@socketsecurity/lib 5.7.0 → 5.8.1

package/dist/git.js

@@ -34,6 +34,7 @@ __export(git_exports, {
   isUnstagedSync: () => isUnstagedSync
 });
 module.exports = __toCommonJS(git_exports);
+var import_bin = require("./bin");
 var import_debug = require("./debug");
 var import_globs = require("./globs");
 var import_normalize = require("./paths/normalize");
@@ -56,8 +57,38 @@ function getPath() {
   return _path;
 }
 const gitDiffCache = /* @__PURE__ */ new Map();
+const gitDiffAccessOrder = [];
+const GIT_CACHE_MAX_SIZE = 100;
+function evictLRUGitCache() {
+  if (gitDiffCache.size >= GIT_CACHE_MAX_SIZE && gitDiffAccessOrder.length > 0) {
+    const oldest = gitDiffAccessOrder.shift();
+    if (oldest) {
+      gitDiffCache.delete(oldest);
+    }
+  }
+}
+let _gitPath;
+const realpathCache = /* @__PURE__ */ new Map();
+const gitRootCache = /* @__PURE__ */ new Map();
+function getCachedRealpath(pathname) {
+  const fs = /* @__PURE__ */ getFs();
+  const cached = realpathCache.get(pathname);
+  if (cached) {
+    if (fs.existsSync(cached)) {
+      return cached;
+    }
+    realpathCache.delete(pathname);
+  }
+  const resolved = fs.realpathSync(pathname);
+  realpathCache.set(pathname, resolved);
+  return resolved;
+}
 function getGitPath() {
-  return "git";
+  if (_gitPath === void 0) {
+    const resolved = (0, import_bin.whichSync)("git", { nothrow: true });
+    _gitPath = typeof resolved === "string" ? resolved : "git";
+  }
+  return _gitPath;
 }
 function getCwd() {
   return (/* @__PURE__ */ getFs()).realpathSync(process.cwd());
@@ -114,7 +145,9 @@ async function innerDiff(args, options) {
     return [];
   }
   if (cache && cacheKey) {
+    evictLRUGitCache();
     gitDiffCache.set(cacheKey, result);
+    gitDiffAccessOrder.push(cacheKey);
   }
   return result;
 }
@@ -144,18 +177,28 @@ function innerDiffSync(args, options) {
     return [];
   }
   if (cache && cacheKey) {
+    evictLRUGitCache();
     gitDiffCache.set(cacheKey, result);
+    gitDiffAccessOrder.push(cacheKey);
   }
   return result;
 }
 function findGitRoot(startPath) {
   const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
+  const cached = gitRootCache.get(startPath);
+  if (cached) {
+    if (fs.existsSync(path.join(cached, ".git"))) {
+      return cached;
+    }
+    gitRootCache.delete(startPath);
+  }
   let currentPath = startPath;
   while (true) {
     try {
       const gitPath = path.join(currentPath, ".git");
       if (fs.existsSync(gitPath)) {
+        gitRootCache.set(startPath, currentPath);
         return currentPath;
       }
     } catch {
@@ -175,9 +218,8 @@ function parseGitDiffStdout(stdout, options, spawnCwd) {
     porcelain = false,
     ...matcherOptions
   } = { __proto__: null, ...options };
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const cwd = cwdOption === defaultRoot ? defaultRoot : fs.realpathSync(cwdOption);
+  const cwd = cwdOption === defaultRoot ? defaultRoot : getCachedRealpath(cwdOption);
   const rootPath = defaultRoot;
   let rawFiles = stdout ? (0, import_strings.stripAnsi)(stdout).split("\n").map((line) => line.trimEnd()).filter((line) => line) : [];
   if (porcelain) {
@@ -241,10 +283,9 @@ async function isChanged(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+  const resolvedPathname = getCachedRealpath(pathname);
+  const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
   const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
   return files.includes(relativePath);
 }
@@ -254,12 +295,15 @@ function isChangedSync(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
-  const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
-  return files.includes(relativePath);
+  try {
+    const resolvedPathname = getCachedRealpath(pathname);
+    const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
+    const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
+    return files.includes(relativePath);
+  } catch {
+    return false;
+  }
 }
 async function isUnstaged(pathname, options) {
   const files = await getUnstagedFiles({
@@ -267,10 +311,9 @@ async function isUnstaged(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+  const resolvedPathname = getCachedRealpath(pathname);
+  const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
   const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
   return files.includes(relativePath);
 }
@@ -280,10 +323,9 @@ function isUnstagedSync(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+  const resolvedPathname = getCachedRealpath(pathname);
+  const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
   const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
   return files.includes(relativePath);
 }
@@ -293,10 +335,9 @@ async function isStaged(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+  const resolvedPathname = getCachedRealpath(pathname);
+  const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
   const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
   return files.includes(relativePath);
 }
@@ -306,10 +347,9 @@ function isStagedSync(pathname, options) {
     ...options,
     absolute: false
   });
-  const fs = /* @__PURE__ */ getFs();
   const path = /* @__PURE__ */ getPath();
-  const resolvedPathname = fs.realpathSync(pathname);
-  const baseCwd = options?.cwd ? fs.realpathSync(options["cwd"]) : getCwd();
+  const resolvedPathname = getCachedRealpath(pathname);
+  const baseCwd = options?.cwd ? getCachedRealpath(options["cwd"]) : getCwd();
   const relativePath = (0, import_normalize.normalizePath)(path.relative(baseCwd, resolvedPathname));
   return files.includes(relativePath);
 }

package/dist/github.js

@@ -189,15 +189,14 @@ async function fetchGhsaDetails(ghsaId, options) {
 async function cacheFetchGhsa(ghsaId, options) {
   const cache = getGithubCache();
   const key = `ghsa:${ghsaId}`;
-  if (!process.env["DISABLE_GITHUB_CACHE"]) {
-    const cached = await cache.get(key);
-    if (cached) {
-      return JSON.parse(cached);
-    }
+  if (process.env["DISABLE_GITHUB_CACHE"]) {
+    return await fetchGhsaDetails(ghsaId, options);
   }
-  const data = await fetchGhsaDetails(ghsaId, options);
-  await cache.set(key, JSON.stringify(data));
-  return data;
+  const cached = await cache.getOrFetch(key, async () => {
+    const data = await fetchGhsaDetails(ghsaId, options);
+    return JSON.stringify(data);
+  });
+  return JSON.parse(cached);
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/globs.js

@@ -107,15 +107,33 @@ function globStreamLicenses(dirname, options) {
     }
   );
 }
+const MATCHER_CACHE_MAX_SIZE = 100;
 const matcherCache = /* @__PURE__ */ new Map();
+const matcherAccessOrder = [];
+function evictLRUMatcher() {
+  if (matcherCache.size >= MATCHER_CACHE_MAX_SIZE && matcherAccessOrder.length > 0) {
+    const oldest = matcherAccessOrder.shift();
+    if (oldest) {
+      matcherCache.delete(oldest);
+    }
+  }
+}
 // @__NO_SIDE_EFFECTS__
 function getGlobMatcher(glob2, options) {
   const patterns = Array.isArray(glob2) ? glob2 : [glob2];
-  const key = JSON.stringify({ patterns, options });
+  const sortedPatterns = [...patterns].sort();
+  const sortedOptions = options ? Object.keys(options).sort().map((k) => `${k}:${JSON.stringify(options[k])}`).join(",") : "";
+  const key = `${sortedPatterns.join("|")}:${sortedOptions}`;
   let matcher = matcherCache.get(key);
   if (matcher) {
+    const index = matcherAccessOrder.indexOf(key);
+    if (index !== -1) {
+      matcherAccessOrder.splice(index, 1);
+      matcherAccessOrder.push(key);
+    }
     return matcher;
   }
+  evictLRUMatcher();
   const positivePatterns = patterns.filter((p) => !p.startsWith("!"));
   const negativePatterns = patterns.filter((p) => p.startsWith("!")).map((p) => p.slice(1));
   const matchOptions = {
@@ -129,6 +147,7 @@ function getGlobMatcher(glob2, options) {
     matchOptions
   );
   matcherCache.set(key, matcher);
+  matcherAccessOrder.push(key);
   return matcher;
 }
 // @__NO_SIDE_EFFECTS__

package/dist/http-request.js

@@ -299,7 +299,7 @@ async function httpDownload(url, destPath, options) {
   } else if (logger) {
     let lastPercent = 0;
     progressCallback = (downloaded, total) => {
-      const percent = Math.floor(downloaded / total * 100);
+      const percent = total === 0 ? 0 : Math.floor(downloaded / total * 100);
       if (percent >= lastPercent + progressInterval) {
         logger.log(
           `  Progress: ${percent}% (${(downloaded / 1024 / 1024).toFixed(1)} MB / ${(total / 1024 / 1024).toFixed(1)} MB)`

package/dist/memoization.js

@@ -36,6 +36,9 @@ function memoize(fn, options = {}) {
     name = fn.name || "anonymous",
     ttl = Number.POSITIVE_INFINITY
   } = options;
+  if (ttl < 0) {
+    throw new TypeError("TTL must be non-negative");
+  }
   const cache = /* @__PURE__ */ new Map();
   const accessOrder = [];
   function evictLRU() {
@@ -123,7 +126,24 @@ function memoizeAsync(fn, options = {}) {
       return await cached.value;
     }
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] miss`, { key });
-    const promise = fn(...args);
+    const promise = fn(...args).then(
+      (result) => {
+        const entry = cache.get(key);
+        if (entry) {
+          entry.value = Promise.resolve(result);
+        }
+        return result;
+      },
+      (error) => {
+        cache.delete(key);
+        const index = accessOrder.indexOf(key);
+        if (index !== -1) {
+          accessOrder.splice(index, 1);
+        }
+        (0, import_debug.debugLog)(`[memoizeAsync:${name}] error`, { key, error });
+        throw error;
+      }
+    );
     evictLRU();
     cache.set(key, {
       value: promise,
@@ -132,18 +152,7 @@ function memoizeAsync(fn, options = {}) {
     });
     accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] set`, { key, cacheSize: cache.size });
-    try {
-      const result = await promise;
-      return result;
-    } catch (e) {
-      cache.delete(key);
-      const orderIndex = accessOrder.indexOf(key);
-      if (orderIndex !== -1) {
-        accessOrder.splice(orderIndex, 1);
-      }
-      (0, import_debug.debugLog)(`[memoizeAsync:${name}] clear`, { key, reason: "error" });
-      throw e;
-    }
+    return await promise;
   };
 }
 function Memoize(options = {}) {

package/dist/package-extensions.js

@@ -64,8 +64,10 @@ const packageExtensions = ObjectFreeze(
       }
     ]
   ].sort((a_, b_) => {
-    const a = a_[0].slice(0, a_[0].lastIndexOf("@"));
-    const b = b_[0].slice(0, b_[0].lastIndexOf("@"));
+    const aIndex = a_[0].lastIndexOf("@");
+    const bIndex = b_[0].lastIndexOf("@");
+    const a = aIndex === -1 ? a_[0] : a_[0].slice(0, aIndex);
+    const b = bIndex === -1 ? b_[0] : b_[0].slice(0, bIndex);
     if (a < b) {
       return -1;
     }

package/dist/packages/normalize.js

@@ -91,6 +91,9 @@ function resolveOriginalPackageName(sockRegPkgName) {
 }
 // @__NO_SIDE_EFFECTS__
 function unescapeScope(escapedScope) {
+  if (escapedScope.length < import_socket.REGISTRY_SCOPE_DELIMITER.length) {
+    return `@${escapedScope}`;
+  }
   return `@${escapedScope.slice(0, -import_socket.REGISTRY_SCOPE_DELIMITER.length)}`;
 }
 // Annotate the CommonJS export names for ESM import in node:

package/dist/process-lock.js

@@ -123,10 +123,10 @@ class ProcessLockManager {
    */
   isStale(lockPath, staleMs) {
     try {
-      if (!existsSync(lockPath)) {
+      const stats = statSync(lockPath, { throwIfNoEntry: false });
+      if (!stats) {
         return false;
       }
-      const stats = statSync(lockPath);
       const ageSeconds = Math.floor((Date.now() - stats.mtime.getTime()) / 1e3);
       const staleSeconds = Math.floor(staleMs / 1e3);
       return ageSeconds > staleSeconds;
@@ -169,7 +169,7 @@ class ProcessLockManager {
     return await (0, import_promises.pRetry)(
       async () => {
         try {
-          if (existsSync(lockPath) && this.isStale(lockPath, staleMs)) {
+          if (this.isStale(lockPath, staleMs)) {
             logger.log(`Removing stale lock: ${lockPath}`);
             try {
               (0, import_fs.safeDeleteSync)(lockPath, { recursive: true });
@@ -204,7 +204,8 @@ class ProcessLockManager {
             );
           }
           if (code === "ENOTDIR") {
-            const parentDir = lockPath.slice(0, lockPath.lastIndexOf("/"));
+            const lastSlashIndex = lockPath.lastIndexOf("/");
+            const parentDir = lastSlashIndex === -1 ? "." : lockPath.slice(0, lastSlashIndex);
             throw new Error(
               `Cannot create lock directory: ${lockPath}
 A path component is a file when it should be a directory.
@@ -217,7 +218,8 @@ To resolve:
             );
           }
           if (code === "ENOENT") {
-            const parentDir = lockPath.slice(0, lockPath.lastIndexOf("/"));
+            const lastSlashIndex = lockPath.lastIndexOf("/");
+            const parentDir = lastSlashIndex === -1 ? "." : lockPath.slice(0, lastSlashIndex);
             throw new Error(
               `Cannot create lock directory: ${lockPath}
 Parent directory does not exist: ${parentDir}

package/dist/releases/github.d.ts

@@ -1,3 +1,4 @@
+import { type ArchiveFormat } from '../archives.js';
 /**
  * Pattern for matching release assets.
  * Can be either:
@@ -133,3 +134,42 @@ export declare function getLatestRelease(toolPrefix: string, repoConfig: RepoCon
 export declare function getReleaseAssetUrl(tag: string, assetPattern: string | AssetPattern, repoConfig: RepoConfig, options?: {
     quiet?: boolean;
 }): Promise<string | null>;
+/**
+ * Download and extract a zip file from a GitHub release.
+ * Automatically handles downloading, extracting, and cleanup.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the zip contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded zip file after extraction (default: true)
+ * @returns Path to the extraction directory
+ */
+export declare function downloadAndExtractZip(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    quiet?: boolean;
+}): Promise<string>;
+/**
+ * Download and extract an archive from a GitHub release.
+ * Supports zip, tar, tar.gz, and tgz formats.
+ * Automatically handles downloading, extracting, and cleanup.
+ *
+ * @param tag - Release tag name
+ * @param assetPattern - Asset name or pattern (glob string, prefix/suffix object, or RegExp)
+ * @param outputDir - Directory to extract the archive contents to
+ * @param repoConfig - Repository configuration (owner/repo)
+ * @param options - Additional options
+ * @param options.quiet - Suppress log messages
+ * @param options.cleanup - Remove downloaded archive after extraction (default: true)
+ * @param options.strip - Strip leading path components (like tar --strip-components)
+ * @param options.format - Archive format (auto-detected if not specified)
+ * @returns Path to the extraction directory
+ */
+export declare function downloadAndExtractArchive(tag: string, assetPattern: string | AssetPattern, outputDir: string, repoConfig: RepoConfig, options?: {
+    cleanup?: boolean;
+    format?: ArchiveFormat;
+    quiet?: boolean;
+    strip?: number;
+}): Promise<string>;

package/dist/releases/github.js

@@ -31,6 +31,8 @@ var github_exports = {};
 __export(github_exports, {
   SOCKET_BTM_REPO: () => SOCKET_BTM_REPO,
   createAssetMatcher: () => createAssetMatcher,
+  downloadAndExtractArchive: () => downloadAndExtractArchive,
+  downloadAndExtractZip: () => downloadAndExtractZip,
   downloadGitHubRelease: () => downloadGitHubRelease,
   downloadReleaseAsset: () => downloadReleaseAsset,
   getAuthHeaders: () => getAuthHeaders,
@@ -39,6 +41,7 @@ __export(github_exports, {
 });
 module.exports = __toCommonJS(github_exports);
 var import_picomatch = __toESM(require("../external/picomatch.js"));
+var import_archives = require("../archives.js");
 var import_fs = require("../fs.js");
 var import_http_request = require("../http-request.js");
 var import_logger = require("../logger.js");
@@ -207,27 +210,33 @@ async function getLatestRelease(toolPrefix, repoConfig, options = {}) {
       if (!response.ok) {
         throw new Error(`Failed to fetch releases: ${response.status}`);
       }
-      const releases = JSON.parse(response.body.toString("utf8"));
-      const matchingReleases = releases.filter(
-        (release) => {
-          const { assets, tag_name: tag2 } = release;
-          if (!tag2.startsWith(toolPrefix)) {
-            return false;
-          }
-          if (!assets || assets.length === 0) {
+      let releases;
+      try {
+        releases = JSON.parse(response.body.toString("utf8"));
+      } catch (cause) {
+        throw new Error(
+          `Failed to parse GitHub releases response from https://api.github.com/repos/${owner}/${repo}/releases`,
+          { cause }
+        );
+      }
+      const matchingReleases = releases.filter((release) => {
+        const { assets, tag_name: tag2 } = release;
+        if (!tag2.startsWith(toolPrefix)) {
+          return false;
+        }
+        if (!assets || assets.length === 0) {
+          return false;
+        }
+        if (isMatch) {
+          const hasMatchingAsset = assets.some(
+            (a) => isMatch(a.name)
+          );
+          if (!hasMatchingAsset) {
             return false;
           }
-          if (isMatch) {
-            const hasMatchingAsset = assets.some(
-              (a) => isMatch(a.name)
-            );
-            if (!hasMatchingAsset) {
-              return false;
-            }
-          }
-          return true;
         }
-      );
+        return true;
+      });
       if (matchingReleases.length === 0) {
         if (!quiet) {
           logger.info(`No ${toolPrefix} release found in latest 100 releases`);
@@ -275,10 +284,16 @@ async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
       if (!response.ok) {
         throw new Error(`Failed to fetch release ${tag}: ${response.status}`);
       }
-      const release = JSON.parse(response.body.toString("utf8"));
-      const asset = release.assets.find(
-        (a) => isMatch(a.name)
-      );
+      let release;
+      try {
+        release = JSON.parse(response.body.toString("utf8"));
+      } catch (cause) {
+        throw new Error(
+          `Failed to parse GitHub release response for tag ${tag}`,
+          { cause }
+        );
+      }
+      const asset = release.assets.find((a) => isMatch(a.name));
       if (!asset) {
         const patternDesc = typeof assetPattern === "string" ? assetPattern : "matching pattern";
         throw new Error(`Asset ${patternDesc} not found in release ${tag}`);
@@ -304,10 +319,95 @@ async function getReleaseAssetUrl(tag, assetPattern, repoConfig, options = {}) {
     }
   );
 }
+async function downloadAndExtractZip(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, quiet = false } = options;
+  const path = /* @__PURE__ */ getPath();
+  const fs = /* @__PURE__ */ getFs();
+  await (0, import_fs.safeMkdir)(outputDir);
+  const zipPath = path.join(outputDir, "__temp_download__.zip");
+  if (!quiet) {
+    logger.info(`Downloading zip asset from release ${tag}...`);
+  }
+  await downloadReleaseAsset(tag, assetPattern, zipPath, repoConfig, { quiet });
+  if (!quiet) {
+    logger.info(`Extracting zip to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(zipPath, outputDir, { quiet });
+    if (!quiet) {
+      logger.info(`Extracted zip contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new Error(`Failed to extract zip file: ${zipPath}`, { cause });
+  } finally {
+    if (cleanup) {
+      try {
+        await fs.promises.unlink(zipPath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary zip file");
+        }
+      } catch (error) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup zip file: ${error}`);
+        }
+      }
+    }
+  }
+  return outputDir;
+}
+async function downloadAndExtractArchive(tag, assetPattern, outputDir, repoConfig, options = {}) {
+  const { cleanup = true, format, quiet = false, strip } = options;
+  const path = /* @__PURE__ */ getPath();
+  const fs = /* @__PURE__ */ getFs();
+  await (0, import_fs.safeMkdir)(outputDir);
+  let ext = ".archive";
+  if (format) {
+    ext = format === "tar.gz" ? ".tar.gz" : `.${format}`;
+  } else if (typeof assetPattern === "string") {
+    const detectedFormat = (0, import_archives.detectArchiveFormat)(assetPattern);
+    if (detectedFormat) {
+      ext = detectedFormat === "tar.gz" ? ".tar.gz" : `.${detectedFormat}`;
+    }
+  }
+  const archivePath = path.join(outputDir, `__temp_download__${ext}`);
+  if (!quiet) {
+    logger.info(`Downloading archive from release ${tag}...`);
+  }
+  await downloadReleaseAsset(tag, assetPattern, archivePath, repoConfig, {
+    quiet
+  });
+  if (!quiet) {
+    logger.info(`Extracting archive to ${outputDir}...`);
+  }
+  try {
+    await (0, import_archives.extractArchive)(archivePath, outputDir, { quiet, strip });
+    if (!quiet) {
+      logger.info(`Extracted archive contents to ${outputDir}`);
+    }
+  } catch (cause) {
+    throw new Error(`Failed to extract archive: ${archivePath}`, { cause });
+  } finally {
+    if (cleanup) {
+      try {
+        await fs.promises.unlink(archivePath);
+        if (!quiet) {
+          logger.info("Cleaned up temporary archive file");
+        }
+      } catch (error) {
+        if (!quiet) {
+          logger.warn(`Failed to cleanup archive file: ${error}`);
+        }
+      }
+    }
+  }
+  return outputDir;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   SOCKET_BTM_REPO,
   createAssetMatcher,
+  downloadAndExtractArchive,
+  downloadAndExtractZip,
   downloadGitHubRelease,
   downloadReleaseAsset,
   getAuthHeaders,