@socketsecurity/lib 5.6.0 → 5.7.0

package/dist/env/socket-cli.d.ts

@@ -38,6 +38,22 @@ export declare function getSocketCliApiTimeout(): number;
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getSocketCliApiToken(): string | undefined;
+/**
+ * Bootstrap cache directory path.
+ * Set by bootstrap wrappers to pass dlx cache location to CLI.
+ *
+ * @returns Bootstrap cache directory or undefined
+ */
+/*@__NO_SIDE_EFFECTS__*/
+export declare function getSocketCliBootstrapCacheDir(): string | undefined;
+/**
+ * Bootstrap package spec (e.g., @socketsecurity/cli@^2.0.11).
+ * Set by bootstrap wrappers (SEA/smol/npm) to pass package spec to CLI.
+ *
+ * @returns Bootstrap package spec or undefined
+ */
+/*@__NO_SIDE_EFFECTS__*/
+export declare function getSocketCliBootstrapSpec(): string | undefined;
 /**
  * Socket CLI configuration file path (alternative name).
  *
@@ -52,6 +68,14 @@ export declare function getSocketCliConfig(): string | undefined;
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getSocketCliFix(): string | undefined;
+/**
+ * Socket CLI GitHub authentication token.
+ * Checks SOCKET_CLI_GITHUB_TOKEN, SOCKET_SECURITY_GITHUB_PAT, then falls back to GITHUB_TOKEN.
+ *
+ * @returns GitHub token or undefined
+ */
+/*@__NO_SIDE_EFFECTS__*/
+export declare function getSocketCliGithubToken(): string | undefined;
 /**
  * Whether to skip Socket CLI API token requirement (alternative name).
  *
@@ -81,27 +105,3 @@ export declare function getSocketCliOrgSlug(): string | undefined;
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getSocketCliViewAllRisks(): boolean;
-/**
- * Socket CLI GitHub authentication token.
- * Checks SOCKET_CLI_GITHUB_TOKEN, SOCKET_SECURITY_GITHUB_PAT, then falls back to GITHUB_TOKEN.
- *
- * @returns GitHub token or undefined
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getSocketCliGithubToken(): string | undefined;
-/**
- * Bootstrap package spec (e.g., @socketsecurity/cli@^2.0.11).
- * Set by bootstrap wrappers (SEA/smol/npm) to pass package spec to CLI.
- *
- * @returns Bootstrap package spec or undefined
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getSocketCliBootstrapSpec(): string | undefined;
-/**
- * Bootstrap cache directory path.
- * Set by bootstrap wrappers to pass dlx cache location to CLI.
- *
- * @returns Bootstrap cache directory or undefined
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getSocketCliBootstrapCacheDir(): string | undefined;

package/dist/env/socket-cli.js

@@ -58,6 +58,14 @@ function getSocketCliApiToken() {
   return (0, import_rewire.getEnvValue)("SOCKET_CLI_API_TOKEN") || (0, import_rewire.getEnvValue)("SOCKET_CLI_API_KEY") || (0, import_rewire.getEnvValue)("SOCKET_SECURITY_API_TOKEN") || (0, import_rewire.getEnvValue)("SOCKET_SECURITY_API_KEY");
 }
 // @__NO_SIDE_EFFECTS__
+function getSocketCliBootstrapCacheDir() {
+  return (0, import_rewire.getEnvValue)("SOCKET_CLI_BOOTSTRAP_CACHE_DIR");
+}
+// @__NO_SIDE_EFFECTS__
+function getSocketCliBootstrapSpec() {
+  return (0, import_rewire.getEnvValue)("SOCKET_CLI_BOOTSTRAP_SPEC");
+}
+// @__NO_SIDE_EFFECTS__
 function getSocketCliConfig() {
   return (0, import_rewire.getEnvValue)("SOCKET_CLI_CONFIG");
 }
@@ -66,6 +74,10 @@ function getSocketCliFix() {
   return (0, import_rewire.getEnvValue)("SOCKET_CLI_FIX");
 }
 // @__NO_SIDE_EFFECTS__
+function getSocketCliGithubToken() {
+  return (0, import_rewire.getEnvValue)("SOCKET_CLI_GITHUB_TOKEN") || (0, import_rewire.getEnvValue)("SOCKET_SECURITY_GITHUB_PAT") || (0, import_rewire.getEnvValue)("GITHUB_TOKEN");
+}
+// @__NO_SIDE_EFFECTS__
 function getSocketCliNoApiToken() {
   return (0, import_helpers.envAsBoolean)((0, import_rewire.getEnvValue)("SOCKET_CLI_NO_API_TOKEN"));
 }
@@ -81,18 +93,6 @@ function getSocketCliOrgSlug() {
 function getSocketCliViewAllRisks() {
   return (0, import_helpers.envAsBoolean)((0, import_rewire.getEnvValue)("SOCKET_CLI_VIEW_ALL_RISKS"));
 }
-// @__NO_SIDE_EFFECTS__
-function getSocketCliGithubToken() {
-  return (0, import_rewire.getEnvValue)("SOCKET_CLI_GITHUB_TOKEN") || (0, import_rewire.getEnvValue)("SOCKET_SECURITY_GITHUB_PAT") || (0, import_rewire.getEnvValue)("GITHUB_TOKEN");
-}
-// @__NO_SIDE_EFFECTS__
-function getSocketCliBootstrapSpec() {
-  return (0, import_rewire.getEnvValue)("SOCKET_CLI_BOOTSTRAP_SPEC");
-}
-// @__NO_SIDE_EFFECTS__
-function getSocketCliBootstrapCacheDir() {
-  return (0, import_rewire.getEnvValue)("SOCKET_CLI_BOOTSTRAP_CACHE_DIR");
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   getSocketCliAcceptRisks,

package/dist/env/temp-dir.d.ts

@@ -1,9 +1,3 @@
-/**
- * TMPDIR environment variable.
- * Unix/macOS temporary directory path.
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getTmpdir(): string | undefined;
 /**
  * TEMP environment variable.
  * Windows temporary directory path.
@@ -16,3 +10,9 @@ export declare function getTemp(): string | undefined;
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getTmp(): string | undefined;
+/**
+ * TMPDIR environment variable.
+ * Unix/macOS temporary directory path.
+ */
+/*@__NO_SIDE_EFFECTS__*/
+export declare function getTmpdir(): string | undefined;

package/dist/env/temp-dir.js

@@ -26,10 +26,6 @@ __export(temp_dir_exports, {
 module.exports = __toCommonJS(temp_dir_exports);
 var import_rewire = require("./rewire");
 // @__NO_SIDE_EFFECTS__
-function getTmpdir() {
-  return (0, import_rewire.getEnvValue)("TMPDIR");
-}
-// @__NO_SIDE_EFFECTS__
 function getTemp() {
   return (0, import_rewire.getEnvValue)("TEMP");
 }
@@ -37,6 +33,10 @@ function getTemp() {
 function getTmp() {
   return (0, import_rewire.getEnvValue)("TMP");
 }
+// @__NO_SIDE_EFFECTS__
+function getTmpdir() {
+  return (0, import_rewire.getEnvValue)("TMPDIR");
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   getTemp,

package/dist/env/windows.d.ts

@@ -4,6 +4,12 @@
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getAppdata(): string | undefined;
+/**
+ * COMSPEC environment variable.
+ * Points to the Windows command processor (typically cmd.exe).
+ */
+/*@__NO_SIDE_EFFECTS__*/
+export declare function getComspec(): string | undefined;
 /**
  * LOCALAPPDATA environment variable.
  * Points to the Local Application Data directory on Windows.
@@ -16,9 +22,3 @@ export declare function getLocalappdata(): string | undefined;
  */
 /*@__NO_SIDE_EFFECTS__*/
 export declare function getUserprofile(): string | undefined;
-/**
- * COMSPEC environment variable.
- * Points to the Windows command processor (typically cmd.exe).
- */
-/*@__NO_SIDE_EFFECTS__*/
-export declare function getComspec(): string | undefined;

package/dist/env/windows.js

@@ -31,6 +31,10 @@ function getAppdata() {
   return (0, import_rewire.getEnvValue)("APPDATA");
 }
 // @__NO_SIDE_EFFECTS__
+function getComspec() {
+  return (0, import_rewire.getEnvValue)("COMSPEC");
+}
+// @__NO_SIDE_EFFECTS__
 function getLocalappdata() {
   return (0, import_rewire.getEnvValue)("LOCALAPPDATA");
 }
@@ -38,10 +42,6 @@ function getLocalappdata() {
 function getUserprofile() {
   return (0, import_rewire.getEnvValue)("USERPROFILE");
 }
-// @__NO_SIDE_EFFECTS__
-function getComspec() {
-  return (0, import_rewire.getEnvValue)("COMSPEC");
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   getAppdata,

package/dist/github.js

@@ -83,7 +83,16 @@ async function fetchGitHub(url, options) {
       `GitHub API error ${response.status}: ${response.statusText}`
     );
   }
-  return JSON.parse(response.body.toString("utf8"));
+  try {
+    return JSON.parse(response.body.toString("utf8"));
+  } catch (error) {
+    throw new Error(
+      `Failed to parse GitHub API response: ${error instanceof Error ? error.message : String(error)}
+URL: ${url}
+Response may be malformed or incomplete.`,
+      { cause: error }
+    );
+  }
 }
 async function resolveRefToSha(owner, repo, ref, options) {
   const opts = {

package/dist/packages/specs.js

@@ -43,7 +43,7 @@ var import_strings = require("../strings");
 function getRepoUrlDetails(repoUrl = "") {
   const userAndRepo = repoUrl.replace(/^.+github.com\//, "").split("/");
   const user = userAndRepo[0] || "";
-  const project = userAndRepo.length > 1 ? userAndRepo[1]?.slice(0, -".git".length) || "" : "";
+  const project = userAndRepo.length > 1 ? (userAndRepo[1]?.endsWith(".git") ? userAndRepo[1].slice(0, -4) : userAndRepo[1]) || "" : "";
   return { user, project };
 }
 // @__NO_SIDE_EFFECTS__

package/dist/releases/github.d.ts

@@ -68,6 +68,24 @@ export declare const SOCKET_BTM_REPO: {
     readonly owner: "SocketDev";
     readonly repo: "socket-btm";
 };
+/**
+ * Create a matcher function for a pattern using picomatch for glob patterns
+ * or simple prefix/suffix matching for object patterns.
+ *
+ * @param pattern - Pattern to match (string glob, prefix/suffix object, or RegExp)
+ * @returns Function that tests if a string matches the pattern
+ */
+export declare function createAssetMatcher(pattern: string | {
+    prefix: string;
+    suffix: string;
+} | RegExp): (input: string) => boolean;
+/**
+ * Download a binary from any GitHub repository with version caching.
+ *
+ * @param config - Download configuration
+ * @returns Path to the downloaded binary
+ */
+export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;
 /**
  * Download a specific release asset.
  * Supports pattern matching for dynamic asset discovery.
@@ -115,10 +133,3 @@ export declare function getLatestRelease(toolPrefix: string, repoConfig: RepoCon
 export declare function getReleaseAssetUrl(tag: string, assetPattern: string | AssetPattern, repoConfig: RepoConfig, options?: {
     quiet?: boolean;
 }): Promise<string | null>;
-/**
- * Download a binary from any GitHub repository with version caching.
- *
- * @param config - Download configuration
- * @returns Path to the downloaded binary
- */
-export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;

package/dist/releases/github.js

@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var github_exports = {};
 __export(github_exports, {
   SOCKET_BTM_REPO: () => SOCKET_BTM_REPO,
+  createAssetMatcher: () => createAssetMatcher,
   downloadGitHubRelease: () => downloadGitHubRelease,
   downloadReleaseAsset: () => downloadReleaseAsset,
   getAuthHeaders: () => getAuthHeaders,
@@ -43,7 +44,6 @@ var import_http_request = require("../http-request.js");
 var import_logger = require("../logger.js");
 var import_promises = require("../promises.js");
 var import_spawn = require("../spawn.js");
-const logger = (0, import_logger.getDefaultLogger)();
 const RETRY_CONFIG = Object.freeze({
   __proto__: null,
   // Exponential backoff: delay doubles with each retry (5s, 10s, 20s).
@@ -53,19 +53,13 @@ const RETRY_CONFIG = Object.freeze({
   // Maximum number of retry attempts (excluding initial request).
   retries: 2
 });
+const SOCKET_BTM_REPO = {
+  owner: "SocketDev",
+  repo: "socket-btm"
+};
+const logger = (0, import_logger.getDefaultLogger)();
 let _fs;
 let _path;
-function createMatcher(pattern) {
-  if (typeof pattern === "string") {
-    const isMatch = (0, import_picomatch.default)(pattern);
-    return (input) => isMatch(input);
-  }
-  if (pattern instanceof RegExp) {
-    return (input) => pattern.test(input);
-  }
-  const { prefix, suffix } = pattern;
-  return (input) => input.startsWith(prefix) && input.endsWith(suffix);
-}
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
@@ -80,10 +74,91 @@ function getPath() {
   }
   return _path;
 }
-const SOCKET_BTM_REPO = {
-  owner: "SocketDev",
-  repo: "socket-btm"
-};
+function createAssetMatcher(pattern) {
+  if (typeof pattern === "string") {
+    const isMatch = (0, import_picomatch.default)(pattern);
+    return (input) => isMatch(input);
+  }
+  if (pattern instanceof RegExp) {
+    return (input) => pattern.test(input);
+  }
+  const { prefix, suffix } = pattern;
+  return (input) => input.startsWith(prefix) && input.endsWith(suffix);
+}
+async function downloadGitHubRelease(config) {
+  const {
+    assetName,
+    binaryName,
+    cwd = process.cwd(),
+    downloadDir = "build/downloaded",
+    owner,
+    platformArch,
+    quiet = false,
+    removeMacOSQuarantine = true,
+    repo,
+    tag: explicitTag,
+    toolName,
+    toolPrefix
+  } = config;
+  let tag;
+  if (explicitTag) {
+    tag = explicitTag;
+  } else if (toolPrefix) {
+    const latestTag = await getLatestRelease(
+      toolPrefix,
+      { owner, repo },
+      { quiet }
+    );
+    if (!latestTag) {
+      throw new Error(`No ${toolPrefix} release found in ${owner}/${repo}`);
+    }
+    tag = latestTag;
+  } else {
+    throw new Error("Either toolPrefix or tag must be provided");
+  }
+  const path = /* @__PURE__ */ getPath();
+  const resolvedDownloadDir = path.isAbsolute(downloadDir) ? downloadDir : path.join(cwd, downloadDir);
+  const binaryDir = path.join(resolvedDownloadDir, toolName, platformArch);
+  const binaryPath = path.join(binaryDir, binaryName);
+  const versionPath = path.join(binaryDir, ".version");
+  const fs = /* @__PURE__ */ getFs();
+  if (fs.existsSync(versionPath) && fs.existsSync(binaryPath)) {
+    const cachedVersion = (await fs.promises.readFile(versionPath, "utf8")).trim();
+    if (cachedVersion === tag && fs.existsSync(binaryPath)) {
+      if (!quiet) {
+        logger.info(`Using cached ${toolName} (${platformArch}): ${binaryPath}`);
+      }
+      return binaryPath;
+    }
+  }
+  if (!quiet) {
+    logger.info(`Downloading ${toolName} for ${platformArch}...`);
+  }
+  await downloadReleaseAsset(
+    tag,
+    assetName,
+    binaryPath,
+    { owner, repo },
+    { quiet }
+  );
+  const isWindows = binaryName.endsWith(".exe");
+  if (!isWindows) {
+    fs.chmodSync(binaryPath, 493);
+    if (removeMacOSQuarantine && process.platform === "darwin" && platformArch.startsWith("darwin")) {
+      try {
+        await (0, import_spawn.spawn)("xattr", ["-d", "com.apple.quarantine", binaryPath], {
+          stdio: "ignore"
+        });
+      } catch {
+      }
+    }
+  }
+  await fs.promises.writeFile(versionPath, tag, "utf8");
+  if (!quiet) {
+    logger.info(`Downloaded ${toolName} to ${binaryPath}`);
+  }
+  return binaryPath;
+}
 async function downloadReleaseAsset(tag, assetPattern, outputPath, repoConfig, options = {}) {
   const { owner, repo } = repoConfig;
   const { quiet = false } = options;
@@ -120,7 +195,7 @@ function getAuthHeaders() {
 async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
   const { assetPattern, quiet = false } = options;
   const { owner, repo } = repoConfig;
-  const isMatch = assetPattern ? createMatcher(assetPattern) : void 0;
+  const isMatch = assetPattern ? createAssetMatcher(assetPattern) : void 0;
   return await (0, import_promises.pRetry)(
     async () => {
       const response = await (0, import_http_request.httpRequest)(
@@ -188,7 +263,7 @@ async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
 async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
   const { owner, repo } = repoConfig;
   const { quiet = false } = options;
-  const isMatch = typeof assetPattern === "string" && !assetPattern.includes("*") && !assetPattern.includes("{") ? (input) => input === assetPattern : createMatcher(assetPattern);
+  const isMatch = typeof assetPattern === "string" && !assetPattern.includes("*") && !assetPattern.includes("{") ? (input) => input === assetPattern : createAssetMatcher(assetPattern);
   return await (0, import_promises.pRetry)(
     async () => {
       const response = await (0, import_http_request.httpRequest)(
@@ -229,83 +304,10 @@ async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
     }
   );
 }
-async function downloadGitHubRelease(config) {
-  const {
-    assetName,
-    binaryName,
-    cwd = process.cwd(),
-    downloadDir = "build/downloaded",
-    owner,
-    platformArch,
-    quiet = false,
-    removeMacOSQuarantine = true,
-    repo,
-    tag: explicitTag,
-    toolName,
-    toolPrefix
-  } = config;
-  let tag;
-  if (explicitTag) {
-    tag = explicitTag;
-  } else if (toolPrefix) {
-    const latestTag = await getLatestRelease(
-      toolPrefix,
-      { owner, repo },
-      { quiet }
-    );
-    if (!latestTag) {
-      throw new Error(`No ${toolPrefix} release found in ${owner}/${repo}`);
-    }
-    tag = latestTag;
-  } else {
-    throw new Error("Either toolPrefix or tag must be provided");
-  }
-  const path = /* @__PURE__ */ getPath();
-  const resolvedDownloadDir = path.isAbsolute(downloadDir) ? downloadDir : path.join(cwd, downloadDir);
-  const binaryDir = path.join(resolvedDownloadDir, toolName, platformArch);
-  const binaryPath = path.join(binaryDir, binaryName);
-  const versionPath = path.join(binaryDir, ".version");
-  const fs = /* @__PURE__ */ getFs();
-  if (fs.existsSync(versionPath) && fs.existsSync(binaryPath)) {
-    const cachedVersion = (await fs.promises.readFile(versionPath, "utf8")).trim();
-    if (cachedVersion === tag) {
-      if (!quiet) {
-        logger.info(`Using cached ${toolName} (${platformArch}): ${binaryPath}`);
-      }
-      return binaryPath;
-    }
-  }
-  if (!quiet) {
-    logger.info(`Downloading ${toolName} for ${platformArch}...`);
-  }
-  await downloadReleaseAsset(
-    tag,
-    assetName,
-    binaryPath,
-    { owner, repo },
-    { quiet }
-  );
-  const isWindows = binaryName.endsWith(".exe");
-  if (!isWindows) {
-    fs.chmodSync(binaryPath, 493);
-    if (removeMacOSQuarantine && process.platform === "darwin" && platformArch.startsWith("darwin")) {
-      try {
-        await (0, import_spawn.spawn)("xattr", ["-d", "com.apple.quarantine", binaryPath], {
-          stdio: "ignore"
-        });
-      } catch {
-      }
-    }
-  }
-  await fs.promises.writeFile(versionPath, tag, "utf8");
-  if (!quiet) {
-    logger.info(`Downloaded ${toolName} to ${binaryPath}`);
-  }
-  return binaryPath;
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   SOCKET_BTM_REPO,
+  createAssetMatcher,
   downloadGitHubRelease,
   downloadReleaseAsset,
   getAuthHeaders,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/lib",
-  "version": "5.6.0",
+  "version": "5.7.0",
   "packageManager": "pnpm@10.29.1",
   "license": "MIT",
   "description": "Core utilities and infrastructure for Socket.dev security tools",