@socketsecurity/lib 5.19.1 → 5.21.0

package/dist/fs.js

@@ -167,7 +167,7 @@ async function findUp(name, options) {
   let dir = path.resolve(cwd);
   const { root } = path.parse(dir);
   const names = (0, import_arrays.isArray)(name) ? name : [name];
-  while (dir && dir !== root) {
+  while (dir) {
     for (const n of names) {
       if (signal?.aborted) {
         return void 0;
@@ -184,6 +184,9 @@ async function findUp(name, options) {
       } catch {
       }
     }
+    if (dir === root) {
+      break;
+    }
     dir = path.dirname(dir);
   }
   return void 0;
@@ -210,7 +213,7 @@ function findUpSync(name, options) {
   const { root } = path.parse(dir);
   const stopDir = stopAt ? path.resolve(stopAt) : void 0;
   const names = (0, import_arrays.isArray)(name) ? name : [name];
-  while (dir && dir !== root) {
+  while (dir) {
     if (stopDir && dir === stopDir) {
       for (const n of names) {
         const thePath = path.join(dir, n);
@@ -240,6 +243,9 @@ function findUpSync(name, options) {
       } catch {
       }
     }
+    if (dir === root) {
+      break;
+    }
     dir = path.dirname(dir);
   }
   return void 0;

package/dist/globs.js

@@ -91,7 +91,11 @@ function getPicomatch() {
 function getGlobMatcher(glob2, options) {
   const patterns = Array.isArray(glob2) ? glob2 : [glob2];
   const sortedPatterns = [...patterns].sort();
-  const sortedOptions = options ? Object.keys(options).sort().map((k) => `${k}:${JSON.stringify(options[k])}`).join(",") : "";
+  const sortedOptions = options ? Object.keys(options).sort().map((k) => {
+    const value = options[k];
+    const normalized = Array.isArray(value) ? [...value].sort() : value;
+    return `${k}:${JSON.stringify(normalized)}`;
+  }).join(",") : "";
   const key = `${sortedPatterns.join("|")}:${sortedOptions}`;
   const existing = matcherCache.get(key);
   if (existing) {

package/dist/http-request.d.ts

@@ -890,31 +890,6 @@ export declare function httpRequest(url: string, options?: HttpRequestOptions |
  * ```
  */
 export declare function httpText(url: string, options?: HttpRequestOptions | undefined): Promise<string>;
-/**
- * Parse a checksums file text into a filename-to-hash map.
- *
- * Supports standard checksums file formats:
- * - BSD style: "SHA256 (filename) = hash"
- * - GNU style: "hash  filename" (two spaces)
- * - Simple style: "hash filename" (single space)
- *
- * Lines starting with '#' are treated as comments and ignored.
- * Empty lines are ignored.
- *
- * @param text - Raw text content of a checksums file
- * @returns Map of filenames to lowercase SHA256 hashes
- *
- * @example
- * ```ts
- * const text = `
- * # SHA256 checksums
- * e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  file.zip
- * abc123def456...  other.tar.gz
- * `
- * const checksums = parseChecksums(text)
- * console.log(checksums['file.zip']) // 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
- * ```
- */
 export declare function parseChecksums(text: string): Checksums;
 /**
  * Parse a `Retry-After` HTTP header value into milliseconds.

package/dist/http-request.js

@@ -644,6 +644,9 @@ async function httpText(url, options) {
   }
   return response.text();
 }
+const CHECKSUM_BSD_RE = /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/;
+const CHECKSUM_GNU_RE = /^([a-fA-F0-9]{64})\s+(.+)$/;
+const RETRY_AFTER_INT_RE = /^\d+$/;
 function parseChecksums(text) {
   const checksums = { __proto__: null };
   for (const line of text.split("\n")) {
@@ -651,14 +654,12 @@ function parseChecksums(text) {
     if (!trimmed || trimmed.startsWith("#")) {
       continue;
     }
-    const bsdMatch = trimmed.match(
-      /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/
-    );
+    const bsdMatch = CHECKSUM_BSD_RE.exec(trimmed);
     if (bsdMatch) {
       checksums[bsdMatch[1]] = bsdMatch[2].toLowerCase();
       continue;
     }
-    const gnuMatch = trimmed.match(/^([a-fA-F0-9]{64})\s+(.+)$/);
+    const gnuMatch = CHECKSUM_GNU_RE.exec(trimmed);
     if (gnuMatch) {
       checksums[gnuMatch[2]] = gnuMatch[1].toLowerCase();
     }
@@ -674,7 +675,7 @@ function parseRetryAfterHeader(value) {
     return void 0;
   }
   const trimmed = raw.trim();
-  if (/^\d+$/.test(trimmed)) {
+  if (RETRY_AFTER_INT_RE.test(trimmed)) {
     const seconds = Number(trimmed);
     return seconds * 1e3;
   }

package/dist/ipc.js

@@ -35,15 +35,16 @@ __export(ipc_exports, {
 });
 module.exports = __toCommonJS(ipc_exports);
 var import_node_process = __toESM(require("node:process"));
+var import_typebox = require("./external/@sinclair/typebox");
 var import_socket = require("./paths/socket");
-var import_zod = require("./zod");
-const IpcStubSchema = import_zod.z.object({
+var import_parse = require("./schema/parse");
+const IpcStubSchema = import_typebox.Type.Object({
   /** Process ID that created the stub. */
-  pid: import_zod.z.number().int().positive(),
+  pid: import_typebox.Type.Integer({ minimum: 1 }),
   /** Creation timestamp for age validation. */
-  timestamp: import_zod.z.number().positive(),
+  timestamp: import_typebox.Type.Number({ exclusiveMinimum: 0 }),
   /** The actual data payload. */
-  data: import_zod.z.unknown()
+  data: import_typebox.Type.Unknown()
 });
 let _fs;
 let _path;
@@ -52,6 +53,24 @@ async function ensureIpcDirectory(filePath) {
   const path = /* @__PURE__ */ getPath();
   const dir = path.dirname(filePath);
   await fs.promises.mkdir(dir, { recursive: true, mode: 448 });
+  if (import_node_process.default.platform === "win32") {
+    return;
+  }
+  const stats = await fs.promises.lstat(dir);
+  if (!stats.isDirectory()) {
+    throw new Error(`IPC path is not a directory: ${dir}`);
+  }
+  const getuid = import_node_process.default.getuid;
+  const ownUid = typeof getuid === "function" ? getuid.call(import_node_process.default) : -1;
+  if (ownUid !== -1 && stats.uid !== ownUid) {
+    throw new Error(
+      `IPC directory ${dir} is owned by another user (uid ${stats.uid}); refusing to use it.`
+    );
+  }
+  const mode = stats.mode & 511;
+  if ((mode & 63) !== 0) {
+    await fs.promises.chmod(dir, 448);
+  }
 }
 // @__NO_SIDE_EFFECTS__
 function getFs() {
@@ -81,12 +100,26 @@ async function writeIpcStub(appName, data) {
     pid: import_node_process.default.pid,
     timestamp: Date.now()
   };
-  const validated = IpcStubSchema.parse(ipcData);
+  const validated = (0, import_parse.parseSchema)(IpcStubSchema, ipcData);
   const fs = /* @__PURE__ */ getFs();
-  await fs.promises.writeFile(stubPath, JSON.stringify(validated, null, 2), {
-    encoding: "utf8",
-    mode: 384
-  });
+  const flags = fs.constants.O_CREAT | fs.constants.O_WRONLY | fs.constants.O_EXCL | fs.constants.O_NOFOLLOW;
+  let handle;
+  try {
+    handle = await fs.promises.open(stubPath, flags, 384);
+  } catch (e) {
+    const err = e;
+    if (err.code === "EEXIST") {
+      await fs.promises.unlink(stubPath);
+      handle = await fs.promises.open(stubPath, flags, 384);
+    } else {
+      throw err;
+    }
+  }
+  try {
+    await handle.writeFile(JSON.stringify(validated, null, 2), "utf8");
+  } finally {
+    await handle.close();
+  }
   return stubPath;
 }
 // Annotate the CommonJS export names for ESM import in node:

package/dist/json/edit.d.ts

@@ -7,7 +7,7 @@ import type { EditableJsonConstructor } from './types';
  *
  * @example
  * ```ts
- * import { getEditableJsonClass } from '@socketsecurity/lib/json'
+ * import { getEditableJsonClass } from '@socketsecurity/lib/json/edit'
  *
  * const EditableJson = getEditableJsonClass<MyConfigType>()
  * const config = await EditableJson.load('./config.json')

package/dist/json/parse.d.ts

@@ -1,8 +1,11 @@
 /**
  * @fileoverview JSON parsing utilities with Buffer detection and BOM stripping.
- * Provides safe JSON parsing with automatic encoding handling.
+ * Provides safe JSON parsing with automatic encoding handling, plus
+ * `safeJsonParse` for untrusted input (prototype-pollution protection +
+ * size limits + optional schema validation).
  */
-import type { JsonParseOptions, JsonPrimitive, JsonValue } from './types';
+import type { Schema } from '../schema/types';
+import type { JsonParseOptions, JsonPrimitive, JsonValue, SafeJsonParseOptions } from './types';
 /**
  * Check if a value is a JSON primitive type.
  * JSON primitives are: `null`, `boolean`, `number`, or `string`.
@@ -76,3 +79,45 @@ export declare function isJsonPrimitive(value: unknown): value is JsonPrimitive;
  * ```
  */
 export declare function jsonParse(content: string | Buffer, options?: JsonParseOptions | undefined): JsonValue | undefined;
+/**
+ * Safely parse JSON with optional schema validation and security controls.
+ * Throws on parse failure, validation failure, or security violation.
+ *
+ * Recommended for parsing untrusted JSON (user input, network payloads,
+ * anything beyond a trust boundary). Layers:
+ * 1. Size cap (default 10 MB) prevents memory exhaustion.
+ * 2. Prototype-pollution reviver rejects `__proto__` / `constructor` /
+ *    `prototype` keys at any depth (unless `allowPrototype: true`).
+ * 3. Optional Zod-shaped schema validation via
+ *    `@socketsecurity/lib/schema/validate`.
+ *
+ * For trusted-source reads (package.json, local config files), prefer
+ * `jsonParse()` — it offers Buffer/BOM handling and filepath-aware error
+ * messages, without the untrusted-input overhead.
+ *
+ * @throws {Error} When `jsonString` exceeds `maxSize`.
+ * @throws {Error} When JSON parsing fails.
+ * @throws {Error} When prototype-pollution keys are detected (and
+ *   `allowPrototype` is not `true`).
+ * @throws {Error} When schema validation fails.
+ *
+ * @example
+ * ```ts
+ * // Basic parsing with type inference.
+ * const data = safeJsonParse<User>('{"name":"Alice","age":30}')
+ *
+ * // With schema validation.
+ * import { z } from 'zod'
+ * const userSchema = z.object({ name: z.string(), age: z.number() })
+ * const user = safeJsonParse('{"name":"Alice","age":30}', userSchema)
+ *
+ * // With size limit.
+ * const data = safeJsonParse(jsonString, undefined, { maxSize: 1024 })
+ *
+ * // Allow prototype keys (DANGEROUS — only for trusted sources).
+ * const data = safeJsonParse('{"__proto__":{}}', undefined, {
+ *   allowPrototype: true,
+ * })
+ * ```
+ */
+export declare function safeJsonParse<T = unknown>(jsonString: string, schema?: Schema<T> | undefined, options?: SafeJsonParseOptions): T;

package/dist/json/parse.js

@@ -21,9 +21,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var parse_exports = {};
 __export(parse_exports, {
   isJsonPrimitive: () => isJsonPrimitive,
-  jsonParse: () => jsonParse
+  jsonParse: () => jsonParse,
+  safeJsonParse: () => safeJsonParse
 });
 module.exports = __toCommonJS(parse_exports);
+var import_validate = require("../schema/validate");
 var import_strings = require("../strings");
 const JSONParse = JSON.parse;
 // @__NO_SIDE_EFFECTS__
@@ -69,8 +71,44 @@ function jsonParse(content, options) {
   }
   return void 0;
 }
+const DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+function prototypePollutionReviver(key, value) {
+  if (DANGEROUS_KEYS.has(key)) {
+    throw new Error(
+      "JSON contains potentially malicious prototype pollution keys"
+    );
+  }
+  return value;
+}
+const DEFAULT_MAX_SIZE = 10 * 1024 * 1024;
+// @__NO_SIDE_EFFECTS__
+function safeJsonParse(jsonString, schema, options = {}) {
+  const { allowPrototype = false, maxSize = DEFAULT_MAX_SIZE } = options;
+  const byteLength = Buffer.byteLength(jsonString, "utf8");
+  if (byteLength > maxSize) {
+    throw new Error(
+      `JSON string exceeds maximum size limit${maxSize !== DEFAULT_MAX_SIZE ? ` of ${maxSize} bytes` : ""}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = allowPrototype ? JSONParse(jsonString) : JSONParse(jsonString, prototypePollutionReviver);
+  } catch (error) {
+    throw new Error(`Failed to parse JSON: ${error}`);
+  }
+  if (schema) {
+    const result = (0, import_validate.validateSchema)(schema, parsed);
+    if (!result.ok) {
+      const summary = result.errors.map((e) => `${e.path.join(".") || "(root)"}: ${e.message}`).join(", ");
+      throw new Error(`Validation failed: ${summary}`);
+    }
+    return result.value;
+  }
+  return parsed;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   isJsonPrimitive,
-  jsonParse
+  jsonParse,
+  safeJsonParse
 });

package/dist/json/types.d.ts

@@ -72,6 +72,55 @@ export type JsonValue = JsonPrimitive | JsonObject | JsonArray;
  * ```
  */
 export type JsonReviver = (key: string, value: unknown) => unknown;
+/**
+ * Options for `safeJsonParse`: security controls for untrusted JSON.
+ *
+ * Distinct from `JsonParseOptions` (which is scoped to reviver /
+ * error-handling for trusted-source fs reads). Use this type when
+ * parsing user input, network payloads, or anything beyond a trust
+ * boundary.
+ *
+ * @example
+ * ```ts
+ * const options: SafeJsonParseOptions = {
+ *   maxSize: 1024 * 1024, // 1MB limit
+ *   allowPrototype: false // Block prototype pollution
+ * }
+ * ```
+ */
+export interface SafeJsonParseOptions {
+    /**
+     * Allow dangerous prototype pollution keys (`__proto__`, `constructor`, `prototype`).
+     * Set to `true` only if you trust the JSON source completely.
+     *
+     * @default false
+     *
+     * @example
+     * ```ts
+     * // Will throw error by default
+     * safeJsonParse('{"__proto__": {"polluted": true}}')
+     *
+     * // Allows the parse (dangerous!)
+     * safeJsonParse('{"__proto__": {"polluted": true}}', undefined, {
+     *   allowPrototype: true
+     * })
+     * ```
+     */
+    allowPrototype?: boolean | undefined;
+    /**
+     * Maximum allowed size of JSON string in bytes.
+     * Prevents memory exhaustion from extremely large payloads.
+     *
+     * @default 10_485_760 (10 MB)
+     *
+     * @example
+     * ```ts
+     * // Limit to 1KB
+     * safeJsonParse(jsonString, undefined, { maxSize: 1024 })
+     * ```
+     */
+    maxSize?: number | undefined;
+}
 /**
  * Options for JSON parsing operations.
  */

package/dist/memoization.d.ts

@@ -5,7 +5,7 @@
 /**
  * Options for memoization behavior.
  */
-export type MemoizeOptions<Args extends unknown[], _Result = unknown> = {
+export type MemoizeOptions<Args extends unknown[]> = {
     /** Custom cache key generator (defaults to JSON.stringify) */
     keyGen?: (...args: Args) => string;
     /** Maximum cache size (LRU eviction when exceeded) */
@@ -49,7 +49,7 @@ export declare function clearAllMemoizationCaches(): void;
  *   }
  * }
  */
-export declare function Memoize(options?: MemoizeOptions<unknown[], unknown>): (_target: unknown, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+export declare function Memoize(options?: MemoizeOptions<unknown[]>): (_target: unknown, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
 /**
  * Memoize a function with configurable caching behavior.
  * Caches function results to avoid repeated computation.
@@ -69,7 +69,7 @@ export declare function Memoize(options?: MemoizeOptions<unknown[], unknown>): (
  * expensiveOperation(1000) // Computed
  * expensiveOperation(1000) // Cached
  */
-export declare function memoize<Args extends unknown[], Result>(fn: (...args: Args) => Result, options?: MemoizeOptions<Args, Result>): (...args: Args) => Result;
+export declare function memoize<Args extends unknown[], Result>(fn: (...args: Args) => Result, options?: MemoizeOptions<Args>): (...args: Args) => Result;
 /**
  * Memoize an async function.
  * Similar to memoize() but handles promises properly.
@@ -89,26 +89,7 @@ export declare function memoize<Args extends unknown[], Result>(fn: (...args: Ar
  * await fetchUser('123') // Fetches from API
  * await fetchUser('123') // Returns cached result
  */
-export declare function memoizeAsync<Args extends unknown[], Result>(fn: (...args: Args) => Promise<Result>, options?: MemoizeOptions<Args, Result>): (...args: Args) => Promise<Result>;
-/**
- * Create a debounced memoized function.
- * Combines memoization with debouncing for expensive operations.
- *
- * @param fn - Function to memoize and debounce
- * @param wait - Debounce wait time in milliseconds
- * @param options - Memoization options
- * @returns Debounced memoized function
- *
- * @example
- * import { memoizeDebounced } from '@socketsecurity/lib/memoization'
- *
- * const search = memoizeDebounced(
- *   (query: string) => performSearch(query),
- *   300,
- *   { name: 'search' }
- * )
- */
-export declare function memoizeDebounced<Args extends unknown[], Result>(fn: (...args: Args) => Result, wait: number, options?: MemoizeOptions<Args, Result>): (...args: Args) => Result;
+export declare function memoizeAsync<Args extends unknown[], Result>(fn: (...args: Args) => Promise<Result>, options?: MemoizeOptions<Args>): (...args: Args) => Promise<Result>;
 /**
  * Memoize with WeakMap for object keys.
  * Allows garbage collection when objects are no longer referenced.

package/dist/memoization.js

@@ -24,7 +24,6 @@ __export(memoization_exports, {
   clearAllMemoizationCaches: () => clearAllMemoizationCaches,
   memoize: () => memoize,
   memoizeAsync: () => memoizeAsync,
-  memoizeDebounced: () => memoizeDebounced,
   memoizeWeak: () => memoizeWeak,
   once: () => once
 });
@@ -78,15 +77,13 @@ function memoize(fn, options = {}) {
     throw new TypeError("TTL must be non-negative");
   }
   const cache = /* @__PURE__ */ new Map();
-  const accessOrder = [];
   cacheRegistry.push(() => {
     cache.clear();
-    accessOrder.length = 0;
   });
   function evictLRU() {
-    if (cache.size >= maxSize && accessOrder.length > 0) {
-      const oldest = accessOrder.shift();
-      if (oldest) {
+    if (cache.size >= maxSize) {
+      const oldest = cache.keys().next().value;
+      if (oldest !== void 0) {
         cache.delete(oldest);
         (0, import_debug.debugLog)(`[memoize:${name}] clear`, {
           key: oldest,
@@ -107,19 +104,12 @@ function memoize(fn, options = {}) {
     if (cached) {
       if (!isExpired(cached)) {
         cached.hits++;
-        const index2 = accessOrder.indexOf(key);
-        if (index2 !== -1) {
-          accessOrder.splice(index2, 1);
-        }
-        accessOrder.push(key);
+        cache.delete(key);
+        cache.set(key, cached);
         (0, import_debug.debugLog)(`[memoize:${name}] hit`, { key, hits: cached.hits });
         return cached.value;
       }
       cache.delete(key);
-      const index = accessOrder.indexOf(key);
-      if (index !== -1) {
-        accessOrder.splice(index, 1);
-      }
     }
     (0, import_debug.debugLog)(`[memoize:${name}] miss`, { key });
     const value = fn(...args);
@@ -129,7 +119,6 @@ function memoize(fn, options = {}) {
       timestamp: Date.now(),
       hits: 0
     });
-    accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoize:${name}] set`, { key, cacheSize: cache.size });
     return value;
   };
@@ -142,15 +131,13 @@ function memoizeAsync(fn, options = {}) {
     ttl = Number.POSITIVE_INFINITY
   } = options;
   const cache = /* @__PURE__ */ new Map();
-  const accessOrder = [];
   cacheRegistry.push(() => {
     cache.clear();
-    accessOrder.length = 0;
   });
   function evictLRU() {
-    if (cache.size >= maxSize && accessOrder.length > 0) {
-      const oldest = accessOrder.shift();
-      if (oldest) {
+    if (cache.size >= maxSize) {
+      const oldest = cache.keys().next().value;
+      if (oldest !== void 0) {
         cache.delete(oldest);
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] clear`, {
           key: oldest,
@@ -165,6 +152,10 @@ function memoizeAsync(fn, options = {}) {
     }
     return Date.now() - entry.timestamp > ttl;
   }
+  function bumpRecency(key, entry) {
+    cache.delete(key);
+    cache.set(key, entry);
+  }
   const refreshing = /* @__PURE__ */ new Map();
   return async function memoized(...args) {
     const key = keyGen(...args);
@@ -172,24 +163,17 @@ function memoizeAsync(fn, options = {}) {
     if (cached) {
       if (!isExpired(cached)) {
         cached.hits++;
-        const index2 = accessOrder.indexOf(key);
-        if (index2 !== -1) {
-          accessOrder.splice(index2, 1);
-        }
-        accessOrder.push(key);
+        bumpRecency(key, cached);
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] hit`, { key, hits: cached.hits });
         return await cached.value;
       }
       const inflight = refreshing.get(key);
       if (inflight) {
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] stale-dedup`, { key });
+        bumpRecency(key, cached);
         return await inflight;
       }
       cache.delete(key);
-      const index = accessOrder.indexOf(key);
-      if (index !== -1) {
-        accessOrder.splice(index, 1);
-      }
     }
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] miss`, { key });
     const promise = fn(...args).then(
@@ -198,16 +182,13 @@ function memoizeAsync(fn, options = {}) {
         const entry = cache.get(key);
         if (entry) {
           entry.value = Promise.resolve(result);
+          entry.timestamp = Date.now();
         }
         return result;
       },
       (error) => {
         refreshing.delete(key);
         cache.delete(key);
-        const index = accessOrder.indexOf(key);
-        if (index !== -1) {
-          accessOrder.splice(index, 1);
-        }
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] error`, { key, error });
         throw error;
       }
@@ -219,24 +200,10 @@ function memoizeAsync(fn, options = {}) {
       timestamp: Date.now(),
       hits: 0
     });
-    accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] set`, { key, cacheSize: cache.size });
     return await promise;
   };
 }
-function memoizeDebounced(fn, wait, options = {}) {
-  const memoized = memoize(fn, options);
-  let timeoutId;
-  return function debounced(...args) {
-    if (timeoutId) {
-      clearTimeout(timeoutId);
-    }
-    timeoutId = setTimeout(() => {
-      memoized(...args);
-    }, wait);
-    return memoized(...args);
-  };
-}
 function memoizeWeak(fn) {
   const cache = /* @__PURE__ */ new WeakMap();
   return function memoized(key) {
@@ -270,7 +237,6 @@ function once(fn) {
   clearAllMemoizationCaches,
   memoize,
   memoizeAsync,
-  memoizeDebounced,
   memoizeWeak,
   once
 });

package/dist/packages/specs.js

@@ -42,9 +42,16 @@ var import_objects = require("../objects");
 var import_strings = require("../strings");
 // @__NO_SIDE_EFFECTS__
 function getRepoUrlDetails(repoUrl = "") {
-  const userAndRepo = repoUrl.replace(/^.+github.com\//, "").split("/");
+  const match = /^(?:[a-z][a-z+]*:\/\/)(?:[^/@]+@)?github\.com\/([^?#]+)(?:[?#]|$)/i.exec(
+    repoUrl
+  );
+  if (!match || !match[1]) {
+    return { user: "", project: "" };
+  }
+  const userAndRepo = match[1].split("/");
   const user = userAndRepo[0] || "";
-  const project = userAndRepo.length > 1 ? (userAndRepo[1]?.endsWith(".git") ? userAndRepo[1].slice(0, -4) : userAndRepo[1]) || "" : "";
+  const rawProject = userAndRepo[1] ?? "";
+  const project = rawProject.endsWith(".git") ? rawProject.slice(0, -4) : rawProject;
   return { user, project };
 }
 // @__NO_SIDE_EFFECTS__

package/dist/paths/packages.js

@@ -34,8 +34,12 @@ function getPath() {
   return _path;
 }
 // @__NO_SIDE_EFFECTS__
+function isPackageJsonFile(filepath) {
+  return filepath === "package.json" || filepath.endsWith("/package.json") || filepath.endsWith("\\package.json");
+}
+// @__NO_SIDE_EFFECTS__
 function resolvePackageJsonDirname(filepath) {
-  if (filepath.endsWith("package.json")) {
+  if (/* @__PURE__ */ isPackageJsonFile(filepath)) {
     const path = /* @__PURE__ */ getPath();
     return (0, import_normalize.normalizePath)(path.dirname(filepath));
   }
@@ -43,7 +47,7 @@ function resolvePackageJsonDirname(filepath) {
 }
 // @__NO_SIDE_EFFECTS__
 function resolvePackageJsonPath(filepath) {
-  if (filepath.endsWith("package.json")) {
+  if (/* @__PURE__ */ isPackageJsonFile(filepath)) {
     return (0, import_normalize.normalizePath)(filepath);
   }
   const path = /* @__PURE__ */ getPath();

package/dist/process-lock.js

@@ -136,9 +136,7 @@ class ProcessLockManager {
       if (!stats) {
         return false;
       }
-      const ageSeconds = Math.floor((Date.now() - stats.mtime.getTime()) / 1e3);
-      const staleSeconds = Math.floor(staleMs / 1e3);
-      return ageSeconds > staleSeconds;
+      return Date.now() - stats.mtime.getTime() > staleMs;
     } catch {
       return false;
     }
@@ -186,9 +184,6 @@ class ProcessLockManager {
             }
           }
           const fs = /* @__PURE__ */ getFs();
-          if (fs.existsSync(lockPath)) {
-            throw new Error(`Lock already exists: ${lockPath}`);
-          }
           const parent = (/* @__PURE__ */ getPath()).dirname(lockPath);
           if (parent && parent !== "." && parent !== lockPath) {
             fs.mkdirSync(parent, { recursive: true });