@socketsecurity/lib 5.27.0 → 5.28.0

package/dist/compression.js

@@ -0,0 +1,275 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var compression_exports = {};
+__export(compression_exports, {
+  BROTLI_EXTS: () => BROTLI_EXTS,
+  GZIP_EXTS: () => GZIP_EXTS,
+  compressBrotli: () => compressBrotli,
+  compressBrotliFile: () => compressBrotliFile,
+  compressGzip: () => compressGzip,
+  compressGzipFile: () => compressGzipFile,
+  createBrotliCompressor: () => createBrotliCompressor,
+  createBrotliDecompressor: () => createBrotliDecompressor,
+  createGzipCompressor: () => createGzipCompressor,
+  createGzipDecompressor: () => createGzipDecompressor,
+  decompressBrotli: () => decompressBrotli,
+  decompressBrotliFile: () => decompressBrotliFile,
+  decompressGzip: () => decompressGzip,
+  decompressGzipFile: () => decompressGzipFile,
+  hasBrotliExt: () => hasBrotliExt,
+  hasGzipExt: () => hasGzipExt,
+  isBrotliCompressed: () => isBrotliCompressed,
+  isGzipCompressed: () => isGzipCompressed,
+  resolveBrotliOptions: () => resolveBrotliOptions,
+  resolveGzipOptions: () => resolveGzipOptions,
+  stripExt: () => stripExt
+});
+module.exports = __toCommonJS(compression_exports);
+var import_node_buffer = require("node:buffer");
+var import_node_fs = require("node:fs");
+var import_node_path = __toESM(require("node:path"));
+var import_promises = require("node:stream/promises");
+var import_node_zlib = require("node:zlib");
+var import_node_util = require("node:util");
+var import_fs = require("./fs");
+var import_primordials = require("./primordials");
+const brotliCompressAsync = (0, import_node_util.promisify)(import_node_zlib.brotliCompress);
+const brotliDecompressAsync = (0, import_node_util.promisify)(import_node_zlib.brotliDecompress);
+const gzipAsync = (0, import_node_util.promisify)(import_node_zlib.gzip);
+const gunzipAsync = (0, import_node_util.promisify)(import_node_zlib.gunzip);
+function resolveBrotliOptions(options) {
+  const level = options?.level ?? 11;
+  const params = {
+    [import_node_zlib.constants.BROTLI_PARAM_QUALITY]: level
+  };
+  if (options?.size !== void 0 && options.size > 0) {
+    params[import_node_zlib.constants.BROTLI_PARAM_SIZE_HINT] = options.size;
+  }
+  return { params };
+}
+function resolveGzipOptions(options) {
+  const level = options?.level;
+  if (level === void 0) {
+    return { __proto__: null };
+  }
+  return { __proto__: null, level };
+}
+async function compressBrotli(input, options) {
+  const buf = typeof input === "string" ? import_node_buffer.Buffer.from(input, "utf8") : input;
+  const opts = resolveBrotliOptions(options);
+  if (opts.params[import_node_zlib.constants.BROTLI_PARAM_SIZE_HINT] === void 0) {
+    opts.params[import_node_zlib.constants.BROTLI_PARAM_SIZE_HINT] = buf.byteLength;
+  }
+  return await brotliCompressAsync(buf, opts);
+}
+async function decompressBrotli(input) {
+  return await brotliDecompressAsync(input);
+}
+async function compressBrotliFile(srcPath, destOrOptions, maybeOptions) {
+  const { destPath, options, inPlace } = resolveFileArgs(
+    "compressBrotliFile",
+    srcPath,
+    destOrOptions,
+    maybeOptions,
+    (p) => `${p}.br`
+  );
+  await (0, import_promises.pipeline)(
+    (0, import_node_fs.createReadStream)(srcPath),
+    (0, import_node_zlib.createBrotliCompress)(resolveBrotliOptions(options)),
+    (0, import_node_fs.createWriteStream)(destPath)
+  );
+  if (inPlace) {
+    await (0, import_fs.safeDelete)(srcPath);
+  }
+  return destPath;
+}
+async function decompressBrotliFile(srcPath, destOrOptions) {
+  const { destPath, inPlace } = resolveFileArgs(
+    "decompressBrotliFile",
+    srcPath,
+    destOrOptions,
+    void 0,
+    (p) => {
+      if (!hasBrotliExt(p)) {
+        throw new Error(
+          `decompressBrotliFile: ${p} has no .br/.brotli extension; can't infer destination`
+        );
+      }
+      return stripExt(p, BROTLI_EXTS);
+    }
+  );
+  await (0, import_promises.pipeline)(
+    (0, import_node_fs.createReadStream)(srcPath),
+    (0, import_node_zlib.createBrotliDecompress)(),
+    (0, import_node_fs.createWriteStream)(destPath)
+  );
+  if (inPlace) {
+    await (0, import_fs.safeDelete)(srcPath);
+  }
+  return destPath;
+}
+function createBrotliCompressor(options) {
+  return (0, import_node_zlib.createBrotliCompress)(resolveBrotliOptions(options));
+}
+function createBrotliDecompressor() {
+  return (0, import_node_zlib.createBrotliDecompress)();
+}
+async function compressGzip(input, options) {
+  const buf = typeof input === "string" ? import_node_buffer.Buffer.from(input, "utf8") : input;
+  return await gzipAsync(buf, resolveGzipOptions(options));
+}
+async function decompressGzip(input) {
+  return await gunzipAsync(input);
+}
+async function compressGzipFile(srcPath, destOrOptions, maybeOptions) {
+  const { destPath, options, inPlace } = resolveFileArgs(
+    "compressGzipFile",
+    srcPath,
+    destOrOptions,
+    maybeOptions,
+    (p) => `${p}.gz`
+  );
+  await (0, import_promises.pipeline)(
+    (0, import_node_fs.createReadStream)(srcPath),
+    (0, import_node_zlib.createGzip)(resolveGzipOptions(options)),
+    (0, import_node_fs.createWriteStream)(destPath)
+  );
+  if (inPlace) {
+    await (0, import_fs.safeDelete)(srcPath);
+  }
+  return destPath;
+}
+async function decompressGzipFile(srcPath, destOrOptions) {
+  const { destPath, inPlace } = resolveFileArgs(
+    "decompressGzipFile",
+    srcPath,
+    destOrOptions,
+    void 0,
+    (p) => {
+      if (!hasGzipExt(p)) {
+        throw new Error(
+          `decompressGzipFile: ${p} has no .gz/.gzip/.tgz extension; can't infer destination`
+        );
+      }
+      const stripped = stripExt(p, GZIP_EXTS);
+      return (0, import_primordials.StringPrototypeToLowerCase)(import_node_path.default.extname(p)) === ".tgz" ? `${stripped}.tar` : stripped;
+    }
+  );
+  await (0, import_promises.pipeline)(
+    (0, import_node_fs.createReadStream)(srcPath),
+    (0, import_node_zlib.createGunzip)(),
+    (0, import_node_fs.createWriteStream)(destPath)
+  );
+  if (inPlace) {
+    await (0, import_fs.safeDelete)(srcPath);
+  }
+  return destPath;
+}
+function createGzipCompressor(options) {
+  return (0, import_node_zlib.createGzip)(resolveGzipOptions(options));
+}
+function createGzipDecompressor() {
+  return (0, import_node_zlib.createGunzip)();
+}
+const BROTLI_MIN_LEN = 4;
+function isBrotliCompressed(input) {
+  return import_node_buffer.Buffer.isBuffer(input) && input.byteLength >= BROTLI_MIN_LEN;
+}
+const GZIP_MAGIC_0 = 31;
+const GZIP_MAGIC_1 = 139;
+function isGzipCompressed(input) {
+  return import_node_buffer.Buffer.isBuffer(input) && input.byteLength >= 2 && input[0] === GZIP_MAGIC_0 && input[1] === GZIP_MAGIC_1;
+}
+const BROTLI_EXTS = /* @__PURE__ */ new Set([".br", ".brotli"]);
+const GZIP_EXTS = /* @__PURE__ */ new Set([".gz", ".gzip", ".tgz"]);
+function hasBrotliExt(filePath) {
+  return BROTLI_EXTS.has((0, import_primordials.StringPrototypeToLowerCase)(import_node_path.default.extname(filePath)));
+}
+function hasGzipExt(filePath) {
+  return GZIP_EXTS.has((0, import_primordials.StringPrototypeToLowerCase)(import_node_path.default.extname(filePath)));
+}
+function stripExt(filePath, exts) {
+  const ext = import_node_path.default.extname(filePath);
+  if (!exts.has((0, import_primordials.StringPrototypeToLowerCase)(ext))) {
+    return filePath;
+  }
+  return filePath.slice(0, -ext.length);
+}
+function resolveFileArgs(fnName, srcPath, destOrOptions, maybeOptions, computeInPlaceDest) {
+  if (typeof destOrOptions === "string") {
+    if (srcPath === destOrOptions) {
+      throw new Error(
+        `${fnName}: srcPath and destPath must differ; got ${srcPath}`
+      );
+    }
+    return Object.freeze({
+      __proto__: null,
+      destPath: destOrOptions,
+      options: maybeOptions,
+      inPlace: false
+    });
+  }
+  if (destOrOptions?.inPlace) {
+    return Object.freeze({
+      __proto__: null,
+      destPath: computeInPlaceDest(srcPath),
+      options: destOrOptions,
+      inPlace: true
+    });
+  }
+  throw new Error(
+    `${fnName}: missing destPath; pass an explicit destination or { inPlace: true }`
+  );
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BROTLI_EXTS,
+  GZIP_EXTS,
+  compressBrotli,
+  compressBrotliFile,
+  compressGzip,
+  compressGzipFile,
+  createBrotliCompressor,
+  createBrotliDecompressor,
+  createGzipCompressor,
+  createGzipDecompressor,
+  decompressBrotli,
+  decompressBrotliFile,
+  decompressGzip,
+  decompressGzipFile,
+  hasBrotliExt,
+  hasGzipExt,
+  isBrotliCompressed,
+  isGzipCompressed,
+  resolveBrotliOptions,
+  resolveGzipOptions,
+  stripExt
+});

package/dist/constants/socket.js

@@ -77,7 +77,7 @@ const SOCKET_FIREWALL_APP_NAME = "sfw";
 const SOCKET_REGISTRY_APP_NAME = "registry";
 const SOCKET_APP_PREFIX = "_";
 const SOCKET_LIB_NAME = "@socketsecurity/lib";
-const SOCKET_LIB_VERSION = "5.27.0";
+const SOCKET_LIB_VERSION = "5.28.0";
 const SOCKET_LIB_URL = "https://github.com/SocketDev/socket-lib";
 const SOCKET_LIB_USER_AGENT = `socketsecurity-lib/${SOCKET_LIB_VERSION} (${SOCKET_LIB_URL})`;
 const SOCKET_IPC_HANDSHAKE = "SOCKET_IPC_HANDSHAKE";

package/dist/dlx/package.d.ts

@@ -53,6 +53,36 @@ export interface EnsurePackageInstallOptions {
      * - An explicit `{ type: 'integrity' | 'checksum', value }` object.
      */
     hash?: HashSpec | undefined;
+    /**
+     * Override the install root passed to Arborist. By default, the
+     * install root is `~/.socket/_dlx/<cacheKey>/` (or
+     * `SOCKET_DLX_DIR/<cacheKey>/`) — keyed by spec so multiple specs
+     * share a parent dir without colliding. When `installRoot` is set,
+     * the install root is the value verbatim — no cacheKey subdirectory.
+     *
+     * In both cases the package itself lands at
+     * `<installRoot>/node_modules/<packageName>/` with transitive deps as
+     * siblings under the same `node_modules/` directory. That layout is a
+     * fixed property of Arborist; this option only controls the parent.
+     *
+     * That means **the caller is responsible for keeping per-spec
+     * installs separated** — calling twice with the same `installRoot`
+     * but different specs (e.g. `ink@7` and `ink@8`) overwrites the
+     * earlier install. Either pass a different `installRoot` per spec or
+     * pass `force: true` to accept the overwrite.
+     *
+     * Pass a sentinel name (e.g. `_dlx`, `_pkg`, `vendor`) — never one
+     * that ends in `node_modules`, since that turns the install root
+     * into something parent-walking resolvers, IDE indexers, and pnpm
+     * hoisting will mistake for a workspace `node_modules/`.
+     *
+     * Use cases:
+     * - Build pipelines that want the install gitignored alongside their
+     *   own outputs and walkable by tools that resolve through
+     *   `node_modules` (e.g. esbuild's `nodePaths`).
+     * - Tests that need a deterministic, easily-cleaned install path.
+     */
+    installRoot?: string | undefined;
     /**
      * Vendored `package-lock.json` to drive a reproducible install. Accepts
      * a filesystem path (sniffed) or raw JSON content (sniffed via leading

package/dist/dlx/package.js

@@ -168,6 +168,7 @@ async function downloadPackage(options) {
     binaryName,
     force: userForce,
     hash,
+    installRoot,
     lockfile,
     package: packageSpec,
     yes
@@ -183,7 +184,7 @@ async function downloadPackage(options) {
     packageName,
     fullPackageSpec,
     force,
-    { hash, lockfile }
+    { hash, installRoot, lockfile }
   );
   const binaryPath = findBinaryPath(packageDir, packageName, binaryName);
   makePackageBinsExecutable(packageDir, packageName);
@@ -196,8 +197,9 @@ async function downloadPackage(options) {
 async function ensurePackageInstalled(packageName, packageSpec, force, install) {
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const cacheKey = (0, import_cache.generateCacheKey)(packageSpec);
-  const packageDir = (0, import_normalize.normalizePath)(path.join((0, import_socket2.getSocketDlxDir)(), cacheKey));
+  const packageDir = (0, import_normalize.normalizePath)(
+    install?.installRoot ?? path.join((0, import_socket2.getSocketDlxDir)(), (0, import_cache.generateCacheKey)(packageSpec))
+  );
   const installedDir = (0, import_normalize.normalizePath)(
     path.join(packageDir, "node_modules", packageName)
   );

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "@socketsecurity/lib",
-  "version": "5.27.0",
+  "version": "5.28.0",
   "packageManager": "pnpm@11.0.6+sha512.97f906e1da2bedac3df83cadae04b4753a130092dd49d55cd36825ad3e623e9df3f97754f8f259e699172a360fac569acf2f908e7732bdae3eddb2dcf7e121fd",
   "license": "MIT",
   "publishConfig": {
     "access": "public",
     "provenance": true
   },
+  "bin": {
+    "socket-lib": "./dist/bin/socket-lib.js"
+  },
   "description": "Core utilities and infrastructure for Socket.dev security tools",
   "keywords": [
     "Socket.dev",
@@ -127,6 +130,18 @@
       "types": "./dist/bin.d.ts",
       "default": "./dist/bin.js"
     },
+    "./bin/check": {
+      "types": "./dist/bin/check.d.ts",
+      "default": "./dist/bin/check.js"
+    },
+    "./bin/check-primordials": {
+      "types": "./dist/bin/check-primordials.d.ts",
+      "default": "./dist/bin/check-primordials.js"
+    },
+    "./bin/socket-lib": {
+      "types": "./dist/bin/socket-lib.d.ts",
+      "default": "./dist/bin/socket-lib.js"
+    },
     "./cacache": {
       "types": "./dist/cacache.d.ts",
       "default": "./dist/cacache.js"
@@ -135,10 +150,18 @@
       "types": "./dist/cache-with-ttl.d.ts",
       "default": "./dist/cache-with-ttl.js"
     },
+    "./checks/primordials": {
+      "types": "./dist/checks/primordials.d.ts",
+      "default": "./dist/checks/primordials.js"
+    },
     "./colors": {
       "types": "./dist/colors.d.ts",
       "default": "./dist/colors.js"
     },
+    "./compression": {
+      "types": "./dist/compression.d.ts",
+      "default": "./dist/compression.js"
+    },
     "./constants/agents": {
       "types": "./dist/constants/agents.d.ts",
       "default": "./dist/constants/agents.js"