npm - @socketsecurity/lib - Versions diffs - 6.0.5 → 6.0.7 - Mend

@socketsecurity/lib 6.0.5 → 6.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (534) hide show

package/CHANGELOG.md +43 -0
package/dist/ai/discover.d.mts +2 -2
package/dist/ai/discover.js +6 -4
package/dist/ai/spawn.js +10 -6
package/dist/ai/types.d.mts +18 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +12 -7
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +6 -6
package/dist/archives/zip.js +4 -6
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +43 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/acorn-bindgen.cjs +769 -0
package/dist/bin/acorn.wasm +0 -0
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +13 -13
package/dist/bin/prim.cjs +39244 -0
package/dist/bin/resolve.js +12 -13
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +5 -5
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +11 -11
package/dist/{bin → cli}/check-primordials.js +56 -52
package/dist/{bin → cli}/check.js +6 -5
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +20 -19
package/dist/compression/brotli.d.ts +25 -25
package/dist/compression/brotli.js +37 -44
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +44 -52
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.js +22 -28
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.js +1 -1
package/dist/cover/code.js +8 -8
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +26 -1
package/dist/crypto/hash.js +43 -12
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +2 -3
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +6 -6
package/dist/dlx/binary-cache.js +14 -14
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +14 -13
package/dist/dlx/binary-resolution.js +16 -14
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +34 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +16 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +16 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +1 -1
package/dist/eco/cargo/parse-lockfile.js +2 -2
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +4 -4
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +14 -14
package/dist/eco/npm/npm/parse-lockfile.js +3 -3
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +1 -1
package/dist/eco/npm/pnpm/parse-lockfile.js +4 -4
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +3 -3
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +2 -2
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +8 -8
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/rewire.d.ts +7 -6
package/dist/env/rewire.js +15 -16
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +1 -109
package/dist/env/socket.js +12 -166
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@sinclair/typebox/value.js +5 -1
package/dist/external/@sinclair/typebox.js +5 -1
package/dist/external/@socketregistry/packageurl-js.js +27 -0
package/dist/external/npm-pack.js +2 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve.js +2 -1
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.js +2 -1
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +1 -1
package/dist/external-tools/from-download.js +1 -1
package/dist/external-tools/from-pip-venv.d.ts +73 -0
package/dist/external-tools/from-pip-venv.js +98 -0
package/dist/external-tools/janus/asset-names.js +1 -1
package/dist/external-tools/janus/from-download.js +3 -5
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.js +2 -1
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.js +2 -1
package/dist/external-tools/jre/from-vfs.js +1 -1
package/dist/external-tools/jre/resolve.js +2 -1
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +7 -7
package/dist/external-tools/manifest.js +18 -16
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.js +2 -1
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +104 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +87 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +68 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +173 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +139 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +58 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.js +2 -1
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +24 -0
package/dist/external-tools/skillspector/from-dlx.js +41 -0
package/dist/external-tools/skillspector/from-path.d.ts +8 -0
package/dist/external-tools/skillspector/from-path.js +30 -0
package/dist/external-tools/skillspector/from-vfs.d.ts +8 -0
package/dist/external-tools/skillspector/from-vfs.js +27 -0
package/dist/external-tools/skillspector/resolve.d.ts +34 -0
package/dist/external-tools/skillspector/resolve.js +53 -0
package/dist/external-tools/skillspector/types.d.ts +24 -0
package/dist/external-tools/skillspector/types.js +2 -0
package/dist/external-tools/synp/from-download.js +2 -2
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.js +2 -1
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.js +2 -1
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.js +2 -1
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/{path-cache.js → allowed-dirs-cache.js} +1 -1
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +11 -13
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +6 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +1 -1
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +12 -13
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +12 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +3 -3
package/dist/git/staged.js +4 -4
package/dist/git/unstaged.js +4 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-rest.js +5 -5
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +7 -9
package/dist/globs/match.js +6 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +12 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +21 -13
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +4 -4
package/dist/http-request/headers.d.ts +32 -3
package/dist/http-request/headers.js +41 -13
package/dist/http-request/request-attempt.js +38 -33
package/dist/http-request/request-types.d.ts +7 -2
package/dist/http-request/request.js +33 -16
package/dist/http-request/response-reader.d.ts +12 -1
package/dist/http-request/response-reader.js +22 -2
package/dist/http-request/user-agent.js +3 -4
package/dist/integrity.d.ts +86 -18
package/dist/integrity.js +119 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +13 -14
package/dist/json/format.js +2 -2
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +141 -0
package/dist/native-messaging/rate-limit.d.ts +62 -0
package/dist/native-messaging/rate-limit.js +115 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.js +4 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.js +4 -3
package/dist/node/path.js +4 -3
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +5 -7
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +2 -3
package/dist/objects/predicates.js +0 -4
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.js +15 -16
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +11 -17
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +16 -16
package/dist/packages/manifest.js +12 -15
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +5 -9
package/dist/packages/provenance.d.ts +6 -0
package/dist/packages/provenance.js +25 -18
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +74 -11
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +79 -0
package/dist/packages/types.d.ts +21 -20
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +6 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +11 -14
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.js +16 -16
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +14 -14
package/dist/process/spawn/errors.js +2 -4
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +12 -16
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +2 -2
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +11 -2
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +5 -4
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/keychain.js +9 -6
package/dist/secrets/linux.js +25 -23
package/dist/secrets/macos.d.ts +1 -1
package/dist/secrets/macos.js +18 -16
package/dist/secrets/rc.d.ts +2 -2
package/dist/secrets/rc.js +15 -10
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +18 -9
package/dist/secrets/windows.js +21 -17
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +108 -1
package/dist/shell/parse.js +168 -2
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +101 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +4 -5
package/dist/spinner/spinner.js +18 -705
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +5 -5
package/dist/stdio/prompts.d.ts +5 -3
package/dist/stdio/prompts.js +6 -7
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +4 -2
package/dist/temporal/slots.js +7 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/parse.js +0 -2
package/dist/url/predicates.js +1 -2
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +5 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.d.ts +24 -2
package/dist/words/pluralize.js +47 -2
package/dist/words/types.d.ts +25 -2
package/package.json +289 -108
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -52
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{path-cache.d.ts → allowed-dirs-cache.d.ts} +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/external-tools/python/pin.js ADDED Viewed

@@ -0,0 +1,173 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_integrity = require('../../integrity.js');
+const require_constants_platform = require('../../constants/platform.js');
+const require_process_spawn_child = require('../../process/spawn/child.js');
+const require_fs_safe = require('../../fs/safe.js');
+let node_fs = require("node:fs");
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path);
+let node_os = require("node:os");
+node_os = require_runtime.__toESM(node_os);
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/external-tools/python/pin.ts
+/**
+* @file `resolvePipPackagePin()` — the Python mirror of
+*   `resolveNpmPackagePin()` (dlx/lockfile). Resolves a pip spec and its full
+*   dependency closure WITHOUT installing into the interpreter, then returns
+*   everything needed to pin a reproducible, hash-verified install:
+*
+*   - the resolved top-level name + version,
+*   - the top-level artifact's hashes (sha512 SRI + sha256 hex), and
+*   - a fully-hashed `requirements.txt` body (`name==version --hash=sha256:<hex>`
+*     for every artifact in the closure) ready to feed back to
+*     `downloadPipPackage` / `pip install --require-hashes`. Engine: `pip
+*     download --dest <scratch> <spec>` downloads the spec + its resolved
+*     closure as wheels/sdists into a scratch dir (no install, no venv), each
+*     file is hashed, then the scratch dir is torn down. This is pip's own
+*     recipe for producing hashed requirements — `pip-tools` is NOT required.
+*     Contrast `resolveNpmPackagePin` (dlx/lockfile): same contract, npm engine
+*     (Arborist lockfile-only + pacote), emits a `package-lock.json`. The pip
+*     side emits a hashed `requirements.txt` because that — not a lockfile — is
+*     what `pip install --require-hashes` consumes. NOTE on the soak window:
+*     `resolveNpmPackagePin` applies a min-release-age cutoff via Arborist's
+*     `before` date. pip has no native release-age gate, so this generator does
+*     NOT enforce one — callers that need a soak must vet the resolved versions
+*     out of band. The spec itself remains the primary pin: `==<version>` (PyPI
+*     is immutable per version) or `@<full-sha>` (git is content-addressed).
+*/
+/**
+* Thrown when `pip download` produces no artifacts or a filename can't be
+* parsed into a name + version.
+*/
+var PipPackagePinError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = "PipPackagePinError";
+	}
+};
+/**
+* Normalize a PEP 503 distribution name: lowercase, runs of `_ . -` collapse to
+* a single `-`. Wheel filenames use `_`; requirements/PyPI use `-`.
+*/
+function normalizeDistName(name) {
+	return name.toLowerCase().replace(/[-_.]+/g, "-");
+}
+/**
+* Parse `<name>-<version>` out of a wheel (`name-ver-...whl`) or sdist
+* (`name-ver.tar.gz` / `name-ver.zip`) filename. Returns undefined when the
+* shape isn't recognized.
+*/
+function parseArtifactFilename(file) {
+	if (file.endsWith(".whl")) {
+		const parts = file.slice(0, -4).split("-");
+		if (parts.length < 2) return;
+		return {
+			name: normalizeDistName(parts[0]),
+			version: parts[1]
+		};
+	}
+	const ext = [
+		".tar.gz",
+		".tar.bz2",
+		".zip",
+		".tgz"
+	].find((e) => file.endsWith(e));
+	if (!ext) return;
+	const stem = file.slice(0, -ext.length);
+	const dashIdx = stem.lastIndexOf("-");
+	if (dashIdx <= 0) return;
+	return {
+		name: normalizeDistName(stem.slice(0, dashIdx)),
+		version: stem.slice(dashIdx + 1)
+	};
+}
+/**
+* Generate a vendorable, hash-pinned closure for a pip spec without installing
+* it. Mirrors `resolveNpmPackagePin`. Throws `PipPackagePinError` on an empty
+* download or an unparseable artifact filename.
+*/
+async function resolvePipPackagePin(options) {
+	const { pythonBin, spec } = options;
+	if (typeof spec !== "string" || spec.length === 0) throw new PipPackagePinError("resolvePipPackagePin requires a package spec");
+	const scratch = options.scratchDir ?? node_path.default.join(node_os.default.tmpdir(), `socket-lib-pip-pin-${node_process.default.pid}-${Date.now()}`);
+	await require_fs_safe.safeMkdir(scratch, { recursive: true });
+	try {
+		await require_process_spawn_child.spawn(pythonBin, [
+			"-m",
+			"pip",
+			"download",
+			"--no-input",
+			"--quiet",
+			"--dest",
+			scratch,
+			spec
+		], {
+			shell: require_constants_platform.WIN32,
+			stdio: "inherit"
+		});
+		const files = (await node_fs.promises.readdir(scratch)).filter((f) => f.endsWith(".whl") || f.endsWith(".tar.gz") || f.endsWith(".tar.bz2") || f.endsWith(".zip") || f.endsWith(".tgz"));
+		if (!files.length) throw new PipPackagePinError(`resolvePipPackagePin: pip download ${spec} produced no artifacts in ${scratch}`);
+		const artifacts = [];
+		const targetName = normalizeDistName(specDistName(spec));
+		let top;
+		for (const file of files.toSorted()) {
+			const hash = require_integrity.computeHashes(await node_fs.promises.readFile(node_path.default.join(scratch, file)));
+			const parsed = parseArtifactFilename(file);
+			if (!parsed) throw new PipPackagePinError(`resolvePipPackagePin: could not parse name/version from artifact ${file}`);
+			artifacts.push({
+				checksum: hash.checksum,
+				file,
+				name: parsed.name,
+				version: parsed.version
+			});
+			if (!top && parsed.name === targetName) top = {
+				hash,
+				name: parsed.name,
+				version: parsed.version
+			};
+		}
+		if (!top) {
+			const first = artifacts[0];
+			top = {
+				hash: require_integrity.computeHashes(await node_fs.promises.readFile(node_path.default.join(scratch, first.file))),
+				name: first.name,
+				version: first.version
+			};
+		}
+		const requirements = artifacts.map((a) => `${a.name}==${a.version} --hash=sha256:${a.checksum}`).join("\n") + "\n";
+		return {
+			artifacts,
+			hash: top.hash,
+			name: top.name,
+			requirements,
+			version: top.version
+		};
+	} finally {
+		try {
+			await require_fs_safe.safeDelete(scratch, { force: true });
+		} catch {}
+	}
+}
+/**
+* Best-effort distribution name from a pip spec for matching the top-level
+* artifact: strips a `==`/`>=`/etc. version and a `git+...#egg=<name>`
+* fragment. Falls back to the raw spec when neither is present.
+*/
+function specDistName(spec) {
+	const eggIdx = spec.indexOf("#egg=");
+	if (eggIdx !== -1) return spec.slice(eggIdx + 5);
+	const match = /^([A-Za-z0-9._-]+)\s*(?:@|[=<>!~]=?)/.exec(spec);
+	return match ? match[1] : spec;
+}
+//#endregion
+exports.PipPackagePinError = PipPackagePinError;
+exports.normalizeDistName = normalizeDistName;
+exports.parseArtifactFilename = parseArtifactFilename;
+exports.resolvePipPackagePin = resolvePipPackagePin;
+exports.specDistName = specDistName;

package/dist/external-tools/python/pip-install.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * @file `downloadPipPackage()` — the Python mirror of `dlx/package.ts`'s
+ *   `downloadNpmPackage()`. Installs a pip spec into a content-addressed dlx
+ *   directory (`pip install --target <dir>`), leaving the interpreter pristine:
+ *   the package + its deps land in
+ *   `~/.socket/_dlx/<cacheKey(spec)>/site-packages`, the exact analog of how
+ *   `downloadNpmPackage` installs npm deps into
+ *   `<dlxDir>/<hash>/node_modules/`. This is the bundle-safe / SEA-VFS-safe
+ *   model:
+ *
+ *   - No venv → no symlinks, no `pyvenv.cfg` with an absolute `home=`.
+ *   - The target dir is plain files → embeddable in a SEA's VFS, relocatable at
+ *     runtime.
+ *   - One shared Python serves N isolated package dirs (true per-tool isolation
+ *     without a venv) — exactly the `node_modules`-per-cacheKey shape. Run the
+ *     installed tool with the package dir on `PYTHONPATH`: spawn(pythonBin,
+ *     ['-m', '<module>', ...args], { env: { ...process.env, PYTHONPATH:
+ *     packageDir } }) `spec` is a PyPI pin (`<pkg>==<version>`) or a git-SHA
+ *     pin (`git+https://…@<sha>`). A TOCTOU lock guards concurrent installs; an
+ *     existing non-empty package dir makes the call idempotent. Contrast
+ *     `createPipVenv` (external-tools/from-pip-venv): venv with a
+ *     `bin/<entryPoint>` — convenient but symlink + absolute-`home`-dependent,
+ *     so DLX-only and NOT bundleable.
+ */
+/**
+ * Install `spec` into a content-addressed dlx dir via `pip install --target`.
+ * Lock-guarded + idempotent. Throws on a failed pip install or if the lock
+ * can't be acquired after MAX_RETRIES. Mirrors `downloadNpmPackage`.
+ */
+export declare function downloadPipPackage(options: DownloadPipPackageOptions, retryCount?: number): Promise<DownloadPipPackageResult>;
+export declare function isAlreadyInstalled(packageDir: string): Promise<boolean>;
+export declare function isStaleLock(pid: number): boolean;
+export interface DownloadPipPackageOptions {
+    /**
+     * Optional sha256 hash (`sha256:<hex>` or bare `<hex>`) of the top-level
+     * artifact, the Python analog of `downloadNpmPackage`'s `hash`. When set, pip
+     * runs with `--require-hashes` and `--hash=sha256:<hex>`, which fails closed
+     * unless EVERY resolved artifact (the spec and its full dependency closure)
+     * carries a matching hash — so it only fits specs pip can hash-verify (a
+     * pinned `==<version>` or a direct wheel/sdist URL) with a hash-pinned
+     * closure. Omit it and rely on the immutable spec as the pin: `==<version>`
+     * (PyPI is immutable per version) or `@<full-sha>` (git is
+     * content-addressed).
+     */
+    readonly hash?: string | undefined;
+    /**
+     * Absolute path to the Python interpreter used to run pip (and later the
+     * tool). The interpreter is NOT modified — packages go to the dlx package
+     * dir. Typically from `resolvePython()`.
+     */
+    readonly pythonBin: string;
+    /**
+     * Pip install spec: `<pkg>==<version>` (PyPI exact pin) or
+     * `git+https://<url>@<sha>` (git-SHA pin).
+     */
+    readonly spec: string;
+}
+export interface DownloadPipPackageResult {
+    /**
+     * `true` when this call ran pip; `false` when an existing install was reused.
+     */
+    readonly installed: boolean;
+    /**
+     * Directory the package was installed into. Put this on `PYTHONPATH` to run
+     * the tool: `python -m <module>`. The Python analog of
+     * `DownloadNpmPackageResult.packageDir`.
+     */
+    readonly packageDir: string;
+}
+/**
+ * Content-addressed install dir for a spec:
+ * `~/.socket/_dlx/<cacheKey>/site-packages`. The Python analog of
+ * `downloadNpmPackage`'s `<hash>/node_modules`.
+ */
+export declare function pipPackageDir(spec: string): string;

package/dist/external-tools/python/pip-install.js ADDED Viewed

@@ -0,0 +1,139 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_constants_platform = require('../../constants/platform.js');
+const require_process_spawn_child = require('../../process/spawn/child.js');
+const require_paths_socket = require('../../paths/socket.js');
+const require_fs_safe = require('../../fs/safe.js');
+const require_dlx_cache = require('../../dlx/cache.js');
+let node_fs = require("node:fs");
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path);
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/external-tools/python/pip-install.ts
+/**
+* @file `downloadPipPackage()` — the Python mirror of `dlx/package.ts`'s
+*   `downloadNpmPackage()`. Installs a pip spec into a content-addressed dlx
+*   directory (`pip install --target <dir>`), leaving the interpreter pristine:
+*   the package + its deps land in
+*   `~/.socket/_dlx/<cacheKey(spec)>/site-packages`, the exact analog of how
+*   `downloadNpmPackage` installs npm deps into
+*   `<dlxDir>/<hash>/node_modules/`. This is the bundle-safe / SEA-VFS-safe
+*   model:
+*
+*   - No venv → no symlinks, no `pyvenv.cfg` with an absolute `home=`.
+*   - The target dir is plain files → embeddable in a SEA's VFS, relocatable at
+*     runtime.
+*   - One shared Python serves N isolated package dirs (true per-tool isolation
+*     without a venv) — exactly the `node_modules`-per-cacheKey shape. Run the
+*     installed tool with the package dir on `PYTHONPATH`: spawn(pythonBin,
+*     ['-m', '<module>', ...args], { env: { ...process.env, PYTHONPATH:
+*     packageDir } }) `spec` is a PyPI pin (`<pkg>==<version>`) or a git-SHA
+*     pin (`git+https://…@<sha>`). A TOCTOU lock guards concurrent installs; an
+*     existing non-empty package dir makes the call idempotent. Contrast
+*     `createPipVenv` (external-tools/from-pip-venv): venv with a
+*     `bin/<entryPoint>` — convenient but symlink + absolute-`home`-dependent,
+*     so DLX-only and NOT bundleable.
+*/
+const MAX_RETRIES = 3;
+const WAIT_TICKS = 30;
+/**
+* Install `spec` into a content-addressed dlx dir via `pip install --target`.
+* Lock-guarded + idempotent. Throws on a failed pip install or if the lock
+* can't be acquired after MAX_RETRIES. Mirrors `downloadNpmPackage`.
+*/
+async function downloadPipPackage(options, retryCount = 0) {
+	const { hash, pythonBin, spec } = options;
+	const packageDir = pipPackageDir(spec);
+	if (retryCount >= MAX_RETRIES) throw new Error(`downloadPipPackage: could not acquire install lock after ${MAX_RETRIES} retries for ${packageDir}; a peer may be stuck or the lock is stale — remove it and retry`);
+	if (await isAlreadyInstalled(packageDir)) return {
+		installed: false,
+		packageDir
+	};
+	const lockDir = node_path.default.dirname(packageDir);
+	await require_fs_safe.safeMkdir(lockDir, { recursive: true });
+	const lockFile = node_path.default.join(lockDir, ".installing");
+	try {
+		await node_fs.promises.writeFile(lockFile, node_process.default.pid.toString(), { flag: "wx" });
+	} catch (e) {
+		if (e.code !== "EEXIST") throw e;
+		let stale = false;
+		try {
+			stale = isStaleLock(Number.parseInt((await node_fs.promises.readFile(lockFile, "utf8")).trim(), 10));
+		} catch {
+			stale = true;
+		}
+		if (stale) {
+			await require_fs_safe.safeDelete(lockFile, { force: true });
+			return downloadPipPackage(options, retryCount + 1);
+		}
+		for (let i = 0; i < WAIT_TICKS; i += 1) {
+			await new Promise((resolve) => {
+				setTimeout(resolve, 1e3);
+			});
+			if (await isAlreadyInstalled(packageDir)) return {
+				installed: false,
+				packageDir
+			};
+		}
+		return downloadPipPackage(options, retryCount + 1);
+	}
+	try {
+		await require_fs_safe.safeMkdir(packageDir, { recursive: true });
+		const normalizedHash = hash ? hash.startsWith("sha256:") ? hash : `sha256:${hash}` : void 0;
+		await require_process_spawn_child.spawn(pythonBin, [
+			"-m",
+			"pip",
+			"install",
+			"--no-input",
+			"--quiet",
+			"--target",
+			packageDir,
+			...normalizedHash ? ["--require-hashes", `--hash=${normalizedHash}`] : [],
+			spec
+		], {
+			shell: require_constants_platform.WIN32,
+			stdio: "inherit"
+		});
+		if (!await isAlreadyInstalled(packageDir)) throw new Error(`downloadPipPackage: pip install --target ${packageDir} ${spec} reported success but the target is still empty`);
+		return {
+			installed: true,
+			packageDir
+		};
+	} finally {
+		await require_fs_safe.safeDelete(lockFile, { force: true });
+	}
+}
+async function isAlreadyInstalled(packageDir) {
+	try {
+		return (await node_fs.promises.readdir(packageDir)).length > 0;
+	} catch {
+		return false;
+	}
+}
+function isStaleLock(pid) {
+	if (Number.isNaN(pid) || pid <= 0) return true;
+	try {
+		node_process.default.kill(pid, 0);
+		return false;
+	} catch (e) {
+		return e.code !== "EPERM";
+	}
+}
+/**
+* Content-addressed install dir for a spec:
+* `~/.socket/_dlx/<cacheKey>/site-packages`. The Python analog of
+* `downloadNpmPackage`'s `<hash>/node_modules`.
+*/
+function pipPackageDir(spec) {
+	return node_path.default.join(require_paths_socket.getSocketDlxDir(), require_dlx_cache.generateCacheKey(spec), "site-packages");
+}
+//#endregion
+exports.downloadPipPackage = downloadPipPackage;
+exports.isAlreadyInstalled = isAlreadyInstalled;
+exports.isStaleLock = isStaleLock;
+exports.pipPackageDir = pipPackageDir;

package/dist/external-tools/python/resolve.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * @file `resolvePython()` — CPython resolution entry point. Tries each source
+ *   in order:
+ *
+ *   1. PATH — `python3` / `python` on the system PATH.
+ *   2. download — python-build-standalone CPython into the DLX cache (only when
+ *      `downloadIfMissing` is passed). Returns `undefined` if all enabled
+ *      sources miss. Memoized per option-shape so repeated calls in one process
+ *      don't re-probe / re-download. NOTE: unlike the JRE / removed-uv
+ *      resolvers there is no VFS tier here — a CPython runtime is not embedded
+ *      in the smol Node binary. Add a `from-vfs` tier here if that changes.
+ */
+import type { BinaryDownloader } from '../from-download';
+import type { HashSpec } from '../../integrity';
+import type { ResolvedPython } from './types';
+export interface ResolvePythonOptions {
+    /**
+     * Prefer a downloaded python-build-standalone over a PATH interpreter. Use
+     * when you need an exact, reproducible CPython (the host `python3` may be the
+     * wrong version). Default false: PATH wins when present.
+     */
+    preferDownload?: boolean | undefined;
+    /**
+     * When set, fall back to downloading python-build-standalone if no PATH
+     * interpreter is found (or always, with `preferDownload`).
+     */
+    downloadIfMissing?: {
+        version: string;
+        tag: string;
+        /**
+         * Omit to auto-detect the current host via {@link getPythonArch}.
+         */
+        arch?: string | undefined;
+        integrity?: HashSpec | undefined;
+        cacheDir?: string | undefined;
+        downloader?: BinaryDownloader | undefined;
+    } | undefined;
+}
+export declare function cacheKey(opts: ResolvePythonOptions | undefined): string;
+export declare function doResolvePython(opts?: ResolvePythonOptions | undefined): Promise<ResolvedPython | undefined>;
+export declare function resetPythonResolution(): void;
+export declare function resolvePython(opts?: ResolvePythonOptions | undefined): Promise<ResolvedPython | undefined>;

package/dist/external-tools/python/resolve.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_map_set = require('../../primordials/map-set.js');
+const require_external_tools_python_asset_names = require('./asset-names.js');
+const require_external_tools_python_from_download = require('./from-download.js');
+const require_external_tools_python_from_path = require('./from-path.js');
+//#region src/external-tools/python/resolve.ts
+/**
+* @file `resolvePython()` — CPython resolution entry point. Tries each source
+*   in order:
+*
+*   1. PATH — `python3` / `python` on the system PATH.
+*   2. download — python-build-standalone CPython into the DLX cache (only when
+*      `downloadIfMissing` is passed). Returns `undefined` if all enabled
+*      sources miss. Memoized per option-shape so repeated calls in one process
+*      don't re-probe / re-download. NOTE: unlike the JRE / removed-uv
+*      resolvers there is no VFS tier here — a CPython runtime is not embedded
+*      in the smol Node binary. Add a `from-vfs` tier here if that changes.
+*/
+const resolutionCache = new require_primordials_map_set.MapCtor();
+function cacheKey(opts) {
+	const prefer = opts?.preferDownload ? "prefer:" : "";
+	if (!opts?.downloadIfMissing) return `${prefer}local-only`;
+	const { cacheDir, integrity, tag, version } = opts.downloadIfMissing;
+	return `${prefer}dl:${version}:${tag}:${opts.downloadIfMissing.arch ?? require_external_tools_python_asset_names.getPythonArch() ?? "unknown"}:${typeof integrity === "string" ? integrity : integrity ? `${integrity.type}:${integrity.value}` : ""}:${cacheDir ?? ""}`;
+}
+async function doResolvePython(opts) {
+	const dl = opts?.downloadIfMissing;
+	if (opts?.preferDownload && dl) {
+		const fromDownload = await require_external_tools_python_from_download.pythonFromDownload(dl);
+		if (fromDownload) return fromDownload;
+	}
+	const fromPath = await require_external_tools_python_from_path.pythonFromPath();
+	if (fromPath) return fromPath;
+	if (dl) return require_external_tools_python_from_download.pythonFromDownload(dl);
+}
+/* c8 ignore start - test-only escape hatch. */
+function resetPythonResolution() {
+	resolutionCache.clear();
+}
+/* c8 ignore stop */
+function resolvePython(opts) {
+	const key = cacheKey(opts);
+	let cached = resolutionCache.get(key);
+	if (!cached) {
+		cached = doResolvePython(opts);
+		resolutionCache.set(key, cached);
+	}
+	return cached;
+}
+//#endregion
+exports.cacheKey = cacheKey;
+exports.doResolvePython = doResolvePython;
+exports.resetPythonResolution = resetPythonResolution;
+exports.resolvePython = resolvePython;

package/dist/external-tools/python/types.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * @file Types for the python-build-standalone DLX resolver. A "resolved python"
+ *   is an absolute path to a CPython interpreter plus the tier that found it.
+ */
+import type { ResolvedToolIntegrity } from '../from-download';
+/**
+ * Which resolver tier produced the interpreter.
+ *
+ * - `path` — an interpreter already on PATH (system / pyenv / etc.).
+ * - `download` — a python-build-standalone CPython fetched into the DLX cache.
+ */
+export type PythonSource = 'download' | 'path';
+export interface ResolvedPython {
+    /**
+     * Absolute path to the `python3` (or `python.exe`) executable.
+     */
+    readonly path: string;
+    /**
+     * Which resolver tier found this interpreter.
+     */
+    readonly source: PythonSource;
+    /**
+     * SRI integrity of the downloaded archive. Set only when `source ===
+     * 'download'`; the PATH tier references an interpreter already on disk and
+     * computes no hash. See {@link ResolvedToolIntegrity}.
+     */
+    readonly integrity?: ResolvedToolIntegrity | undefined;
+}
+/**
+ * Pin describing which python-build-standalone build to fetch. The caller
+ * supplies these from its own `external-tools.json` (or `bundle-tools.json`) —
+ * the library does not embed a default version, so each consumer controls its
+ * own pin + soak.
+ */
+export interface PythonBuildPin {
+    /**
+     * CPython version, e.g. `3.11.14`.
+     */
+    readonly version: string;
+    /**
+     * Python-build-standalone release tag, e.g. `20260203`.
+     */
+    readonly tag: string;
+    /**
+     * Optional per-platform integrity (hex SHA-256 or SRI). Keyed by the asset
+     * filename so the resolver can verify the exact tarball it downloads.
+     */
+    readonly integrity?: string | undefined;
+}

package/dist/external-tools/sbt/from-vfs.js CHANGED Viewed

@@ -17,7 +17,7 @@ const require_smol_vfs = require('../../smol/vfs.js');
 */
 const SBT_VFS_KEY = "sbt-launch.jar";
 async function sbtFromVfs() {
-	const vfs = /* @__PURE__ */ require_smol_vfs.getSmolVfs();
+	const vfs = require_smol_vfs.getSmolVfs();
 	if (!vfs) return;
 	/* c8 ignore start - smol Node binary only. */
 	if (!vfs.has("sbt-launch.jar")) return;

package/dist/external-tools/sbt/resolve.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_map_set = require('../../primordials/map-set.js');
 const require_external_tools_sbt_from_download = require('./from-download.js');
 const require_external_tools_sbt_from_path = require('./from-path.js');
 const require_external_tools_sbt_from_vfs = require('./from-vfs.js');
@@ -18,7 +19,7 @@ const require_external_tools_sbt_from_vfs = require('./from-vfs.js');
 *      download-sourced SBT is the `sbt` script, which finds its own JRE.
 *      Memoized per option-shape.
 */
-const resolutionCache = /* @__PURE__ */ new Map();
+const resolutionCache = new require_primordials_map_set.MapCtor();
 function cacheKey(opts) {
 	if (!opts?.downloadIfMissing) return "local-only";
 	const { cacheDir, integrity, version } = opts.downloadIfMissing;

package/dist/external-tools/sbt/types.d.ts CHANGED Viewed

@@ -28,5 +28,5 @@ export interface ResolvedSbt {
     /**
      * See {@link ResolvedToolIntegrity}.
      */
-    readonly integrity?: ResolvedToolIntegrity;
+    readonly integrity?: ResolvedToolIntegrity | undefined;
 }

package/dist/external-tools/skillspector/from-dlx.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * @file `skillspectorFromDlx()` — DLX-venv tier of SkillSpector resolution.
+ *   Creates a single-purpose venv under `~/.socket/_dlx/skillspector/<sha>/`
+ *   and pip-installs the pinned git SHA. Returns `undefined` when:
+ *
+ *   - No Python interpreter is on PATH (host lacks Python 3.12+).
+ *   - The venv-create or pip-install command fails. Idempotent: hits the cached
+ *     venv when its `skillspector` entry-point already exists.
+ */
+import type { ResolvedSkillSpector } from './types';
+export interface SkillSpectorFromDlxOptions {
+    /**
+     * Pinned upstream SHA. Combined with the canonical NVIDIA/skillspector repo
+     * URL to form the pip-install spec
+     * `git+https://github.com/NVIDIA/skillspector.git@<sha>`.
+     */
+    readonly sha: string;
+    /**
+     * Cache directory override. Defaults to `getSocketDlxDir() +
+     * 'skillspector/<sha>'`. Tests pass a tmpdir.
+     */
+    readonly cacheDir?: string | undefined;
+}
+export declare function skillspectorFromDlx(opts: SkillSpectorFromDlxOptions): Promise<ResolvedSkillSpector | undefined>;

package/dist/external-tools/skillspector/from-dlx.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_paths_socket = require('../../paths/socket.js');
+const require_external_tools_from_pip_venv = require('../from-pip-venv.js');
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path);
+//#region src/external-tools/skillspector/from-dlx.ts
+/**
+* @file `skillspectorFromDlx()` — DLX-venv tier of SkillSpector resolution.
+*   Creates a single-purpose venv under `~/.socket/_dlx/skillspector/<sha>/`
+*   and pip-installs the pinned git SHA. Returns `undefined` when:
+*
+*   - No Python interpreter is on PATH (host lacks Python 3.12+).
+*   - The venv-create or pip-install command fails. Idempotent: hits the cached
+*     venv when its `skillspector` entry-point already exists.
+*/
+const UPSTREAM_REPO = "https://github.com/NVIDIA/skillspector.git";
+async function skillspectorFromDlx(opts) {
+	const { sha } = opts;
+	if (!sha) return;
+	const cacheDir = opts.cacheDir ?? node_path.default.join(require_paths_socket.getSocketDlxDir(), "skillspector", sha);
+	const installSpec = `git+${UPSTREAM_REPO}@${sha}`;
+	try {
+		return {
+			path: (await require_external_tools_from_pip_venv.createPipVenv({
+				cacheDir,
+				entryPoint: "skillspector",
+				installSpec
+			})).entryPointPath,
+			source: "dlx"
+		};
+	} catch {
+		return;
+	}
+}
+//#endregion
+exports.skillspectorFromDlx = skillspectorFromDlx;

package/dist/external-tools/skillspector/from-path.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @file `skillspectorFromPath()` — `which skillspector` lookup. Reports
+ *   `source: 'pipx'` when the resolved path lives under a `pipx/venvs/`
+ *   directory (the dev's `pipx install skillspector` path); reports `source:
+ *   'path'` otherwise (a one-off binary on PATH).
+ */
+import type { ResolvedSkillSpector } from './types';
+export declare function skillspectorFromPath(): Promise<ResolvedSkillSpector | undefined>;