@socketsecurity/lib 5.25.1 → 5.26.1

package/dist/releases/github-api.js

@@ -0,0 +1,275 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var github_api_exports = {};
+__export(github_api_exports, {
+  getLatestRelease: () => getLatestRelease,
+  getReleaseAssetUrl: () => getReleaseAssetUrl
+});
+module.exports = __toCommonJS(github_api_exports);
+var import_http_request = require("../http-request");
+var import_primordials = require("../primordials");
+var import_promises = require("../promises");
+var import_github_assets = require("./github-assets");
+var import_github_auth = require("./github-auth");
+const RETRY_CONFIG = (0, import_primordials.ObjectFreeze)({
+  __proto__: null,
+  // Exponential backoff: delay doubles with each retry (5s, 10s, 20s).
+  backoffFactor: 2,
+  // Initial delay before first retry.
+  baseDelayMs: 5e3,
+  // Maximum number of retry attempts (excluding initial request).
+  retries: 2
+});
+async function fetchReleasesViaRest(owner, repo) {
+  const response = await (0, import_http_request.httpRequest)(
+    `https://api.github.com/repos/${owner}/${repo}/releases?per_page=100`,
+    { headers: (0, import_github_auth.getAuthHeaders)() }
+  );
+  if (!response.ok) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to fetch ${owner}/${repo} releases: ${response.status}`
+    );
+  }
+  const text = response.body.toString("utf8");
+  if (text.length === 0) {
+    return [];
+  }
+  let parsed;
+  try {
+    parsed = (0, import_primordials.JSONParse)(text);
+  } catch (cause) {
+    throw new import_primordials.ErrorCtor(`Failed to parse ${owner}/${repo} releases response`, {
+      cause
+    });
+  }
+  return (0, import_primordials.ArrayIsArray)(parsed) ? parsed : [];
+}
+async function fetchReleasesViaGraphQL(owner, repo) {
+  const response = await (0, import_http_request.httpRequest)("https://api.github.com/graphql", {
+    body: (0, import_primordials.JSONStringify)({
+      query: `query($owner: String!, $repo: String!) {
+        repository(owner: $owner, name: $repo) {
+          releases(first: 100, orderBy: {field: CREATED_AT, direction: DESC}) {
+            nodes {
+              tagName
+              publishedAt
+              releaseAssets(first: 100) { nodes { name } }
+            }
+          }
+        }
+      }`,
+      variables: { owner, repo }
+    }),
+    headers: { ...(0, import_github_auth.getAuthHeaders)(), "Content-Type": "application/json" },
+    method: "POST"
+  });
+  if (!response.ok) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to fetch ${owner}/${repo} releases (GraphQL): ${response.status}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = (0, import_primordials.JSONParse)(response.body.toString("utf8"));
+  } catch (cause) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to parse GitHub GraphQL response for ${owner}/${repo} releases`,
+      { cause }
+    );
+  }
+  if (parsed.errors?.length) {
+    throw new import_primordials.ErrorCtor(
+      `GraphQL repository.releases(${owner}/${repo}) returned errors: ${parsed.errors.map((e) => e.message).join("; ")}`
+    );
+  }
+  return (parsed.data?.repository?.releases?.nodes ?? []).map((n) => ({
+    tag_name: n.tagName,
+    published_at: n.publishedAt,
+    assets: n.releaseAssets?.nodes ?? []
+  }));
+}
+async function fetchReleaseAssetsViaGraphQL(owner, repo, tag) {
+  const response = await (0, import_http_request.httpRequest)("https://api.github.com/graphql", {
+    body: (0, import_primordials.JSONStringify)({
+      query: `query($owner: String!, $repo: String!, $tag: String!) {
+        repository(owner: $owner, name: $repo) {
+          release(tagName: $tag) {
+            tagName
+            releaseAssets(first: 100) { nodes { name downloadUrl } }
+          }
+        }
+      }`,
+      variables: { owner, repo, tag }
+    }),
+    headers: { ...(0, import_github_auth.getAuthHeaders)(), "Content-Type": "application/json" },
+    method: "POST"
+  });
+  if (!response.ok) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to fetch ${owner}/${repo} release ${tag} (GraphQL): ${response.status} ${response.statusText}`
+    );
+  }
+  if (response.body.byteLength === 0) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to fetch ${owner}/${repo} release ${tag}: GraphQL returned empty body`
+    );
+  }
+  let parsed;
+  try {
+    parsed = (0, import_primordials.JSONParse)(response.body.toString("utf8"));
+  } catch (cause) {
+    throw new import_primordials.ErrorCtor(
+      `Failed to parse ${owner}/${repo} release ${tag} response (GraphQL)`,
+      { cause }
+    );
+  }
+  if (parsed.errors?.length) {
+    throw new import_primordials.ErrorCtor(
+      `GraphQL repository.release(${owner}/${repo}, ${tag}) returned errors: ${parsed.errors.map((e) => e.message).join("; ")}`
+    );
+  }
+  const release = parsed.data?.repository?.release;
+  if (!release) {
+    return void 0;
+  }
+  return (release.releaseAssets?.nodes ?? []).map((n) => ({
+    browser_download_url: n.downloadUrl,
+    name: n.name
+  }));
+}
+async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
+  const { assetPattern, nothrow = false } = options;
+  const { owner, repo } = repoConfig;
+  const isMatch = assetPattern ? (0, import_github_assets.createAssetMatcher)(assetPattern) : void 0;
+  return await (0, import_promises.pRetry)(async () => {
+    let releases = await fetchReleasesViaRest(owner, repo);
+    if (releases.length === 0) {
+      let graphqlReleases;
+      try {
+        graphqlReleases = await fetchReleasesViaGraphQL(owner, repo);
+      } catch (cause) {
+        if (nothrow) {
+          return void 0;
+        }
+        throw new import_primordials.ErrorCtor(
+          `Failed to list ${owner}/${repo} releases: both REST and GraphQL backends degraded`,
+          { cause }
+        );
+      }
+      if (graphqlReleases.length > 0) {
+        releases = graphqlReleases;
+      }
+    }
+    const matchingReleases = releases.filter((release) => {
+      const { assets, tag_name: tag } = release;
+      if (!(0, import_primordials.StringPrototypeStartsWith)(tag, toolPrefix)) {
+        return false;
+      }
+      if (!assets || assets.length === 0) {
+        return false;
+      }
+      if (isMatch) {
+        const hasMatchingAsset = assets.some(
+          (a) => isMatch(a.name)
+        );
+        if (!hasMatchingAsset) {
+          return false;
+        }
+      }
+      return true;
+    });
+    if (matchingReleases.length === 0) {
+      return void 0;
+    }
+    matchingReleases.sort(
+      (a, b) => (0, import_primordials.DateParse)(b.published_at) - (0, import_primordials.DateParse)(a.published_at)
+    );
+    const latestRelease = matchingReleases[0];
+    return latestRelease.tag_name;
+  }, RETRY_CONFIG) ?? void 0;
+}
+async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
+  const { nothrow = false } = options;
+  const { owner, repo } = repoConfig;
+  const isMatch = typeof assetPattern === "string" && !assetPattern.includes("*") && !assetPattern.includes("{") ? (input) => input === assetPattern : (0, import_github_assets.createAssetMatcher)(assetPattern);
+  return await (0, import_promises.pRetry)(async () => {
+    const response = await (0, import_http_request.httpRequest)(
+      `https://api.github.com/repos/${owner}/${repo}/releases/tags/${tag}`,
+      {
+        headers: (0, import_github_auth.getAuthHeaders)()
+      }
+    );
+    if (!response.ok) {
+      throw new import_primordials.ErrorCtor(
+        `Failed to fetch ${owner}/${repo} release ${tag}: ${response.status}`
+      );
+    }
+    let assets;
+    if (response.body.byteLength === 0) {
+      let fallbackAssets;
+      try {
+        fallbackAssets = await fetchReleaseAssetsViaGraphQL(owner, repo, tag);
+      } catch (cause) {
+        if (nothrow) {
+          return void 0;
+        }
+        throw new import_primordials.ErrorCtor(
+          `Failed to fetch ${owner}/${repo} release ${tag}: both REST and GraphQL backends degraded`,
+          { cause }
+        );
+      }
+      if (fallbackAssets === void 0) {
+        if (nothrow) {
+          return void 0;
+        }
+        throw new import_primordials.ErrorCtor(`Release ${tag} not found in ${owner}/${repo}`);
+      }
+      assets = fallbackAssets;
+    } else {
+      let release;
+      try {
+        release = (0, import_primordials.JSONParse)(response.body.toString("utf8"));
+      } catch (cause) {
+        throw new import_primordials.ErrorCtor(
+          `Failed to parse ${owner}/${repo} release ${tag} response`,
+          { cause }
+        );
+      }
+      if (!(0, import_primordials.ArrayIsArray)(release.assets)) {
+        throw new import_primordials.ErrorCtor(
+          `Release ${tag} has no assets in ${owner}/${repo}`
+        );
+      }
+      assets = release.assets;
+    }
+    const asset = assets.find((a) => isMatch(a.name));
+    if (!asset) {
+      const patternDesc = typeof assetPattern === "string" ? assetPattern : "matching pattern";
+      throw new import_primordials.ErrorCtor(`Asset ${patternDesc} not found in release ${tag}`);
+    }
+    return asset.browser_download_url;
+  }, RETRY_CONFIG) ?? void 0;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getLatestRelease,
+  getReleaseAssetUrl
+});

package/dist/releases/github-archives.d.ts

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview GitHub release archive download + extraction.
+ */
+import { type ArchiveFormat } from '../archives';
+import type { AssetPattern, RepoConfig } from './github-types';
+/**
+ * Download and extract an archive from a GitHub release.
+ * Supports zip, tar, tar.gz, and tgz formats.
+ * Automatically handles downloading, extracting, and cleanup.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the archive contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded archive after extraction (default: true)
+ * @param options.strip - Strip leading path components (like tar --strip-components)
+ * @param options.format - Archive format (auto-detected if not specified)
+ * @returns Path to the extraction directory
+ *
+ * @example
+ * ```typescript
+ * const outputDir = await downloadAndExtractArchive(
+ *   'v1.0.0', 'data-*.tar.gz', '/tmp/data',
+ *   { owner: 'SocketDev', repo: 'socket-btm' },
+ * )
+ * ```
+ */
+export declare function downloadAndExtractArchive(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    format?: ArchiveFormat;
+    quiet?: boolean;
+    strip?: number;
+}): Promise<string>;
+/**
+ * Download and extract a zip file from a GitHub release.
+ * Automatically handles downloading, extracting, and cleanup.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the zip contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded zip file after extraction (default: true)
+ * @returns Path to the extraction directory
+ *
+ * @example
+ * ```typescript
+ * const outputDir = await downloadAndExtractZip(
+ *   'v1.0.0', 'models-*.zip', '/tmp/models',
+ *   { owner: 'SocketDev', repo: 'socket-btm' },
+ * )
+ * ```
+ */
+export declare function downloadAndExtractZip(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    quiet?: boolean;
+}): Promise<string>;

package/dist/releases/github-archives.js

@@ -0,0 +1,136 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var github_archives_exports = {};
+__export(github_archives_exports, {
+  downloadAndExtractArchive: () => downloadAndExtractArchive,
+  downloadAndExtractZip: () => downloadAndExtractZip
+});
+module.exports = __toCommonJS(github_archives_exports);
+var import_archives = require("../archives");
+var import_fs = require("../fs");
+var import_logger = require("../logger");
+var import_primordials = require("../primordials");
+var import_github_downloads = require("./github-downloads");
+const logger = (0, import_logger.getDefaultLogger)();
+let _fs;
+let _path;
+// @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("node:fs");
+  }
+  return _fs;
+}
+// @__NO_SIDE_EFFECTS__
+function getPath() {
+  if (_path === void 0) {
+    _path = require("node:path");
+  }
+  return _path;
+}
+async function downloadAndExtractArchive(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, format, quiet = false, strip } = options;
+  const path = /* @__PURE__ */ getPath();
+  const fs = /* @__PURE__ */ getFs();
+  await (0, import_fs.safeMkdir)(outputDir);
+  let ext = ".archive";
+  if (format) {
+    ext = format === "tar.gz" ? ".tar.gz" : `.${format}`;
+  } else if (typeof assetPattern === "string") {
+    const detectedFormat = (0, import_archives.detectArchiveFormat)(assetPattern);
+    if (detectedFormat) {
+      ext = detectedFormat === "tar.gz" ? ".tar.gz" : `.${detectedFormat}`;
+    }
+  }
+  const archivePath = path.join(outputDir, `__temp_download__${ext}`);
+  if (!quiet) {
+    logger.info(`Downloading archive from release ${tag}...`);
+  }
+  await (0, import_github_downloads.downloadReleaseAsset)(tag, assetPattern, archivePath, repoConfig, {
+    quiet
+  });
+  if (!quiet) {
+    logger.info(`Extracting archive to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(archivePath, outputDir, { quiet, strip });
+    if (!quiet) {
+      logger.info(`Extracted archive contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new import_primordials.ErrorCtor(`Failed to extract archive: ${archivePath}`, { cause });
+  } finally {
+    if (cleanup) {
+      try {
+        await fs.promises.unlink(archivePath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary archive file");
+        }
+      } catch (e) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup archive file: ${e}`);
+        }
+      }
+    }
+  }
+  return outputDir;
+}
+async function downloadAndExtractZip(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, quiet = false } = options;
+  const path = /* @__PURE__ */ getPath();
+  const fs = /* @__PURE__ */ getFs();
+  await (0, import_fs.safeMkdir)(outputDir);
+  const zipPath = path.join(outputDir, "__temp_download__.zip");
+  if (!quiet) {
+    logger.info(`Downloading zip asset from release ${tag}...`);
+  }
+  await (0, import_github_downloads.downloadReleaseAsset)(tag, assetPattern, zipPath, repoConfig, { quiet });
+  if (!quiet) {
+    logger.info(`Extracting zip to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(zipPath, outputDir, { quiet });
+    if (!quiet) {
+      logger.info(`Extracted zip contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new import_primordials.ErrorCtor(`Failed to extract zip file: ${zipPath}`, { cause });
+  } finally {
+    if (cleanup) {
+      try {
+        await fs.promises.unlink(zipPath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary zip file");
+        }
+      } catch (e) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup zip file: ${e}`);
+        }
+      }
+    }
+  }
+  return outputDir;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  downloadAndExtractArchive,
+  downloadAndExtractZip
+});

package/dist/releases/github-assets.d.ts

@@ -0,0 +1,21 @@
+/**
+ * @fileoverview Asset matching helpers for GitHub releases.
+ */
+/**
+ * Create a matcher function for a pattern using picomatch for glob patterns
+ * or simple prefix/suffix matching for object patterns.
+ *
+ * @param pattern - Pattern to match (string glob, prefix/suffix object, or RegExp)
+ * @returns Function that tests if a string matches the pattern
+ *
+ * @example
+ * ```typescript
+ * const isMatch = createAssetMatcher('tool-*-linux-x64')
+ * isMatch('tool-v1.0-linux-x64')  // true
+ * isMatch('tool-v1.0-darwin-arm64')  // false
+ * ```
+ */
+export declare function createAssetMatcher(pattern: string | {
+    prefix: string;
+    suffix: string;
+} | RegExp): (input: string) => boolean;

package/dist/releases/github-assets.js

@@ -0,0 +1,52 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var github_assets_exports = {};
+__export(github_assets_exports, {
+  createAssetMatcher: () => createAssetMatcher
+});
+module.exports = __toCommonJS(github_assets_exports);
+var import_picomatch = __toESM(require("../external/picomatch"));
+var import_primordials = require("../primordials");
+function createAssetMatcher(pattern) {
+  if (typeof pattern === "string") {
+    const isMatch = (0, import_picomatch.default)(pattern);
+    return (input) => isMatch(input);
+  }
+  if (pattern instanceof RegExp) {
+    return (input) => pattern.test(input);
+  }
+  const { prefix, suffix } = pattern;
+  return (input) => (0, import_primordials.StringPrototypeStartsWith)(input, prefix) && (0, import_primordials.StringPrototypeEndsWith)(input, suffix);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createAssetMatcher
+});

package/dist/releases/github-auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @fileoverview GitHub API authentication header helpers.
+ */
+/**
+ * Get GitHub authentication headers if token is available.
+ * Checks GH_TOKEN or GITHUB_TOKEN environment variables.
+ *
+ * @returns Headers object with Authorization header if token exists.
+ *
+ * @example
+ * ```typescript
+ * const headers = getAuthHeaders()
+ * // { Accept: 'application/vnd.github+json', Authorization: 'Bearer ...' }
+ * ```
+ */
+export declare function getAuthHeaders(): Record<string, string>;

package/dist/releases/github-auth.js

@@ -0,0 +1,51 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var github_auth_exports = {};
+__export(github_auth_exports, {
+  getAuthHeaders: () => getAuthHeaders
+});
+module.exports = __toCommonJS(github_auth_exports);
+var import_node_process = __toESM(require("node:process"));
+function getAuthHeaders() {
+  const token = import_node_process.default.env["GH_TOKEN"] || import_node_process.default.env["GITHUB_TOKEN"];
+  const headers = {
+    Accept: "application/vnd.github+json",
+    "X-GitHub-Api-Version": "2022-11-28"
+  };
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
+  return headers;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAuthHeaders
+});

package/dist/releases/github-downloads.d.ts

@@ -0,0 +1,42 @@
+/**
+ * @fileoverview GitHub release asset downloads.
+ */
+import type { AssetPattern, DownloadGitHubReleaseConfig, RepoConfig } from './github-types';
+/**
+ * Download a binary from any GitHub repository with version caching.
+ *
+ * @param config - Download configuration
+ * @returns Path to the downloaded binary
+ *
+ * @example
+ * ```typescript
+ * const binaryPath = await downloadGitHubRelease({
+ *   owner: 'SocketDev', repo: 'socket-btm',
+ *   toolName: 'lief', toolPrefix: 'lief-',
+ *   assetName: 'lief-linux-x64', binaryName: 'lief',
+ *   platformArch: 'linux-x64',
+ * })
+ * ```
+ */
+export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;
+/**
+ * Download a specific release asset.
+ * Supports pattern matching for dynamic asset discovery.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputPath - Path to write the downloaded file
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ *
+ * @example
+ * ```typescript
+ * await downloadReleaseAsset(
+ *   'v1.0.0', 'tool-linux-x64', '/tmp/tool',
+ *   { owner: 'SocketDev', repo: 'socket-btm' },
+ * )
+ * ```
+ */
+export declare function downloadReleaseAsset(tag: string, assetPattern: string | AssetPattern, outputPath: string, repoConfig: RepoConfig, options?: {
+    quiet?: boolean;
+}): Promise<void>;