npm - @socketsecurity/lib - Versions diffs - 6.0.5 → 6.0.7 - Mend

@socketsecurity/lib 6.0.5 → 6.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (534) hide show

package/CHANGELOG.md +43 -0
package/dist/ai/discover.d.mts +2 -2
package/dist/ai/discover.js +6 -4
package/dist/ai/spawn.js +10 -6
package/dist/ai/types.d.mts +18 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +12 -7
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +6 -6
package/dist/archives/zip.js +4 -6
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +43 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/acorn-bindgen.cjs +769 -0
package/dist/bin/acorn.wasm +0 -0
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +13 -13
package/dist/bin/prim.cjs +39244 -0
package/dist/bin/resolve.js +12 -13
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +5 -5
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +11 -11
package/dist/{bin → cli}/check-primordials.js +56 -52
package/dist/{bin → cli}/check.js +6 -5
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +20 -19
package/dist/compression/brotli.d.ts +25 -25
package/dist/compression/brotli.js +37 -44
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +44 -52
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.js +22 -28
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.js +1 -1
package/dist/cover/code.js +8 -8
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +26 -1
package/dist/crypto/hash.js +43 -12
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +2 -3
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +6 -6
package/dist/dlx/binary-cache.js +14 -14
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +14 -13
package/dist/dlx/binary-resolution.js +16 -14
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +34 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +16 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +16 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +1 -1
package/dist/eco/cargo/parse-lockfile.js +2 -2
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +4 -4
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +14 -14
package/dist/eco/npm/npm/parse-lockfile.js +3 -3
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +1 -1
package/dist/eco/npm/pnpm/parse-lockfile.js +4 -4
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +3 -3
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +2 -2
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +8 -8
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/rewire.d.ts +7 -6
package/dist/env/rewire.js +15 -16
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +1 -109
package/dist/env/socket.js +12 -166
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@sinclair/typebox/value.js +5 -1
package/dist/external/@sinclair/typebox.js +5 -1
package/dist/external/@socketregistry/packageurl-js.js +27 -0
package/dist/external/npm-pack.js +2 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve.js +2 -1
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.js +2 -1
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +1 -1
package/dist/external-tools/from-download.js +1 -1
package/dist/external-tools/from-pip-venv.d.ts +73 -0
package/dist/external-tools/from-pip-venv.js +98 -0
package/dist/external-tools/janus/asset-names.js +1 -1
package/dist/external-tools/janus/from-download.js +3 -5
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.js +2 -1
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.js +2 -1
package/dist/external-tools/jre/from-vfs.js +1 -1
package/dist/external-tools/jre/resolve.js +2 -1
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +7 -7
package/dist/external-tools/manifest.js +18 -16
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.js +2 -1
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +104 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +87 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +68 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +173 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +139 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +58 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.js +2 -1
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +24 -0
package/dist/external-tools/skillspector/from-dlx.js +41 -0
package/dist/external-tools/skillspector/from-path.d.ts +8 -0
package/dist/external-tools/skillspector/from-path.js +30 -0
package/dist/external-tools/skillspector/from-vfs.d.ts +8 -0
package/dist/external-tools/skillspector/from-vfs.js +27 -0
package/dist/external-tools/skillspector/resolve.d.ts +34 -0
package/dist/external-tools/skillspector/resolve.js +53 -0
package/dist/external-tools/skillspector/types.d.ts +24 -0
package/dist/external-tools/skillspector/types.js +2 -0
package/dist/external-tools/synp/from-download.js +2 -2
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.js +2 -1
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.js +2 -1
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.js +2 -1
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/{path-cache.js → allowed-dirs-cache.js} +1 -1
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +11 -13
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +6 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +1 -1
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +12 -13
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +12 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +3 -3
package/dist/git/staged.js +4 -4
package/dist/git/unstaged.js +4 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-rest.js +5 -5
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +7 -9
package/dist/globs/match.js +6 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +12 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +21 -13
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +4 -4
package/dist/http-request/headers.d.ts +32 -3
package/dist/http-request/headers.js +41 -13
package/dist/http-request/request-attempt.js +38 -33
package/dist/http-request/request-types.d.ts +7 -2
package/dist/http-request/request.js +33 -16
package/dist/http-request/response-reader.d.ts +12 -1
package/dist/http-request/response-reader.js +22 -2
package/dist/http-request/user-agent.js +3 -4
package/dist/integrity.d.ts +86 -18
package/dist/integrity.js +119 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +13 -14
package/dist/json/format.js +2 -2
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +141 -0
package/dist/native-messaging/rate-limit.d.ts +62 -0
package/dist/native-messaging/rate-limit.js +115 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.js +4 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.js +4 -3
package/dist/node/path.js +4 -3
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +5 -7
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +2 -3
package/dist/objects/predicates.js +0 -4
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.js +15 -16
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +11 -17
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +16 -16
package/dist/packages/manifest.js +12 -15
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +5 -9
package/dist/packages/provenance.d.ts +6 -0
package/dist/packages/provenance.js +25 -18
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +74 -11
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +79 -0
package/dist/packages/types.d.ts +21 -20
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +6 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +11 -14
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.js +16 -16
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +14 -14
package/dist/process/spawn/errors.js +2 -4
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +12 -16
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +2 -2
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +11 -2
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +5 -4
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/keychain.js +9 -6
package/dist/secrets/linux.js +25 -23
package/dist/secrets/macos.d.ts +1 -1
package/dist/secrets/macos.js +18 -16
package/dist/secrets/rc.d.ts +2 -2
package/dist/secrets/rc.js +15 -10
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +18 -9
package/dist/secrets/windows.js +21 -17
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +108 -1
package/dist/shell/parse.js +168 -2
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +101 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +4 -5
package/dist/spinner/spinner.js +18 -705
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +5 -5
package/dist/stdio/prompts.d.ts +5 -3
package/dist/stdio/prompts.js +6 -7
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +4 -2
package/dist/temporal/slots.js +7 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/parse.js +0 -2
package/dist/url/predicates.js +1 -2
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +5 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.d.ts +24 -2
package/dist/words/pluralize.js +47 -2
package/dist/words/types.d.ts +25 -2
package/package.json +289 -108
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -52
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{path-cache.d.ts → allowed-dirs-cache.d.ts} +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/env/node-version-managers.js ADDED Viewed

@@ -0,0 +1,90 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_env_rewire = require('./rewire.js');
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/env/node-version-managers.ts
+/**
+* @file Detect which Node version manager is active on this machine and emit a
+*   targeted upgrade hint. Used when a tool needs Node ≥ X and wants to tell
+*   the user the exact command to run instead of a generic "install newer Node"
+*   line. Detection is best-effort:
+*
+*   1. **process.execPath** — the running Node binary's path is the most reliable
+*      signal. `~/.nvm/versions/node/...`, `~/.volta/tools/...`, `~/.fnm/...`,
+*      `~/.asdf/installs/nodejs/...`, `~/n/...` each have well-known directory
+*      shapes.
+*   2. **Environment variables** — `NVM_DIR`, `FNM_DIR`, `FNM_MULTISHELL_PATH`,
+*      `VOLTA_HOME`, `ASDF_DIR`, `N_PREFIX`. These are set by the shell
+*      integration each manager ships.
+*   3. **Corepack** — Node's bundled package-manager shim. Detected via
+*      `COREPACK_*` env vars or by the Node binary being under
+*      `corepack/shims/`. If none match, the manager is reported as `'system'`
+*      (Homebrew, apt, the .pkg installer, etc.) — for those, the upgrade hint
+*      is generic. This module does NOT shell out — every probe is in-process
+*      (env reads + path string inspection). That keeps it cheap to call and
+*      safe for the native-messaging host context, where stdout is reserved for
+*      the Chrome protocol.
+*/
+/**
+* Detect the Node version manager currently providing `process.execPath`.
+* Returns `'system'` when no manager is detected — the user is running a Node
+* installed by the OS package manager, the official .pkg/.msi installer, or a
+* manually placed binary.
+*
+* @example
+*   ;```typescript
+*   detectActiveNodeManager() // 'nvm' | 'fnm' | 'volta' | 'asdf' | 'n' | 'corepack' | 'system'
+*   ```
+*/
+function detectActiveNodeManager() {
+	const exec = node_process.default.execPath;
+	if (/[/\\]\.nvm[/\\]versions[/\\]node[/\\]/.test(exec)) return "nvm";
+	if (/[/\\]\.fnm[/\\]/.test(exec) || /[/\\]fnm_multishells[/\\]/.test(exec)) return "fnm";
+	if (/[/\\]\.volta[/\\]tools[/\\]/.test(exec)) return "volta";
+	if (/[/\\]\.asdf[/\\]installs[/\\]nodejs[/\\]/.test(exec)) return "asdf";
+	if (/[/\\]n[/\\]versions[/\\]node[/\\]/.test(exec)) return "n";
+	if (/[/\\]corepack[/\\]shims[/\\]/.test(exec)) return "corepack";
+	if (require_env_rewire.getEnvValue("NVM_DIR")) return "nvm";
+	if (require_env_rewire.getEnvValue("FNM_DIR") || require_env_rewire.getEnvValue("FNM_MULTISHELL_PATH")) return "fnm";
+	if (require_env_rewire.getEnvValue("VOLTA_HOME")) return "volta";
+	if (require_env_rewire.getEnvValue("ASDF_DIR")) return "asdf";
+	if (require_env_rewire.getEnvValue("N_PREFIX")) return "n";
+	if (require_env_rewire.getEnvValue("COREPACK_HOME")) return "corepack";
+	return "system";
+}
+/**
+* Produce the exact shell command a user should run to install + activate
+* `targetVersion` under the named manager. The command is single-line and
+* intended to be embedded in an error message verbatim.
+*
+* @example
+*   ;```typescript
+*   nodeManagerUpgradeHint('nvm', '22.6.0')
+*   // 'nvm install 22.6.0 && nvm use 22.6.0'
+*
+*   nodeManagerUpgradeHint('system', '22.6.0')
+*   // 'Install Node 22.6.0+ from https://nodejs.org/'
+*   ```
+*
+* @param manager - The detected Node version manager.
+* @param targetVersion - Semver-shaped version, e.g. `'22.6.0'` or `'22'`.
+*/
+function nodeManagerUpgradeHint(manager, targetVersion) {
+	switch (manager) {
+		case "asdf": return `asdf install nodejs ${targetVersion} && asdf global nodejs ${targetVersion}`;
+		case "corepack": return `Corepack manages package managers, not Node. Install Node ${targetVersion}+ via nvm/fnm/volta or from https://nodejs.org/`;
+		case "fnm": return `fnm install ${targetVersion} && fnm use ${targetVersion}`;
+		case "n": return `n ${targetVersion}`;
+		case "nvm": return `nvm install ${targetVersion} && nvm use ${targetVersion}`;
+		case "volta": return `volta install node@${targetVersion}`;
+		default: return `Install Node ${targetVersion}+ from https://nodejs.org/`;
+	}
+}
+//#endregion
+exports.detectActiveNodeManager = detectActiveNodeManager;
+exports.nodeManagerUpgradeHint = nodeManagerUpgradeHint;

package/dist/env/npm.js CHANGED Viewed

@@ -22,7 +22,6 @@ const require_env_rewire = require('./rewire.js');
 *
 * @returns The configured NPM registry URL, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getNpmConfigRegistry() {
 	return require_env_rewire.getEnvValue("npm_config_registry");
 }
@@ -40,7 +39,6 @@ function getNpmConfigRegistry() {
 *
 * @returns The package manager user agent string, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getNpmConfigUserAgent() {
 	return require_env_rewire.getEnvValue("npm_config_user_agent");
 }
@@ -58,7 +56,6 @@ function getNpmConfigUserAgent() {
 *
 * @returns The current lifecycle event name, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getNpmLifecycleEvent() {
 	return require_env_rewire.getEnvValue("npm_lifecycle_event");
 }
@@ -75,7 +72,6 @@ function getNpmLifecycleEvent() {
 *
 * @returns The NPM registry URL override, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getNpmRegistry() {
 	return require_env_rewire.getEnvValue("NPM_REGISTRY");
 }
@@ -92,7 +88,6 @@ function getNpmRegistry() {
 *
 * @returns The NPM auth token, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getNpmToken() {
 	return require_env_rewire.getEnvValue("NPM_TOKEN");
 }

package/dist/env/number.js CHANGED Viewed

@@ -31,7 +31,6 @@ const require_primordials_number = require('../primordials/number.js');
 *
 * @returns The parsed number, or the default value if parsing fails
 */
-/* @__NO_SIDE_EFFECTS__ */
 function envAsNumber(value, defaultValueOrOptions = 0) {
 	const { allowInfinity = false, defaultValue = 0, mode = "int" } = typeof defaultValueOrOptions === "number" ? { defaultValue: defaultValueOrOptions } : defaultValueOrOptions ?? {};
 	if (value === void 0 || value === null) return defaultValue;

package/dist/env/package-manager.js CHANGED Viewed

@@ -37,11 +37,10 @@ node_process = require_runtime.__toESM(node_process);
 *
 * @returns The detected package manager or null if unable to determine
 */
-/* @__NO_SIDE_EFFECTS__ */
 function detectPackageManager() {
-	const userAgent = /* @__PURE__ */ getPackageManagerUserAgent();
+	const userAgent = getPackageManagerUserAgent();
 	if (userAgent) {
-		const match = userAgent.match(/^(npm|pnpm|yarn|bun)\//);
+		const match = userAgent.match(/^(bun|npm|pnpm|yarn)\//);
 		if (match) return match[1];
 	}
 	/* c8 ignore start - argv0-based PM fallback only fires when
@@ -67,9 +66,8 @@ function detectPackageManager() {
 *
 * @returns Object with name and version, or null if not available
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getPackageManagerInfo() {
-	const userAgent = /* @__PURE__ */ getPackageManagerUserAgent();
+	const userAgent = getPackageManagerUserAgent();
 	if (!userAgent) return;
 	const match = userAgent.match(/^([^/]+)\/([^\s]+)/);
 	if (match?.[1] && match[2]) return {
@@ -91,7 +89,6 @@ function getPackageManagerInfo() {
 *
 * @returns The user agent string or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getPackageManagerUserAgent() {
 	return require_env_rewire.getEnvValue("npm_config_user_agent");
 }

package/dist/env/path.js CHANGED Viewed

@@ -22,7 +22,6 @@ const require_env_rewire = require('./rewire.js');
 *
 * @returns The system executable search paths, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getPath() {
 	return require_env_rewire.getEnvValue("PATH");
 }

package/dist/env/pre-commit.js CHANGED Viewed

@@ -24,9 +24,8 @@ const require_env_rewire = require('./rewire.js');
 *
 * @returns `true` if running in a pre-commit hook, `false` otherwise
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getPreCommit() {
-	return /* @__PURE__ */ require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("PRE_COMMIT"));
+	return require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("PRE_COMMIT"));
 }
 //#endregion

package/dist/env/rewire.d.ts CHANGED Viewed

@@ -8,12 +8,7 @@
  *   - Compatible with vi.stubEnv() - reads from process.env as final fallback
  *   - Thread-safe for concurrent test execution
  */
-/**
- * Lazily load the async_hooks module to avoid Webpack errors.
- *
- * @private
- */
-export declare function getAsyncHooks(): typeof import('node:async_hooks');
+import type * as asyncHooksModule from 'node:async_hooks';
 /**
  * Clear a specific environment variable override.
  *
@@ -28,6 +23,12 @@ export declare function getAsyncHooks(): typeof import('node:async_hooks');
  * @param key - The environment variable name to clear.
  */
 export declare function clearEnv(key: string): void;
+/**
+ * Lazily load the async_hooks module to avoid Webpack errors.
+ *
+ * @private
+ */
+export declare function getAsyncHooks(): typeof asyncHooksModule;
 /**
  * Get an environment variable value, checking overrides first.
  *

package/dist/env/rewire.js CHANGED Viewed

@@ -20,23 +20,13 @@ node_process = require_runtime.__toESM(node_process);
 *   - Compatible with vi.stubEnv() - reads from process.env as final fallback
 *   - Thread-safe for concurrent test execution
 */
-let _async_hooks;
-/**
-* Lazily load the async_hooks module to avoid Webpack errors.
-*
-* @private
-*/
-/* @__NO_SIDE_EFFECTS__ */
-function getAsyncHooks() {
-	if (_async_hooks === void 0) _async_hooks = /* @__PURE__ */ require("node:async_hooks");
-	return _async_hooks;
-}
-const { AsyncLocalStorage } = /* @__PURE__ */ getAsyncHooks();
+let asyncHooks;
+const { AsyncLocalStorage } = getAsyncHooks();
 const isolatedOverridesStorage = new AsyncLocalStorage();
 const sharedOverridesSymbol = Symbol.for("@socketsecurity/lib/env/rewire/test-overrides");
-const _globalThis = globalThis;
-if (/* @__PURE__ */ require_env_boolean.envAsBoolean(node_process.default.env["VITEST"]) && !_globalThis[sharedOverridesSymbol]) _globalThis[sharedOverridesSymbol] = new require_primordials_map_set.MapCtor();
-const sharedOverrides = _globalThis[sharedOverridesSymbol];
+const globalThisRef = globalThis;
+if (require_env_boolean.envAsBoolean(node_process.default.env["VITEST"]) && !globalThisRef[sharedOverridesSymbol]) globalThisRef[sharedOverridesSymbol] = new require_primordials_map_set.MapCtor();
+const sharedOverrides = globalThisRef[sharedOverridesSymbol];
 /**
 * Clear a specific environment variable override.
 *
@@ -54,6 +44,15 @@ function clearEnv(key) {
 	sharedOverrides?.delete(key);
 }
 /**
+* Lazily load the async_hooks module to avoid Webpack errors.
+*
+* @private
+*/
+function getAsyncHooks() {
+	if (asyncHooks === void 0) asyncHooks = /*@__PURE__*/ require("node:async_hooks");
+	return asyncHooks;
+}
+/**
 * Get an environment variable value, checking overrides first.
 *
 * Resolution order: 1. Isolated overrides (temporary - set via
@@ -116,7 +115,7 @@ function hasOverride(key) {
 function isInEnv(key) {
 	if (isolatedOverridesStorage.getStore()?.has(key)) return true;
 	if (sharedOverrides?.has(key)) return true;
-	return /* @__PURE__ */ require_objects_predicates.hasOwn(node_process.default.env, key);
+	return require_objects_predicates.hasOwn(node_process.default.env, key);
 }
 /**
 * Clear all environment variable overrides. Useful in afterEach hooks to ensure

package/dist/env/shell.js CHANGED Viewed

@@ -22,7 +22,6 @@ const require_env_rewire = require('./rewire.js');
 *
 * @returns The user's default shell path, or `undefined` if not set
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getShell() {
 	return require_env_rewire.getEnvValue("SHELL");
 }

package/dist/env/socket-cli.js CHANGED Viewed

@@ -24,9 +24,8 @@ const require_env_number = require('./number.js');
 *
 * @returns Whether to accept all risks
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliAcceptRisks() {
-	return /* @__PURE__ */ require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_ACCEPT_RISKS"));
+	return require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_ACCEPT_RISKS"));
 }
 /**
 * Socket CLI API base URL (alternative name). Checks SOCKET_CLI_API_BASE_URL
@@ -42,7 +41,6 @@ function getSocketCliAcceptRisks() {
 *
 * @returns API base URL or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliApiBaseUrl() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_API_BASE_URL") || require_env_rewire.getEnvValue("SOCKET_SECURITY_API_BASE_URL");
 }
@@ -62,7 +60,6 @@ function getSocketCliApiBaseUrl() {
 *
 * @returns API proxy URL or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliApiProxy() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_API_PROXY") || require_env_rewire.getEnvValue("SOCKET_SECURITY_API_PROXY") || require_env_rewire.getEnvValue("HTTPS_PROXY") || require_env_rewire.getEnvValue("https_proxy") || require_env_rewire.getEnvValue("HTTP_PROXY") || require_env_rewire.getEnvValue("http_proxy");
 }
@@ -79,9 +76,8 @@ function getSocketCliApiProxy() {
 *
 * @returns API timeout in milliseconds
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliApiTimeout() {
-	return /* @__PURE__ */ require_env_number.envAsNumber(require_env_rewire.getEnvValue("SOCKET_CLI_API_TIMEOUT"));
+	return require_env_number.envAsNumber(require_env_rewire.getEnvValue("SOCKET_CLI_API_TIMEOUT"));
 }
 /**
 * Bootstrap cache directory path. Set by bootstrap wrappers to pass dlx cache
@@ -97,7 +93,6 @@ function getSocketCliApiTimeout() {
 *
 * @returns Bootstrap cache directory or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliBootstrapCacheDir() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_BOOTSTRAP_CACHE_DIR");
 }
@@ -115,7 +110,6 @@ function getSocketCliBootstrapCacheDir() {
 *
 * @returns Bootstrap package spec or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliBootstrapSpec() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_BOOTSTRAP_SPEC");
 }
@@ -132,7 +126,6 @@ function getSocketCliBootstrapSpec() {
 *
 * @returns Config file path or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliConfig() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_CONFIG");
 }
@@ -149,7 +142,6 @@ function getSocketCliConfig() {
 *
 * @returns Fix mode value or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliFix() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_FIX");
 }
@@ -167,7 +159,6 @@ function getSocketCliFix() {
 *
 * @returns GitHub token or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliGithubToken() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_GITHUB_TOKEN") || require_env_rewire.getEnvValue("SOCKET_SECURITY_GITHUB_PAT") || require_env_rewire.getEnvValue("GITHUB_TOKEN");
 }
@@ -185,9 +176,8 @@ function getSocketCliGithubToken() {
 *
 * @returns Whether to skip API token requirement
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliNoApiToken() {
-	return /* @__PURE__ */ require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_NO_API_TOKEN"));
+	return require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_NO_API_TOKEN"));
 }
 /**
 * Controls Socket CLI optimization mode.
@@ -203,9 +193,8 @@ function getSocketCliNoApiToken() {
 *
 * @returns Whether optimization mode is enabled
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliOptimize() {
-	return /* @__PURE__ */ require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_OPTIMIZE"));
+	return require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_OPTIMIZE"));
 }
 /**
 * Socket CLI organization slug identifier (alternative name). Checks
@@ -221,7 +210,6 @@ function getSocketCliOptimize() {
 *
 * @returns Organization slug or undefined
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliOrgSlug() {
 	return require_env_rewire.getEnvValue("SOCKET_CLI_ORG_SLUG") || require_env_rewire.getEnvValue("SOCKET_ORG_SLUG");
 }
@@ -239,9 +227,8 @@ function getSocketCliOrgSlug() {
 *
 * @returns Whether to view all risks
 */
-/* @__NO_SIDE_EFFECTS__ */
 function getSocketCliViewAllRisks() {
-	return /* @__PURE__ */ require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_VIEW_ALL_RISKS"));
+	return require_env_boolean.envAsBoolean(require_env_rewire.getEnvValue("SOCKET_CLI_VIEW_ALL_RISKS"));
 }
 //#endregion

package/dist/env/socket-mcp.d.ts ADDED Viewed

@@ -0,0 +1,114 @@
+/**
+ * @file Socket MCP HTTP server environment variable getters. Covers the MCP
+ *   transport (HTTP mode, port) and the OAuth credentials / proxy-trust
+ *   settings the MCP HTTP server reads at startup.
+ */
+/**
+ * Whether the MCP server should run in HTTP mode. MCP_HTTP_MODE — when set to
+ * the literal string `'true'`, the MCP server serves over HTTP instead of
+ * stdio. Returns `false` for any other value (including unset).
+ *
+ * @example
+ *   ;```typescript
+ *   import { getMcpHttpMode } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   if (getMcpHttpMode()) {
+ *     startHttpServer()
+ *   }
+ *   ```
+ *
+ * @returns `true` if HTTP mode is enabled, `false` otherwise
+ */
+export declare function getMcpHttpMode(): boolean;
+/**
+ * MCP HTTP server listen port. MCP_PORT — port the MCP HTTP server binds to.
+ * Defaults to `3000` (matches socket-mcp's documented default). Invalid /
+ * non-numeric values also fall back to `3000`.
+ *
+ * @example
+ *   ;```typescript
+ *   import { getMcpPort } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   const port = getMcpPort()
+ *   ```
+ *
+ * @returns The MCP server port (default `3000`)
+ */
+export declare function getMcpPort(): number;
+/**
+ * OAuth introspection client ID for the MCP HTTP server.
+ * SOCKET_OAUTH_INTROSPECTION_CLIENT_ID — client credential used to call the
+ * issuer's introspection endpoint. Empty string when unset.
+ *
+ * @example
+ *   ;```typescript
+ *   import { getSocketOauthIntrospectionClientId } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   const clientId = getSocketOauthIntrospectionClientId()
+ *   ```
+ *
+ * @returns The OAuth client ID, or `''` if not set
+ */
+export declare function getSocketOauthIntrospectionClientId(): string;
+/**
+ * OAuth introspection client secret for the MCP HTTP server.
+ * SOCKET_OAUTH_INTROSPECTION_CLIENT_SECRET — paired with the client ID for
+ * authenticated introspection requests. Empty string when unset.
+ *
+ * @example
+ *   ;```typescript
+ *   import { getSocketOauthIntrospectionClientSecret } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   const clientSecret = getSocketOauthIntrospectionClientSecret()
+ *   ```
+ *
+ * @returns The OAuth client secret, or `''` if not set
+ */
+export declare function getSocketOauthIntrospectionClientSecret(): string;
+/**
+ * OAuth issuer URL for the MCP HTTP server. SOCKET_OAUTH_ISSUER — issuer to
+ * validate inbound OAuth tokens against. Returns the empty string when unset;
+ * callers treat empty as "no issuer configured".
+ *
+ * @example
+ *   ;```typescript
+ *   import { getSocketOauthIssuer } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   const issuer = getSocketOauthIssuer()
+ *   if (issuer) { ... }
+ *   ```
+ *
+ * @returns The OAuth issuer URL, or `''` if not set
+ */
+export declare function getSocketOauthIssuer(): string;
+/**
+ * Required OAuth scopes for the MCP HTTP server. SOCKET_OAUTH_REQUIRED_SCOPES —
+ * whitespace-separated list of scopes inbound tokens must carry. Defaults to
+ * `'packages:list'` (the minimum scope socket-mcp's depscore tool needs).
+ *
+ * @example
+ *   ;```typescript
+ *   import { getSocketOauthRequiredScopes } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   const scopes = getSocketOauthRequiredScopes().split(/\s+/u)
+ *   ```
+ *
+ * @returns The required-scopes string, defaulting to `'packages:list'`
+ */
+export declare function getSocketOauthRequiredScopes(): string;
+/**
+ * Whether the MCP HTTP server should trust upstream proxy headers. TRUST_PROXY
+ * — when set to the literal string `'true'`, the server honors
+ * `X-Forwarded-Host` / `X-Forwarded-Proto` when composing OAuth metadata URLs.
+ * Off by default to prevent header spoofing when no upstream proxy is present.
+ *
+ * @example
+ *   ;```typescript
+ *   import { getTrustProxy } from '@socketsecurity/lib/env/socket-mcp'
+ *
+ *   if (getTrustProxy()) { ... }
+ *   ```
+ *
+ * @returns `true` if proxy headers are trusted, `false` otherwise
+ */
+export declare function getTrustProxy(): boolean;

package/dist/env/socket-mcp.js ADDED Viewed

@@ -0,0 +1,146 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_number = require('../primordials/number.js');
+const require_env_rewire = require('./rewire.js');
+const require_env_number = require('./number.js');
+//#region src/env/socket-mcp.ts
+/**
+* @file Socket MCP HTTP server environment variable getters. Covers the MCP
+*   transport (HTTP mode, port) and the OAuth credentials / proxy-trust
+*   settings the MCP HTTP server reads at startup.
+*/
+/**
+* Whether the MCP server should run in HTTP mode. MCP_HTTP_MODE — when set to
+* the literal string `'true'`, the MCP server serves over HTTP instead of
+* stdio. Returns `false` for any other value (including unset).
+*
+* @example
+*   ;```typescript
+*   import { getMcpHttpMode } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   if (getMcpHttpMode()) {
+*     startHttpServer()
+*   }
+*   ```
+*
+* @returns `true` if HTTP mode is enabled, `false` otherwise
+*/
+function getMcpHttpMode() {
+	return require_env_rewire.getEnvValue("MCP_HTTP_MODE") === "true";
+}
+/**
+* MCP HTTP server listen port. MCP_PORT — port the MCP HTTP server binds to.
+* Defaults to `3000` (matches socket-mcp's documented default). Invalid /
+* non-numeric values also fall back to `3000`.
+*
+* @example
+*   ;```typescript
+*   import { getMcpPort } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   const port = getMcpPort()
+*   ```
+*
+* @returns The MCP server port (default `3000`)
+*/
+function getMcpPort() {
+	const parsed = require_env_number.envAsNumber(require_env_rewire.getEnvValue("MCP_PORT"));
+	return require_primordials_number.NumberIsFinite(parsed) && parsed > 0 ? parsed : 3e3;
+}
+/**
+* OAuth introspection client ID for the MCP HTTP server.
+* SOCKET_OAUTH_INTROSPECTION_CLIENT_ID — client credential used to call the
+* issuer's introspection endpoint. Empty string when unset.
+*
+* @example
+*   ;```typescript
+*   import { getSocketOauthIntrospectionClientId } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   const clientId = getSocketOauthIntrospectionClientId()
+*   ```
+*
+* @returns The OAuth client ID, or `''` if not set
+*/
+function getSocketOauthIntrospectionClientId() {
+	return require_env_rewire.getEnvValue("SOCKET_OAUTH_INTROSPECTION_CLIENT_ID") ?? "";
+}
+/**
+* OAuth introspection client secret for the MCP HTTP server.
+* SOCKET_OAUTH_INTROSPECTION_CLIENT_SECRET — paired with the client ID for
+* authenticated introspection requests. Empty string when unset.
+*
+* @example
+*   ;```typescript
+*   import { getSocketOauthIntrospectionClientSecret } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   const clientSecret = getSocketOauthIntrospectionClientSecret()
+*   ```
+*
+* @returns The OAuth client secret, or `''` if not set
+*/
+function getSocketOauthIntrospectionClientSecret() {
+	return require_env_rewire.getEnvValue("SOCKET_OAUTH_INTROSPECTION_CLIENT_SECRET") ?? "";
+}
+/**
+* OAuth issuer URL for the MCP HTTP server. SOCKET_OAUTH_ISSUER — issuer to
+* validate inbound OAuth tokens against. Returns the empty string when unset;
+* callers treat empty as "no issuer configured".
+*
+* @example
+*   ;```typescript
+*   import { getSocketOauthIssuer } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   const issuer = getSocketOauthIssuer()
+*   if (issuer) { ... }
+*   ```
+*
+* @returns The OAuth issuer URL, or `''` if not set
+*/
+function getSocketOauthIssuer() {
+	return require_env_rewire.getEnvValue("SOCKET_OAUTH_ISSUER") ?? "";
+}
+/**
+* Required OAuth scopes for the MCP HTTP server. SOCKET_OAUTH_REQUIRED_SCOPES —
+* whitespace-separated list of scopes inbound tokens must carry. Defaults to
+* `'packages:list'` (the minimum scope socket-mcp's depscore tool needs).
+*
+* @example
+*   ;```typescript
+*   import { getSocketOauthRequiredScopes } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   const scopes = getSocketOauthRequiredScopes().split(/\s+/u)
+*   ```
+*
+* @returns The required-scopes string, defaulting to `'packages:list'`
+*/
+function getSocketOauthRequiredScopes() {
+	return require_env_rewire.getEnvValue("SOCKET_OAUTH_REQUIRED_SCOPES") ?? "packages:list";
+}
+/**
+* Whether the MCP HTTP server should trust upstream proxy headers. TRUST_PROXY
+* — when set to the literal string `'true'`, the server honors
+* `X-Forwarded-Host` / `X-Forwarded-Proto` when composing OAuth metadata URLs.
+* Off by default to prevent header spoofing when no upstream proxy is present.
+*
+* @example
+*   ;```typescript
+*   import { getTrustProxy } from '@socketsecurity/lib/env/socket-mcp'
+*
+*   if (getTrustProxy()) { ... }
+*   ```
+*
+* @returns `true` if proxy headers are trusted, `false` otherwise
+*/
+function getTrustProxy() {
+	return require_env_rewire.getEnvValue("TRUST_PROXY") === "true";
+}
+//#endregion
+exports.getMcpHttpMode = getMcpHttpMode;
+exports.getMcpPort = getMcpPort;
+exports.getSocketOauthIntrospectionClientId = getSocketOauthIntrospectionClientId;
+exports.getSocketOauthIntrospectionClientSecret = getSocketOauthIntrospectionClientSecret;
+exports.getSocketOauthIssuer = getSocketOauthIssuer;
+exports.getSocketOauthRequiredScopes = getSocketOauthRequiredScopes;
+exports.getTrustProxy = getTrustProxy;