@socketsecurity/lib 5.3.0 → 5.4.1

package/dist/paths/socket.js

@@ -1,10 +1,8 @@
 "use strict";
 /* Socket Lib - Built with esbuild */
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -18,14 +16,6 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var socket_exports = {};
 __export(socket_exports, {
@@ -44,8 +34,6 @@ __export(socket_exports, {
   getUserHomeDir: () => getUserHomeDir
 });
 module.exports = __toCommonJS(socket_exports);
-var os = __toESM(require("os"));
-var path = __toESM(require("path"));
 var import_github = require("../constants/github");
 var import_socket = require("../constants/socket");
 var import_home = require("../env/home");
@@ -54,11 +42,27 @@ var import_windows = require("../env/windows");
 var import_dirnames = require("./dirnames");
 var import_normalize = require("./normalize");
 var import_rewire = require("./rewire");
+let _os;
+// @__NO_SIDE_EFFECTS__
+function getOs() {
+  if (_os === void 0) {
+    _os = require("os");
+  }
+  return _os;
+}
+let _path;
+// @__NO_SIDE_EFFECTS__
+function getPath() {
+  if (_path === void 0) {
+    _path = require("path");
+  }
+  return _path;
+}
 function getOsHomeDir() {
-  return (0, import_rewire.getPathValue)("homedir", () => os.homedir());
+  return (0, import_rewire.getPathValue)("homedir", () => (/* @__PURE__ */ getOs()).homedir());
 }
 function getOsTmpDir() {
-  return (0, import_rewire.getPathValue)("tmpdir", () => os.tmpdir());
+  return (0, import_rewire.getPathValue)("tmpdir", () => (/* @__PURE__ */ getOs()).tmpdir());
 }
 function getSocketHomePath() {
   return getSocketUserDir();
@@ -69,12 +73,12 @@ function getSocketUserDir() {
     if (socketHome) {
       return (0, import_normalize.normalizePath)(socketHome);
     }
-    return (0, import_normalize.normalizePath)(path.join(getUserHomeDir(), import_dirnames.DOT_SOCKET_DIR));
+    return (0, import_normalize.normalizePath)((/* @__PURE__ */ getPath()).join(getUserHomeDir(), import_dirnames.DOT_SOCKET_DIR));
   });
 }
 function getSocketAppDir(appName) {
   return (0, import_normalize.normalizePath)(
-    path.join(getSocketUserDir(), `${import_socket.SOCKET_APP_PREFIX}${appName}`)
+    (/* @__PURE__ */ getPath()).join(getSocketUserDir(), `${import_socket.SOCKET_APP_PREFIX}${appName}`)
   );
 }
 function getSocketCacacheDir() {
@@ -83,7 +87,7 @@ function getSocketCacacheDir() {
       return (0, import_normalize.normalizePath)((0, import_socket2.getSocketCacacheDir)());
     }
     return (0, import_normalize.normalizePath)(
-      path.join(getSocketUserDir(), `${import_socket.SOCKET_APP_PREFIX}cacache`)
+      (/* @__PURE__ */ getPath()).join(getSocketUserDir(), `${import_socket.SOCKET_APP_PREFIX}cacache`)
     );
   });
 }
@@ -93,7 +97,7 @@ function getSocketDlxDir() {
       return (0, import_normalize.normalizePath)((0, import_socket2.getSocketDlxDirEnv)());
     }
     return (0, import_normalize.normalizePath)(
-      path.join(
+      (/* @__PURE__ */ getPath()).join(
         getSocketUserDir(),
         `${import_socket.SOCKET_APP_PREFIX}${import_socket.SOCKET_DLX_APP_NAME}`
       )
@@ -101,10 +105,12 @@ function getSocketDlxDir() {
   });
 }
 function getSocketAppCacheDir(appName) {
-  return (0, import_normalize.normalizePath)(path.join(getSocketAppDir(appName), import_dirnames.CACHE_DIR));
+  return (0, import_normalize.normalizePath)((/* @__PURE__ */ getPath()).join(getSocketAppDir(appName), import_dirnames.CACHE_DIR));
 }
 function getSocketAppCacheTtlDir(appName) {
-  return (0, import_normalize.normalizePath)(path.join(getSocketAppCacheDir(appName), import_dirnames.CACHE_TTL_DIR));
+  return (0, import_normalize.normalizePath)(
+    (/* @__PURE__ */ getPath()).join(getSocketAppCacheDir(appName), import_dirnames.CACHE_TTL_DIR)
+  );
 }
 function getSocketCliDir() {
   return getSocketAppDir(import_socket.SOCKET_CLI_APP_NAME);
@@ -114,7 +120,7 @@ function getSocketRegistryDir() {
 }
 function getSocketRegistryGithubCacheDir() {
   return (0, import_normalize.normalizePath)(
-    path.join(
+    (/* @__PURE__ */ getPath()).join(
       getSocketAppCacheTtlDir(import_socket.SOCKET_REGISTRY_APP_NAME),
       import_github.CACHE_GITHUB_DIR
     )

package/dist/process-lock.js

@@ -22,11 +22,20 @@ __export(process_lock_exports, {
   processLock: () => processLock
 });
 module.exports = __toCommonJS(process_lock_exports);
-var import_fs = require("fs");
-var import_fs2 = require("./fs");
+var import_fs = require("./fs");
 var import_logger = require("./logger");
 var import_promises = require("./promises");
 var import_signal_exit = require("./signal-exit");
+let _fs;
+// @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("fs");
+  }
+  return _fs;
+}
+const fs = /* @__PURE__ */ getFs();
+const { existsSync, mkdirSync, statSync, utimesSync } = fs;
 const logger = (0, import_logger.getDefaultLogger)();
 class ProcessLockManager {
   activeLocks = /* @__PURE__ */ new Set();
@@ -47,8 +56,8 @@ class ProcessLockManager {
       this.touchTimers.clear();
       for (const lockPath of this.activeLocks) {
         try {
-          if ((0, import_fs.existsSync)(lockPath)) {
-            (0, import_fs2.safeDeleteSync)(lockPath, { recursive: true });
+          if (existsSync(lockPath)) {
+            (0, import_fs.safeDeleteSync)(lockPath, { recursive: true });
           }
         } catch {
         }
@@ -64,9 +73,9 @@ class ProcessLockManager {
    */
   touchLock(lockPath) {
     try {
-      if ((0, import_fs.existsSync)(lockPath)) {
+      if (existsSync(lockPath)) {
         const now = /* @__PURE__ */ new Date();
-        (0, import_fs.utimesSync)(lockPath, now, now);
+        utimesSync(lockPath, now, now);
       }
     } catch (error) {
       logger.warn(
@@ -114,10 +123,10 @@ class ProcessLockManager {
    */
   isStale(lockPath, staleMs) {
     try {
-      if (!(0, import_fs.existsSync)(lockPath)) {
+      if (!existsSync(lockPath)) {
         return false;
       }
-      const stats = (0, import_fs.statSync)(lockPath);
+      const stats = statSync(lockPath);
       const ageSeconds = Math.floor((Date.now() - stats.mtime.getTime()) / 1e3);
       const staleSeconds = Math.floor(staleMs / 1e3);
       return ageSeconds > staleSeconds;
@@ -160,17 +169,17 @@ class ProcessLockManager {
     return await (0, import_promises.pRetry)(
       async () => {
         try {
-          if ((0, import_fs.existsSync)(lockPath) && this.isStale(lockPath, staleMs)) {
+          if (existsSync(lockPath) && this.isStale(lockPath, staleMs)) {
             logger.log(`Removing stale lock: ${lockPath}`);
             try {
-              (0, import_fs2.safeDeleteSync)(lockPath, { recursive: true });
+              (0, import_fs.safeDeleteSync)(lockPath, { recursive: true });
             } catch {
             }
           }
-          if ((0, import_fs.existsSync)(lockPath)) {
+          if (existsSync(lockPath)) {
             throw new Error(`Lock already exists: ${lockPath}`);
           }
-          (0, import_fs.mkdirSync)(lockPath, { recursive: true });
+          mkdirSync(lockPath, { recursive: true });
           this.activeLocks.add(lockPath);
           this.startTouchTimer(lockPath, touchIntervalMs);
           return () => this.release(lockPath);
@@ -246,8 +255,8 @@ To resolve:
   release(lockPath) {
     this.stopTouchTimer(lockPath);
     try {
-      if ((0, import_fs.existsSync)(lockPath)) {
-        (0, import_fs2.safeDeleteSync)(lockPath, { recursive: true });
+      if (existsSync(lockPath)) {
+        (0, import_fs.safeDeleteSync)(lockPath, { recursive: true });
       }
       this.activeLocks.delete(lockPath);
     } catch (error) {

package/dist/releases/github.d.ts

@@ -1,69 +1,84 @@
 /**
- * Socket-btm GitHub repository configuration.
- */
-export declare const SOCKET_BTM_REPO: {
-    readonly owner: "SocketDev";
-    readonly repo: "socket-btm";
-};
-/**
- * Configuration for repository access.
+ * Pattern for matching release assets.
+ * Can be either:
+ * - A string with glob pattern syntax
+ * - A prefix/suffix pair for explicit matching (backward compatible)
+ * - A RegExp for complex patterns
+ *
+ * String patterns support full glob syntax via picomatch.
+ * Examples:
+ * - Simple wildcard: yoga-sync-*.mjs matches yoga-sync-abc123.mjs
+ * - Complex: models-*.tar.gz matches models-2024-01-15.tar.gz
+ * - Prefix wildcard: *-models.tar.gz matches foo-models.tar.gz
+ * - Suffix wildcard: yoga-* matches yoga-layout
+ * - Brace expansion: {yoga,models}-*.{mjs,js} matches yoga-abc.mjs or models-xyz.js
+ *
+ * For backward compatibility, prefix/suffix objects are still supported but glob patterns are recommended.
  */
-export interface RepoConfig {
-    /**
-     * GitHub repository owner/organization.
-     */
-    owner: string;
-    /**
-     * GitHub repository name.
-     */
-    repo: string;
-}
+export type AssetPattern = string | {
+    prefix: string;
+    suffix: string;
+} | RegExp;
 /**
  * Configuration for downloading a GitHub release.
  */
 export interface DownloadGitHubReleaseConfig {
-    /** GitHub repository owner/organization. */
-    owner: string;
-    /** GitHub repository name. */
-    repo: string;
+    /** Asset name on GitHub. */
+    assetName: string;
+    /** Binary filename (e.g., 'node', 'binject'). */
+    binaryName: string;
     /** Working directory (defaults to process.cwd()). */
     cwd?: string;
     /** Download destination directory. @default 'build/downloaded' */
     downloadDir?: string;
-    /** Tool name for directory structure. */
-    toolName: string;
+    /** GitHub repository owner/organization. */
+    owner: string;
     /** Platform-arch identifier (e.g., 'linux-x64-musl'). */
     platformArch: string;
-    /** Binary filename (e.g., 'node', 'binject'). */
-    binaryName: string;
-    /** Asset name on GitHub. */
-    assetName: string;
-    /** Tool prefix for finding latest release. */
-    toolPrefix?: string;
-    /** Specific release tag to download. */
-    tag?: string;
     /** Suppress log messages. @default false */
     quiet?: boolean;
     /** Remove macOS quarantine attribute after download. @default true */
     removeMacOSQuarantine?: boolean;
+    /** GitHub repository name. */
+    repo: string;
+    /** Specific release tag to download. */
+    tag?: string;
+    /** Tool name for directory structure. */
+    toolName: string;
+    /** Tool prefix for finding latest release. */
+    toolPrefix?: string;
 }
 /**
- * Download a binary from any GitHub repository with version caching.
- *
- * @param config - Download configuration
- * @returns Path to the downloaded binary
+ * Configuration for repository access.
  */
-export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;
+export interface RepoConfig {
+    /**
+     * GitHub repository owner/organization.
+     */
+    owner: string;
+    /**
+     * GitHub repository name.
+     */
+    repo: string;
+}
+/**
+ * Socket-btm GitHub repository configuration.
+ */
+export declare const SOCKET_BTM_REPO: {
+    readonly owner: "SocketDev";
+    readonly repo: "socket-btm";
+};
 /**
  * Download a specific release asset.
+ * Supports pattern matching for dynamic asset discovery.
  *
  * @param tag - Release tag name
- * @param assetName - Asset name to download
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
  * @param outputPath - Path to write the downloaded file
  * @param repoConfig - Repository configuration (owner/repo)
  * @param options - Additional options
  */
-export declare function downloadReleaseAsset(tag: string, assetName: string, outputPath: string, repoConfig: RepoConfig, options?: {
+export declare function downloadReleaseAsset(tag: string, assetPattern: string | AssetPattern, outputPath: string, repoConfig: RepoConfig, options?: {
     quiet?: boolean;
 }): Promise<void>;
 /**
@@ -75,24 +90,35 @@ export declare function downloadReleaseAsset(tag: string, assetName: string, out
 export declare function getAuthHeaders(): Record<string, string>;
 /**
  * Get latest release tag matching a tool prefix.
+ * Optionally filter by releases containing a matching asset.
  *
  * @param toolPrefix - Tool name prefix to search for (e.g., 'node-smol-')
  * @param repoConfig - Repository configuration (owner/repo)
  * @param options - Additional options
+ * @param options.assetPattern - Optional pattern to filter releases by matching asset
  * @returns Latest release tag or null if not found
  */
 export declare function getLatestRelease(toolPrefix: string, repoConfig: RepoConfig, options?: {
+    assetPattern?: AssetPattern;
     quiet?: boolean;
 }): Promise<string | null>;
 /**
  * Get download URL for a specific release asset.
+ * Supports pattern matching for dynamic asset discovery.
  *
  * @param tag - Release tag name
- * @param assetName - Asset name to download
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
  * @param repoConfig - Repository configuration (owner/repo)
  * @param options - Additional options
  * @returns Browser download URL for the asset
  */
-export declare function getReleaseAssetUrl(tag: string, assetName: string, repoConfig: RepoConfig, options?: {
+export declare function getReleaseAssetUrl(tag: string, assetPattern: string | AssetPattern, repoConfig: RepoConfig, options?: {
     quiet?: boolean;
 }): Promise<string | null>;
+/**
+ * Download a binary from any GitHub repository with version caching.
+ *
+ * @param config - Download configuration
+ * @returns Path to the downloaded binary
+ */
+export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;