@socketsecurity/lib 5.6.0 → 5.8.0

package/dist/git.js

@@ -56,6 +56,16 @@ function getPath() {
   return _path;
 }
 const gitDiffCache = /* @__PURE__ */ new Map();
+const gitDiffAccessOrder = [];
+const GIT_CACHE_MAX_SIZE = 100;
+function evictLRUGitCache() {
+  if (gitDiffCache.size >= GIT_CACHE_MAX_SIZE && gitDiffAccessOrder.length > 0) {
+    const oldest = gitDiffAccessOrder.shift();
+    if (oldest) {
+      gitDiffCache.delete(oldest);
+    }
+  }
+}
 function getGitPath() {
   return "git";
 }
@@ -114,7 +124,9 @@ async function innerDiff(args, options) {
     return [];
   }
   if (cache && cacheKey) {
+    evictLRUGitCache();
     gitDiffCache.set(cacheKey, result);
+    gitDiffAccessOrder.push(cacheKey);
   }
   return result;
 }
@@ -144,7 +156,9 @@ function innerDiffSync(args, options) {
     return [];
   }
   if (cache && cacheKey) {
+    evictLRUGitCache();
     gitDiffCache.set(cacheKey, result);
+    gitDiffAccessOrder.push(cacheKey);
   }
   return result;
 }
@@ -256,10 +270,14 @@ function isChangedSync(pathname, options) {
   });
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
-  const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
-  return files.includes(relativePath);
+  try {
+    const resolvedPathname = fs.realpathSync(pathname);
+    const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+    const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
+    return files.includes(relativePath);
+  } catch {
+    return false;
+  }
 }
 async function isUnstaged(pathname, options) {
   const files = await getUnstagedFiles({

package/dist/github.js

@@ -83,7 +83,16 @@ async function fetchGitHub(url, options) {
       `GitHub API error ${response.status}: ${response.statusText}`
     );
   }
-  return JSON.parse(response.body.toString("utf8"));
+  try {
+    return JSON.parse(response.body.toString("utf8"));
+  } catch (error) {
+    throw new Error(
+      `Failed to parse GitHub API response: ${error instanceof Error ? error.message : String(error)}
+URL: ${url}
+Response may be malformed or incomplete.`,
+      { cause: error }
+    );
+  }
 }
 async function resolveRefToSha(owner, repo, ref, options) {
   const opts = {
@@ -180,15 +189,14 @@ async function fetchGhsaDetails(ghsaId, options) {
 async function cacheFetchGhsa(ghsaId, options) {
   const cache = getGithubCache();
   const key = `ghsa:${ghsaId}`;
-  if (!process.env["DISABLE_GITHUB_CACHE"]) {
-    const cached = await cache.get(key);
-    if (cached) {
-      return JSON.parse(cached);
-    }
+  if (process.env["DISABLE_GITHUB_CACHE"]) {
+    return await fetchGhsaDetails(ghsaId, options);
   }
-  const data = await fetchGhsaDetails(ghsaId, options);
-  await cache.set(key, JSON.stringify(data));
-  return data;
+  const cached = await cache.getOrFetch(key, async () => {
+    const data = await fetchGhsaDetails(ghsaId, options);
+    return JSON.stringify(data);
+  });
+  return JSON.parse(cached);
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/globs.js

@@ -107,15 +107,33 @@ function globStreamLicenses(dirname, options) {
     }
   );
 }
+const MATCHER_CACHE_MAX_SIZE = 100;
 const matcherCache = /* @__PURE__ */ new Map();
+const matcherAccessOrder = [];
+function evictLRUMatcher() {
+  if (matcherCache.size >= MATCHER_CACHE_MAX_SIZE && matcherAccessOrder.length > 0) {
+    const oldest = matcherAccessOrder.shift();
+    if (oldest) {
+      matcherCache.delete(oldest);
+    }
+  }
+}
 // @__NO_SIDE_EFFECTS__
 function getGlobMatcher(glob2, options) {
   const patterns = Array.isArray(glob2) ? glob2 : [glob2];
-  const key = JSON.stringify({ patterns, options });
+  const sortedPatterns = [...patterns].sort();
+  const sortedOptions = options ? Object.keys(options).sort().map((k) => `${k}:${JSON.stringify(options[k])}`).join(",") : "";
+  const key = `${sortedPatterns.join("|")}:${sortedOptions}`;
   let matcher = matcherCache.get(key);
   if (matcher) {
+    const index = matcherAccessOrder.indexOf(key);
+    if (index !== -1) {
+      matcherAccessOrder.splice(index, 1);
+      matcherAccessOrder.push(key);
+    }
     return matcher;
   }
+  evictLRUMatcher();
   const positivePatterns = patterns.filter((p) => !p.startsWith("!"));
   const negativePatterns = patterns.filter((p) => p.startsWith("!")).map((p) => p.slice(1));
   const matchOptions = {
@@ -129,6 +147,7 @@ function getGlobMatcher(glob2, options) {
     matchOptions
   );
   matcherCache.set(key, matcher);
+  matcherAccessOrder.push(key);
   return matcher;
 }
 // @__NO_SIDE_EFFECTS__

package/dist/http-request.js

@@ -299,7 +299,7 @@ async function httpDownload(url, destPath, options) {
   } else if (logger) {
     let lastPercent = 0;
     progressCallback = (downloaded, total) => {
-      const percent = Math.floor(downloaded / total * 100);
+      const percent = total === 0 ? 0 : Math.floor(downloaded / total * 100);
       if (percent >= lastPercent + progressInterval) {
         logger.log(
           `  Progress: ${percent}% (${(downloaded / 1024 / 1024).toFixed(1)} MB / ${(total / 1024 / 1024).toFixed(1)} MB)`

package/dist/memoization.js

@@ -36,6 +36,9 @@ function memoize(fn, options = {}) {
     name = fn.name || "anonymous",
     ttl = Number.POSITIVE_INFINITY
   } = options;
+  if (ttl < 0) {
+    throw new TypeError("TTL must be non-negative");
+  }
   const cache = /* @__PURE__ */ new Map();
   const accessOrder = [];
   function evictLRU() {
@@ -123,7 +126,24 @@ function memoizeAsync(fn, options = {}) {
       return await cached.value;
     }
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] miss`, { key });
-    const promise = fn(...args);
+    const promise = fn(...args).then(
+      (result) => {
+        const entry = cache.get(key);
+        if (entry) {
+          entry.value = Promise.resolve(result);
+        }
+        return result;
+      },
+      (error) => {
+        cache.delete(key);
+        const index = accessOrder.indexOf(key);
+        if (index !== -1) {
+          accessOrder.splice(index, 1);
+        }
+        (0, import_debug.debugLog)(`[memoizeAsync:${name}] error`, { key, error });
+        throw error;
+      }
+    );
     evictLRU();
     cache.set(key, {
       value: promise,
@@ -132,18 +152,7 @@ function memoizeAsync(fn, options = {}) {
     });
     accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] set`, { key, cacheSize: cache.size });
-    try {
-      const result = await promise;
-      return result;
-    } catch (e) {
-      cache.delete(key);
-      const orderIndex = accessOrder.indexOf(key);
-      if (orderIndex !== -1) {
-        accessOrder.splice(orderIndex, 1);
-      }
-      (0, import_debug.debugLog)(`[memoizeAsync:${name}] clear`, { key, reason: "error" });
-      throw e;
-    }
+    return await promise;
   };
 }
 function Memoize(options = {}) {

package/dist/package-extensions.js

@@ -64,8 +64,10 @@ const packageExtensions = ObjectFreeze(
       }
     ]
   ].sort((a_, b_) => {
-    const a = a_[0].slice(0, a_[0].lastIndexOf("@"));
-    const b = b_[0].slice(0, b_[0].lastIndexOf("@"));
+    const aIndex = a_[0].lastIndexOf("@");
+    const bIndex = b_[0].lastIndexOf("@");
+    const a = aIndex === -1 ? a_[0] : a_[0].slice(0, aIndex);
+    const b = bIndex === -1 ? b_[0] : b_[0].slice(0, bIndex);
     if (a < b) {
       return -1;
     }

package/dist/packages/normalize.js

@@ -91,6 +91,9 @@ function resolveOriginalPackageName(sockRegPkgName) {
 }
 // @__NO_SIDE_EFFECTS__
 function unescapeScope(escapedScope) {
+  if (escapedScope.length < import_socket.REGISTRY_SCOPE_DELIMITER.length) {
+    return `@${escapedScope}`;
+  }
   return `@${escapedScope.slice(0, -import_socket.REGISTRY_SCOPE_DELIMITER.length)}`;
 }
 // Annotate the CommonJS export names for ESM import in node:

package/dist/packages/specs.js

@@ -43,7 +43,7 @@ var import_strings = require("../strings");
 function getRepoUrlDetails(repoUrl = "") {
   const userAndRepo = repoUrl.replace(/^.+github.com\//, "").split("/");
   const user = userAndRepo[0] || "";
-  const project = userAndRepo.length > 1 ? userAndRepo[1]?.slice(0, -".git".length) || "" : "";
+  const project = userAndRepo.length > 1 ? (userAndRepo[1]?.endsWith(".git") ? userAndRepo[1].slice(0, -4) : userAndRepo[1]) || "" : "";
   return { user, project };
 }
 // @__NO_SIDE_EFFECTS__

package/dist/process-lock.js

@@ -204,7 +204,8 @@ class ProcessLockManager {
             );
           }
           if (code === "ENOTDIR") {
-            const parentDir = lockPath.slice(0, lockPath.lastIndexOf("/"));
+            const lastSlashIndex = lockPath.lastIndexOf("/");
+            const parentDir = lastSlashIndex === -1 ? "." : lockPath.slice(0, lastSlashIndex);
             throw new Error(
               `Cannot create lock directory: ${lockPath}
 A path component is a file when it should be a directory.
@@ -217,7 +218,8 @@ To resolve:
             );
           }
           if (code === "ENOENT") {
-            const parentDir = lockPath.slice(0, lockPath.lastIndexOf("/"));
+            const lastSlashIndex = lockPath.lastIndexOf("/");
+            const parentDir = lastSlashIndex === -1 ? "." : lockPath.slice(0, lastSlashIndex);
             throw new Error(
               `Cannot create lock directory: ${lockPath}
 Parent directory does not exist: ${parentDir}

package/dist/releases/github.d.ts

@@ -1,3 +1,4 @@
+import { type ArchiveFormat } from '../archives.js';
 /**
  * Pattern for matching release assets.
  * Can be either:
@@ -68,6 +69,24 @@ export declare const SOCKET_BTM_REPO: {
     readonly owner: "SocketDev";
     readonly repo: "socket-btm";
 };
+/**
+ * Create a matcher function for a pattern using picomatch for glob patterns
+ * or simple prefix/suffix matching for object patterns.
+ *
+ * @param pattern - Pattern to match (string glob, prefix/suffix object, or RegExp)
+ * @returns Function that tests if a string matches the pattern
+ */
+export declare function createAssetMatcher(pattern: string | {
+    prefix: string;
+    suffix: string;
+} | RegExp): (input: string) => boolean;
+/**
+ * Download a binary from any GitHub repository with version caching.
+ *
+ * @param config - Download configuration
+ * @returns Path to the downloaded binary
+ */
+export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;
 /**
  * Download a specific release asset.
  * Supports pattern matching for dynamic asset discovery.
@@ -116,9 +135,41 @@ export declare function getReleaseAssetUrl(tag: string, assetPattern: string | A
     quiet?: boolean;
 }): Promise<string | null>;
 /**
- * Download a binary from any GitHub repository with version caching.
+ * Download and extract a zip file from a GitHub release.
+ * Automatically handles downloading, extracting, and cleanup.
  *
- * @param config - Download configuration
- * @returns Path to the downloaded binary
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the zip contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded zip file after extraction (default: true)
+ * @returns Path to the extraction directory
  */
-export declare function downloadGitHubRelease(config: DownloadGitHubReleaseConfig): Promise<string>;
+export declare function downloadAndExtractZip(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    quiet?: boolean;
+}): Promise<string>;
+/**
+ * Download and extract an archive from a GitHub release.
+ * Supports zip, tar, tar.gz, and tgz formats.
+ * Automatically handles downloading, extracting, and cleanup.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the archive contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded archive after extraction (default: true)
+ * @param options.strip - Strip leading path components (like tar --strip-components)
+ * @param options.format - Archive format (auto-detected if not specified)
+ * @returns Path to the extraction directory
+ */
+export declare function downloadAndExtractArchive(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    format?: ArchiveFormat;
+    quiet?: boolean;
+    strip?: number;
+}): Promise<string>;