npm - @socketsecurity/lib - Versions diffs - 5.28.0 → 6.0.0 - Mend

@socketsecurity/lib 5.28.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1042) hide show

package/CHANGELOG.md +64 -37
package/README.md +1 -1
package/dist/abort/signal.d.ts +28 -0
package/dist/{abort.js → abort/signal.js} +12 -10
package/dist/ai/discover.d.mts +50 -0
package/dist/ai/discover.js +128 -0
package/dist/ai/profiles.d.mts +39 -0
package/dist/ai/profiles.js +61 -0
package/dist/ai/spawn.d.mts +49 -0
package/dist/ai/spawn.js +207 -0
package/dist/ai/types.d.mts +117 -0
package/dist/ai/types.js +18 -0
package/dist/ai/worktree.d.mts +104 -0
package/dist/ai/worktree.js +200 -0
package/dist/ansi/constants.d.ts +10 -0
package/dist/ansi/constants.js +45 -0
package/dist/ansi/strip.d.ts +33 -0
package/dist/{ansi.js → ansi/strip.js} +7 -24
package/dist/archives/_internal.d.ts +39 -0
package/dist/archives/_internal.js +87 -0
package/dist/archives/detect.d.ts +19 -0
package/dist/archives/detect.js +46 -0
package/dist/archives/extract.d.ts +22 -0
package/dist/archives/extract.js +53 -0
package/dist/archives/tar.d.ts +42 -0
package/dist/archives/tar.js +233 -0
package/dist/archives/types.d.ts +34 -0
package/dist/archives/types.js +18 -0
package/dist/archives/zip.d.ts +20 -0
package/dist/archives/zip.js +124 -0
package/dist/argv/flag-predicates.d.ts +179 -0
package/dist/argv/flag-predicates.js +118 -0
package/dist/argv/flag-types.d.ts +123 -0
package/dist/argv/flag-types.js +116 -0
package/dist/argv/parse.d.ts +34 -33
package/dist/argv/parse.js +6 -4
package/dist/arrays/_internal.d.ts +43 -0
package/dist/{arrays.js → arrays/_internal.js} +8 -41
package/dist/arrays/chunk.d.ts +37 -0
package/dist/arrays/chunk.js +43 -0
package/dist/arrays/join.d.ts +76 -0
package/dist/{env/helpers.js → arrays/join.js} +12 -18
package/dist/arrays/predicates.d.ts +40 -0
package/dist/arrays/predicates.js +30 -0
package/dist/arrays/unique.d.ts +36 -0
package/dist/arrays/unique.js +34 -0
package/dist/bin/_internal.d.ts +22 -0
package/dist/bin/_internal.js +43 -0
package/dist/bin/check-primordials.d.ts +41 -15
package/dist/bin/check-primordials.js +36 -20
package/dist/bin/check.d.ts +7 -12
package/dist/bin/check.js +5 -1
package/dist/bin/exec.d.ts +37 -0
package/dist/bin/exec.js +79 -0
package/dist/bin/find.d.ts +58 -0
package/dist/bin/find.js +143 -0
package/dist/bin/resolve.d.ts +30 -0
package/dist/bin/resolve.js +249 -0
package/dist/bin/shadow.d.ts +16 -0
package/dist/bin/shadow.js +36 -0
package/dist/bin/socket-lib.d.ts +10 -14
package/dist/bin/socket-lib.js +18 -3
package/dist/bin/types.d.ts +34 -0
package/dist/bin/types.js +18 -0
package/dist/bin/which.d.ts +111 -0
package/dist/bin/which.js +155 -0
package/dist/cacache/_internal.d.ts +15 -0
package/dist/cacache/_internal.js +43 -0
package/dist/cacache/clear.d.ts +43 -0
package/dist/cacache/clear.js +77 -0
package/dist/cacache/read.d.ts +31 -0
package/dist/cacache/read.js +51 -0
package/dist/cacache/tmp.d.ts +18 -0
package/dist/cacache/tmp.js +39 -0
package/dist/cacache/types.d.ts +37 -0
package/dist/cacache/types.js +18 -0
package/dist/cacache/write.d.ts +31 -0
package/dist/cacache/write.js +53 -0
package/dist/checks/primordials.d.ts +69 -61
package/dist/checks/primordials.js +141 -92
package/dist/colors/convert.d.ts +35 -0
package/dist/colors/convert.js +42 -0
package/dist/colors/palette.d.ts +7 -0
package/dist/{colors.js → colors/palette.js} +5 -17
package/dist/colors/types.d.ts +29 -0
package/dist/colors/types.js +18 -0
package/dist/compression/_internal.d.ts +33 -0
package/dist/compression/_internal.js +77 -0
package/dist/compression/brotli.d.ts +82 -0
package/dist/{compression.js → compression/brotli.js} +17 -145
package/dist/compression/gzip.d.ts +70 -0
package/dist/compression/gzip.js +142 -0
package/dist/compression/types.d.ts +37 -0
package/dist/compression/types.js +18 -0
package/dist/constants/agents.d.ts +4 -3
package/dist/constants/agents.js +7 -4
package/dist/constants/encoding.d.ts +3 -3
package/dist/constants/github.d.ts +2 -3
package/dist/constants/licenses.d.ts +5 -5
package/dist/constants/licenses.js +2 -2
package/dist/constants/lifecycle-script-names.d.ts +3 -4
package/dist/constants/lifecycle-script-names.js +2 -2
package/dist/constants/maintained-node-versions.d.ts +1 -1
package/dist/constants/maintained-node-versions.js +3 -4
package/dist/constants/node.d.ts +21 -20
package/dist/constants/node.js +4 -4
package/dist/constants/package-default-node-range.d.ts +1 -1
package/dist/constants/package-default-socket-categories.d.ts +1 -1
package/dist/constants/package-default-socket-categories.js +2 -2
package/dist/constants/packages.d.ts +4 -4
package/dist/constants/packages.js +7 -5
package/dist/constants/platform.d.ts +3 -1
package/dist/constants/platform.js +3 -10
package/dist/constants/{core.d.ts → sentinels.d.ts} +4 -4
package/dist/constants/{core.js → sentinels.js} +3 -3
package/dist/constants/socket.d.ts +4 -6
package/dist/constants/socket.js +6 -9
package/dist/constants/testing.d.ts +3 -3
package/dist/constants/time.d.ts +3 -3
package/dist/constants/typescript.d.ts +3 -3
package/dist/cover/code.d.ts +11 -3
package/dist/cover/code.js +26 -36
package/dist/cover/formatters.d.ts +19 -15
package/dist/cover/formatters.js +21 -18
package/dist/cover/type.d.ts +4 -3
package/dist/cover/type.js +9 -8
package/dist/cover/types.d.ts +1 -1
package/dist/crypto/hash.d.ts +36 -0
package/dist/{crypto.js → crypto/hash.js} +17 -17
package/dist/debug/_internal.d.ts +25 -0
package/dist/debug/_internal.js +77 -0
package/dist/debug/caller-info.d.ts +12 -0
package/dist/debug/caller-info.js +67 -0
package/dist/debug/namespace.d.ts +35 -0
package/dist/debug/namespace.js +101 -0
package/dist/{debug.d.ts → debug/output.d.ts} +23 -42
package/dist/debug/output.js +209 -0
package/dist/debug/types.d.ts +21 -0
package/dist/debug/types.js +18 -0
package/dist/dlx/_internal.d.ts +10 -0
package/dist/dlx/_internal.js +47 -0
package/dist/dlx/arborist.d.ts +86 -61
package/dist/dlx/arborist.js +30 -35
package/dist/dlx/binary-cache.d.ts +108 -0
package/dist/dlx/binary-cache.js +212 -0
package/dist/dlx/binary-download.d.ts +67 -0
package/dist/dlx/binary-download.js +216 -0
package/dist/dlx/binary-resolution.d.ts +61 -0
package/dist/dlx/binary-resolution.js +164 -0
package/dist/dlx/binary-types.d.ts +144 -0
package/dist/dlx/binary-types.js +18 -0
package/dist/dlx/binary.d.ts +39 -268
package/dist/dlx/binary.js +38 -319
package/dist/dlx/cache.d.ts +21 -16
package/dist/dlx/cache.js +2 -2
package/dist/dlx/detect.d.ts +94 -68
package/dist/dlx/detect.js +32 -35
package/dist/dlx/dir.d.ts +20 -18
package/dist/dlx/dir.js +7 -14
package/dist/dlx/firewall.d.ts +27 -0
package/dist/dlx/firewall.js +107 -0
package/dist/dlx/lockfile.d.ts +73 -56
package/dist/dlx/lockfile.js +36 -44
package/dist/dlx/manifest.d.ts +50 -51
package/dist/dlx/manifest.js +51 -52
package/dist/dlx/package.d.ts +83 -279
package/dist/dlx/package.js +44 -266
package/dist/dlx/packages.d.ts +22 -20
package/dist/dlx/packages.js +15 -20
package/dist/dlx/paths.d.ts +26 -23
package/dist/dlx/paths.js +8 -15
package/dist/dlx/spec.d.ts +25 -0
package/dist/dlx/spec.js +63 -0
package/dist/dlx/types.d.ts +142 -0
package/dist/dlx/types.js +18 -0
package/dist/eco/cargo/lockfile-format.d.ts +8 -0
package/dist/eco/cargo/lockfile-format.js +39 -0
package/dist/eco/cargo/manifest-format.d.ts +7 -0
package/dist/eco/cargo/manifest-format.js +38 -0
package/dist/eco/cargo/parse-lockfile.d.ts +84 -0
package/dist/eco/cargo/parse-lockfile.js +257 -0
package/dist/eco/manifest/analyze-lockfile.d.ts +10 -0
package/dist/eco/manifest/analyze-lockfile.js +67 -0
package/dist/eco/manifest/detect-format.d.ts +15 -0
package/dist/eco/manifest/detect-format.js +98 -0
package/dist/eco/manifest/find-packages.d.ts +14 -0
package/dist/eco/manifest/find-packages.js +69 -0
package/dist/eco/manifest/get-package-versions.d.ts +8 -0
package/dist/eco/manifest/get-package-versions.js +52 -0
package/dist/eco/manifest/get-package.d.ts +10 -0
package/dist/eco/manifest/get-package.js +44 -0
package/dist/eco/manifest/manifest-error.d.ts +18 -0
package/dist/eco/manifest/manifest-error.js +37 -0
package/dist/eco/manifest/parse-lockfile.d.ts +16 -0
package/dist/eco/manifest/parse-lockfile.js +91 -0
package/dist/eco/manifest/parse-manifest.d.ts +12 -0
package/dist/eco/manifest/parse-manifest.js +48 -0
package/dist/eco/manifest/parse.d.ts +9 -0
package/dist/eco/manifest/parse.js +52 -0
package/dist/eco/manifest/types.d.ts +10 -0
package/dist/eco/manifest/types.js +18 -0
package/dist/eco/npm/bun/exec.d.ts +15 -0
package/dist/eco/npm/bun/exec.js +35 -0
package/dist/eco/npm/manifest-format.d.ts +11 -0
package/dist/eco/npm/manifest-format.js +38 -0
package/dist/eco/npm/npm/exec.d.ts +24 -0
package/dist/eco/npm/npm/exec.js +64 -0
package/dist/eco/npm/npm/extract-package-name-from-path.d.ts +9 -0
package/dist/eco/npm/npm/extract-package-name-from-path.js +54 -0
package/dist/eco/npm/npm/flags.d.ts +62 -0
package/dist/eco/npm/npm/flags.js +63 -0
package/dist/eco/npm/npm/lockfile-format.d.ts +9 -0
package/dist/eco/npm/npm/lockfile-format.js +42 -0
package/dist/eco/npm/npm/parse-git-url.d.ts +13 -0
package/dist/eco/npm/npm/parse-git-url.js +43 -0
package/dist/eco/npm/npm/parse-lockfile.d.ts +70 -0
package/dist/eco/npm/npm/parse-lockfile.js +224 -0
package/dist/eco/npm/parse-package-json.d.ts +16 -0
package/dist/eco/npm/parse-package-json.js +115 -0
package/dist/eco/npm/pnpm/detect-pnpm-version.d.ts +7 -0
package/dist/eco/npm/pnpm/detect-pnpm-version.js +47 -0
package/dist/eco/npm/pnpm/exec.d.ts +26 -0
package/dist/eco/npm/pnpm/exec.js +65 -0
package/dist/eco/npm/pnpm/flags.d.ts +44 -0
package/dist/eco/npm/pnpm/flags.js +76 -0
package/dist/eco/npm/pnpm/lockfile-format.d.ts +8 -0
package/dist/eco/npm/pnpm/lockfile-format.js +39 -0
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +69 -0
package/dist/eco/npm/pnpm/parse-lockfile.js +274 -0
package/dist/eco/npm/pnpm/parse-pnpm-package-id-v5.d.ts +15 -0
package/dist/eco/npm/pnpm/parse-pnpm-package-id-v5.js +50 -0
package/dist/eco/npm/pnpm/parse-pnpm-package-id-v6-v9.d.ts +11 -0
package/dist/eco/npm/pnpm/parse-pnpm-package-id-v6-v9.js +52 -0
package/dist/eco/npm/script.d.ts +35 -0
package/dist/eco/npm/script.js +93 -0
package/dist/eco/npm/vlt/exec.d.ts +16 -0
package/dist/eco/npm/vlt/exec.js +35 -0
package/dist/eco/npm/yarnpkg/yarn/exec.d.ts +28 -0
package/dist/eco/npm/yarnpkg/yarn/exec.js +63 -0
package/dist/eco/npm/yarnpkg/yarn/lockfile-format.d.ts +9 -0
package/dist/eco/npm/yarnpkg/yarn/lockfile-format.js +39 -0
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +61 -0
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +261 -0
package/dist/eco/npm/yarnpkg/yarn/parse-yarn-descriptor.d.ts +16 -0
package/dist/eco/npm/yarnpkg/yarn/parse-yarn-descriptor.js +68 -0
package/dist/{types.d.ts → eco/purl.d.ts} +14 -26
package/dist/{types.js → eco/purl.js} +3 -3
package/dist/eco/types.d.ts +51 -0
package/dist/eco/types.js +18 -0
package/dist/effects/pulse-frames.d.ts +16 -17
package/dist/effects/pulse-frames.js +4 -4
package/dist/effects/shimmer-keyframes.d.ts +39 -37
package/dist/effects/shimmer-terminal.d.ts +43 -42
package/dist/effects/shimmer-terminal.js +3 -3
package/dist/effects/shimmer.d.ts +172 -153
package/dist/effects/shimmer.js +78 -76
package/dist/env/boolean.d.ts +33 -0
package/dist/env/boolean.js +46 -0
package/dist/env/case-insensitive.d.ts +42 -0
package/dist/env/case-insensitive.js +42 -0
package/dist/env/ci.d.ts +11 -12
package/dist/env/debug.d.ts +10 -10
package/dist/env/github.d.ts +71 -74
package/dist/env/home.d.ts +15 -14
package/dist/env/locale.d.ts +26 -29
package/dist/env/node-auth-token.d.ts +10 -10
package/dist/env/node-env.d.ts +10 -10
package/dist/env/npm.d.ts +45 -47
package/dist/env/number.d.ts +29 -0
package/dist/env/number.js +54 -0
package/dist/env/package-manager.d.ts +36 -33
package/dist/env/package-manager.js +3 -3
package/dist/env/path.d.ts +10 -10
package/dist/env/pre-commit.d.ts +11 -11
package/dist/env/pre-commit.js +2 -2
package/dist/env/proxy.d.ts +44 -0
package/dist/env/proxy.js +126 -0
package/dist/env/rewire.d.ts +105 -99
package/dist/env/rewire.js +11 -8
package/dist/env/shell.d.ts +10 -10
package/dist/env/socket-cli.d.ts +109 -125
package/dist/env/socket-cli.js +7 -12
package/dist/env/socket.d.ts +347 -130
package/dist/env/socket.js +107 -8
package/dist/env/string.d.ts +28 -0
package/dist/env/string.js +47 -0
package/dist/env/temp-dir.d.ts +26 -29
package/dist/env/term.d.ts +10 -10
package/dist/env/test.d.ts +29 -31
package/dist/env/test.js +5 -4
package/dist/env/types.d.ts +62 -0
package/dist/env/types.js +18 -0
package/dist/env/windows.d.ts +37 -38
package/dist/env/xdg.d.ts +29 -29
package/dist/errors/message.d.ts +27 -0
package/dist/errors/message.js +49 -0
package/dist/errors/predicates.d.ts +46 -0
package/dist/{errors.js → errors/predicates.js} +13 -43
package/dist/errors/stack.d.ts +16 -0
package/dist/errors/stack.js +39 -0
package/dist/external/@npmcli/package-json/lib/read-package.js +11 -1
package/dist/external/@npmcli/package-json.js +300 -82
package/dist/external/@npmcli/promise-spawn.js +15 -1
package/dist/external/@socketregistry/packageurl-js.js +7 -1
package/dist/external/@socketregistry/yocto-spinner.js +5 -1
package/dist/external/@yarnpkg/extensions.js +1 -1
package/dist/external/adm-zip.js +20 -4
package/dist/external/debug.js +15 -1
package/dist/external/external-pack.js +20 -4
package/dist/external/fast-sort.js +3 -1
package/dist/external/get-east-asian-width.js +3 -1
package/dist/external/libnpmexec.js +5 -1
package/dist/external/npm-pack.js +344 -113
package/dist/external/p-map.js +7 -1
package/dist/external/pico-pack.js +17 -1
package/dist/external/pony-cause.js +1 -1
package/dist/external/spdx-pack.js +3 -1
package/dist/external/supports-color.js +1 -1
package/dist/external/tar-fs.js +15 -1
package/dist/external/which.js +11 -1
package/dist/external/yargs-parser.js +15 -1
package/dist/external-tools/bazel/asset-names.d.ts +66 -0
package/dist/external-tools/bazel/asset-names.js +96 -0
package/dist/external-tools/bazel/from-download.d.ts +49 -0
package/dist/external-tools/bazel/from-download.js +49 -0
package/dist/external-tools/bazel/from-path.d.ts +8 -0
package/dist/external-tools/bazel/from-path.js +41 -0
package/dist/external-tools/bazel/read-bazel-version-file.d.ts +12 -0
package/dist/external-tools/bazel/read-bazel-version-file.js +61 -0
package/dist/external-tools/bazel/resolve-asset-url.d.ts +14 -0
package/dist/external-tools/bazel/resolve-asset-url.js +42 -0
package/dist/external-tools/bazel/resolve-bazel-version.d.ts +19 -0
package/dist/external-tools/bazel/resolve-bazel-version.js +59 -0
package/dist/external-tools/bazel/resolve.d.ts +35 -0
package/dist/external-tools/bazel/resolve.js +68 -0
package/dist/external-tools/bazel/types.d.ts +22 -0
package/dist/external-tools/bazel/types.js +18 -0
package/dist/external-tools/cdxgen/asset-names.d.ts +58 -0
package/dist/external-tools/cdxgen/asset-names.js +79 -0
package/dist/external-tools/cdxgen/from-download.d.ts +43 -0
package/dist/external-tools/cdxgen/from-download.js +83 -0
package/dist/external-tools/cdxgen/from-path.d.ts +5 -0
package/dist/external-tools/cdxgen/from-path.js +40 -0
package/dist/external-tools/cdxgen/from-vfs.d.ts +7 -0
package/dist/external-tools/cdxgen/from-vfs.js +47 -0
package/dist/external-tools/cdxgen/resolve.d.ts +32 -0
package/dist/external-tools/cdxgen/resolve.js +73 -0
package/dist/external-tools/cdxgen/types.d.ts +33 -0
package/dist/external-tools/cdxgen/types.js +18 -0
package/dist/external-tools/from-download.d.ts +162 -0
package/dist/external-tools/from-download.js +72 -0
package/dist/external-tools/janus/asset-names.d.ts +36 -0
package/dist/external-tools/janus/asset-names.js +52 -0
package/dist/external-tools/janus/from-download.d.ts +26 -0
package/dist/external-tools/janus/from-download.js +65 -0
package/dist/external-tools/janus/from-path.d.ts +5 -0
package/dist/external-tools/janus/from-path.js +40 -0
package/dist/external-tools/janus/from-vfs.d.ts +7 -0
package/dist/external-tools/janus/from-vfs.js +47 -0
package/dist/external-tools/janus/resolve.d.ts +28 -0
package/dist/external-tools/janus/resolve.js +73 -0
package/dist/external-tools/janus/types.d.ts +24 -0
package/dist/external-tools/janus/types.js +18 -0
package/dist/external-tools/jre/asset-names.d.ts +91 -0
package/dist/external-tools/jre/asset-names.js +88 -0
package/dist/external-tools/jre/detect-platform-arch.d.ts +8 -0
package/dist/external-tools/jre/detect-platform-arch.js +52 -0
package/dist/external-tools/jre/from-download.d.ts +62 -0
package/dist/external-tools/jre/from-download.js +70 -0
package/dist/external-tools/jre/from-java-home.d.ts +10 -0
package/dist/external-tools/jre/from-java-home.js +57 -0
package/dist/external-tools/jre/from-path.d.ts +9 -0
package/dist/external-tools/jre/from-path.js +52 -0
package/dist/external-tools/jre/from-vfs.d.ts +17 -0
package/dist/external-tools/jre/from-vfs.js +64 -0
package/dist/external-tools/jre/resolve.d.ts +40 -0
package/dist/external-tools/jre/resolve.js +78 -0
package/dist/external-tools/jre/types.d.ts +28 -0
package/dist/external-tools/jre/types.js +18 -0
package/dist/external-tools/manifest.d.ts +105 -0
package/dist/external-tools/manifest.js +167 -0
package/dist/external-tools/opengrep/asset-names.d.ts +44 -0
package/dist/external-tools/opengrep/asset-names.js +78 -0
package/dist/external-tools/opengrep/from-download.d.ts +17 -0
package/dist/external-tools/opengrep/from-download.js +83 -0
package/dist/external-tools/opengrep/from-path.d.ts +5 -0
package/dist/external-tools/opengrep/from-path.js +40 -0
package/dist/external-tools/opengrep/from-vfs.d.ts +8 -0
package/dist/external-tools/opengrep/from-vfs.js +47 -0
package/dist/external-tools/opengrep/resolve.d.ts +26 -0
package/dist/external-tools/opengrep/resolve.js +73 -0
package/dist/external-tools/opengrep/types.d.ts +24 -0
package/dist/external-tools/opengrep/types.js +18 -0
package/dist/external-tools/sbt/asset-names.d.ts +31 -0
package/dist/external-tools/sbt/asset-names.js +33 -0
package/dist/external-tools/sbt/from-download.d.ts +44 -0
package/dist/external-tools/sbt/from-download.js +64 -0
package/dist/external-tools/sbt/from-path.d.ts +8 -0
package/dist/external-tools/sbt/from-path.js +41 -0
package/dist/external-tools/sbt/from-vfs.d.ts +14 -0
package/dist/external-tools/sbt/from-vfs.js +48 -0
package/dist/external-tools/sbt/resolve.d.ts +31 -0
package/dist/external-tools/sbt/resolve.js +73 -0
package/dist/external-tools/sbt/types.d.ts +32 -0
package/dist/external-tools/sbt/types.js +18 -0
package/dist/external-tools/synp/asset-names.d.ts +14 -0
package/dist/external-tools/synp/asset-names.js +32 -0
package/dist/external-tools/synp/from-download.d.ts +18 -0
package/dist/external-tools/synp/from-download.js +44 -0
package/dist/external-tools/synp/from-path.d.ts +5 -0
package/dist/external-tools/synp/from-path.js +40 -0
package/dist/external-tools/synp/from-vfs.d.ts +7 -0
package/dist/external-tools/synp/from-vfs.js +47 -0
package/dist/external-tools/synp/resolve.d.ts +21 -0
package/dist/external-tools/synp/resolve.js +72 -0
package/dist/external-tools/synp/types.d.ts +19 -0
package/dist/external-tools/synp/types.js +18 -0
package/dist/external-tools/trivy/asset-names.d.ts +34 -0
package/dist/external-tools/trivy/asset-names.js +68 -0
package/dist/external-tools/trivy/from-download.d.ts +17 -0
package/dist/external-tools/trivy/from-download.js +67 -0
package/dist/external-tools/trivy/from-path.d.ts +5 -0
package/dist/external-tools/trivy/from-path.js +40 -0
package/dist/external-tools/trivy/from-vfs.d.ts +7 -0
package/dist/external-tools/trivy/from-vfs.js +47 -0
package/dist/external-tools/trivy/resolve.d.ts +26 -0
package/dist/external-tools/trivy/resolve.js +73 -0
package/dist/external-tools/trivy/types.d.ts +24 -0
package/dist/external-tools/trivy/types.js +18 -0
package/dist/external-tools/trufflehog/asset-names.d.ts +34 -0
package/dist/external-tools/trufflehog/asset-names.js +72 -0
package/dist/external-tools/trufflehog/from-download.d.ts +37 -0
package/dist/external-tools/trufflehog/from-download.js +65 -0
package/dist/external-tools/trufflehog/from-path.d.ts +7 -0
package/dist/external-tools/trufflehog/from-path.js +40 -0
package/dist/external-tools/trufflehog/from-vfs.d.ts +11 -0
package/dist/external-tools/trufflehog/from-vfs.js +47 -0
package/dist/external-tools/trufflehog/resolve.d.ts +30 -0
package/dist/external-tools/trufflehog/resolve.js +73 -0
package/dist/external-tools/trufflehog/types.d.ts +25 -0
package/dist/external-tools/trufflehog/types.js +18 -0
package/dist/external-tools/uv/asset-names.d.ts +36 -0
package/dist/external-tools/uv/asset-names.js +80 -0
package/dist/external-tools/uv/from-download.d.ts +17 -0
package/dist/external-tools/uv/from-download.js +68 -0
package/dist/external-tools/uv/from-path.d.ts +5 -0
package/dist/external-tools/uv/from-path.js +40 -0
package/dist/external-tools/uv/from-vfs.d.ts +7 -0
package/dist/external-tools/uv/from-vfs.js +47 -0
package/dist/external-tools/uv/resolve.d.ts +25 -0
package/dist/external-tools/uv/resolve.js +73 -0
package/dist/external-tools/uv/types.d.ts +24 -0
package/dist/external-tools/uv/types.js +18 -0
package/dist/fs/_internal.d.ts +22 -0
package/dist/fs/_internal.js +48 -0
package/dist/fs/encoding.d.ts +49 -0
package/dist/fs/encoding.js +102 -0
package/dist/fs/find-up.d.ts +58 -0
package/dist/fs/find-up.js +152 -0
package/dist/fs/inspect.d.ts +117 -0
package/dist/fs/inspect.js +112 -0
package/dist/fs/path-cache.d.ts +21 -0
package/dist/fs/path-cache.js +35 -0
package/dist/fs/read-dir.d.ts +66 -0
package/dist/fs/read-dir.js +86 -0
package/dist/fs/read-file.d.ts +150 -0
package/dist/fs/read-file.js +131 -0
package/dist/fs/read-json.d.ts +72 -0
package/dist/fs/read-json.js +120 -0
package/dist/fs/safe.d.ts +153 -0
package/dist/fs/safe.js +182 -0
package/dist/fs/types.d.ts +277 -0
package/dist/fs/types.js +18 -0
package/dist/fs/unique.d.ts +29 -0
package/dist/fs/unique.js +51 -0
package/dist/fs/validate.d.ts +40 -0
package/dist/fs/validate.js +46 -0
package/dist/fs/write-json.d.ts +78 -0
package/dist/fs/write-json.js +83 -0
package/dist/git/_internal.d.ts +105 -0
package/dist/git/_internal.js +236 -0
package/dist/git/changed.d.ts +145 -0
package/dist/git/changed.js +83 -0
package/dist/git/repo.d.ts +62 -0
package/dist/git/repo.js +111 -0
package/dist/git/staged.d.ts +138 -0
package/dist/git/staged.js +71 -0
package/dist/git/types.d.ts +109 -0
package/dist/git/types.js +18 -0
package/dist/git/unstaged.d.ts +141 -0
package/dist/git/unstaged.js +71 -0
package/dist/github/constants.d.ts +18 -0
package/dist/github/constants.js +36 -0
package/dist/github/errors.d.ts +36 -0
package/dist/github/errors.js +40 -0
package/dist/github/fetch.d.ts +89 -0
package/dist/github/fetch.js +87 -0
package/dist/github/ghsa.d.ts +118 -0
package/dist/github/ghsa.js +178 -0
package/dist/github/refs-cache.d.ts +40 -0
package/dist/github/refs-cache.js +49 -0
package/dist/github/refs-graphql.d.ts +42 -0
package/dist/github/refs-graphql.js +109 -0
package/dist/github/refs-rest.d.ts +23 -0
package/dist/github/refs-rest.js +104 -0
package/dist/github/refs.d.ts +84 -0
package/dist/github/refs.js +67 -0
package/dist/github/token.d.ts +77 -0
package/dist/github/token.js +55 -0
package/dist/github/types.d.ts +277 -0
package/dist/github/types.js +18 -0
package/dist/globs/_internal.d.ts +46 -0
package/dist/globs/_internal.js +96 -0
package/dist/globs/defaults.d.ts +7 -0
package/dist/globs/defaults.js +61 -0
package/dist/globs/glob.d.ts +59 -0
package/dist/globs/glob.js +84 -0
package/dist/globs/matcher.d.ts +46 -0
package/dist/globs/matcher.js +99 -0
package/dist/globs/stream.d.ts +18 -0
package/dist/globs/stream.js +58 -0
package/dist/globs/types.d.ts +35 -0
package/dist/globs/types.js +18 -0
package/dist/http-request/_internal.d.ts +18 -0
package/dist/http-request/_internal.js +39 -0
package/dist/http-request/checksums.d.ts +69 -0
package/dist/http-request/checksums.js +72 -0
package/dist/http-request/convenience.d.ts +104 -0
package/dist/http-request/convenience.js +96 -0
package/dist/http-request/download-types.d.ts +224 -0
package/dist/http-request/download-types.js +18 -0
package/dist/http-request/download.d.ts +71 -0
package/dist/http-request/download.js +201 -0
package/dist/http-request/errors.d.ts +23 -0
package/dist/http-request/errors.js +50 -0
package/dist/http-request/headers.d.ts +57 -0
package/dist/http-request/headers.js +86 -0
package/dist/http-request/request-attempt.d.ts +21 -0
package/dist/http-request/request-attempt.js +284 -0
package/dist/http-request/request-types.d.ts +238 -0
package/dist/http-request/request-types.js +18 -0
package/dist/http-request/request.d.ts +59 -0
package/dist/http-request/request.js +106 -0
package/dist/http-request/response-reader.d.ts +25 -0
package/dist/http-request/response-reader.js +54 -0
package/dist/http-request/response-types.d.ts +123 -0
package/dist/http-request/response-types.js +40 -0
package/dist/http-request/user-agent.d.ts +55 -0
package/dist/http-request/user-agent.js +61 -0
package/dist/{dlx/integrity.d.ts → integrity.d.ts} +36 -30
package/dist/{dlx/integrity.js → integrity.js} +25 -19
package/dist/ipc/_internal.d.ts +25 -0
package/dist/ipc/_internal.js +50 -0
package/dist/ipc/directory.d.ts +18 -0
package/dist/ipc/directory.js +66 -0
package/dist/ipc/paths.d.ts +37 -0
package/dist/ipc/paths.js +48 -0
package/dist/ipc/types.d.ts +22 -0
package/dist/ipc/types.js +18 -0
package/dist/ipc/write.d.ts +39 -0
package/dist/ipc/write.js +77 -0
package/dist/ipc-cli/get.d.ts +21 -0
package/dist/{ipc-cli.js → ipc-cli/get.js} +5 -5
package/dist/ipc-cli/types.d.ts +14 -0
package/dist/ipc-cli/types.js +18 -0
package/dist/json/edit.d.ts +22 -8
package/dist/json/edit.js +85 -96
package/dist/json/format.d.ts +100 -86
package/dist/json/format.js +4 -3
package/dist/json/parse.d.ts +113 -88
package/dist/json/parse.js +30 -24
package/dist/json/types.d.ts +133 -117
package/dist/links/link.d.ts +65 -0
package/dist/{links.js → links/link.js} +10 -10
package/dist/links/types.d.ts +19 -0
package/dist/links/types.js +18 -0
package/dist/logger/_internal.d.ts +82 -0
package/dist/logger/_internal.js +80 -0
package/dist/logger/colors.d.ts +18 -0
package/dist/logger/colors.js +54 -0
package/dist/logger/console.d.ts +33 -0
package/dist/logger/console.js +119 -0
package/dist/logger/logger.d.ts +405 -0
package/dist/logger/logger.js +854 -0
package/dist/logger/symbols-builder.d.ts +29 -0
package/dist/logger/symbols-builder.js +61 -0
package/dist/logger/symbols.d.ts +61 -0
package/dist/logger/symbols.js +129 -0
package/dist/logger/types.d.ts +88 -0
package/dist/logger/types.js +18 -0
package/dist/memo/_internal.d.ts +16 -0
package/dist/memo/_internal.js +53 -0
package/dist/memo/async.d.ts +32 -0
package/dist/memo/async.js +120 -0
package/dist/memo/clear.d.ts +15 -0
package/dist/memo/clear.js +37 -0
package/dist/memo/decorator.d.ts +29 -0
package/dist/memo/decorator.js +40 -0
package/dist/memo/memoize.d.ts +33 -0
package/dist/memo/memoize.js +91 -0
package/dist/memo/once.d.ts +25 -0
package/dist/memo/once.js +44 -0
package/dist/memo/types.d.ts +43 -0
package/dist/memo/types.js +18 -0
package/dist/memo/weak.d.ts +26 -0
package/dist/memo/weak.js +44 -0
package/dist/node/async-hooks.d.ts +2 -2
package/dist/node/child-process.d.ts +5 -7
package/dist/node/crypto.d.ts +2 -2
package/dist/node/events.d.ts +2 -2
package/dist/node/fs-promises.d.ts +2 -2
package/dist/node/fs.d.ts +6 -10
package/dist/node/http.d.ts +2 -2
package/dist/node/https.d.ts +2 -2
package/dist/node/module.d.ts +7 -0
package/dist/node/module.js +41 -0
package/dist/node/os.d.ts +2 -2
package/dist/node/path.d.ts +2 -2
package/dist/node/timers-promises.d.ts +2 -2
package/dist/node/url.d.ts +2 -2
package/dist/node/util.d.ts +2 -2
package/dist/objects/getters.d.ts +116 -0
package/dist/objects/getters.js +137 -0
package/dist/objects/inspect.d.ts +67 -0
package/dist/objects/inspect.js +59 -0
package/dist/objects/mutate.d.ts +72 -0
package/dist/objects/mutate.js +81 -0
package/dist/objects/predicates.d.ts +96 -0
package/dist/objects/predicates.js +68 -0
package/dist/objects/sort.d.ts +88 -0
package/dist/objects/sort.js +85 -0
package/dist/objects/types.d.ts +68 -0
package/dist/objects/types.js +18 -0
package/dist/packages/edit-class.d.ts +39 -0
package/dist/packages/edit-class.js +269 -0
package/dist/packages/edit.d.ts +60 -61
package/dist/packages/edit.js +21 -286
package/dist/packages/exports.d.ts +30 -28
package/dist/packages/exports.js +38 -34
package/dist/packages/isolation.d.ts +16 -7
package/dist/packages/isolation.js +50 -57
package/dist/packages/licenses.d.ts +49 -45
package/dist/packages/licenses.js +13 -18
package/dist/packages/manifest.d.ts +14 -14
package/dist/packages/manifest.js +16 -15
package/dist/packages/normalize.d.ts +17 -16
package/dist/packages/normalize.js +20 -17
package/dist/packages/operations.d.ts +49 -36
package/dist/packages/operations.js +30 -15
package/dist/packages/provenance.d.ts +22 -9
package/dist/packages/provenance.js +76 -66
package/dist/packages/specs.d.ts +21 -21
package/dist/packages/specs.js +7 -7
package/dist/{packages.d.ts → packages/types.d.ts} +12 -20
package/dist/packages/types.js +18 -0
package/dist/packages/validation.d.ts +13 -13
package/dist/packages/validation.js +2 -2
package/dist/paths/_internal.d.ts +51 -0
package/dist/paths/_internal.js +102 -0
package/dist/paths/conversion.d.ts +82 -0
package/dist/paths/conversion.js +74 -0
package/dist/paths/dirnames.d.ts +1 -1
package/dist/paths/exts.d.ts +1 -1
package/dist/paths/filenames.d.ts +1 -1
package/dist/paths/globs.d.ts +1 -1
package/dist/paths/normalize.d.ts +30 -440
package/dist/paths/normalize.js +49 -289
package/dist/paths/packages.d.ts +7 -1
package/dist/paths/packages.js +7 -12
package/dist/paths/predicates.d.ts +129 -0
package/dist/paths/predicates.js +121 -0
package/dist/paths/resolve.d.ts +71 -0
package/dist/paths/resolve.js +135 -0
package/dist/paths/rewire.d.ts +37 -38
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.d.ts +146 -47
package/dist/paths/socket.js +23 -25
package/dist/perf/_internal.d.ts +10 -0
package/dist/perf/_internal.js +30 -0
package/dist/perf/enabled.d.ts +13 -0
package/dist/perf/enabled.js +33 -0
package/dist/perf/metrics.d.ts +51 -0
package/dist/perf/metrics.js +74 -0
package/dist/perf/report.d.ts +40 -0
package/dist/perf/report.js +85 -0
package/dist/perf/timer.d.ts +100 -0
package/dist/perf/timer.js +137 -0
package/dist/perf/types.d.ts +15 -0
package/dist/perf/types.js +18 -0
package/dist/pkg-ext/data.d.ts +8 -0
package/dist/{package-extensions.js → pkg-ext/data.js} +4 -4
package/dist/pkg-ext/types.d.ts +6 -0
package/dist/pkg-ext/types.js +18 -0
package/dist/primordials/array.d.ts +73 -0
package/dist/primordials/array.js +220 -0
package/dist/primordials/buffer.d.ts +17 -0
package/dist/primordials/buffer.js +61 -0
package/dist/primordials/date.d.ts +16 -0
package/dist/primordials/date.js +56 -0
package/dist/primordials/error.d.ts +19 -0
package/dist/primordials/error.js +75 -0
package/dist/primordials/function.d.ts +10 -0
package/dist/primordials/function.js +42 -0
package/dist/primordials/globals.d.ts +17 -0
package/dist/primordials/globals.js +54 -0
package/dist/primordials/json.d.ts +11 -0
package/dist/primordials/json.js +33 -0
package/dist/primordials/map-set.d.ts +35 -0
package/dist/primordials/map-set.js +115 -0
package/dist/primordials/math.d.ts +51 -0
package/dist/primordials/math.js +161 -0
package/dist/primordials/number.d.ts +25 -0
package/dist/primordials/number.js +92 -0
package/dist/primordials/object.d.ts +74 -0
package/dist/primordials/object.js +142 -0
package/dist/primordials/promise.d.ts +34 -0
package/dist/primordials/promise.js +61 -0
package/dist/primordials/reflect.d.ts +18 -0
package/dist/primordials/reflect.js +66 -0
package/dist/primordials/regexp.d.ts +14 -0
package/dist/primordials/regexp.js +50 -0
package/dist/primordials/string.d.ts +71 -0
package/dist/primordials/string.js +174 -0
package/dist/primordials/symbol.d.ts +28 -0
package/dist/primordials/symbol.js +94 -0
package/dist/primordials/uncurry.d.ts +18 -0
package/dist/primordials/uncurry.js +65 -0
package/dist/primordials/url.d.ts +13 -0
package/dist/primordials/url.js +69 -0
package/dist/process/_internal.d.ts +8 -0
package/dist/process/_internal.js +33 -0
package/dist/process/abort.d.ts +20 -0
package/dist/{constants/process.js → process/abort.js} +3 -3
package/dist/process/lock-instance.d.ts +19 -0
package/dist/process/lock-instance.js +31 -0
package/dist/process/lock-manager.d.ts +152 -0
package/dist/{process-lock.js → process/lock-manager.js} +97 -105
package/dist/process/lock-types.d.ts +43 -0
package/dist/process/lock-types.js +18 -0
package/dist/process/transient.d.ts +22 -0
package/dist/{temporary-executor.js → process/transient.js} +8 -8
package/dist/promise-queue/queue.d.ts +51 -0
package/dist/{promise-queue.js → promise-queue/queue.js} +27 -22
package/dist/promise-queue/types.d.ts +10 -0
package/dist/promise-queue/types.js +18 -0
package/dist/promises/_internal.d.ts +15 -0
package/dist/promises/_internal.js +41 -0
package/dist/promises/iterate.d.ts +190 -0
package/dist/promises/iterate.js +111 -0
package/dist/promises/options.d.ts +76 -0
package/dist/promises/options.js +108 -0
package/dist/promises/resolvers.d.ts +55 -0
package/dist/promises/resolvers.js +49 -0
package/dist/promises/retry.d.ts +105 -0
package/dist/promises/retry.js +104 -0
package/dist/promises/types.d.ts +190 -0
package/dist/promises/types.js +18 -0
package/dist/regexps/escape.d.ts +6 -0
package/dist/regexps/escape.js +32 -0
package/dist/regexps/hex.d.ts +7 -0
package/dist/regexps/hex.js +38 -0
package/dist/regexps/spec.d.ts +15 -0
package/dist/{regexps.js → regexps/spec.js} +32 -36
package/dist/releases/github-archives.d.ts +47 -36
package/dist/releases/github-archives.js +21 -35
package/dist/releases/github-asset-url.d.ts +72 -0
package/dist/releases/github-asset-url.js +167 -0
package/dist/releases/github-assets.d.ts +13 -11
package/dist/releases/github-assets.js +2 -2
package/dist/releases/github-auth.d.ts +9 -9
package/dist/releases/github-downloads.d.ts +31 -26
package/dist/releases/github-downloads.js +22 -34
package/dist/releases/github-listing.d.ts +105 -0
package/dist/releases/github-listing.js +171 -0
package/dist/releases/github-types.d.ts +45 -19
package/dist/releases/socket-btm.d.ts +149 -99
package/dist/releases/socket-btm.js +14 -20
package/dist/schema/parse.d.ts +14 -15
package/dist/schema/parse.js +2 -2
package/dist/schema/types.d.ts +49 -37
package/dist/schema/validate.d.ts +42 -19
package/dist/schema/validate.js +15 -6
package/dist/sea/detect.d.ts +37 -0
package/dist/sea/{util.js → detect.js} +6 -6
package/dist/secrets/_internal.d.ts +57 -0
package/dist/secrets/_internal.js +84 -0
package/dist/secrets/find.d.ts +79 -0
package/dist/secrets/find.js +84 -0
package/dist/secrets/keychain.d.ts +138 -0
package/dist/secrets/keychain.js +328 -0
package/dist/secrets/linux.d.ts +20 -0
package/dist/secrets/linux.js +151 -0
package/dist/secrets/macos.d.ts +36 -0
package/dist/secrets/macos.js +165 -0
package/dist/secrets/rc.d.ts +139 -0
package/dist/secrets/rc.js +196 -0
package/dist/secrets/socket-api-token.d.ts +23 -0
package/dist/secrets/socket-api-token.js +50 -0
package/dist/secrets/types.d.ts +69 -0
package/dist/secrets/types.js +18 -0
package/dist/secrets/windows.d.ts +50 -0
package/dist/secrets/windows.js +318 -0
package/dist/shadow/skip.d.ts +25 -0
package/dist/{shadow.js → shadow/skip.js} +4 -4
package/dist/shadow/types.d.ts +8 -0
package/dist/shadow/types.js +18 -0
package/dist/signal-exit/_internal.d.ts +68 -0
package/dist/signal-exit/_internal.js +127 -0
package/dist/signal-exit/intercept.d.ts +8 -0
package/dist/signal-exit/intercept.js +75 -0
package/dist/signal-exit/lifecycle.d.ts +28 -0
package/dist/signal-exit/lifecycle.js +109 -0
package/dist/signal-exit/register.d.ts +20 -0
package/dist/signal-exit/register.js +58 -0
package/dist/signal-exit/signals.d.ts +16 -0
package/dist/signal-exit/signals.js +34 -0
package/dist/signal-exit/types.d.ts +21 -0
package/dist/signal-exit/types.js +18 -0
package/dist/smol/detect.d.ts +80 -0
package/dist/smol/{util.js → detect.js} +16 -24
package/dist/smol/http.d.ts +60 -0
package/dist/smol/http.js +42 -0
package/dist/smol/https.d.ts +59 -0
package/dist/smol/https.js +42 -0
package/dist/smol/manifest.d.ts +140 -0
package/dist/smol/manifest.js +42 -0
package/dist/smol/primordial.d.ts +16 -21
package/dist/smol/primordial.js +7 -11
package/dist/smol/purl.d.ts +84 -0
package/dist/smol/purl.js +42 -0
package/dist/smol/versions.d.ts +11 -14
package/dist/smol/versions.js +7 -11
package/dist/smol/vfs.d.ts +99 -0
package/dist/smol/vfs.js +43 -0
package/dist/sorts/_internal.d.ts +9 -0
package/dist/sorts/_internal.js +47 -0
package/dist/sorts/natural.d.ts +39 -0
package/dist/{sorts.js → sorts/natural.js} +5 -42
package/dist/sorts/semver.d.ts +15 -0
package/dist/sorts/semver.js +46 -0
package/dist/sorts/strings.d.ts +16 -0
package/dist/sorts/strings.js +33 -0
package/dist/sorts/types.d.ts +7 -0
package/dist/sorts/types.js +18 -0
package/dist/spawn/_internal.d.ts +24 -0
package/dist/spawn/_internal.js +62 -0
package/dist/spawn/errors.d.ts +45 -0
package/dist/spawn/errors.js +118 -0
package/dist/spawn/spawn.d.ts +134 -0
package/dist/{spawn.js → spawn/spawn.js} +29 -147
package/dist/spawn/stdio.d.ts +37 -0
package/dist/spawn/stdio.js +38 -0
package/dist/spawn/types.d.ts +325 -0
package/dist/spawn/types.js +18 -0
package/dist/spinner/format.d.ts +64 -0
package/dist/spinner/format.js +83 -0
package/dist/spinner/registry.d.ts +49 -0
package/dist/spinner/registry.js +70 -0
package/dist/spinner/spinner.d.ts +40 -0
package/dist/spinner/spinner.js +802 -0
package/dist/spinner/types.d.ts +368 -0
package/dist/spinner/types.js +18 -0
package/dist/spinner/with.d.ts +125 -0
package/dist/spinner/with.js +144 -0
package/dist/ssri/convert.d.ts +48 -0
package/dist/{ssri.js → ssri/convert.js} +11 -34
package/dist/ssri/parse.d.ts +27 -0
package/dist/ssri/parse.js +40 -0
package/dist/ssri/validate.d.ts +41 -0
package/dist/ssri/validate.js +39 -0
package/dist/stdio/{_stream.d.ts → _internal.d.ts} +10 -5
package/dist/stdio/{_stream.js → _internal.js} +3 -3
package/dist/stdio/clear.d.ts +98 -84
package/dist/stdio/divider.d.ts +100 -78
package/dist/stdio/divider.js +36 -14
package/dist/stdio/footer.d.ts +75 -51
package/dist/stdio/footer.js +28 -18
package/dist/stdio/header.d.ts +61 -50
package/dist/stdio/header.js +15 -13
package/dist/stdio/progress.d.ts +67 -57
package/dist/stdio/progress.js +55 -51
package/dist/stdio/prompts.d.ts +147 -100
package/dist/stdio/prompts.js +23 -15
package/dist/stdio/stderr.d.ts +86 -84
package/dist/stdio/stderr.js +6 -6
package/dist/stdio/stdout.d.ts +77 -78
package/dist/stdio/stdout.js +6 -6
package/dist/streams/parallel.d.ts +40 -0
package/dist/{streams.js → streams/parallel.js} +10 -27
package/dist/streams/transform.d.ts +20 -0
package/dist/streams/transform.js +48 -0
package/dist/strings/format.d.ts +115 -0
package/dist/strings/format.js +73 -0
package/dist/strings/predicates.d.ts +52 -0
package/dist/strings/predicates.js +39 -0
package/dist/strings/search.d.ts +34 -0
package/dist/strings/search.js +45 -0
package/dist/strings/transform.d.ts +80 -0
package/dist/strings/transform.js +79 -0
package/dist/strings/types.d.ts +38 -0
package/dist/strings/types.js +18 -0
package/dist/strings/width.d.ts +42 -0
package/dist/strings/width.js +95 -0
package/dist/tables/bordered.d.ts +44 -0
package/dist/tables/bordered.js +84 -0
package/dist/tables/padding.d.ts +18 -0
package/dist/tables/padding.js +51 -0
package/dist/tables/simple.d.ts +36 -0
package/dist/tables/simple.js +73 -0
package/dist/tables/types.d.ts +15 -0
package/dist/tables/types.js +18 -0
package/dist/temporal/instant.d.ts +39 -0
package/dist/temporal/instant.js +91 -0
package/dist/temporal/now.d.ts +24 -0
package/dist/temporal/now.js +34 -0
package/dist/temporal/slots.d.ts +32 -0
package/dist/temporal/slots.js +45 -0
package/dist/temporal/system.d.ts +20 -0
package/dist/temporal/system.js +42 -0
package/dist/temporal/temporal.d.ts +22 -0
package/dist/temporal/temporal.js +43 -0
package/dist/themes/context.d.ts +65 -48
package/dist/themes/context.js +6 -2
package/dist/themes/resolve.d.ts +90 -0
package/dist/themes/{utils.js → resolve.js} +6 -6
package/dist/themes/themes.d.ts +14 -16
package/dist/themes/types.d.ts +93 -35
package/dist/ttl-cache/cache.d.ts +29 -0
package/dist/{cache-with-ttl.js → ttl-cache/cache.js} +45 -37
package/dist/ttl-cache/types.d.ts +109 -0
package/dist/ttl-cache/types.js +18 -0
package/dist/url/parse.d.ts +26 -0
package/dist/url/parse.js +57 -0
package/dist/url/predicates.d.ts +15 -0
package/dist/url/predicates.js +34 -0
package/dist/url/search-params.d.ts +71 -0
package/dist/{url.js → url/search-params.js} +19 -54
package/dist/url/types.d.ts +20 -0
package/dist/url/types.js +18 -0
package/dist/versions/_internal.d.ts +24 -0
package/dist/versions/_internal.js +37 -0
package/dist/versions/compare.d.ts +57 -0
package/dist/versions/compare.js +65 -0
package/dist/versions/modify.d.ts +28 -0
package/dist/versions/modify.js +44 -0
package/dist/versions/parse.d.ts +67 -0
package/dist/versions/parse.js +77 -0
package/dist/versions/range.d.ts +45 -0
package/dist/versions/range.js +50 -0
package/dist/versions/types.d.ts +13 -0
package/dist/versions/types.js +18 -0
package/dist/warnings/event-target.d.ts +31 -0
package/dist/warnings/event-target.js +43 -0
package/dist/warnings/suppress.d.ts +65 -0
package/dist/{suppress-warnings.js → warnings/suppress.js} +16 -28
package/dist/words/article.d.ts +14 -0
package/dist/words/article.js +33 -0
package/dist/words/capitalize.d.ts +15 -0
package/dist/{words.js → words/capitalize.js} +5 -18
package/dist/words/pluralize.d.ts +16 -0
package/dist/words/pluralize.js +34 -0
package/dist/words/types.d.ts +7 -0
package/dist/words/types.js +18 -0
package/package.json +1919 -247
package/dist/abort.d.ts +0 -27
package/dist/agent.d.ts +0 -196
package/dist/agent.js +0 -287
package/dist/ansi.d.ts +0 -39
package/dist/archives.d.ts +0 -95
package/dist/archives.js +0 -408
package/dist/argv/flags.d.ts +0 -292
package/dist/argv/flags.js +0 -297
package/dist/arrays.d.ts +0 -168
package/dist/bin.d.ts +0 -181
package/dist/bin.js +0 -544
package/dist/cacache.d.ts +0 -130
package/dist/cacache.js +0 -156
package/dist/cache-with-ttl.d.ts +0 -165
package/dist/colors.d.ts +0 -49
package/dist/compression.d.ts +0 -218
package/dist/constants/process.d.ts +0 -20
package/dist/crypto.d.ts +0 -36
package/dist/debug.js +0 -337
package/dist/env/helpers.d.ts +0 -66
package/dist/env.d.ts +0 -182
package/dist/env.js +0 -205
package/dist/errors.d.ts +0 -100
package/dist/fs.d.ts +0 -916
package/dist/fs.js +0 -808
package/dist/git.d.ts +0 -546
package/dist/git.js +0 -409
package/dist/github.d.ts +0 -526
package/dist/github.js +0 -448
package/dist/globs.d.ts +0 -119
package/dist/globs.js +0 -282
package/dist/http-request.d.ts +0 -951
package/dist/http-request.js +0 -761
package/dist/ipc-cli.d.ts +0 -28
package/dist/ipc.d.ts +0 -76
package/dist/ipc.js +0 -130
package/dist/links.d.ts +0 -69
package/dist/logger.d.ts +0 -993
package/dist/logger.js +0 -1498
package/dist/memoization.d.ts +0 -131
package/dist/memoization.js +0 -243
package/dist/objects.d.ts +0 -500
package/dist/objects.js +0 -303
package/dist/package-extensions.d.ts +0 -9
package/dist/packages.js +0 -132
package/dist/performance.d.ts +0 -181
package/dist/performance.js +0 -233
package/dist/primordials.d.ts +0 -420
package/dist/primordials.js +0 -1116
package/dist/process-lock.d.ts +0 -180
package/dist/promise-queue.d.ts +0 -48
package/dist/promises.d.ts +0 -506
package/dist/promises.js +0 -292
package/dist/regexps.d.ts +0 -6
package/dist/releases/github-api.d.ts +0 -56
package/dist/releases/github-api.js +0 -275
package/dist/sea/util.d.ts +0 -43
package/dist/shadow.d.ts +0 -28
package/dist/signal-exit.d.ts +0 -50
package/dist/signal-exit.js +0 -247
package/dist/smol/util.d.ts +0 -87
package/dist/sorts.d.ts +0 -59
package/dist/spawn.d.ts +0 -454
package/dist/spinner.d.ts +0 -444
package/dist/spinner.js +0 -988
package/dist/ssri.d.ts +0 -90
package/dist/streams.d.ts +0 -45
package/dist/strings.d.ts +0 -414
package/dist/strings.js +0 -218
package/dist/suppress-warnings.d.ts +0 -81
package/dist/tables.d.ts +0 -73
package/dist/tables.js +0 -133
package/dist/temporary-executor.d.ts +0 -20
package/dist/themes/utils.d.ts +0 -86
package/dist/url.d.ts +0 -114
package/dist/versions.d.ts +0 -207
package/dist/versions.js +0 -181
package/dist/words.d.ts +0 -39

package/CHANGELOG.md CHANGED Viewed

@@ -5,46 +5,75 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [6.0.0](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.0) - 2026-05-20
+Public-surface reshape. All top-level barrels are gone; import from named leaf subpaths instead. `@socketsecurity/lib/logger` and `@socketsecurity/lib/errors` stay as aliases.
+### Removed (breaking)
+- **All top-level barrel modules.** Replace with leaf subpaths — e.g. `fs` → `fs/safe`, `http-request` → `http-request/convenience`, `packages` → `packages/operations`, `versions` → `versions/compare`. Affects `fs`, `http-request`, `spinner`, `git`, `github`, `spawn`, `bin`, `primordials`, `objects`, `strings`, `promises`, `arrays`, `url`, `packages`, `cacache`, `signal-exit`, `compression`, `archives`, `globs`, `regexps`, `ssri`, `colors`, `ansi`, `crypto`, `abort`, `streams`, `links`, `shadow`, `ipc`, `ipc-cli`, `errors`, `words`, `tables`, `sorts`, `env`, `debug`, `versions`, `types`.
+- **`agent` removed.** Per-tool helpers under `eco/npm/<tool>/{exec,flags}` (`bun`, `npm`, `pnpm`, `vlt`, `yarnpkg/yarn`).
+- **`types/` removed.** Schema types under `eco/purl` and `eco/types`.
+- **Subdir renames.** `memoization/` → `memo/`, `performance/` → `perf/`, `suppress-warnings/` → `warnings/`, `cache-with-ttl/` → `ttl-cache/`, `process-lock/` → `process/`, `package-extensions/` → `pkg-ext/`, `temporary-executor/` → `process/transient` (`isRunningInTemporaryExecutor` → `isTransientProcess`).
+- **`SOCKET_LIB_USER_AGENT` + `SOCKET_LIB_URL` removed.** Use `getSocketCallerUserAgent()` from `http-request/user-agent` — see Added.
+### Changed (breaking)
+- **`versions` API renamed.** `compareVersions` → `compare`, `isEqual` → `eq` (+ new `neq`), `isLessThan(OrEqual)` → `lt`/`lte`, `isGreaterThan(OrEqual)` → `gt`/`gte`, `sortVersions` → `sort`, `sortVersionsDesc` → `rsort`. Runs through `node:smol-versions` when present, falls back to `semver`.
+- **`dlx/manifest` `ManifestEntry` → `DlxManifestEntry`** (disambiguates from `eco/types` `ManifestEntry`).
+- **`dlx/arborist getBaseArboristOptions`** second arg is now `{ quiet }` instead of positional `quiet: boolean`.
+- **Predicates renamed for scope clarity** — cwd/process-scoped predicates now carry the scope in the name.
+- **Default `User-Agent` header** now `socketsecurity-lib/<version> node/<node-version> <platform>/<arch>` (was `socketsecurity-lib/<version> (<url>)`).
+### Added
+- **`http-request/user-agent`** — `buildUserAgent({ name, version }, caller?)` for the canonical three-token UA, and `getSocketCallerUserAgent()` for the lib's own outbound requests. Set `SOCKET_CALLER_USER_AGENT` to append your own identifier to the lib UA (empty/whitespace is ignored).
+- **`packages/operations#pkgNameToSlug(name)`** — `@scope/name` → `scope-name`, plain names unchanged.
+- **`secrets/socket-api-token`** — `readSocketApiToken()` / `readSocketApiTokenSync()` resolve the Socket API token from keychain → `SOCKET_API_TOKEN` (canonical) → `SOCKET_API_KEY` (legacy). Pass `{ allowEnvOnly }` to skip keychain in headless contexts.
+- **`ai/discover` + `ai/spawn`** — locked-down spawn helpers for Claude / Codex / Gemini / OpenCode CLIs. Type-level enforcement of the four lockdown flags (`tools`, `allowedTools`, `disallowedTools`, `permissionMode: 'dontAsk'`). Retries HTTP 529 / "Overloaded" with 5 s / 15 s / 45 s backoff.
+- **`socket-lib check primordials --fix`** — applies suggested rewrites for `.socket-lib.json`-tracked drift.
+- **9 new primordial exports** (305 total) — Array.prototype: `ToLocaleString`, `ToString`. String.prototype: `IsWellFormed` (ES2024), `ToString`, `ToWellFormed` (ES2024), `ValueOf`. Number.prototype: `ToExponential`, `ToPrecision`, `ValueOf`. `StringPrototypeIsWellFormed` routes through `node:smol-primordial` on the smol Node binary — ASCII strings short-circuit to `true` without an O(n) lone-surrogate scan.
+### Fixed
+- **pnpm v9 `isDev` derivation.** Snapshot entries were stuck at `depType: 'prod'` because v9 dropped the per-snapshot `dev` marker. Now derived per-package across all importer blocks; ties go to prod, matching pnpm's resolver.
+- **yarn `dependenciesMeta` inversion.** A child's `optional: true` was flipping the parent's `isOptional`; flags now refer to the child as declared.
+- **pnpm v9 phantom PackageRef.** Block-shape importer entries emitted a parent ref with `version: ''` before the indented `version:` was consumed.
+- **pnpm v9 protocol filter.** `workspace:`, `file:`, and `link:` importer values are no longer surfaced as registry refs.
+- **npm v1 alias extraction.** Aliased installs (`"alias": { "version": "npm:<real>@<ver>" }`) now surface the real `{ name, version }`; the alias key is preserved on `_index`.
+- **npm v2/v3 workspace + alias name preference.** Path-keyed workspace entries and aliased installs honor the explicit `pkg.name` over the path-derived fallback.
+### Migration
+```diff
+- import { safeDelete, readJson } from '@socketsecurity/lib/fs'
++ import { safeDelete } from '@socketsecurity/lib/fs/safe'
++ import { readJson } from '@socketsecurity/lib/fs/read-json'
+- import { httpJson } from '@socketsecurity/lib/http-request'
++ import { httpJson } from '@socketsecurity/lib/http-request/convenience'
+- import { compareVersions, isLessThan, sortVersions } from '@socketsecurity/lib/versions'
+- compareVersions(a, b); isLessThan(a, b); sortVersions(arr)
++ import { compare, lt, sort } from '@socketsecurity/lib/versions/compare'
++ compare(a, b); lt(a, b); sort(arr)
+```
 ## [5.28.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.28.0) - 2026-05-06
 ### Added
-- **`compression` (new export)** — brotli + gzip helpers with three calling shapes (in-memory `Buffer`, file-to-file, raw streams) and a single `{ inPlace: true }` option for compress/decompress-in-place. 28 named exports total:
-  - In-memory: `compressBrotli`, `decompressBrotli`, `compressGzip`, `decompressGzip`
-  - File-to-file: `compressBrotliFile`, `decompressBrotliFile`, `compressGzipFile`, `decompressGzipFile` — each with three overloads (explicit dest, in-place, options object). The gzip in-place path follows `.tgz` → `.tar` convention so a round-trip is lossless
-  - Streams: `createBrotliCompressor`, `createBrotliDecompressor`, `createGzipCompressor`, `createGzipDecompressor`
-  - Detection: `isBrotliCompressed(buffer)` / `isGzipCompressed(buffer)` (magic-byte sniffing)
-  - Path classification: `hasBrotliExt(filePath)` / `hasGzipExt(filePath)` — case-insensitive `path.extname` match against `.br` / `.brotli` / `.gz` / `.gzip` / `.tgz`
-  - Helpers: `BROTLI_EXTS` / `GZIP_EXTS` `ReadonlySet<string>` constants; `stripExt(filePath, exts)` for trimming a recognized extension from a path; `resolveBrotliOptions` / `resolveGzipOptions` for translating `CompressOptions` into the underlying zlib option shapes
-  - `CompressOptions` / `CompressFileOptions` interfaces
-- **`socket-lib` CLI (new `bin` entry)** — fleet-wide static-analysis dispatcher invoked via `pnpm exec socket-lib <command>`. Initial subcommand: `check primordials` (alias `check prim`) — diffs every name destructured from `primordials` in scanned source against `@socketsecurity/lib`'s exposed primordials set, emitting unmapped or missing-from-lib findings. Reads sectional config from `.socket-lib.json` (with `.config/socket-lib.json` as a fallback) or a bare object for single-check setups. Flags: `--config / -c <path>` (defaults to `.socket-lib.json`, falls back to `.config/socket-lib.json`), `--explain`, `--json`, `--silent`, `--help`. Lifted from socket-btm's `scripts/check-primordials-coverage.mts` so the same drift gate now ships to every consumer.
-- **`dlx/package` `installRoot` option** — new `EnsurePackageInstallOptions` (and `DlxPackageOptions`) field overriding the install root passed to Arborist. Default remains `~/.socket/_dlx/<cacheKey>/`; when set, the value is used verbatim. Lets build pipelines colocate the install with their own gitignored outputs (e.g. ink-builder bundling ink via esbuild). Caller owns per-spec separation; see JSDoc for the full contract.
+- **`compression` (new)** — brotli + gzip helpers with in-memory `Buffer`, file-to-file (with `{ inPlace: true }`), and stream-creator shapes. Detection (`isBrotliCompressed` / `isGzipCompressed` magic-byte sniffing), extension classification (`hasBrotliExt` / `hasGzipExt`), `BROTLI_EXTS` / `GZIP_EXTS` constants, `stripExt(path, exts)`, and `CompressOptions` / `CompressFileOptions` types.
+- **`socket-lib` CLI** — `pnpm exec socket-lib <command>` dispatcher. First subcommand: `check primordials` (alias `check prim`) diffs source-destructured primordials against the lib's set. Reads `.socket-lib.json` (or `.config/socket-lib.json`). Flags: `--config`, `--explain`, `--json`, `--silent`, `--help`.
+- **`dlx/package` `installRoot`** option overrides the Arborist install root (default `~/.socket/_dlx/<cacheKey>/`). Useful for colocating installs with consumer-owned build outputs.
 ## [5.27.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.27.0) - 2026-05-04
 ### Added
-- **45 new `primordials` exports** rounding out the surface to 296 total:
-  - `BigIntCtor`
-  - Math: 24 methods (Acos, Atan2, Hypot, Pow, etc.) + 8 constants (E, PI, SQRT2, etc.); `MathF16round` typed `| undefined` for ES2025
-  - Number constants: `EPSILON`, `MAX_SAFE_INTEGER`, `MAX_VALUE`, `MIN_SAFE_INTEGER`, `MIN_VALUE`, `NEGATIVE_INFINITY`, `POSITIVE_INFINITY`
-  - Symbol: 10 well-knowns (`HasInstance`, `KeyFor`, `Match`, `Species`, etc.); `SymbolAsyncDispose` / `SymbolDispose` typed `| undefined` for ES2024; prototype helpers (`Description`, `ToString`, `ValueOf`)
-  - Function: `FunctionPrototypeToString`
-  - Array (ES2023 Change Array By Copy): `ArrayPrototypeToSpliced`, `ArrayPrototypeWith`
-  - Globals: `InfinityValue`, `NaNValue`, `globalThisRef`
-  - Object (annex B): `ObjectPrototype{Define,Lookup}{Getter,Setter}`
-  - Error (V8 stack-trace API, `| undefined`): `ErrorCaptureStackTrace`, `ErrorPrepareStackTrace`, `ErrorStackTraceLimit` (function-shaped, reads live value)
-- **`smol/*` (new exports)** — feature-detect + lazy-loaders for socket-btm's smol Node binary:
-  - `smol/detect` — `isSmol()`: memoized boolean, mirrors `isSeaBinary()`
-  - `smol/util` — `getSmolUtil()`: native `uncurryThis` / `applyBind` (~2x faster), or `undefined`
-  - `smol/primordial` — `getSmolPrimordial()`: V8 Fast API typed `Math.*` / `Number.is*` (~30-50% faster on hot loops), or `undefined`
-  - `primordials` transparently routes through these on smol; **zero call-site changes**, identical behavior on stock Node, smol, browsers, Deno, Bun
-- **`node/*` (new exports)** — per-builtin lazy-loaders for `node:*` modules. Each is `/*@__NO_SIDE_EFFECTS__*/`-marked so bundlers tree-shake the `require()` when unused:
-  - `node/fs` (`getNodeFs`), `node/path` (`getNodePath`), `node/crypto` (`getNodeCrypto`), `node/http` (`getNodeHttp`), `node/https` (`getNodeHttps`), `node/os` (`getNodeOs`), `node/util` (`getNodeUtil`), `node/url` (`getNodeUrl`), `node/events` (`getNodeEvents`)
-  - `node/child-process` (`getNodeChildProcess`), `node/async-hooks` (`getNodeAsyncHooks`), `node/fs-promises` (`getNodeFsPromises`), `node/timers-promises` (`getNodeTimersPromises`)
-  - Replaces ~30 ad-hoc copies of the same lazy-loader boilerplate previously scattered across `http-request.ts`, `spawn.ts`, `fs.ts`, `crypto.ts`, etc.
+- **45 new `primordials` exports** (296 total) — `BigIntCtor`; 24 `Math.*` methods + 8 constants (`MathF16round` typed `| undefined` for ES2025); 7 `Number` constants; 10 `Symbol` well-knowns + 3 prototype helpers (`SymbolAsyncDispose` / `SymbolDispose` typed `| undefined`); `FunctionPrototypeToString`; ES2023 array-copy (`ArrayPrototypeToSpliced`, `ArrayPrototypeWith`); `InfinityValue` / `NaNValue` / `globalThisRef`; `ObjectPrototype{Define,Lookup}{Getter,Setter}`; V8 stack-trace API.
+- **`smol/*`** — feature-detect for socket-btm's smol Node binary. `smol/detect` (`isSmol()`), `smol/util` (`getSmolUtil()` — native `uncurryThis` / `applyBind`), `smol/primordial` (`getSmolPrimordial()` — V8 Fast API typed `Math.*` / `Number.is*`). `primordials` routes through these on smol transparently; no call-site changes.
+- **`node/*`** — per-builtin lazy-loaders, side-effect-free for tree-shaking: `node/fs`, `node/path`, `node/crypto`, `node/http`, `node/https`, `node/os`, `node/util`, `node/url`, `node/events`, `node/child-process`, `node/async-hooks`, `node/fs-promises`, `node/timers-promises`.
 ## [5.26.1](https://github.com/SocketDev/socket-lib/releases/tag/v5.26.1) - 2026-05-01
@@ -78,12 +107,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
-- `globs` `getGlobMatcher` — narrow the `path.matchesGlob` fast-path that an earlier draft introduced. `path.matchesGlob` doesn't honor the picomatch defaults (`dot: true`, `nocase: true`) that callers expect, so taking the fast-path under those defaults silently changed observable behavior — including breaking the case-insensitive default everywhere a single-pattern matcher was used. The fast-path now activates only when the caller has explicitly opted out of both defaults (`nocase: false` AND `dot: false`), signaling "I want strict, case-sensitive, no-dotfile-match" — exactly what `path.matchesGlob` provides
-- `globs` `glob` / `globSync` — normalize results to forward slashes via `paths/normalize.normalizePath` regardless of which backend (`node:fs.glob` or `fast-glob`) was used. Restores fast-glob's forward-slash contract on Windows, where `node:fs.glob` returns native-OS separators
-- `globs` `glob` / `globSync` / `globStreamLicenses` — strip a trailing `/` from `ignore` patterns before passing them to fast-glob. The gitignore convention of writing directory entries as `dist/` was silently dropped at the deep-filter level (fast-glob walked the entire subtree before discarding results), which on a large `dist/` could push memory past the limit. fast-glob v3.3.3 and the unreleased v4 both have the bug; tracked at [mrmlnc/fast-glob#437](https://github.com/mrmlnc/fast-glob/issues/437). Same workaround as [SocketDev/socket-cli#1288](https://github.com/SocketDev/socket-cli/pull/1288).
-- `releases/github-api` `getLatestRelease` and `getReleaseAssetUrl` transparently fall back to GraphQL when GitHub REST returns 200 + empty body (search-degraded incident shape)
-- `github` `resolveRefToSha` and `fetchGhsaDetails` get the same GraphQL fallback for the same incident shape
-- All fallbacks only fire on the empty-body signature; real 404s, rate-limits, and 5xx still propagate
+- `globs` `getGlobMatcher` — `path.matchesGlob` fast-path only activates when the caller opts out of both picomatch defaults (`nocase: false` AND `dot: false`); previously took the fast-path under default options and silently broke case-insensitive matching.
+- `globs` `glob` / `globSync` — results normalized to forward slashes on Windows regardless of backend (`node:fs.glob` returns native-OS separators).
+- `globs` `glob` / `globSync` / `globStreamLicenses` — trailing `/` stripped from `ignore` patterns before passing to fast-glob (gitignore-style `dist/` was silently dropped at the deep-filter level). Workaround for [mrmlnc/fast-glob#437](https://github.com/mrmlnc/fast-glob/issues/437).
+- GitHub helpers (`releases/github-api`, `github/resolveRefToSha`, `fetchGhsaDetails`) fall back to GraphQL on the "search-degraded" 200 OK + empty body shape. Real 404s / rate-limits / 5xx still propagate.
 ## [5.26.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.26.0) - 2026-04-27

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 [![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/lib)](https://socket.dev/npm/package/@socketsecurity/lib)
 [![CI](https://github.com/SocketDev/socket-lib/actions/workflows/ci.yml/badge.svg)](https://github.com/SocketDev/socket-lib/actions/workflows/ci.yml)
-![Coverage](https://img.shields.io/badge/coverage-85%25-brightgreen)
+![Coverage](https://img.shields.io/badge/coverage-98%25-brightgreen)
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 [![Follow @socket.dev on Bluesky](https://img.shields.io/badge/Follow-@socket.dev-1DA1F2?style=social&logo=bluesky)](https://bsky.app/profile/socket.dev)

package/dist/abort/signal.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * @file Abort signal utilities — composite signal construction from multiple
+ *   sources and timeout-driven signal creation.
+ */
+/**
+ * Create a composite AbortSignal from multiple signals.
+ *
+ * @example
+ *   ;```typescript
+ *   const ac1 = new AbortController()
+ *   const ac2 = new AbortController()
+ *   const signal = createCompositeAbortSignal(ac1.signal, ac2.signal)
+ *   ```
+ */
+export declare function createCompositeAbortSignal(...signals: Array<AbortSignal | null | undefined>): AbortSignal;
+/**
+ * Create an AbortSignal that triggers after a timeout.
+ *
+ * @example
+ *   ;```typescript
+ *   const signal = createTimeoutSignal(5000) // aborts after 5 seconds
+ *   fetch('https://example.com', { signal })
+ *   ```
+ *
+ * @throws {TypeError} If `ms` is not a number, is NaN, is not finite, or is not
+ *   positive.
+ */
+export declare function createTimeoutSignal(ms: number): AbortSignal;

package/dist/{abort.js → abort/signal.js} RENAMED Viewed

@@ -18,13 +18,15 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var abort_exports = {};
-__export(abort_exports, {
+var signal_exports = {};
+__export(signal_exports, {
   createCompositeAbortSignal: () => createCompositeAbortSignal,
   createTimeoutSignal: () => createTimeoutSignal
 });
-module.exports = __toCommonJS(abort_exports);
-var import_primordials = require("./primordials");
+module.exports = __toCommonJS(signal_exports);
+var import_error = require("../primordials/error");
+var import_math = require("../primordials/math");
+var import_number = require("../primordials/number");
 function createCompositeAbortSignal(...signals) {
   const validSignals = signals.filter((s) => s != null);
   if (validSignals.length === 0) {
@@ -44,16 +46,16 @@ function createCompositeAbortSignal(...signals) {
   return controller.signal;
 }
 function createTimeoutSignal(ms) {
-  if (typeof ms !== "number" || (0, import_primordials.NumberIsNaN)(ms)) {
-    throw new import_primordials.TypeErrorCtor("timeout must be a number");
+  if (typeof ms !== "number" || (0, import_number.NumberIsNaN)(ms)) {
+    throw new import_error.TypeErrorCtor("timeout must be a number");
   }
-  if (!(0, import_primordials.NumberIsFinite)(ms)) {
-    throw new import_primordials.TypeErrorCtor("timeout must be a finite number");
+  if (!(0, import_number.NumberIsFinite)(ms)) {
+    throw new import_error.TypeErrorCtor("timeout must be a finite number");
   }
   if (ms <= 0) {
-    throw new import_primordials.TypeErrorCtor("timeout must be a positive number");
+    throw new import_error.TypeErrorCtor("timeout must be a positive number");
   }
-  return AbortSignal.timeout((0, import_primordials.MathCeil)(ms));
+  return AbortSignal.timeout((0, import_math.MathCeil)(ms));
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/ai/discover.d.mts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * @file Detect which AI agent CLIs are installed on PATH. Strategy:
+ *   which()-based lookup with a two-tier cache:
+ *
+ *   1. In-process Map — survives until the Node process exits.
+ *   2. On-disk JSON at `<repo>/.cache/agent-discovery.json`, TTL 1h — survives
+ *      across subprocess invocations (per-file ai-lint-fix batches) without
+ *      re-running which(). Cache invalidation: stale on-disk cache is detected
+ *      by mtime comparison; missing or expired → fresh which() pass + rewrite.
+ *      Why two tiers: hooks and skills spawn dozens of short-lived Node
+ *      processes per session. In-process alone misses the cross-process
+ *      speedup; on-disk alone hits the filesystem on every call. The
+ *      combination keeps repeated lookups under a millisecond after the
+ *      cold-start cost.
+ */
+import type { DiscoveredAgents } from './types.mts';
+export declare function cachePathFor(repoRoot: string): string;
+/**
+ * Discover which AI agent CLIs are installed.
+ *
+ * @param options.repoRoot - Where to read/write the on-disk cache. Defaults to
+ *   process.cwd(). Skill runners typically pass the target repo's root.
+ * @param options.refresh - When true, bypass both caches and re-run which().
+ *   Useful after `npm i -g <agent>` mid-session.
+ *
+ *   Returns a map of agent → absolute binary path. Agents that aren't installed
+ *   are absent from the map (not present-with-undefined), so callers can use
+ *   `'claude' in agents` for the existence check.
+ */
+export declare function discoverAiAgents(options?: {
+    readonly refresh?: boolean;
+    readonly repoRoot?: string;
+}): Promise<DiscoveredAgents>;
+export declare function discoverFresh(): DiscoveredAgents;
+/**
+ * Synchronous in-process lookup. Skips disk cache + which(). Returns undefined
+ * if discoverAiAgents() hasn't been called yet in this process, OR returns the
+ * most recent discovery result.
+ *
+ * Useful in fast paths where the caller has already populated the cache and
+ * just wants to read it back.
+ */
+export declare function getDiscoveredAiAgents(): DiscoveredAgents | undefined;
+export declare function readDiskCache(cachePath: string): DiscoveredAgents | undefined;
+/**
+ * Reset the in-process cache. Tests use this; production callers shouldn't need
+ * it (use `refresh: true` on discoverAiAgents()).
+ */
+export declare function resetAiAgentDiscoveryCache(): void;
+export declare function writeDiskCache(cachePath: string, agents: DiscoveredAgents): Promise<void>;

package/dist/ai/discover.js ADDED Viewed

@@ -0,0 +1,128 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var discover_exports = {};
+__export(discover_exports, {
+  cachePathFor: () => cachePathFor,
+  discoverAiAgents: () => discoverAiAgents,
+  discoverFresh: () => discoverFresh,
+  getDiscoveredAiAgents: () => getDiscoveredAiAgents,
+  readDiskCache: () => readDiskCache,
+  resetAiAgentDiscoveryCache: () => resetAiAgentDiscoveryCache,
+  writeDiskCache: () => writeDiskCache
+});
+module.exports = __toCommonJS(discover_exports);
+var import_node_fs = require("node:fs");
+var import_promises = require("node:fs/promises");
+var import_node_path = __toESM(require("node:path"), 1);
+var import_which = require("../bin/which");
+var import_message = require("../errors/message");
+var import_logger = require("../logger/logger");
+var import_json = require("../primordials/json");
+const logger = (0, import_logger.getDefaultLogger)();
+const KNOWN_AGENTS = [
+  "claude",
+  "codex",
+  "gemini",
+  "opencode"
+];
+const CACHE_TTL_MS = 60 * 60 * 1e3;
+let inProcessCache;
+function cachePathFor(repoRoot) {
+  return import_node_path.default.join(repoRoot, ".cache", "agent-discovery.json");
+}
+async function discoverAiAgents(options = {}) {
+  const { refresh = false, repoRoot = process.cwd() } = options;
+  if (!refresh && inProcessCache) {
+    return inProcessCache;
+  }
+  const cachePath = cachePathFor(repoRoot);
+  if (!refresh) {
+    const fromDisk = readDiskCache(cachePath);
+    if (fromDisk) {
+      inProcessCache = fromDisk;
+      return fromDisk;
+    }
+  }
+  const fresh = discoverFresh();
+  inProcessCache = fresh;
+  await writeDiskCache(cachePath, fresh);
+  return fresh;
+}
+function discoverFresh() {
+  const out = {};
+  for (const name of KNOWN_AGENTS) {
+    const found = (0, import_which.whichSync)(name);
+    if (typeof found === "string" && found) {
+      out[name] = found;
+    }
+  }
+  return out;
+}
+function getDiscoveredAiAgents() {
+  return inProcessCache;
+}
+function readDiskCache(cachePath) {
+  if (!(0, import_node_fs.existsSync)(cachePath)) {
+    return void 0;
+  }
+  try {
+    const raw = (0, import_node_fs.readFileSync)(cachePath, "utf8");
+    const parsed = (0, import_json.JSONParse)(raw);
+    if (typeof parsed !== "object" || parsed === null || typeof parsed.writtenAt !== "number" || Date.now() - parsed.writtenAt > CACHE_TTL_MS) {
+      return void 0;
+    }
+    return parsed.agents;
+  } catch {
+    return void 0;
+  }
+}
+function resetAiAgentDiscoveryCache() {
+  inProcessCache = void 0;
+}
+async function writeDiskCache(cachePath, agents) {
+  try {
+    await (0, import_promises.mkdir)(import_node_path.default.dirname(cachePath), { recursive: true });
+    const payload = { agents, writtenAt: Date.now() };
+    (0, import_node_fs.writeFileSync)(cachePath, (0, import_json.JSONStringify)(payload, void 0, 2) + "\n");
+  } catch (e) {
+    logger.error(`discoverAiAgents: cache write failed (${(0, import_message.errorMessage)(e)})`);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  cachePathFor,
+  discoverAiAgents,
+  discoverFresh,
+  getDiscoveredAiAgents,
+  readDiskCache,
+  resetAiAgentDiscoveryCache,
+  writeDiskCache
+});

package/dist/ai/profiles.d.mts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * @file Pre-built lockdown profiles for spawnAiAgent. Per CLAUDE.md
+ *   "Programmatic Claude calls" rule: every spawn must set tools / disallow /
+ *   permissionMode (and the helper always sets --no-session-persistence +
+ *   --add-dir cwd). These profiles are canonical safe defaults that callers
+ *   spread + override per call. Choose by capability:
+ *
+ *   - `READ_ONLY_PROFILE` — research / scanning. Read + Grep + Glob
+ *   - WebFetch + WebSearch. No Edit, no Write, no Bash. Use for static analysis
+ *     skills (scanning-quality, scanning-security).
+ *   - `EDIT_ONLY_PROFILE` — fix-mode. Read + Edit + Grep + Glob. Bash explicitly
+ *     denied. Use for skills that mutate source files but don't run arbitrary
+ *     shell (ai-lint-fix, refactor passes).
+ *   - `FULL_FIX_PROFILE` — fix-mode WITH Bash. Read + Edit + Write + Grep + Glob
+ *   - Bash (allowlisted to git/pnpm/node by default). Use for skills that need to
+ *     commit, run tests, install deps. No `WIDE_OPEN_PROFILE` exists by design
+ *     — letting an agent run arbitrary tools is the lockdown rule's exact
+ *     failure mode.
+ */
+import type { PermissionMode } from './types.mts';
+interface Profile {
+    readonly allow: readonly string[];
+    readonly disallow: readonly string[];
+    readonly permissionMode: PermissionMode;
+    readonly tools: readonly string[];
+}
+/**
+ * Read-only research / scanning. No mutation.
+ */
+export declare const READ_ONLY_PROFILE: Profile;
+/**
+ * Edit-mode without Bash. Mutates source but can't run shell.
+ */
+export declare const EDIT_ONLY_PROFILE: Profile;
+/**
+ * Fix-mode with Bash, allowlisted to git / pnpm / node.
+ */
+export declare const FULL_FIX_PROFILE: Profile;
+export {};

package/dist/ai/profiles.js ADDED Viewed

@@ -0,0 +1,61 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var profiles_exports = {};
+__export(profiles_exports, {
+  EDIT_ONLY_PROFILE: () => EDIT_ONLY_PROFILE,
+  FULL_FIX_PROFILE: () => FULL_FIX_PROFILE,
+  READ_ONLY_PROFILE: () => READ_ONLY_PROFILE
+});
+module.exports = __toCommonJS(profiles_exports);
+const READ_ONLY_PROFILE = {
+  allow: [],
+  disallow: ["Bash", "Edit", "MultiEdit", "Write"],
+  permissionMode: "dontAsk",
+  tools: ["Glob", "Grep", "Read", "WebFetch", "WebSearch"]
+};
+const EDIT_ONLY_PROFILE = {
+  allow: [],
+  disallow: ["Bash", "WebFetch", "WebSearch"],
+  permissionMode: "acceptEdits",
+  tools: ["Edit", "Glob", "Grep", "MultiEdit", "Read", "Write"]
+};
+const FULL_FIX_PROFILE = {
+  allow: [
+    "Bash(git status:*)",
+    "Bash(git diff:*)",
+    "Bash(git log:*)",
+    "Bash(git add:*)",
+    "Bash(git commit:*)",
+    "Bash(node:*)",
+    "Bash(pnpm exec:*)",
+    "Bash(pnpm run:*)",
+    "Bash(pnpm test:*)"
+  ],
+  disallow: ["WebFetch", "WebSearch"],
+  permissionMode: "acceptEdits",
+  tools: ["Bash", "Edit", "Glob", "Grep", "MultiEdit", "Read", "Write"]
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  EDIT_ONLY_PROFILE,
+  FULL_FIX_PROFILE,
+  READ_ONLY_PROFILE
+});

package/dist/ai/spawn.d.mts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * @file Locked-down spawn for AI agent CLIs (Claude / Codex / Gemini /
+ *   OpenCode). Per the CLAUDE.md "Programmatic Claude calls" rule: every
+ *   headless invocation MUST set the four lockdown flags (tools / disallow /
+ *   permissionMode / no-session-persistence). The helper enforces this at the
+ *   type level (`SpawnAiAgentOptions` requires the relevant fields) AND at the
+ *   spawn site (per-agent flag translator). Why CLI subprocess instead of an
+ *   SDK call: the fleet's contract matches what the local user sees when
+ *   invoking the CLI — same auth config, same model availability, same tool
+ *   permissions. SDK calls would diverge on auth handling and force per-agent
+ *   SDK installs. Retry: 3 attempts on overload (HTTP 529 / "Overloaded"), exp.
+ *   backoff (5s / 15s / 45s). Each retry is a fresh subprocess.
+ */
+import type { AgentSpawnResult, AiAgentName, SpawnAiAgentOptions } from './types.mts';
+export declare function backoffFor(attempt: number): number;
+/**
+ * Build CLI arg list for a given agent. The flag names differ across agents but
+ * the conceptual surface is the same: "here are the allowed tools, here are the
+ * denied tools, here is the permission mode, do not persist a session." This
+ * translator is the single source of truth for how each agent's flags map.
+ *
+ * Update sites (when an agent changes its flag surface): 1. The relevant case
+ * below. 2. The agent's docs link (cited inline).
+ */
+export declare function buildArgs(agent: AiAgentName, opts: SpawnAiAgentOptions): string[];
+export declare function isOverloaded(stdout: string, stderr: string): boolean;
+export declare function pickAgent(requested: AiAgentName | undefined, cwd: string): Promise<AiAgentName>;
+/**
+ * Spawn an AI agent CLI subprocess with the locked-down flag set.
+ *
+ * @example
+ *   ```ts
+ *   import { EDIT_ONLY_PROFILE } from '@socketsecurity/lib/ai/profiles'
+ *   import { spawnAiAgent } from '@socketsecurity/lib/ai/spawn'
+ *
+ *   const result = await spawnAiAgent({
+ *   ...EDIT_ONLY_PROFILE,
+ *   prompt: 'Fix the lint findings in src/foo.ts',
+ *   cwd: process.cwd(),
+ *   model: 'claude-sonnet-4-6',
+ *   timeoutMs: 5 * 60 * 1000,
+ *   })
+ *   if (result.exitCode !== 0) { ... }
+ *   ```
+ *
+ *   Throws when the requested agent isn't on PATH (or, when no agent
+ *   is requested, when none of the known agents are on PATH).
+ */
+export declare function spawnAiAgent(opts: SpawnAiAgentOptions): Promise<AgentSpawnResult>;