npm - @socketsecurity/lib - Versions diffs - 6.0.5 → 6.0.7 - Mend

@socketsecurity/lib 6.0.5 → 6.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (534) hide show

package/CHANGELOG.md +43 -0
package/dist/ai/discover.d.mts +2 -2
package/dist/ai/discover.js +6 -4
package/dist/ai/spawn.js +10 -6
package/dist/ai/types.d.mts +18 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +12 -7
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +6 -6
package/dist/archives/zip.js +4 -6
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +43 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/acorn-bindgen.cjs +769 -0
package/dist/bin/acorn.wasm +0 -0
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +13 -13
package/dist/bin/prim.cjs +39244 -0
package/dist/bin/resolve.js +12 -13
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +5 -5
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +11 -11
package/dist/{bin → cli}/check-primordials.js +56 -52
package/dist/{bin → cli}/check.js +6 -5
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +20 -19
package/dist/compression/brotli.d.ts +25 -25
package/dist/compression/brotli.js +37 -44
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +44 -52
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.js +22 -28
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.js +1 -1
package/dist/cover/code.js +8 -8
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +26 -1
package/dist/crypto/hash.js +43 -12
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +2 -3
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +6 -6
package/dist/dlx/binary-cache.js +14 -14
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +14 -13
package/dist/dlx/binary-resolution.js +16 -14
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +34 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +16 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +16 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +1 -1
package/dist/eco/cargo/parse-lockfile.js +2 -2
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +4 -4
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +14 -14
package/dist/eco/npm/npm/parse-lockfile.js +3 -3
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +1 -1
package/dist/eco/npm/pnpm/parse-lockfile.js +4 -4
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +3 -3
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +2 -2
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +8 -8
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/rewire.d.ts +7 -6
package/dist/env/rewire.js +15 -16
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +1 -109
package/dist/env/socket.js +12 -166
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@sinclair/typebox/value.js +5 -1
package/dist/external/@sinclair/typebox.js +5 -1
package/dist/external/@socketregistry/packageurl-js.js +27 -0
package/dist/external/npm-pack.js +2 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve.js +2 -1
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.js +2 -1
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +1 -1
package/dist/external-tools/from-download.js +1 -1
package/dist/external-tools/from-pip-venv.d.ts +73 -0
package/dist/external-tools/from-pip-venv.js +98 -0
package/dist/external-tools/janus/asset-names.js +1 -1
package/dist/external-tools/janus/from-download.js +3 -5
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.js +2 -1
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.js +2 -1
package/dist/external-tools/jre/from-vfs.js +1 -1
package/dist/external-tools/jre/resolve.js +2 -1
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +7 -7
package/dist/external-tools/manifest.js +18 -16
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.js +2 -1
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +104 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +87 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +68 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +173 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +139 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +58 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.js +2 -1
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +24 -0
package/dist/external-tools/skillspector/from-dlx.js +41 -0
package/dist/external-tools/skillspector/from-path.d.ts +8 -0
package/dist/external-tools/skillspector/from-path.js +30 -0
package/dist/external-tools/skillspector/from-vfs.d.ts +8 -0
package/dist/external-tools/skillspector/from-vfs.js +27 -0
package/dist/external-tools/skillspector/resolve.d.ts +34 -0
package/dist/external-tools/skillspector/resolve.js +53 -0
package/dist/external-tools/skillspector/types.d.ts +24 -0
package/dist/external-tools/skillspector/types.js +2 -0
package/dist/external-tools/synp/from-download.js +2 -2
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.js +2 -1
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.js +2 -1
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.js +2 -1
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/{path-cache.js → allowed-dirs-cache.js} +1 -1
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +11 -13
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +6 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +1 -1
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +12 -13
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +12 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +3 -3
package/dist/git/staged.js +4 -4
package/dist/git/unstaged.js +4 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-rest.js +5 -5
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +7 -9
package/dist/globs/match.js +6 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +12 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +21 -13
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +4 -4
package/dist/http-request/headers.d.ts +32 -3
package/dist/http-request/headers.js +41 -13
package/dist/http-request/request-attempt.js +38 -33
package/dist/http-request/request-types.d.ts +7 -2
package/dist/http-request/request.js +33 -16
package/dist/http-request/response-reader.d.ts +12 -1
package/dist/http-request/response-reader.js +22 -2
package/dist/http-request/user-agent.js +3 -4
package/dist/integrity.d.ts +86 -18
package/dist/integrity.js +119 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +13 -14
package/dist/json/format.js +2 -2
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +141 -0
package/dist/native-messaging/rate-limit.d.ts +62 -0
package/dist/native-messaging/rate-limit.js +115 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.js +4 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.js +4 -3
package/dist/node/path.js +4 -3
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +5 -7
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +2 -3
package/dist/objects/predicates.js +0 -4
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.js +15 -16
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +11 -17
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +16 -16
package/dist/packages/manifest.js +12 -15
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +5 -9
package/dist/packages/provenance.d.ts +6 -0
package/dist/packages/provenance.js +25 -18
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +74 -11
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +79 -0
package/dist/packages/types.d.ts +21 -20
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +6 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +11 -14
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.js +16 -16
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +14 -14
package/dist/process/spawn/errors.js +2 -4
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +12 -16
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +2 -2
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +11 -2
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +5 -4
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/keychain.js +9 -6
package/dist/secrets/linux.js +25 -23
package/dist/secrets/macos.d.ts +1 -1
package/dist/secrets/macos.js +18 -16
package/dist/secrets/rc.d.ts +2 -2
package/dist/secrets/rc.js +15 -10
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +18 -9
package/dist/secrets/windows.js +21 -17
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +108 -1
package/dist/shell/parse.js +168 -2
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +101 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +4 -5
package/dist/spinner/spinner.js +18 -705
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +5 -5
package/dist/stdio/prompts.d.ts +5 -3
package/dist/stdio/prompts.js +6 -7
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +4 -2
package/dist/temporal/slots.js +7 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/parse.js +0 -2
package/dist/url/predicates.js +1 -2
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +5 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.d.ts +24 -2
package/dist/words/pluralize.js +47 -2
package/dist/words/types.d.ts +25 -2
package/package.json +289 -108
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -52
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{path-cache.d.ts → allowed-dirs-cache.d.ts} +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,49 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [6.0.7](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.7) - 2026-06-03
+### Added
+- **`external-tools/python` — zero-host-dependency Python.** `resolvePython` (PATH → python-build-standalone download), `downloadPipPackage` (bundle-safe `pip install --target`), `resolvePipPackagePin` (hash-pinned closure), and the `dlxPipInstall` / `dlxPipPin` one-call wrappers. Removes the unused `external-tools/uv`.
+- **`constants/platform` — `getOs`, `getLibc`, `getTarget`.** OS, libc (`glibc`/`musl`/`undefined`), and the pnpm `pack-app` host token `<os>-<arch>[-<libc>]`.
+- **`http-request` decompresses `gzip` / `br` response bodies.** Buffered requests advertise `Accept-Encoding: gzip, br` and now decode the body by its `Content-Encoding` before resolving. 6.0.6 sent the header but never decompressed, so a compressed response reached callers as raw deflated bytes. Streamed requests (`stream: true`, e.g. `httpDownload`) skip the header so piped-to-disk payloads stay raw and checksum cleanly. Callers can override with `'identity'`.
+- **`crypto/hash` blob content-address helpers.** `blobHashOf(bytes)` returns Socket's content-addressed blob hash (`Q` + base64url(sha256)), and `verifyBlobHash(hash, bytes)` throws when bytes don't hash to the expected address. Both build on the fast one-shot `hash()`; the `S` file-stream discriminator verifies against the same digest body. Lets blob consumers (the SDK, MCP server) verify integrity against one canonical implementation instead of re-deriving the scheme.
+- **`integrity` — unified checksum/integrity surface.** `checksumToIntegrity(hex, algorithm?)` and `integrityToChecksum(sri)` convert between the two named hash flavors and are idempotent on the destination format (pass an SRI to `checksumToIntegrity`, get it back unchanged). `isIntegrity(s)` and `isChecksum(s)` are the predicates. `parseIntegrity(s)` returns `{ algorithm, body }` for the SRI structure. Replaces the `src/ssri/` directory (`hexToSsri`, `ssriToHex`, `isValidHex`, `isValidSsri`, `parseSsri`) — SSRI is just another name for Subresource Integrity, so the duplication confused readers. `isIntegrity` now accepts the full W3C SRI set (`sha256` / `sha384` / `sha512`) — the previous predicate hardcoded `sha512` only, which mismatched the contract `external-tools/manifest.ts` already promised and rejected the fleet's `sha256-<base64>` integrity strings.
+- **`process/spawn/kill-tree` — cross-platform process-tree termination.** `killProcessTree(target, { detached?, signal? })` walks and signals the whole descendant tree of a `pid` or `ChildProcess`: POSIX uses `process.kill(-pid, signal)` against the detached child's process group; Windows shells out to `taskkill /T /F /pid <pid>`. `isProcessAlive(pid)` probes liveness with `process.kill(pid, 0)`. Both helpers are best-effort and never throw — `ESRCH` (process gone) or `EPERM` (not ours) returns `false` so cleanup kills can't mask the caller's control flow.
+### Changed
+- **dlx + pin API renamed (breaking).** `downloadPackage` → `downloadNpmPackage`, `generatePackagePin` → `resolveNpmPackagePin`, the `package` option → `spec`. `downloadNpmPackage` gains an optional `hash` for tarball integrity.
+- **`packages/operations` split by concern (breaking).** The grab-bag `@socketsecurity/lib/packages/operations` export is gone; its members move to focused subpaths: `readPackageJson`/`readPackageJsonSync` → `packages/read`, the fetcher + GitHub tarball resolver → `packages/fetch`, `extractPackage`/`packPackage` → `packages/tarball`, the dependency-metadata override lookup → `packages/metadata-extensions`, and the name/spec helpers → `packages/specs`. `findUpPackageJson` now lives at `packages/find` (the `packages/find-up` subpath is removed). The `fs/find-up` subpath is renamed `fs/find`, and `fs/path-cache` is renamed `fs/allowed-dirs-cache` (it caches the safe-delete allowed-directories set, not arbitrary paths).
+### Fixed
+- **Python downloads now work on Windows and Alpine.** python-build-standalone resolution previously returned no asset on `win32` and musl hosts; both now resolve.
+- **`debug` — namespace `SOCKET_DEBUG` values enable debug output.** `envAsBoolean(getSocketDebug())` returned false for `SOCKET_DEBUG=*` or `SOCKET_DEBUG=socket:foo` — those aren't boolean literals, so debug output was silently suppressed for the common namespace-selection shape. The new `isSocketDebugEnabled()` helper treats any non-empty value other than `0`/`false`/`no` (case-insensitive) as enabled.
+- **`external-tools/skillspector` pipx detection on Windows.** The PATH-tier resolver normalizes the resolved binary path with `normalizePath` and matches a forward-slash-only `pipx/venvs/` pattern, instead of `path.normalize` plus a dual-separator regex. On Windows the old form left backslashes in the path and missed pipx-installed binaries, tagging them `source: 'path'` rather than `source: 'pipx'`.
+### Removed
+- **`@socketsecurity/lib/ssri/{convert,parse,validate}` package exports.** Folded into `@socketsecurity/lib/integrity` (see Added). No fleet consumers were using the `ssri` subpath imports — verified by grep across socket-\* fleet repos.
+## [6.0.6](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.6) - 2026-06-01
+### Added
+- **`http-request/headers` — `basicAuthHeader(token)`.** Builds the Socket API Basic-auth shape (token-as-username, empty password) so call sites stop hand-rolling `Basic ${base64(token + ':')}`.
+- **`http-request` retry instrumentation.** Adds `Retry-Attempt`, `Retry-Max`, and `Retry-After` request headers on retried attempts so server-side logs can correlate a retry chain.
+- **`prim` CLI bin.** `prim` is now published as a `bin` entry (`dist/bin/prim.cjs`); installs from `@socketsecurity/lib` make `npx prim` work. Also new in this release: `prim --diff` for unified line-diffs in dry-run mode, multi-hop cycle detection in `validateRewrites`, and a two-phase apply with cross-batch validation.
+- **`sanitizeHeaders` shape-based redaction.** `isSensitiveHeaderName` regex (`auth | cookie | credential | key | password | secret | token`) covers custom token headers (`x-amz-security-token`, `api-key`, …) without an explicit allowlist. Same reasoning as "a denylist is itself a leak."
+- **`packages/provenance` — staged-publish detection.** `getTrustStatus` now reads `_npmUser.approver` and surfaces `stagedPublish: true` when a registry version was promoted out of staging via the 2FA-gated approve step (pnpm/pnpm#12056). Adds a new top tier to the trust ladder: `stagedPublish` ranks above `trustedPublisher` and `provenance`. The `TRUST_LEVELS` tuple (`'none' | 'provenance' | 'trustedPublisher' | 'stagedPublish'`), `getTrustLevel`, `getTrustLevelName`, `compareTrust`, and `didTrustDecrease` all extend to level 3.
+- **`words/pluralize` — `Intl.PluralRules` dictionary mode.** New `options.forms` accepts a `{ singular?, plural, zero?, two?, few?, many? }` dictionary keyed by CLDR plural category for locale-aware pluralization of irregulars and non-English counts. `singular` and `plural` map to CLDR's `one` and `other`; the remaining four are optional and fall back to `plural`. New `options.locale` (BCP 47, default `'en-US'`) and `options.type` (`'cardinal' | 'ordinal'`, default `'cardinal'`) configure the underlying `Intl.PluralRules`. Defaults are unchanged — `pluralize('file', { count: n })` still uses the simple `+s` rule with zero `Intl` cost. Cache reuses one `Intl.PluralRules` instance per `<locale>:<type>` pair.
+- **`external-tools/from-pip-venv` — generic Python-package install helper.** Two functions: `createPipVenv({ cacheDir, entryPoint, installSpec })` creates a venv (`python -m venv --clear`) + runs `pip install <spec>` inside it, returning the entry-point binary path. Idempotent: hits the existing venv when its entry-point already exists. `findPython()` locates `python3` (or `python` on Windows) on PATH. Parallel to `from-download.ts` — that one handles single-binary tools from GitHub releases; this handles Python packages from PyPI or git.
+- **`external-tools/skillspector` — resolver for [NVIDIA SkillSpector](https://github.com/NVIDIA/skillspector).** Third-party-skill security scanner; sibling to AgentShield in fleet security tooling. 4-tier resolution (VFS → PATH → DLX-venv → fail) matching the canonical shape used by `external-tools/uv/`. PATH tier distinguishes pipx-installed binaries (`source: 'pipx'`) from plain PATH binaries (`source: 'path'`). DLX-venv tier composes `from-pip-venv` against the pinned upstream git SHA — upstream has no PyPI release or GH tags as of 2026-06-01.
+### Fixed
+- **`walkUp` emits `D:/` not `D:` at a Windows drive root.** `normalizePath('D:\\')` collapses the trailing separator to `D:` — correct in general (where `D:` means current dir on the `D:` drive), wrong for the filesystem root `walkUp` must yield. A new `normalizeWalkDir` helper preserves the root slash on bare drive letters and defers to `normalizePath` everywhere else.
 ## [6.0.5](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.5) - 2026-05-28
 ### Fixed

package/dist/ai/discover.d.mts CHANGED Viewed

@@ -28,8 +28,8 @@ export declare function cachePathFor(repoRoot: string): string;
  *   `'claude' in agents` for the existence check.
  */
 export declare function discoverAiAgents(options?: {
-    readonly refresh?: boolean;
-    readonly repoRoot?: string;
+    readonly refresh?: boolean | undefined;
+    readonly repoRoot?: string | undefined;
 }): Promise<DiscoveredAgents>;
 export declare function discoverFresh(): DiscoveredAgents;
 /**

package/dist/ai/discover.js CHANGED Viewed

@@ -2,6 +2,7 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_primordials_date = require('../primordials/date.js');
 const require_primordials_json = require('../primordials/json.js');
 const require_bin_which = require('../bin/which.js');
 const require_errors_message = require('../errors/message.js');
@@ -40,7 +41,7 @@ const KNOWN_AGENTS = [
 const CACHE_TTL_MS = 3600 * 1e3;
 let inProcessCache;
 function cachePathFor(repoRoot) {
-	return node_path.default.join(repoRoot, ".cache", "agent-discovery.json");
+	return node_path.default.join(repoRoot, "node_modules", ".cache", "agent-discovery.json");
 }
 /**
 * Discover which AI agent CLIs are installed.
@@ -72,7 +73,8 @@ async function discoverAiAgents(options = {}) {
 }
 function discoverFresh() {
 	const out = {};
-	for (const name of KNOWN_AGENTS) {
+	for (let i = 0, { length } = KNOWN_AGENTS; i < length; i += 1) {
+		const name = KNOWN_AGENTS[i];
 		const found = require_bin_which.whichSync(name);
 		if (typeof found === "string" && found) out[name] = found;
 	}
@@ -93,7 +95,7 @@ function readDiskCache(cachePath) {
 	if (!(0, node_fs.existsSync)(cachePath)) return;
 	try {
 		const parsed = require_primordials_json.JSONParse((0, node_fs.readFileSync)(cachePath, "utf8"));
-		if (typeof parsed !== "object" || parsed === null || typeof parsed.writtenAt !== "number" || Date.now() - parsed.writtenAt > CACHE_TTL_MS) return;
+		if (typeof parsed !== "object" || parsed === null || typeof parsed.writtenAt !== "number" || require_primordials_date.DateNow() - parsed.writtenAt > CACHE_TTL_MS) return;
 		return parsed.agents;
 	} catch {
 		return;
@@ -111,7 +113,7 @@ async function writeDiskCache(cachePath, agents) {
 		await (0, node_fs_promises.mkdir)(node_path.default.dirname(cachePath), { recursive: true });
 		(0, node_fs.writeFileSync)(cachePath, require_primordials_json.JSONStringify({
 			agents,
-			writtenAt: Date.now()
+			writtenAt: require_primordials_date.DateNow()
 		}, void 0, 2) + "\n");
 	} catch (e) {
 		logger.error(`discoverAiAgents: cache write failed (${require_errors_message.errorMessage(e)})`);

package/dist/ai/spawn.js CHANGED Viewed

@@ -1,11 +1,14 @@
 "use strict";
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_error = require('../primordials/error.js');
+const require_primordials_date = require('../primordials/date.js');
 const require_primordials_object = require('../primordials/object.js');
 const require_errors_message = require('../errors/message.js');
 const require_ai_discover = require('./discover.js');
 const require_process_spawn_errors = require('../process/spawn/errors.js');
 const require_process_spawn_child = require('../process/spawn/child.js');
+const require_primordials_promise = require('../primordials/promise.js');
 //#region src/ai/spawn.mts
 /**
@@ -49,6 +52,7 @@ function buildArgs(agent, opts) {
 			];
 			for (const dir of opts.addDirs ?? []) args.push("--add-dir", dir);
 			if (opts.model) args.push("--model", opts.model);
+			if (opts.effort) args.push("--effort", opts.effort);
 			if (allAllowed.length > 0) args.push("--allowedTools", ...allAllowed);
 			if (opts.disallow.length > 0) args.push("--disallowedTools", ...opts.disallow);
 			if (opts.extraArgs) args.push(...opts.extraArgs);
@@ -98,7 +102,7 @@ function isOverloaded(stdout, stderr) {
 async function pickAgent(requested, cwd) {
 	const discovered = await require_ai_discover.discoverAiAgents({ repoRoot: cwd });
 	if (requested) {
-		if (!(requested in discovered)) throw new Error(`spawnAiAgent: requested agent "${requested}" is not on PATH. Install the CLI or pass a different agent. Discovered: ${require_primordials_object.ObjectKeys(discovered).join(", ") || "(none)"}`);
+		if (!(requested in discovered)) throw new require_primordials_error.ErrorCtor(`spawnAiAgent: requested agent "${requested}" is not on PATH. Install the CLI or pass a different agent. Discovered: ${require_primordials_object.ObjectKeys(discovered).join(", ") || "(none)"}`);
 		return requested;
 	}
 	if ("claude" in discovered) return "claude";
@@ -107,7 +111,7 @@ async function pickAgent(requested, cwd) {
 		"opencode",
 		"gemini"
 	]) if (candidate in discovered) return candidate;
-	throw new Error("spawnAiAgent: no AI agent CLI on PATH. Install one of: claude, codex, opencode, gemini.");
+	throw new require_primordials_error.ErrorCtor("spawnAiAgent: no AI agent CLI on PATH. Install one of: claude, codex, opencode, gemini.");
 }
 /**
 * Spawn an AI agent CLI subprocess with the locked-down flag set.
@@ -137,7 +141,7 @@ async function spawnAiAgent(opts) {
 	let stderr = "";
 	let exitCode = 0;
 	let attempts = 0;
-	const start = Date.now();
+	const start = require_primordials_date.DateNow();
 	while (attempts < MAX_ATTEMPTS) {
 		attempts += 1;
 		stdout = "";
@@ -156,7 +160,7 @@ async function spawnAiAgent(opts) {
 			stderr = String(result.stderr ?? "");
 			exitCode = result.code ?? 0;
 		} catch (e) {
-			if (/* @__PURE__ */ require_process_spawn_errors.isSpawnError(e)) {
+			if (require_process_spawn_errors.isSpawnError(e)) {
 				stdout = String(e.stdout ?? "");
 				stderr = String(e.stderr ?? "");
 				exitCode = e.code ?? 1;
@@ -166,11 +170,11 @@ async function spawnAiAgent(opts) {
 			}
 		}
 		if (!isOverloaded(stdout, stderr) || attempts >= MAX_ATTEMPTS) break;
-		await new Promise((resolve) => setTimeout(resolve, backoffFor(attempts)));
+		await new require_primordials_promise.PromiseCtor((resolve) => setTimeout(resolve, backoffFor(attempts)));
 	}
 	return {
 		attempts,
-		durationMs: Date.now() - start,
+		durationMs: require_primordials_date.DateNow() - start,
 		exitCode,
 		stderr,
 		stdout

package/dist/ai/types.d.mts CHANGED Viewed

@@ -25,6 +25,13 @@ export type AiAgentName = 'claude' | 'codex' | 'gemini' | 'opencode';
  *   tools that mutate state.
  */
 export type PermissionMode = 'acceptEdits' | 'dontAsk' | 'plan';
+/**
+ * Reasoning-effort level for the agent session. Maps to the claude CLI
+ * `--effort <level>` flag (claude-specific; other agents ignore it). Pair a
+ * cheap model with low effort for mechanical work and reserve high/max for
+ * tasks that genuinely need deeper reasoning.
+ */
+export type AiEffort = 'high' | 'low' | 'max' | 'medium' | 'xhigh';
 /**
  * Result of an agent spawn. Consumers should inspect `exitCode` before using
  * `stdout` — non-zero usually means the agent's CLI itself rejected, not just
@@ -55,27 +62,32 @@ export interface SpawnAiAgentOptions {
     /**
      * Optional explicit agent. Defaults to claude when discovered.
      */
-    readonly agent?: AiAgentName;
+    readonly agent?: AiAgentName | undefined;
     /**
      * Allow-list extras (Bash glob patterns, MCP tools, etc.).
      */
-    readonly allow?: readonly string[];
+    readonly allow?: readonly string[] | undefined;
     /**
      * Extra dirs the agent can read (e.g. parent of cwd for monorepo).
      */
-    readonly addDirs?: readonly string[];
+    readonly addDirs?: readonly string[] | undefined;
     /**
      * Tool denylist — required to enforce the lockdown.
      */
     readonly disallow: readonly string[];
+    /**
+     * Reasoning-effort level (claude `--effort`); agent default if absent.
+     * claude-specific — other agents ignore it.
+     */
+    readonly effort?: AiEffort | undefined;
     /**
      * Override the agent's flag list (rare; for one-off advanced cases).
      */
-    readonly extraArgs?: readonly string[];
+    readonly extraArgs?: readonly string[] | undefined;
     /**
      * Model name override; agent default if absent.
      */
-    readonly model?: string;
+    readonly model?: string | undefined;
     /**
      * Permission mode — see PermissionMode docstring.
      */
@@ -91,7 +103,7 @@ export interface SpawnAiAgentOptions {
     /**
      * Per-call timeout (ms). Caller should set for predictable bounds.
      */
-    readonly timeoutMs?: number;
+    readonly timeoutMs?: number | undefined;
     /**
      * Tool allowlist. Required to enforce the lockdown.
      */

package/dist/ai/worktree.d.mts CHANGED Viewed

@@ -22,23 +22,23 @@ export interface WorktreeRunOptions {
     /**
      * Branch to merge results into. Default: current branch of baseRepo.
      */
-    readonly branch?: string;
+    readonly branch?: string | undefined;
     /**
      * Cleanup policy. Default 'always'.
      */
-    readonly cleanup?: WorktreeCleanup;
+    readonly cleanup?: WorktreeCleanup | undefined;
     /**
      * Parallel cap. Default 4, max 8.
      */
-    readonly concurrency?: number;
+    readonly concurrency?: number | undefined;
     /**
      * Prefix for worktree branch + dir names. Default 'agent-task'.
      */
-    readonly namePrefix?: string;
+    readonly namePrefix?: string | undefined;
     /**
      * Where worktrees live on disk. Default: `${tmpdir}/${prefix}-<n>`.
      */
-    readonly worktreeRoot?: string;
+    readonly worktreeRoot?: string | undefined;
 }
 export interface WorktreeRunContext {
     /**
@@ -56,7 +56,7 @@ export interface WorktreeRunContext {
 }
 export interface WorktreeRunSettled<T> {
     readonly cleanup: 'removed' | 'kept';
-    readonly error?: unknown;
+    readonly error?: unknown | undefined;
     readonly merged: boolean;
     readonly status: 'fulfilled' | 'rejected';
     readonly value?: T | undefined;

package/dist/ai/worktree.js CHANGED Viewed

@@ -2,9 +2,14 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_primordials_error = require('../primordials/error.js');
+const require_primordials_math = require('../primordials/math.js');
+const require_primordials_array = require('../primordials/array.js');
+const require_primordials_date = require('../primordials/date.js');
 const require_errors_message = require('../errors/message.js');
 const require_process_spawn_errors = require('../process/spawn/errors.js');
 const require_process_spawn_child = require('../process/spawn/child.js');
+const require_primordials_promise = require('../primordials/promise.js');
 let node_fs = require("node:fs");
 let node_path = require("node:path");
 node_path = require_runtime.__toESM(node_path, 1);
@@ -51,7 +56,7 @@ async function runOne(item, index, worktreeBranch, worktreePath, baseRepo, branc
 	const add = tryGit(baseRepo, "worktree", "add", "-b", worktreeBranch, worktreePath, branch);
 	if (!add.ok) return {
 		cleanup: "kept",
-		error: /* @__PURE__ */ new Error(`git worktree add failed: ${add.output}`),
+		error: new require_primordials_error.ErrorCtor(`git worktree add failed: ${add.output}`),
 		merged: false,
 		status: "rejected",
 		worktreePath
@@ -73,7 +78,7 @@ async function runOne(item, index, worktreeBranch, worktreePath, baseRepo, branc
 	if (error === void 0 && hasCommitted) {
 		const merge = tryGit(baseRepo, "merge", "--ff-only", worktreeBranch);
 		if (merge.ok) merged = true;
-		else error = /* @__PURE__ */ new Error(`git merge --ff-only failed: ${merge.output}`);
+		else error = new require_primordials_error.ErrorCtor(`git merge --ff-only failed: ${merge.output}`);
 	}
 	let didCleanup = "kept";
 	if (error === void 0 && (cleanup === "always" || cleanup === "on-empty" && !hasCommitted && !hasUncommitted)) {
@@ -130,9 +135,9 @@ async function runOne(item, index, worktreeBranch, worktreePath, baseRepo, branc
 async function spawnAiAgentsInWorktrees(items, fn, options) {
 	const cleanup = options.cleanup ?? "always";
 	const namePrefix = options.namePrefix ?? "agent-task";
-	const concurrency = Math.max(1, Math.min(options.concurrency ?? DEFAULT_CONCURRENCY, MAX_CONCURRENCY));
+	const concurrency = require_primordials_math.MathMax(1, Math.min(options.concurrency ?? DEFAULT_CONCURRENCY, MAX_CONCURRENCY));
 	const baseRepo = options.baseRepo;
-	if (!(0, node_fs.existsSync)(node_path.default.join(baseRepo, ".git"))) throw new Error(`spawnAiAgentsInWorktrees: baseRepo is not a git checkout: ${baseRepo}`);
+	if (!(0, node_fs.existsSync)(node_path.default.join(baseRepo, ".git"))) throw new require_primordials_error.ErrorCtor(`spawnAiAgentsInWorktrees: baseRepo is not a git checkout: ${baseRepo}`);
 	const branch = options.branch ?? currentBranch(baseRepo);
 	const worktreeRoot = options.worktreeRoot ?? node_path.default.join(process.platform === "win32" ? process.env["TEMP"] ?? "." : "/tmp", `${namePrefix}-${Date.now()}`);
 	const settled = [];
@@ -143,10 +148,10 @@ async function spawnAiAgentsInWorktrees(items, fn, options) {
 			cursor += 1;
 			if (idx >= items.length) return;
 			const item = items[idx];
-			settled[idx] = await runOne(item, idx, `${namePrefix}-${idx}-${Date.now()}`, node_path.default.join(worktreeRoot, `${namePrefix}-${idx}`), baseRepo, branch, cleanup, fn);
+			settled[idx] = await runOne(item, idx, `${namePrefix}-${idx}-${require_primordials_date.DateNow()}`, node_path.default.join(worktreeRoot, `${namePrefix}-${idx}`), baseRepo, branch, cleanup, fn);
 		}
 	}
-	await Promise.all(Array.from({ length: concurrency }, () => worker()));
+	await require_primordials_promise.PromiseAll(require_primordials_array.ArrayFrom({ length: concurrency }, () => worker()));
 	return settled;
 }
 function tryGit(cwd, ...args) {
@@ -156,7 +161,7 @@ function tryGit(cwd, ...args) {
 			output: git(cwd, ...args)
 		};
 	} catch (e) {
-		if (/* @__PURE__ */ require_process_spawn_errors.isSpawnError(e)) return {
+		if (require_process_spawn_errors.isSpawnError(e)) return {
 			ok: false,
 			output: String(e.stderr ?? e.stdout ?? "")
 		};

package/dist/ansi/strip.d.ts CHANGED Viewed

@@ -19,7 +19,7 @@
  *   ```
  */
 export declare function ansiRegex(options?: {
-    onlyFirst?: boolean;
+    onlyFirst?: boolean | undefined;
 }): RegExp;
 /**
  * Strip ANSI escape codes from text. Uses the inlined ansi-regex for matching.

package/dist/ansi/strip.js CHANGED Viewed

@@ -26,7 +26,6 @@ const ANSI_REGEX = /\x1b\[[0-9;]*m/g;
 *   ansiRegex({ onlyFirst: true }) // matches only the first code
 *   ```
 */
-/* @__NO_SIDE_EFFECTS__ */
 function ansiRegex(options) {
 	const { onlyFirst } = options ?? {};
 	return new require_primordials_regexp.RegExpCtor(`(?:\\u001B\\][\\s\\S]*?(?:\\u0007|\\u001B\\u005C|\\u009C))|[\\u001B\\u009B][[\\]()#;?]*(?:\\d{1,4}(?:[;:]\\d{0,4})*)?[\\dA-PR-TZcf-nq-uy=><~]`, onlyFirst ? void 0 : "g");
@@ -40,7 +39,6 @@ function ansiRegex(options) {
 *   stripAnsi('\u001b[1mBold\u001b[0m') // 'Bold'
 *   ```
 */
-/* @__NO_SIDE_EFFECTS__ */
 function stripAnsi(text) {
 	return require_primordials_string.StringPrototypeReplace(text, ANSI_REGEX, "");
 }

package/dist/archives/_internal.js CHANGED Viewed

@@ -15,8 +15,8 @@ let node_fs = require("node:fs");
 const DEFAULT_MAX_FILE_SIZE = 100 * 1024 * 1024;
 const DEFAULT_MAX_TOTAL_SIZE = 1024 * 1024 * 1024;
 const DEFAULT_MAX_ENTRIES = 1e5;
-let _AdmZip;
-let _tarFs;
+let admZip;
+let tarFs;
 /**
 * Assert that an archive file exists on disk before handing it to the
 * underlying extractor. Normalizes the "missing archive" surface across all
@@ -38,15 +38,13 @@ function assertArchiveExists(archivePath) {
 		throw err;
 	}
 }
-/* @__NO_SIDE_EFFECTS__ */
 function getAdmZip() {
-	if (_AdmZip === void 0) _AdmZip = /* @__PURE__ */ require("../external/adm-zip.js");
-	return _AdmZip;
+	if (admZip === void 0) admZip = /*@__PURE__*/ require("../external/adm-zip.js");
+	return admZip;
 }
-/* @__NO_SIDE_EFFECTS__ */
 function getTarFs() {
-	if (_tarFs === void 0) _tarFs = /* @__PURE__ */ require("../external/tar-fs.js");
-	return _tarFs;
+	if (tarFs === void 0) tarFs = /*@__PURE__*/ require("../external/tar-fs.js");
+	return tarFs;
 }
 /**
 * Validate that a resolved path is within the target directory. Prevents path
@@ -61,7 +59,7 @@ function getTarFs() {
 * @throws Error if path is outside the base directory
 */
 function validatePathWithinBase(targetPath, baseDir, entryName) {
-	const path = /* @__PURE__ */ require_node_path.getNodePath();
+	const path = require_node_path.getNodePath();
 	const resolvedTarget = path.resolve(targetPath);
 	const resolvedBase = path.resolve(baseDir);
 	if (!require_primordials_string.StringPrototypeStartsWith(resolvedTarget, resolvedBase + path.sep) && resolvedTarget !== resolvedBase) throw new require_primordials_error.ErrorCtor(`Path traversal attempt detected: entry "${entryName}" would extract to "${resolvedTarget}" outside target directory "${resolvedBase}"`);

package/dist/archives/extract.js CHANGED Viewed

@@ -31,7 +31,7 @@ const require_archives_zip = require('./zip.js');
 async function extractArchive(archivePath, outputDir, options = {}) {
 	const format = require_archives_detect.detectArchiveFormat(archivePath);
 	if (!format) {
-		const ext = (/* @__PURE__ */ require_node_path.getNodePath()).extname(archivePath).toLowerCase();
+		const ext = require_node_path.getNodePath().extname(archivePath).toLowerCase();
 		throw new require_primordials_error.ErrorCtor(`Unsupported archive format${ext ? ` (extension: ${ext})` : ""}: ${archivePath}. Supported formats: .zip, .tar, .tar.gz, .tgz`);
 	}
 	switch (format) {

package/dist/archives/tar.js CHANGED Viewed

@@ -42,12 +42,12 @@ let node_zlib = require("node:zlib");
 async function extractTar(archivePath, outputDir, options = {}) {
 	require_archives__internal.assertArchiveExists(archivePath);
 	const { maxEntries = require_archives__internal.DEFAULT_MAX_ENTRIES, maxFileSize = require_archives__internal.DEFAULT_MAX_FILE_SIZE, maxTotalSize = require_archives__internal.DEFAULT_MAX_TOTAL_SIZE, strip = 0 } = options;
-	const normalizedOutputDir = /* @__PURE__ */ require_paths_normalize.normalizePath(outputDir);
+	const normalizedOutputDir = require_paths_normalize.normalizePath(outputDir);
 	await require_fs_safe.safeMkdir(normalizedOutputDir);
 	let totalExtractedSize = 0;
 	let entryCount = 0;
 	let destroyScheduled = false;
-	const extractStream = (/* @__PURE__ */ require_archives__internal.getTarFs()).extract(normalizedOutputDir, {
+	const extractStream = require_archives__internal.getTarFs().extract(normalizedOutputDir, {
 		map: (header) => {
 			/* c8 ignore start - destroyScheduled is set by the same map() when a
 			security limit trips; only fires after the schedule. */
@@ -73,7 +73,7 @@ async function extractTar(archivePath, outputDir, options = {}) {
 				});
 				return header;
 			}
-			if (header.type === "symlink" || header.type === "link") {
+			if (header.type === "link" || header.type === "symlink") {
 				destroyScheduled = true;
 				node_process.default.nextTick(() => {
 					extractStream.destroy(new require_primordials_error.ErrorCtor(`Symlink detected in archive: ${header.name}. Symlinks are not supported for security reasons.`));
@@ -127,12 +127,12 @@ async function extractTar(archivePath, outputDir, options = {}) {
 async function extractTarGz(archivePath, outputDir, options = {}) {
 	require_archives__internal.assertArchiveExists(archivePath);
 	const { maxEntries = require_archives__internal.DEFAULT_MAX_ENTRIES, maxFileSize = require_archives__internal.DEFAULT_MAX_FILE_SIZE, maxTotalSize = require_archives__internal.DEFAULT_MAX_TOTAL_SIZE, strip = 0 } = options;
-	const normalizedOutputDir = /* @__PURE__ */ require_paths_normalize.normalizePath(outputDir);
+	const normalizedOutputDir = require_paths_normalize.normalizePath(outputDir);
 	await require_fs_safe.safeMkdir(normalizedOutputDir);
 	let totalExtractedSize = 0;
 	let entryCount = 0;
 	let destroyScheduled = false;
-	const extractStream = (/* @__PURE__ */ require_archives__internal.getTarFs()).extract(normalizedOutputDir, {
+	const extractStream = require_archives__internal.getTarFs().extract(normalizedOutputDir, {
 		map: (header) => {
 			/* c8 ignore start - destroyScheduled is set by the same map() when a
 			security limit trips; only fires after the schedule. */
@@ -158,7 +158,7 @@ async function extractTarGz(archivePath, outputDir, options = {}) {
 				});
 				return header;
 			}
-			if (header.type === "symlink" || header.type === "link") {
+			if (header.type === "link" || header.type === "symlink") {
 				destroyScheduled = true;
 				node_process.default.nextTick(() => {
 					extractStream.destroy(new require_primordials_error.ErrorCtor(`Symlink detected in archive: ${header.name}. Symlinks are not supported for security reasons.`));

package/dist/archives/zip.js CHANGED Viewed

@@ -6,9 +6,9 @@ const require_paths_normalize = require('../paths/normalize.js');
 const require_primordials_array = require('../primordials/array.js');
 const require_primordials_map_set = require('../primordials/map-set.js');
 const require_node_path = require('../node/path.js');
+const require_primordials_promise = require('../primordials/promise.js');
 const require_archives__internal = require('./_internal.js');
 const require_fs_safe = require('../fs/safe.js');
-const require_primordials_promise = require('../primordials/promise.js');
 //#region src/archives/zip.ts
 /**
@@ -32,10 +32,10 @@ const require_primordials_promise = require('../primordials/promise.js');
 async function extractZip(archivePath, outputDir, options = {}) {
 	require_archives__internal.assertArchiveExists(archivePath);
 	const { maxEntries = require_archives__internal.DEFAULT_MAX_ENTRIES, maxFileSize = require_archives__internal.DEFAULT_MAX_FILE_SIZE, maxTotalSize = require_archives__internal.DEFAULT_MAX_TOTAL_SIZE, strip = 0 } = options;
-	const normalizedOutputDir = /* @__PURE__ */ require_paths_normalize.normalizePath(outputDir);
+	const normalizedOutputDir = require_paths_normalize.normalizePath(outputDir);
 	await require_fs_safe.safeMkdir(normalizedOutputDir);
-	const zip = new (/* @__PURE__ */ require_archives__internal.getAdmZip())(archivePath);
-	const path = /* @__PURE__ */ require_node_path.getNodePath();
+	const zip = new (require_archives__internal.getAdmZip())(archivePath);
+	const path = require_node_path.getNodePath();
 	const entries = zip.getEntries();
 	/* c8 ignore start */
 	if (entries.length > maxEntries) throw new require_primordials_error.ErrorCtor(`Archive has too many entries: ${entries.length} (limit: ${maxEntries})`);
@@ -60,8 +60,6 @@ async function extractZip(archivePath, outputDir, options = {}) {
 		for (const entry of entries) if (!entry.isDirectory) require_archives__internal.validatePathWithinBase(path.join(normalizedOutputDir, entry.entryName), normalizedOutputDir, entry.entryName);
 		zip.extractAllTo(normalizedOutputDir, true);
 	} else {
-		const path = /* @__PURE__ */ require_node_path.getNodePath();
-		const entries = zip.getEntries();
 		const dirsToCreate = new require_primordials_map_set.SetCtor();
 		for (const entry of entries) {
 			if (entry.isDirectory) continue;

package/dist/argv/flag-predicates.d.ts CHANGED Viewed

@@ -11,6 +11,18 @@
  *      accepts both `--quiet` and `--silent`).
  */
 import type { FlagInput } from './flag-types';
+/**
+ * Get the appropriate log level based on flags. Returns 'silent', 'error',
+ * 'warn', 'info', 'verbose', or 'debug'.
+ *
+ * @example
+ *   ;```typescript
+ *   getLogLevel() // 'info' (default)
+ *   getLogLevel({ quiet: true }) // 'silent'
+ *   getLogLevel(['--debug']) // 'debug'
+ *   ```
+ */
+export declare function getLogLevel(input?: FlagInput): string;
 /**
  * Build a flag predicate that accepts `FlagValues`, `string[]`, or `undefined`
  * (in which case it consults the frozen `processArg`).
@@ -165,15 +177,3 @@ export declare const isVerbose: (input?: FlagInput) => boolean;
  *   ```
  */
 export declare const isWatch: (input?: FlagInput) => boolean;
-/**
- * Get the appropriate log level based on flags. Returns 'silent', 'error',
- * 'warn', 'info', 'verbose', or 'debug'.
- *
- * @example
- *   ;```typescript
- *   getLogLevel() // 'info' (default)
- *   getLogLevel({ quiet: true }) // 'silent'
- *   getLogLevel(['--debug']) // 'debug'
- *   ```
- */
-export declare function getLogLevel(input?: FlagInput): string;

package/dist/argv/flag-predicates.js CHANGED Viewed

@@ -21,6 +21,23 @@ node_process = require_runtime.__toESM(node_process);
 */
 const processArg = [...node_process.default.argv];
 /**
+* Get the appropriate log level based on flags. Returns 'silent', 'error',
+* 'warn', 'info', 'verbose', or 'debug'.
+*
+* @example
+*   ;```typescript
+*   getLogLevel() // 'info' (default)
+*   getLogLevel({ quiet: true }) // 'silent'
+*   getLogLevel(['--debug']) // 'debug'
+*   ```
+*/
+function getLogLevel(input) {
+	if (isQuiet(input)) return "silent";
+	if (isDebug(input)) return "debug";
+	if (isVerbose(input)) return "verbose";
+	return "info";
+}
+/**
 * Build a flag predicate that accepts `FlagValues`, `string[]`, or `undefined`
 * (in which case it consults the frozen `processArg`).
 *
@@ -183,23 +200,6 @@ const isVerbose = makeFlagPredicate(["--verbose"]);
 *   ```
 */
 const isWatch = makeFlagPredicate(["--watch"], ["-w"]);
-/**
-* Get the appropriate log level based on flags. Returns 'silent', 'error',
-* 'warn', 'info', 'verbose', or 'debug'.
-*
-* @example
-*   ;```typescript
-*   getLogLevel() // 'info' (default)
-*   getLogLevel({ quiet: true }) // 'silent'
-*   getLogLevel(['--debug']) // 'debug'
-*   ```
-*/
-function getLogLevel(input) {
-	if (isQuiet(input)) return "silent";
-	if (isDebug(input)) return "debug";
-	if (isVerbose(input)) return "verbose";
-	return "info";
-}
 //#endregion
 exports.getLogLevel = getLogLevel;