@socketsecurity/lib 5.6.0 → 5.8.0

package/dist/dlx/binary.js

@@ -22,9 +22,13 @@ __export(binary_exports, {
   cleanDlxCache: () => cleanDlxCache,
   dlxBinary: () => dlxBinary,
   downloadBinary: () => downloadBinary,
+  downloadBinaryFile: () => downloadBinaryFile,
   executeBinary: () => executeBinary,
+  getBinaryCacheMetadataPath: () => getBinaryCacheMetadataPath,
   getDlxCachePath: () => getDlxCachePath,
-  listDlxCache: () => listDlxCache
+  isBinaryCacheValid: () => isBinaryCacheValid,
+  listDlxCache: () => listDlxCache,
+  writeBinaryCacheMetadata: () => writeBinaryCacheMetadata
 });
 module.exports = __toCommonJS(binary_exports);
 var import_platform = require("../constants/platform");
@@ -61,95 +65,6 @@ function getPath() {
   }
   return _path;
 }
-function getMetadataPath(cacheEntryPath) {
-  return (/* @__PURE__ */ getPath()).join(cacheEntryPath, ".dlx-metadata.json");
-}
-async function isCacheValid(cacheEntryPath, cacheTtl) {
-  const fs = /* @__PURE__ */ getFs();
-  try {
-    const metaPath = getMetadataPath(cacheEntryPath);
-    if (!fs.existsSync(metaPath)) {
-      return false;
-    }
-    const metadata = await (0, import_fs.readJson)(metaPath, { throws: false });
-    if (!(0, import_objects.isObjectObject)(metadata)) {
-      return false;
-    }
-    const now = Date.now();
-    const timestamp = metadata["timestamp"];
-    if (typeof timestamp !== "number" || timestamp <= 0) {
-      return false;
-    }
-    const age = now - timestamp;
-    return age < cacheTtl;
-  } catch {
-    return false;
-  }
-}
-async function downloadBinaryFile(url, destPath, integrity) {
-  const crypto = /* @__PURE__ */ getCrypto();
-  const fs = /* @__PURE__ */ getFs();
-  const path = /* @__PURE__ */ getPath();
-  const cacheEntryDir = path.dirname(destPath);
-  const lockPath = path.join(cacheEntryDir, "concurrency.lock");
-  return await import_process_lock.processLock.withLock(
-    lockPath,
-    async () => {
-      if (fs.existsSync(destPath)) {
-        const stats = await fs.promises.stat(destPath);
-        if (stats.size > 0) {
-          const fileBuffer2 = await fs.promises.readFile(destPath);
-          const hash2 = crypto.createHash("sha512").update(fileBuffer2).digest("base64");
-          return `sha512-${hash2}`;
-        }
-      }
-      try {
-        await (0, import_http_request.httpDownload)(url, destPath);
-      } catch (e) {
-        throw new Error(
-          `Failed to download binary from ${url}
-Destination: ${destPath}
-Check your internet connection or verify the URL is accessible.`,
-          { cause: e }
-        );
-      }
-      const fileBuffer = await fs.promises.readFile(destPath);
-      const hash = crypto.createHash("sha512").update(fileBuffer).digest("base64");
-      const actualIntegrity = `sha512-${hash}`;
-      if (integrity && actualIntegrity !== integrity) {
-        await (0, import_fs.safeDelete)(destPath);
-        throw new Error(
-          `Integrity mismatch: expected ${integrity}, got ${actualIntegrity}`
-        );
-      }
-      if (!import_platform.WIN32) {
-        await fs.promises.chmod(destPath, 493);
-      }
-      return actualIntegrity;
-    },
-    {
-      // Align with npm npx locking strategy.
-      staleMs: 5e3,
-      touchIntervalMs: 2e3
-    }
-  );
-}
-async function writeMetadata(cacheEntryPath, cacheKey, url, integrity, size) {
-  const metaPath = getMetadataPath(cacheEntryPath);
-  const metadata = {
-    version: "1.0.0",
-    cache_key: cacheKey,
-    timestamp: Date.now(),
-    integrity,
-    size,
-    source: {
-      type: "download",
-      url
-    }
-  };
-  const fs = /* @__PURE__ */ getFs();
-  await fs.promises.writeFile(metaPath, JSON.stringify(metadata, null, 2));
-}
 async function cleanDlxCache(maxAge = import_time.DLX_BINARY_CACHE_TTL) {
   const cacheDir = getDlxCachePath();
   const fs = /* @__PURE__ */ getFs();
@@ -162,7 +77,7 @@ async function cleanDlxCache(maxAge = import_time.DLX_BINARY_CACHE_TTL) {
   const entries = await fs.promises.readdir(cacheDir);
   for (const entry of entries) {
     const entryPath = path.join(cacheDir, entry);
-    const metaPath = getMetadataPath(entryPath);
+    const metaPath = getBinaryCacheMetadataPath(entryPath);
     try {
       if (!await (0, import_fs.isDir)(entryPath)) {
         continue;
@@ -173,7 +88,7 @@ async function cleanDlxCache(maxAge = import_time.DLX_BINARY_CACHE_TTL) {
       }
       const timestamp = metadata["timestamp"];
       const age = typeof timestamp === "number" && timestamp > 0 ? now - timestamp : Number.POSITIVE_INFINITY;
-      if (age > maxAge) {
+      if (age < 0 || age > maxAge) {
         await (0, import_fs.safeDelete)(entryPath, { force: true, recursive: true });
         cleaned += 1;
       }
@@ -211,12 +126,15 @@ async function dlxBinary(args, options, spawnExtra) {
   const binaryPath = (0, import_normalize.normalizePath)(path.join(cacheEntryDir, binaryName));
   let downloaded = false;
   let computedIntegrity = integrity;
-  if (!force && fs.existsSync(cacheEntryDir) && await isCacheValid(cacheEntryDir, cacheTtl)) {
+  if (!force && fs.existsSync(cacheEntryDir) && await isBinaryCacheValid(cacheEntryDir, cacheTtl)) {
     try {
-      const metaPath = getMetadataPath(cacheEntryDir);
+      const metaPath = getBinaryCacheMetadataPath(cacheEntryDir);
       const metadata = await (0, import_fs.readJson)(metaPath, { throws: false });
       if (metadata && typeof metadata === "object" && !Array.isArray(metadata) && typeof metadata["integrity"] === "string") {
         computedIntegrity = metadata["integrity"];
+        if (!fs.existsSync(binaryPath)) {
+          downloaded = true;
+        }
       } else {
         downloaded = true;
       }
@@ -252,7 +170,7 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
     }
     computedIntegrity = await downloadBinaryFile(url, binaryPath, integrity);
     const stats = await fs.promises.stat(binaryPath);
-    await writeMetadata(
+    await writeBinaryCacheMetadata(
       cacheEntryDir,
       cacheKey,
       url,
@@ -293,7 +211,7 @@ async function downloadBinary(options) {
   const cacheEntryDir = path.join(cacheDir, cacheKey);
   const binaryPath = (0, import_normalize.normalizePath)(path.join(cacheEntryDir, binaryName));
   let downloaded = false;
-  if (!force && fs.existsSync(cacheEntryDir) && await isCacheValid(cacheEntryDir, cacheTtl)) {
+  if (!force && fs.existsSync(cacheEntryDir) && await isBinaryCacheValid(cacheEntryDir, cacheTtl)) {
     downloaded = false;
   } else {
     try {
@@ -325,7 +243,7 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
       integrity
     );
     const stats = await fs.promises.stat(binaryPath);
-    await writeMetadata(
+    await writeBinaryCacheMetadata(
       cacheEntryDir,
       cacheKey,
       url,
@@ -339,6 +257,54 @@ Ensure the filesystem is writable or set SOCKET_DLX_DIR to a writable location.`
     downloaded
   };
 }
+async function downloadBinaryFile(url, destPath, integrity) {
+  const crypto = /* @__PURE__ */ getCrypto();
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  const cacheEntryDir = path.dirname(destPath);
+  const lockPath = path.join(cacheEntryDir, "concurrency.lock");
+  return await import_process_lock.processLock.withLock(
+    lockPath,
+    async () => {
+      if (fs.existsSync(destPath)) {
+        const stats = await fs.promises.stat(destPath);
+        if (stats.size > 0) {
+          const fileBuffer2 = await fs.promises.readFile(destPath);
+          const hash2 = crypto.createHash("sha512").update(fileBuffer2).digest("base64");
+          return `sha512-${hash2}`;
+        }
+      }
+      try {
+        await (0, import_http_request.httpDownload)(url, destPath);
+      } catch (e) {
+        throw new Error(
+          `Failed to download binary from ${url}
+Destination: ${destPath}
+Check your internet connection or verify the URL is accessible.`,
+          { cause: e }
+        );
+      }
+      const fileBuffer = await fs.promises.readFile(destPath);
+      const hash = crypto.createHash("sha512").update(fileBuffer).digest("base64");
+      const actualIntegrity = `sha512-${hash}`;
+      if (integrity && actualIntegrity !== integrity) {
+        await (0, import_fs.safeDelete)(destPath);
+        throw new Error(
+          `Integrity mismatch: expected ${integrity}, got ${actualIntegrity}`
+        );
+      }
+      if (!import_platform.WIN32) {
+        await fs.promises.chmod(destPath, 493);
+      }
+      return actualIntegrity;
+    },
+    {
+      // Align with npm npx locking strategy.
+      staleMs: 5e3,
+      touchIntervalMs: 2e3
+    }
+  );
+}
 function executeBinary(binaryPath, args, spawnOptions, spawnExtra) {
   const needsShell = import_platform.WIN32 && /\.(?:bat|cmd|ps1)$/i.test(binaryPath);
   const path = /* @__PURE__ */ getPath();
@@ -356,6 +322,34 @@ function executeBinary(binaryPath, args, spawnOptions, spawnExtra) {
 function getDlxCachePath() {
   return (0, import_socket.getSocketDlxDir)();
 }
+function getBinaryCacheMetadataPath(cacheEntryPath) {
+  return (/* @__PURE__ */ getPath()).join(cacheEntryPath, ".dlx-metadata.json");
+}
+async function isBinaryCacheValid(cacheEntryPath, cacheTtl) {
+  const fs = /* @__PURE__ */ getFs();
+  try {
+    const metaPath = getBinaryCacheMetadataPath(cacheEntryPath);
+    if (!fs.existsSync(metaPath)) {
+      return false;
+    }
+    const metadata = await (0, import_fs.readJson)(metaPath, { throws: false });
+    if (!(0, import_objects.isObjectObject)(metadata)) {
+      return false;
+    }
+    const now = Date.now();
+    const timestamp = metadata["timestamp"];
+    if (typeof timestamp !== "number" || timestamp <= 0) {
+      return false;
+    }
+    const age = now - timestamp;
+    if (age < 0) {
+      return false;
+    }
+    return age < cacheTtl;
+  } catch {
+    return false;
+  }
+}
 async function listDlxCache() {
   const cacheDir = getDlxCachePath();
   const fs = /* @__PURE__ */ getFs();
@@ -372,7 +366,7 @@ async function listDlxCache() {
       if (!await (0, import_fs.isDir)(entryPath)) {
         continue;
       }
-      const metaPath = getMetadataPath(entryPath);
+      const metaPath = getBinaryCacheMetadataPath(entryPath);
       const metadata = await (0, import_fs.readJson)(metaPath, { throws: false });
       if (!metadata || typeof metadata !== "object" || Array.isArray(metadata)) {
         continue;
@@ -398,12 +392,34 @@ async function listDlxCache() {
   }
   return results;
 }
+async function writeBinaryCacheMetadata(cacheEntryPath, cacheKey, url, integrity, size) {
+  const metaPath = getBinaryCacheMetadataPath(cacheEntryPath);
+  const metadata = {
+    version: "1.0.0",
+    cache_key: cacheKey,
+    timestamp: Date.now(),
+    integrity,
+    size,
+    source: {
+      type: "download",
+      url
+    }
+  };
+  const fs = /* @__PURE__ */ getFs();
+  const tmpPath = `${metaPath}.tmp.${process.pid}`;
+  await fs.promises.writeFile(tmpPath, JSON.stringify(metadata, null, 2));
+  await fs.promises.rename(tmpPath, metaPath);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   cleanDlxCache,
   dlxBinary,
   downloadBinary,
+  downloadBinaryFile,
   executeBinary,
+  getBinaryCacheMetadataPath,
   getDlxCachePath,
-  listDlxCache
+  isBinaryCacheValid,
+  listDlxCache,
+  writeBinaryCacheMetadata
 });

package/dist/dlx/detect.d.ts

@@ -5,6 +5,14 @@ export interface ExecutableDetectionResult {
     packageJsonPath?: string;
     inDlxCache?: boolean;
 }
+/**
+ * Detect executable type for paths in DLX cache.
+ * Uses filesystem structure (node_modules/ presence).
+ *
+ * @param filePath - Path within DLX cache (~/.socket/_dlx/)
+ * @returns Detection result
+ */
+export declare function detectDlxExecutableType(filePath: string): ExecutableDetectionResult;
 /**
  * Detect if a path is a Node.js package or native binary executable.
  * Works for both DLX cache paths and local filesystem paths.
@@ -27,14 +35,6 @@ export interface ExecutableDetectionResult {
  * ```
  */
 export declare function detectExecutableType(filePath: string): ExecutableDetectionResult;
-/**
- * Detect executable type for paths in DLX cache.
- * Uses filesystem structure (node_modules/ presence).
- *
- * @param filePath - Path within DLX cache (~/.socket/_dlx/)
- * @returns Detection result
- */
-export declare function detectDlxExecutableType(filePath: string): ExecutableDetectionResult;
 /**
  * Detect executable type for local filesystem paths.
  * Uses package.json and file extension checks.

package/dist/dlx/detect.js

@@ -46,11 +46,19 @@ function getPath() {
   return _path;
 }
 const NODE_JS_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".mjs", ".cjs"]);
-function detectExecutableType(filePath) {
-  if ((0, import_paths.isInSocketDlx)(filePath)) {
-    return detectDlxExecutableType(filePath);
+function findPackageJson(filePath) {
+  const fs = /* @__PURE__ */ getFs();
+  const path = /* @__PURE__ */ getPath();
+  let currentDir = path.dirname(path.resolve(filePath));
+  const root = path.parse(currentDir).root;
+  while (currentDir !== root) {
+    const packageJsonPath = path.join(currentDir, "package.json");
+    if (fs.existsSync(packageJsonPath)) {
+      return packageJsonPath;
+    }
+    currentDir = path.dirname(currentDir);
   }
-  return detectLocalExecutableType(filePath);
+  return void 0;
 }
 function detectDlxExecutableType(filePath) {
   const fs = /* @__PURE__ */ getFs();
@@ -73,6 +81,12 @@ function detectDlxExecutableType(filePath) {
     inDlxCache: true
   };
 }
+function detectExecutableType(filePath) {
+  if ((0, import_paths.isInSocketDlx)(filePath)) {
+    return detectDlxExecutableType(filePath);
+  }
+  return detectLocalExecutableType(filePath);
+}
 function detectLocalExecutableType(filePath) {
   const fs = /* @__PURE__ */ getFs();
   const packageJsonPath = findPackageJson(filePath);
@@ -103,20 +117,6 @@ function detectLocalExecutableType(filePath) {
     inDlxCache: false
   };
 }
-function findPackageJson(filePath) {
-  const fs = /* @__PURE__ */ getFs();
-  const path = /* @__PURE__ */ getPath();
-  let currentDir = path.dirname(path.resolve(filePath));
-  const root = path.parse(currentDir).root;
-  while (currentDir !== root) {
-    const packageJsonPath = path.join(currentDir, "package.json");
-    if (fs.existsSync(packageJsonPath)) {
-      return packageJsonPath;
-    }
-    currentDir = path.dirname(currentDir);
-  }
-  return void 0;
-}
 function isJsFilePath(filePath) {
   const path = /* @__PURE__ */ getPath();
   const ext = path.extname(filePath).toLowerCase();

package/dist/dlx/manifest.d.ts

@@ -41,18 +41,6 @@ export interface ManifestEntry {
     timestamp: number;
     details: PackageDetails | BinaryDetails;
 }
-/**
- * Type guard for package entries.
- */
-export declare function isPackageEntry(entry: ManifestEntry): entry is ManifestEntry & {
-    details: PackageDetails;
-};
-/**
- * Type guard for binary entries.
- */
-export declare function isBinaryEntry(entry: ManifestEntry): entry is ManifestEntry & {
-    details: BinaryDetails;
-};
 /**
  * Legacy store record format (deprecated, for migration).
  */
@@ -67,6 +55,18 @@ export interface DlxManifestOptions {
      */
     manifestPath?: string;
 }
+/**
+ * Type guard for binary entries.
+ */
+export declare function isBinaryEntry(entry: ManifestEntry): entry is ManifestEntry & {
+    details: BinaryDetails;
+};
+/**
+ * Type guard for package entries.
+ */
+export declare function isPackageEntry(entry: ManifestEntry): entry is ManifestEntry & {
+    details: PackageDetails;
+};
 /**
  * DLX manifest storage manager with atomic operations.
  * Supports both legacy format (package name keys) and new unified manifest format (spec keys).
@@ -77,47 +77,48 @@ export declare class DlxManifest {
     constructor(options?: DlxManifestOptions);
     /**
      * Read the entire manifest file.
+     * @private
      */
     private readManifest;
+    private writeManifest;
     /**
-     * Get a manifest entry by spec (e.g., "@socketsecurity/cli@^2.0.11").
+     * Clear cached data for a specific entry.
      */
-    getManifestEntry(spec: string): ManifestEntry | undefined;
+    clear(name: string): Promise<void>;
+    /**
+     * Clear all cached data.
+     */
+    clearAll(): Promise<void>;
     /**
      * Get cached update information for a package (legacy format).
      * @deprecated Use getManifestEntry() for new code.
      */
     get(name: string): StoreRecord | undefined;
     /**
-     * Set a package manifest entry.
+     * Get all cached package names.
      */
-    setPackageEntry(spec: string, cacheKey: string, details: PackageDetails): Promise<void>;
+    getAllPackages(): string[];
     /**
-     * Set a binary manifest entry.
+     * Get a manifest entry by spec (e.g., "@socketsecurity/cli@^2.0.11").
      */
-    setBinaryEntry(spec: string, cacheKey: string, details: BinaryDetails): Promise<void>;
-    private writeManifest;
+    getManifestEntry(spec: string): ManifestEntry | undefined;
+    /**
+     * Check if cached data is fresh based on TTL.
+     */
+    isFresh(record: StoreRecord | undefined, ttlMs: number): boolean;
     /**
      * Store update information for a package (legacy format).
      * @deprecated Use setPackageEntry() for new code.
      */
     set(name: string, record: StoreRecord): Promise<void>;
     /**
-     * Clear cached data for a specific entry.
-     */
-    clear(name: string): Promise<void>;
-    /**
-     * Clear all cached data.
-     */
-    clearAll(): Promise<void>;
-    /**
-     * Check if cached data is fresh based on TTL.
+     * Set a binary manifest entry.
      */
-    isFresh(record: StoreRecord | undefined, ttlMs: number): boolean;
+    setBinaryEntry(spec: string, cacheKey: string, details: BinaryDetails): Promise<void>;
     /**
-     * Get all cached package names.
+     * Set a package manifest entry.
      */
-    getAllPackages(): string[];
+    setPackageEntry(spec: string, cacheKey: string, details: PackageDetails): Promise<void>;
 }
 // Export singleton instance using default manifest location.
 export declare const dlxManifest: DlxManifest;