
+      `${import_agents.NPM_REGISTRY_URL}/-/npm/v1/attestations/${encodeURIComponent(pkgName)}@${encodeURIComponent(pkgVersion)}`,
+      {
+        method: "GET",
+        signal: compositeSignal,
+        headers: {
+          "User-Agent": "socket-registry"
+        }
+      }
+    );
+    if (response.ok) {
+      return getProvenanceDetails(await response.json());
+    }
+  } catch {
+  }
+  return void 0;
+}
 function getProvenanceDetails(attestationData) {
   const attestations = getAttestations(attestationData);
   if (!attestations.length) {
@@ -152,37 +184,6 @@ function getProvenanceDetails(attestationData) {
     workflowRunId
   };
 }
-// @__NO_SIDE_EFFECTS__
-async function fetchPackageProvenance(pkgName, pkgVersion, options) {
-  const { signal, timeout = 1e4 } = {
-    __proto__: null,
-    ...options
-  };
-  if (signal?.aborted) {
-    return void 0;
-  }
-  const timeoutSignal = (0, import_abort.createTimeoutSignal)(timeout);
-  const compositeSignal = (0, import_abort.createCompositeAbortSignal)(signal, timeoutSignal);
-  const fetcher = /* @__PURE__ */ getFetcher();
-  try {
-    const response = await fetcher(
-      // The npm registry attestations API endpoint.
-      `${import_agents.NPM_REGISTRY_URL}/-/npm/v1/attestations/${encodeURIComponent(pkgName)}@${encodeURIComponent(pkgVersion)}`,
-      {
-        method: "GET",
-        signal: compositeSignal,
-        headers: {
-          "User-Agent": "socket-registry"
-        }
-      }
-    );
-    if (response.ok) {
-      return getProvenanceDetails(await response.json());
-    }
-  } catch {
-  }
-  return void 0;
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   fetchPackageProvenance,

package/dist/packages/specs.d.ts

@@ -1,3 +1,6 @@
+/**
+ * @fileoverview Package spec parsing and GitHub URL utilities.
+ */
 /**
  * Extract user and project from GitHub repository URL.
  *
@@ -7,7 +10,6 @@
  * // { user: 'lodash', project: 'lodash' }
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function getRepoUrlDetails(repoUrl?: string): {
     user: string;
     project: string;
@@ -21,7 +23,6 @@ export declare function getRepoUrlDetails(repoUrl?: string): {
  * // 'https://api.github.com/repos/lodash/lodash/git/ref/tags/v4.17.21'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function gitHubTagRefUrl(user: string, project: string, tag: string): string;
 /**
  * Generate GitHub tarball download URL for a commit SHA.
@@ -32,7 +33,6 @@ export declare function gitHubTagRefUrl(user: string, project: string, tag: stri
  * // 'https://github.com/lodash/lodash/archive/abc123.tar.gz'
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function gitHubTgzUrl(user: string, project: string, sha: string): string;
 /**
  * Check if a package specifier is a GitHub tarball URL.
@@ -43,7 +43,6 @@ export declare function gitHubTgzUrl(user: string, project: string, sha: string)
  * isGitHubTgzSpec('lodash@4.17.21')                                     // false
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function isGitHubTgzSpec(spec: unknown, where?: string): boolean;
 /**
  * Check if a package specifier is a GitHub URL with committish.
@@ -54,5 +53,4 @@ export declare function isGitHubTgzSpec(spec: unknown, where?: string): boolean;
  * isGitHubUrlSpec('lodash@4.17.21')           // false
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function isGitHubUrlSpec(spec: unknown, where?: string): boolean;

package/dist/packages/specs.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/packages/validation.d.ts

@@ -1,3 +1,6 @@
+/**
+ * @fileoverview Package name validation utilities.
+ */
 /**
  * Check if package name is a blessed Socket.dev package.
  *
@@ -7,7 +10,6 @@
  * isBlessedPackageName('lodash')                    // false
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function isBlessedPackageName(name: unknown): boolean;
 /**
  * Check if a type string represents a registry fetcher type.
@@ -18,7 +20,6 @@ export declare function isBlessedPackageName(name: unknown): boolean;
  * isRegistryFetcherType('git')     // false
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function isRegistryFetcherType(type: string): boolean;
 /**
  * Check if a package name is valid according to npm naming rules.
@@ -29,5 +30,4 @@ export declare function isRegistryFetcherType(type: string): boolean;
  * isValidPackageName('.invalid')     // false
  * ```
  */
-/*@__NO_SIDE_EFFECTS__*/
 export declare function isValidPackageName(name: string): boolean;

package/dist/packages/validation.js

@@ -1,5 +1,6 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
+"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;