@socketsecurity/lib 5.4.1 → 5.5.1

package/CHANGELOG.md

@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.5.1](https://github.com/SocketDev/socket-lib/releases/tag/v5.5.1) - 2026-01-12
+
+### Fixed
+
+- Fixed dotenvx compatibility with pre-commit hooks
+- Fixed empty releases being returned when finding latest release
+
+## [5.5.0](https://github.com/SocketDev/socket-lib/releases/tag/v5.5.0) - 2026-01-12
+
+### Added
+
+- **dlx/detect**: Executable type detection utilities for DLX cache and local file paths
+  - `detectDlxExecutableType()`: Detects Node.js packages vs native binaries in DLX cache by checking for node_modules/ directory
+  - `detectExecutableType()`: Generic entry point that routes to appropriate detection strategy
+  - `detectLocalExecutableType()`: Detects executables on local filesystem by checking package.json bin field or file extension
+  - `isJsFilePath()`: Validates if a file path has .js, .mjs, or .cjs extension
+  - `isNativeBinary()`: Simplified helper that returns true for native binary executables
+  - `isNodePackage()`: Simplified helper that returns true for Node.js packages
+
+### Fixed
+
+- **releases/github**: Sort releases by published_at to reliably find latest release instead of relying on creation order
+
 ## [5.4.1](https://github.com/SocketDev/socket-lib/releases/tag/v5.4.1) - 2026-01-10
 
 ### Fixed

package/dist/dlx/detect.d.ts

@@ -0,0 +1,66 @@
+export type ExecutableType = 'package' | 'binary' | 'unknown';
+export interface ExecutableDetectionResult {
+    type: ExecutableType;
+    method: 'dlx-cache' | 'package-json' | 'file-extension';
+    packageJsonPath?: string;
+    inDlxCache?: boolean;
+}
+/**
+ * Detect if a path is a Node.js package or native binary executable.
+ * Works for both DLX cache paths and local filesystem paths.
+ *
+ * Detection strategy:
+ * 1. If in DLX cache: Use detectDlxExecutableType()
+ * 2. Otherwise: Use detectLocalExecutableType()
+ *
+ * @param filePath - Path to executable (DLX cache or local filesystem)
+ * @returns Detection result with type, method, and metadata
+ *
+ * @example
+ * ```typescript
+ * const result = detectExecutableType('/path/to/tool')
+ * if (result.type === 'package') {
+ *   spawnNode([filePath, ...args])
+ * } else {
+ *   spawn(filePath, args)
+ * }
+ * ```
+ */
+export declare function detectExecutableType(filePath: string): ExecutableDetectionResult;
+/**
+ * Detect executable type for paths in DLX cache.
+ * Uses filesystem structure (node_modules/ presence).
+ *
+ * @param filePath - Path within DLX cache (~/.socket/_dlx/)
+ * @returns Detection result
+ */
+export declare function detectDlxExecutableType(filePath: string): ExecutableDetectionResult;
+/**
+ * Detect executable type for local filesystem paths.
+ * Uses package.json and file extension checks.
+ *
+ * @param filePath - Local filesystem path (not in DLX cache)
+ * @returns Detection result
+ */
+export declare function detectLocalExecutableType(filePath: string): ExecutableDetectionResult;
+/**
+ * Check if a file path indicates a Node.js script.
+ *
+ * @param filePath - Path to check
+ * @returns True if file has .js, .mjs, or .cjs extension
+ */
+export declare function isJsFilePath(filePath: string): boolean;
+/**
+ * Simplified helper: Is this a native binary executable?
+ *
+ * @param filePath - Path to check
+ * @returns True if detected as native binary (not Node.js package)
+ */
+export declare function isNativeBinary(filePath: string): boolean;
+/**
+ * Simplified helper: Is this a Node.js package?
+ *
+ * @param filePath - Path to check
+ * @returns True if detected as Node.js package
+ */
+export declare function isNodePackage(filePath: string): boolean;

package/dist/dlx/detect.js

@@ -0,0 +1,139 @@
+"use strict";
+/* Socket Lib - Built with esbuild */
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var detect_exports = {};
+__export(detect_exports, {
+  detectDlxExecutableType: () => detectDlxExecutableType,
+  detectExecutableType: () => detectExecutableType,
+  detectLocalExecutableType: () => detectLocalExecutableType,
+  isJsFilePath: () => isJsFilePath,
+  isNativeBinary: () => isNativeBinary,
+  isNodePackage: () => isNodePackage
+});
+module.exports = __toCommonJS(detect_exports);
+var import_paths = require("./paths");
+var import_socket = require("../paths/socket");
+let _fs;
+let _path;
+// @__NO_SIDE_EFFECTS__
+function getFs() {
+  if (_fs === void 0) {
+    _fs = require("fs");
+  }
+  return _fs;
+}
+// @__NO_SIDE_EFFECTS__
+function getPath() {
+  if (_path === void 0) {
+    _path = require("path");
+  }
+  return _path;
+}
+const NODE_JS_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".mjs", ".cjs"]);
+function detectExecutableType(filePath) {
+  if ((0, import_paths.isInSocketDlx)(filePath)) {
+    return detectDlxExecutableType(filePath);
+  }
+  return detectLocalExecutableType(filePath);
+}
+function detectDlxExecutableType(filePath) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  const dlxDir = (0, import_socket.getSocketDlxDir)();
+  const absolutePath = path.resolve(filePath);
+  const relativePath = path.relative(dlxDir, absolutePath);
+  const cacheKey = relativePath.split(path.sep)[0];
+  const cacheDir = path.join(dlxDir, cacheKey);
+  if (fs.existsSync(path.join(cacheDir, "node_modules"))) {
+    return {
+      type: "package",
+      method: "dlx-cache",
+      inDlxCache: true
+    };
+  }
+  return {
+    type: "binary",
+    method: "dlx-cache",
+    inDlxCache: true
+  };
+}
+function detectLocalExecutableType(filePath) {
+  const fs = /* @__PURE__ */ getFs();
+  const packageJsonPath = findPackageJson(filePath);
+  if (packageJsonPath !== void 0) {
+    try {
+      const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
+      if (packageJson.bin) {
+        return {
+          type: "package",
+          method: "package-json",
+          packageJsonPath,
+          inDlxCache: false
+        };
+      }
+    } catch {
+    }
+  }
+  if (isJsFilePath(filePath)) {
+    return {
+      inDlxCache: false,
+      method: "file-extension",
+      type: "package"
+    };
+  }
+  return {
+    type: "binary",
+    method: "file-extension",
+    inDlxCache: false
+  };
+}
+function findPackageJson(filePath) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  let currentDir = path.dirname(path.resolve(filePath));
+  const root = path.parse(currentDir).root;
+  while (currentDir !== root) {
+    const packageJsonPath = path.join(currentDir, "package.json");
+    if (fs.existsSync(packageJsonPath)) {
+      return packageJsonPath;
+    }
+    currentDir = path.dirname(currentDir);
+  }
+  return void 0;
+}
+function isJsFilePath(filePath) {
+  const path = /* @__PURE__ */ getPath();
+  const ext = path.extname(filePath).toLowerCase();
+  return NODE_JS_EXTENSIONS.has(ext);
+}
+function isNativeBinary(filePath) {
+  return detectExecutableType(filePath).type === "binary";
+}
+function isNodePackage(filePath) {
+  return detectExecutableType(filePath).type === "package";
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  detectDlxExecutableType,
+  detectExecutableType,
+  detectLocalExecutableType,
+  isJsFilePath,
+  isNativeBinary,
+  isNodePackage
+});

package/dist/releases/github.js

@@ -133,28 +133,41 @@ async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
         throw new Error(`Failed to fetch releases: ${response.status}`);
       }
       const releases = JSON.parse(response.body.toString("utf8"));
-      for (const release of releases) {
-        const { assets, tag_name: tag } = release;
-        if (!tag.startsWith(toolPrefix)) {
-          continue;
-        }
-        if (isMatch) {
-          const hasMatchingAsset = assets.some(
-            (a) => isMatch(a.name)
-          );
-          if (!hasMatchingAsset) {
-            continue;
+      const matchingReleases = releases.filter(
+        (release) => {
+          const { assets, tag_name: tag2 } = release;
+          if (!tag2.startsWith(toolPrefix)) {
+            return false;
+          }
+          if (!assets || assets.length === 0) {
+            return false;
           }
+          if (isMatch) {
+            const hasMatchingAsset = assets.some(
+              (a) => isMatch(a.name)
+            );
+            if (!hasMatchingAsset) {
+              return false;
+            }
+          }
+          return true;
         }
+      );
+      if (matchingReleases.length === 0) {
         if (!quiet) {
-          logger.info(`Found release: ${tag}`);
+          logger.info(`No ${toolPrefix} release found in latest 100 releases`);
         }
-        return tag;
+        return null;
       }
+      matchingReleases.sort(
+        (a, b) => new Date(b.published_at).getTime() - new Date(a.published_at).getTime()
+      );
+      const latestRelease = matchingReleases[0];
+      const tag = latestRelease.tag_name;
       if (!quiet) {
-        logger.info(`No ${toolPrefix} release found in latest 100 releases`);
+        logger.info(`Found release: ${tag}`);
       }
-      return null;
+      return tag;
     },
     {
       ...RETRY_CONFIG,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@socketsecurity/lib",
-  "version": "5.4.1",
-  "packageManager": "pnpm@10.27.0",
+  "version": "5.5.1",
+  "packageManager": "pnpm@10.28.0",
   "license": "MIT",
   "description": "Core utilities and infrastructure for Socket.dev security tools",
   "keywords": [
@@ -227,6 +227,10 @@
       "types": "./dist/dlx/cache.d.ts",
       "default": "./dist/dlx/cache.js"
     },
+    "./dlx/detect": {
+      "types": "./dist/dlx/detect.d.ts",
+      "default": "./dist/dlx/detect.js"
+    },
     "./dlx/dir": {
       "types": "./dist/dlx/dir.d.ts",
       "default": "./dist/dlx/dir.js"
@@ -722,7 +726,7 @@
     "@socketregistry/is-unicode-supported": "1.0.5",
     "@socketregistry/packageurl-js": "1.3.5",
     "@socketregistry/yocto-spinner": "1.0.25",
-    "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.4.0",
+    "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.5.0",
     "@types/node": "24.9.2",
     "@typescript/native-preview": "7.0.0-dev.20250920.1",
     "@vitest/coverage-v8": "4.0.3",
@@ -791,6 +795,7 @@
       "@sigstore/sign": "4.1.0",
       "ansi-regex": "6.2.2",
       "debug": "4.4.3",
+      "execa": "5.1.1",
       "has-flag": "5.0.1",
       "isexe": "3.1.1",
       "lru-cache": "11.2.2",
@@ -808,7 +813,8 @@
     "patchedDependencies": {
       "@npmcli/run-script@10.0.0": "patches/@npmcli__run-script@10.0.0.patch",
       "@sigstore/sign@4.1.0": "patches/@sigstore__sign@4.1.0.patch",
-      "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch"
+      "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch",
+      "execa@5.1.1": "patches/execa@5.1.1.patch"
     }
   }
 }