@socketsecurity/lib 5.6.0 → 5.8.0

package/dist/releases/github.js

@@ -30,6 +30,9 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var github_exports = {};
 __export(github_exports, {
   SOCKET_BTM_REPO: () => SOCKET_BTM_REPO,
+  createAssetMatcher: () => createAssetMatcher,
+  downloadAndExtractArchive: () => downloadAndExtractArchive,
+  downloadAndExtractZip: () => downloadAndExtractZip,
   downloadGitHubRelease: () => downloadGitHubRelease,
   downloadReleaseAsset: () => downloadReleaseAsset,
   getAuthHeaders: () => getAuthHeaders,
@@ -38,12 +41,12 @@ __export(github_exports, {
 });
 module.exports = __toCommonJS(github_exports);
 var import_picomatch = __toESM(require("../external/picomatch.js"));
+var import_archives = require("../archives.js");
 var import_fs = require("../fs.js");
 var import_http_request = require("../http-request.js");
 var import_logger = require("../logger.js");
 var import_promises = require("../promises.js");
 var import_spawn = require("../spawn.js");
-const logger = (0, import_logger.getDefaultLogger)();
 const RETRY_CONFIG = Object.freeze({
   __proto__: null,
   // Exponential backoff: delay doubles with each retry (5s, 10s, 20s).
@@ -53,19 +56,13 @@ const RETRY_CONFIG = Object.freeze({
   // Maximum number of retry attempts (excluding initial request).
   retries: 2
 });
+const SOCKET_BTM_REPO = {
+  owner: "SocketDev",
+  repo: "socket-btm"
+};
+const logger = (0, import_logger.getDefaultLogger)();
 let _fs;
 let _path;
-function createMatcher(pattern) {
-  if (typeof pattern === "string") {
-    const isMatch = (0, import_picomatch.default)(pattern);
-    return (input) => isMatch(input);
-  }
-  if (pattern instanceof RegExp) {
-    return (input) => pattern.test(input);
-  }
-  const { prefix, suffix } = pattern;
-  return (input) => input.startsWith(prefix) && input.endsWith(suffix);
-}
 // @__NO_SIDE_EFFECTS__
 function getFs() {
   if (_fs === void 0) {
@@ -80,10 +77,91 @@ function getPath() {
   }
   return _path;
 }
-const SOCKET_BTM_REPO = {
-  owner: "SocketDev",
-  repo: "socket-btm"
-};
+function createAssetMatcher(pattern) {
+  if (typeof pattern === "string") {
+    const isMatch = (0, import_picomatch.default)(pattern);
+    return (input) => isMatch(input);
+  }
+  if (pattern instanceof RegExp) {
+    return (input) => pattern.test(input);
+  }
+  const { prefix, suffix } = pattern;
+  return (input) => input.startsWith(prefix) && input.endsWith(suffix);
+}
+async function downloadGitHubRelease(config) {
+  const {
+    assetName,
+    binaryName,
+    cwd = process.cwd(),
+    downloadDir = "build/downloaded",
+    owner,
+    platformArch,
+    quiet = false,
+    removeMacOSQuarantine = true,
+    repo,
+    tag: explicitTag,
+    toolName,
+    toolPrefix
+  } = config;
+  let tag;
+  if (explicitTag) {
+    tag = explicitTag;
+  } else if (toolPrefix) {
+    const latestTag = await getLatestRelease(
+      toolPrefix,
+      { owner, repo },
+      { quiet }
+    );
+    if (!latestTag) {
+      throw new Error(`No ${toolPrefix} release found in ${owner}/${repo}`);
+    }
+    tag = latestTag;
+  } else {
+    throw new Error("Either toolPrefix or tag must be provided");
+  }
+  const path = /* @__PURE__ */ getPath();
+  const resolvedDownloadDir = path.isAbsolute(downloadDir) ? downloadDir : path.join(cwd, downloadDir);
+  const binaryDir = path.join(resolvedDownloadDir, toolName, platformArch);
+  const binaryPath = path.join(binaryDir, binaryName);
+  const versionPath = path.join(binaryDir, ".version");
+  const fs = /* @__PURE__ */ getFs();
+  if (fs.existsSync(versionPath) && fs.existsSync(binaryPath)) {
+    const cachedVersion = (await fs.promises.readFile(versionPath, "utf8")).trim();
+    if (cachedVersion === tag && fs.existsSync(binaryPath)) {
+      if (!quiet) {
+        logger.info(`Using cached ${toolName} (${platformArch}): ${binaryPath}`);
+      }
+      return binaryPath;
+    }
+  }
+  if (!quiet) {
+    logger.info(`Downloading ${toolName} for ${platformArch}...`);
+  }
+  await downloadReleaseAsset(
+    tag,
+    assetName,
+    binaryPath,
+    { owner, repo },
+    { quiet }
+  );
+  const isWindows = binaryName.endsWith(".exe");
+  if (!isWindows) {
+    fs.chmodSync(binaryPath, 493);
+    if (removeMacOSQuarantine && process.platform === "darwin" && platformArch.startsWith("darwin")) {
+      try {
+        await (0, import_spawn.spawn)("xattr", ["-d", "com.apple.quarantine", binaryPath], {
+          stdio: "ignore"
+        });
+      } catch {
+      }
+    }
+  }
+  await fs.promises.writeFile(versionPath, tag, "utf8");
+  if (!quiet) {
+    logger.info(`Downloaded ${toolName} to ${binaryPath}`);
+  }
+  return binaryPath;
+}
 async function downloadReleaseAsset(tag, assetPattern, outputPath, repoConfig, options = {}) {
   const { owner, repo } = repoConfig;
   const { quiet = false } = options;
@@ -120,7 +198,7 @@ function getAuthHeaders() {
 async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
   const { assetPattern, quiet = false } = options;
   const { owner, repo } = repoConfig;
-  const isMatch = assetPattern ? createMatcher(assetPattern) : void 0;
+  const isMatch = assetPattern ? createAssetMatcher(assetPattern) : void 0;
   return await (0, import_promises.pRetry)(
     async () => {
       const response = await (0, import_http_request.httpRequest)(
@@ -132,27 +210,33 @@ async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
       if (!response.ok) {
         throw new Error(`Failed to fetch releases: ${response.status}`);
       }
-      const releases = JSON.parse(response.body.toString("utf8"));
-      const matchingReleases = releases.filter(
-        (release) => {
-          const { assets, tag_name: tag2 } = release;
-          if (!tag2.startsWith(toolPrefix)) {
-            return false;
-          }
-          if (!assets || assets.length === 0) {
+      let releases;
+      try {
+        releases = JSON.parse(response.body.toString("utf8"));
+      } catch (cause) {
+        throw new Error(
+          `Failed to parse GitHub releases response from https://api.github.com/repos/${owner}/${repo}/releases`,
+          { cause }
+        );
+      }
+      const matchingReleases = releases.filter((release) => {
+        const { assets, tag_name: tag2 } = release;
+        if (!tag2.startsWith(toolPrefix)) {
+          return false;
+        }
+        if (!assets || assets.length === 0) {
+          return false;
+        }
+        if (isMatch) {
+          const hasMatchingAsset = assets.some(
+            (a) => isMatch(a.name)
+          );
+          if (!hasMatchingAsset) {
             return false;
           }
-          if (isMatch) {
-            const hasMatchingAsset = assets.some(
-              (a) => isMatch(a.name)
-            );
-            if (!hasMatchingAsset) {
-              return false;
-            }
-          }
-          return true;
         }
-      );
+        return true;
+      });
       if (matchingReleases.length === 0) {
         if (!quiet) {
           logger.info(`No ${toolPrefix} release found in latest 100 releases`);
@@ -188,7 +272,7 @@ async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
 async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
   const { owner, repo } = repoConfig;
   const { quiet = false } = options;
-  const isMatch = typeof assetPattern === "string" && !assetPattern.includes("*") && !assetPattern.includes("{") ? (input) => input === assetPattern : createMatcher(assetPattern);
+  const isMatch = typeof assetPattern === "string" && !assetPattern.includes("*") && !assetPattern.includes("{") ? (input) => input === assetPattern : createAssetMatcher(assetPattern);
   return await (0, import_promises.pRetry)(
     async () => {
       const response = await (0, import_http_request.httpRequest)(
@@ -200,10 +284,16 @@ async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
       if (!response.ok) {
         throw new Error(`Failed to fetch release ${tag}: ${response.status}`);
       }
-      const release = JSON.parse(response.body.toString("utf8"));
-      const asset = release.assets.find(
-        (a) => isMatch(a.name)
-      );
+      let release;
+      try {
+        release = JSON.parse(response.body.toString("utf8"));
+      } catch (cause) {
+        throw new Error(
+          `Failed to parse GitHub release response for tag ${tag}`,
+          { cause }
+        );
+      }
+      const asset = release.assets.find((a) => isMatch(a.name));
       if (!asset) {
         const patternDesc = typeof assetPattern === "string" ? assetPattern : "matching pattern";
         throw new Error(`Asset ${patternDesc} not found in release ${tag}`);
@@ -229,83 +319,95 @@ async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
     }
   );
 }
-async function downloadGitHubRelease(config) {
-  const {
-    assetName,
-    binaryName,
-    cwd = process.cwd(),
-    downloadDir = "build/downloaded",
-    owner,
-    platformArch,
-    quiet = false,
-    removeMacOSQuarantine = true,
-    repo,
-    tag: explicitTag,
-    toolName,
-    toolPrefix
-  } = config;
-  let tag;
-  if (explicitTag) {
-    tag = explicitTag;
-  } else if (toolPrefix) {
-    const latestTag = await getLatestRelease(
-      toolPrefix,
-      { owner, repo },
-      { quiet }
-    );
-    if (!latestTag) {
-      throw new Error(`No ${toolPrefix} release found in ${owner}/${repo}`);
+async function downloadAndExtractZip(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, quiet = false } = options;
+  const path = /* @__PURE__ */ getPath();
+  const fs = /* @__PURE__ */ getFs();
+  await (0, import_fs.safeMkdir)(outputDir);
+  const zipPath = path.join(outputDir, "__temp_download__.zip");
+  if (!quiet) {
+    logger.info(`Downloading zip asset from release ${tag}...`);
+  }
+  await downloadReleaseAsset(tag, assetPattern, zipPath, repoConfig, { quiet });
+  if (!quiet) {
+    logger.info(`Extracting zip to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(zipPath, outputDir, { quiet });
+    if (!quiet) {
+      logger.info(`Extracted zip contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new Error(`Failed to extract zip file: ${zipPath}`, { cause });
+  } finally {
+    if (cleanup) {
+      try {
+        await fs.promises.unlink(zipPath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary zip file");
+        }
+      } catch (error) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup zip file: ${error}`);
+        }
+      }
     }
-    tag = latestTag;
-  } else {
-    throw new Error("Either toolPrefix or tag must be provided");
   }
+  return outputDir;
+}
+async function downloadAndExtractArchive(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, format, quiet = false, strip } = options;
   const path = /* @__PURE__ */ getPath();
-  const resolvedDownloadDir = path.isAbsolute(downloadDir) ? downloadDir : path.join(cwd, downloadDir);
-  const binaryDir = path.join(resolvedDownloadDir, toolName, platformArch);
-  const binaryPath = path.join(binaryDir, binaryName);
-  const versionPath = path.join(binaryDir, ".version");
   const fs = /* @__PURE__ */ getFs();
-  if (fs.existsSync(versionPath) && fs.existsSync(binaryPath)) {
-    const cachedVersion = (await fs.promises.readFile(versionPath, "utf8")).trim();
-    if (cachedVersion === tag) {
-      if (!quiet) {
-        logger.info(`Using cached ${toolName} (${platformArch}): ${binaryPath}`);
-      }
-      return binaryPath;
+  await (0, import_fs.safeMkdir)(outputDir);
+  let ext = ".archive";
+  if (format) {
+    ext = format === "tar.gz" ? ".tar.gz" : `.${format}`;
+  } else if (typeof assetPattern === "string") {
+    const detectedFormat = (0, import_archives.detectArchiveFormat)(assetPattern);
+    if (detectedFormat) {
+      ext = detectedFormat === "tar.gz" ? ".tar.gz" : `.${detectedFormat}`;
     }
   }
+  const archivePath = path.join(outputDir, `__temp_download__${ext}`);
   if (!quiet) {
-    logger.info(`Downloading ${toolName} for ${platformArch}...`);
+    logger.info(`Downloading archive from release ${tag}...`);
   }
-  await downloadReleaseAsset(
-    tag,
-    assetName,
-    binaryPath,
-    { owner, repo },
-    { quiet }
-  );
-  const isWindows = binaryName.endsWith(".exe");
-  if (!isWindows) {
-    fs.chmodSync(binaryPath, 493);
-    if (removeMacOSQuarantine && process.platform === "darwin" && platformArch.startsWith("darwin")) {
+  await downloadReleaseAsset(tag, assetPattern, archivePath, repoConfig, {
+    quiet
+  });
+  if (!quiet) {
+    logger.info(`Extracting archive to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(archivePath, outputDir, { quiet, strip });
+    if (!quiet) {
+      logger.info(`Extracted archive contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new Error(`Failed to extract archive: ${archivePath}`, { cause });
+  } finally {
+    if (cleanup) {
       try {
-        await (0, import_spawn.spawn)("xattr", ["-d", "com.apple.quarantine", binaryPath], {
-          stdio: "ignore"
-        });
-      } catch {
+        await fs.promises.unlink(archivePath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary archive file");
+        }
+      } catch (error) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup archive file: ${error}`);
+        }
       }
     }
   }
-  await fs.promises.writeFile(versionPath, tag, "utf8");
-  if (!quiet) {
-    logger.info(`Downloaded ${toolName} to ${binaryPath}`);
-  }
-  return binaryPath;
+  return outputDir;
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   SOCKET_BTM_REPO,
+  createAssetMatcher,
+  downloadAndExtractArchive,
+  downloadAndExtractZip,
   downloadGitHubRelease,
   downloadReleaseAsset,
   getAuthHeaders,

package/dist/spawn.js

@@ -92,7 +92,7 @@ function enhanceSpawnError(error) {
   }
   const trimmedStderr = stderrText.trim();
   if (trimmedStderr) {
-    const firstLine = trimmedStderr.split("\n")[0];
+    const firstLine = trimmedStderr.split("\n")[0] ?? "";
     if (firstLine.length < 200) {
       enhancedMessage += `
 ${firstLine}`;

package/dist/spinner.js

@@ -66,7 +66,7 @@ function desc(value) {
 }
 function formatProgress(progress) {
   const { current, total, unit } = progress;
-  const percentage = Math.round(current / total * 100);
+  const percentage = total === 0 ? 0 : Math.round(current / total * 100);
   const bar = renderProgressBar(percentage);
   const count = unit ? `${current}/${total} ${unit}` : `${current}/${total}`;
   return `${bar} ${percentage}% (${count})`;

package/dist/stdio/progress.js

@@ -128,11 +128,11 @@ class ProgressBar {
    */
   render(tokens) {
     const colorFn = import_yoctocolors_cjs.default[this.options.color] || ((s) => s);
-    const percent = Math.floor(this.current / this.total * 100);
+    const percent = this.total === 0 ? 0 : Math.floor(this.current / this.total * 100);
     const elapsed = Date.now() - this.startTime;
     const eta = this.current === 0 ? 0 : elapsed / this.current * (this.total - this.current);
     const availableWidth = this.options.width;
-    const filledWidth = Math.floor(this.current / this.total * availableWidth);
+    const filledWidth = this.total === 0 ? 0 : Math.floor(this.current / this.total * availableWidth);
     const emptyWidth = availableWidth - filledWidth;
     const filled = (0, import_strings.repeatString)(this.options.complete, filledWidth);
     const empty = (0, import_strings.repeatString)(this.options.incomplete, emptyWidth);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@socketsecurity/lib",
-  "version": "5.6.0",
-  "packageManager": "pnpm@10.29.1",
+  "version": "5.8.0",
+  "packageManager": "pnpm@10.32.0",
   "license": "MIT",
   "description": "Core utilities and infrastructure for Socket.dev security tools",
   "keywords": [
@@ -103,6 +103,10 @@
       "types": "./dist/ansi.d.ts",
       "default": "./dist/ansi.js"
     },
+    "./archives": {
+      "types": "./dist/archives.d.ts",
+      "default": "./dist/archives.js"
+    },
     "./argv/flags": {
       "types": "./dist/argv/flags.d.ts",
       "default": "./dist/argv/flags.js"
@@ -679,7 +683,6 @@
       "types": "./dist/zod.d.ts",
       "default": "./dist/zod.js"
     },
-    "./biome.json": "./biome.json",
     "./data/extensions.json": "./data/extensions.json",
     "./package.json": "./package.json",
     "./tsconfig.dts.json": "./tsconfig.dts.json",
@@ -703,7 +706,11 @@
     "cover": "node scripts/test/cover.mjs",
     "dev": "node scripts/build/main.mjs --watch",
     "fix": "node scripts/lint.mjs --fix",
+    "format": "oxfmt",
+    "format:check": "oxfmt --check",
     "lint": "node scripts/lint.mjs",
+    "lint:oxlint": "oxlint .",
+    "lint:oxfmt": "oxfmt --check .",
     "prepare": "husky",
     "prepublishOnly": "pnpm run build",
     "test": "node scripts/test/main.mjs",
@@ -714,10 +721,7 @@
     "@babel/parser": "7.28.4",
     "@babel/traverse": "7.28.4",
     "@babel/types": "7.28.4",
-    "@biomejs/biome": "2.2.4",
     "@dotenvx/dotenvx": "1.49.0",
-    "@eslint/compat": "1.4.0",
-    "@eslint/js": "9.38.0",
     "@inquirer/checkbox": "4.3.1",
     "@inquirer/confirm": "5.1.16",
     "@inquirer/input": "4.2.2",
@@ -730,31 +734,27 @@
     "@socketregistry/is-unicode-supported": "1.0.5",
     "@socketregistry/packageurl-js": "1.3.5",
     "@socketregistry/yocto-spinner": "1.0.25",
-    "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.5.3",
+    "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.7.0",
     "@types/node": "24.9.2",
     "@typescript/native-preview": "7.0.0-dev.20250920.1",
     "@vitest/coverage-v8": "4.0.3",
     "@vitest/ui": "4.0.3",
     "@yarnpkg/core": "4.5.0",
     "@yarnpkg/extensions": "2.0.6",
+    "adm-zip": "0.5.16",
     "cacache": "20.0.1",
     "debug": "4.4.3",
     "del": "8.0.1",
     "del-cli": "6.0.0",
     "esbuild": "0.25.11",
-    "eslint": "9.35.0",
-    "eslint-import-resolver-typescript": "4.4.4",
-    "eslint-plugin-import-x": "4.16.1",
-    "eslint-plugin-n": "17.23.1",
     "eslint-plugin-sort-destructure-keys": "2.0.0",
-    "eslint-plugin-unicorn": "61.0.2",
     "fast-glob": "3.3.3",
     "fast-sort": "3.4.1",
     "get-east-asian-width": "1.3.0",
     "globals": "16.4.0",
     "has-flag": "5.0.1",
     "husky": "9.1.7",
-    "libnpmexec": "^10.2.0",
+    "libnpmexec": "10.2.3",
     "libnpmpack": "9.0.9",
     "lint-staged": "15.2.11",
     "magic-string": "0.30.17",
@@ -762,6 +762,8 @@
     "nock": "14.0.10",
     "normalize-package-data": "8.0.0",
     "npm-package-arg": "13.0.0",
+    "oxfmt": "^0.37.0",
+    "oxlint": "^1.52.0",
     "pacote": "21.0.1",
     "picomatch": "2.3.1",
     "pony-cause": "2.1.11",
@@ -771,11 +773,12 @@
     "spdx-expression-parse": "4.0.0",
     "streaming-iterables": "8.0.1",
     "supports-color": "10.0.0",
+    "tar-fs": "3.1.2",
+    "tar-stream": "3.1.8",
     "taze": "19.9.2",
     "trash": "10.0.0",
     "type-coverage": "2.29.7",
     "typescript": "5.9.2",
-    "typescript-eslint": "8.44.1",
     "validate-npm-package-name": "6.0.2",
     "vite-tsconfig-paths": "5.1.4",
     "vitest": "4.0.3",
@@ -794,23 +797,40 @@
   },
   "pnpm": {
     "overrides": {
+      "@inquirer/ansi": "1.0.2",
+      "@inquirer/core": "10.3.1",
+      "@inquirer/figures": "1.0.15",
       "@npmcli/arborist": "9.1.6",
+      "@npmcli/git": "6.0.3",
       "@npmcli/run-script": "10.0.0",
       "@sigstore/core": "3.1.0",
       "@sigstore/sign": "4.1.0",
       "ansi-regex": "6.2.2",
+      "chownr": "3.0.0",
       "debug": "4.4.3",
       "execa": "5.1.1",
       "has-flag": "5.0.1",
+      "hosted-git-info": "8.1.0",
       "isexe": "3.1.1",
       "lru-cache": "11.2.2",
+      "minimatch": "9.0.5",
+      "minipass": "7.1.3",
+      "minipass@7": "7.1.3",
+      "minipass-fetch": "4.0.1",
+      "minipass-sized": "1.0.3",
+      "minizlib": "3.1.0",
+      "npm-package-arg": "12.0.2",
+      "npm-pick-manifest": "10.0.0",
       "picomatch": "4.0.3",
       "proc-log": "6.1.0",
       "semver": "7.7.2",
       "signal-exit": "4.1.0",
+      "spdx-expression-parse": "4.0.0",
+      "ssri": "12.0.0",
       "string-width": "8.1.0",
       "strip-ansi": "7.1.2",
       "supports-color": "10.0.0",
+      "tar": "7.5.11",
       "which": "5.0.0",
       "wrap-ansi": "9.0.2",
       "yoctocolors-cjs": "2.1.3"
@@ -819,7 +839,10 @@
       "@npmcli/run-script@10.0.0": "patches/@npmcli__run-script@10.0.0.patch",
       "@sigstore/sign@4.1.0": "patches/@sigstore__sign@4.1.0.patch",
       "execa@5.1.1": "patches/execa@5.1.1.patch",
-      "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch"
+      "minipass-flush@1.0.5": "patches/minipass-flush@1.0.5.patch",
+      "minipass-pipeline@1.2.4": "patches/minipass-pipeline@1.2.4.patch",
+      "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch",
+      "minipass-sized@1.0.3": "patches/minipass-sized@1.0.3.patch"
     }
   }
 }