@socketsecurity/lib 6.0.5 → 6.0.7

package/dist/external-tools/uv/asset-names.d.ts

@@ -1,36 +0,0 @@
-/**
- * @file Upstream uv release asset-name mapping per `platform-arch`. uv
- *   publishes per-platform archives under
- *   https://github.com/astral-sh/uv/releases/download/<X.Y.Z>/. The release tag
- *   is the bare semver (no `v` prefix), unlike most upstream projects. Each
- *   archive wraps the binary one directory deep (`uv-<triple>/uv[.exe]`), so
- *   callers should pass `strip: 1` to the extractor — or, equivalently, look up
- *   the binary inside the archive's stem directory.
- */
-export interface UvAssetEntry {
-    /**
-     * Full asset filename (no version interpolation — uv asset names are
-     * version-free).
-     */
-    readonly asset: string;
-}
-export declare const UV_ASSET_MAP: Readonly<Record<string, UvAssetEntry>>;
-export declare function getUvAssetEntry(platformArch: string): UvAssetEntry | undefined;
-export interface UvDownloadOptions {
-    /**
-     * Uv release version, e.g. `'0.10.11'` (no `v` prefix — astral-sh/uv tags
-     * releases as bare semver).
-     */
-    version: string;
-    /**
-     * Fleet platform-arch token — looked up in `UV_ASSET_MAP`.
-     */
-    platformArch: string;
-}
-/**
- * Build the GitHub release-asset download URL for an upstream uv binary.
- * Returns `undefined` when no entry exists for the requested platform-arch.
- *
- * Reference: https://github.com/astral-sh/uv/releases.
- */
-export declare function getUvDownloadUrl(opts: UvDownloadOptions): string | undefined;

package/dist/external-tools/uv/asset-names.js

@@ -1,70 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_primordials_object = require('../../primordials/object.js');
-
-//#region src/external-tools/uv/asset-names.ts
-/**
-* @file Upstream uv release asset-name mapping per `platform-arch`. uv
-*   publishes per-platform archives under
-*   https://github.com/astral-sh/uv/releases/download/<X.Y.Z>/. The release tag
-*   is the bare semver (no `v` prefix), unlike most upstream projects. Each
-*   archive wraps the binary one directory deep (`uv-<triple>/uv[.exe]`), so
-*   callers should pass `strip: 1` to the extractor — or, equivalently, look up
-*   the binary inside the archive's stem directory.
-*/
-const UV_ASSET_MAP = require_primordials_object.ObjectFreeze({
-	__proto__: null,
-	"darwin-arm64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-aarch64-apple-darwin.tar.gz"
-	}),
-	"darwin-x64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-x86_64-apple-darwin.tar.gz"
-	}),
-	"linux-arm64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-aarch64-unknown-linux-gnu.tar.gz"
-	}),
-	"linux-arm64-musl": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-aarch64-unknown-linux-musl.tar.gz"
-	}),
-	"linux-x64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-x86_64-unknown-linux-gnu.tar.gz"
-	}),
-	"linux-x64-musl": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-x86_64-unknown-linux-musl.tar.gz"
-	}),
-	"win-arm64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-aarch64-pc-windows-msvc.zip"
-	}),
-	"win-x64": require_primordials_object.ObjectFreeze({
-		__proto__: null,
-		asset: "uv-x86_64-pc-windows-msvc.zip"
-	})
-});
-function getUvAssetEntry(platformArch) {
-	return UV_ASSET_MAP[platformArch];
-}
-/**
-* Build the GitHub release-asset download URL for an upstream uv binary.
-* Returns `undefined` when no entry exists for the requested platform-arch.
-*
-* Reference: https://github.com/astral-sh/uv/releases.
-*/
-function getUvDownloadUrl(opts) {
-	const { platformArch, version } = opts;
-	const entry = UV_ASSET_MAP[platformArch];
-	if (!entry) return;
-	return `https://github.com/astral-sh/uv/releases/download/${version}/` + entry.asset;
-}
-
-//#endregion
-exports.UV_ASSET_MAP = UV_ASSET_MAP;
-exports.getUvAssetEntry = getUvAssetEntry;
-exports.getUvDownloadUrl = getUvDownloadUrl;

package/dist/external-tools/uv/from-download.d.ts

@@ -1,17 +0,0 @@
-/**
- * @file `uvFromDownload()` — fetches upstream uv and returns a `ResolvedUv`
- *   pointing at the extracted binary. uv tarballs wrap the binary in a
- *   `<asset-stem>/` directory; the extractor strips that level so the binary
- *   sits at the cache-dir root.
- */
-import type { BinaryDownloader } from '../from-download';
-import type { HashSpec } from '../../integrity';
-import type { ResolvedUv } from './types';
-export interface UvFromDownloadOptions {
-    version: string;
-    platformArch: string;
-    integrity?: HashSpec | undefined;
-    cacheDir?: string | undefined;
-    downloader?: BinaryDownloader | undefined;
-}
-export declare function uvFromDownload(opts: UvFromDownloadOptions): Promise<ResolvedUv | undefined>;

package/dist/external-tools/uv/from-download.js

@@ -1,47 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_runtime = require('../../_virtual/_rolldown/runtime.js');
-const require_paths_socket = require('../../paths/socket.js');
-const require_external_tools_from_download = require('../from-download.js');
-const require_external_tools_uv_asset_names = require('./asset-names.js');
-let node_path = require("node:path");
-node_path = require_runtime.__toESM(node_path);
-let node_process = require("node:process");
-node_process = require_runtime.__toESM(node_process);
-
-//#region src/external-tools/uv/from-download.ts
-/**
-* @file `uvFromDownload()` — fetches upstream uv and returns a `ResolvedUv`
-*   pointing at the extracted binary. uv tarballs wrap the binary in a
-*   `<asset-stem>/` directory; the extractor strips that level so the binary
-*   sits at the cache-dir root.
-*/
-async function uvFromDownload(opts) {
-	const { cacheDir, downloader, integrity, platformArch, version } = opts;
-	const url = require_external_tools_uv_asset_names.getUvDownloadUrl({
-		version,
-		platformArch
-	});
-	const entry = require_external_tools_uv_asset_names.getUvAssetEntry(platformArch);
-	if (!url || !entry) return;
-	const archiveExt = entry.asset.endsWith(".zip") ? ".zip" : ".tar.gz";
-	const extractedDir = cacheDir ?? node_path.default.join(require_paths_socket.getSocketDlxDir(), "uv", version, platformArch);
-	const archive = await require_external_tools_from_download.downloadAndExtractTool({
-		url,
-		name: `uv-${version}-${platformArch}${archiveExt}`,
-		integrity,
-		extractedDir,
-		extractOptions: { strip: 1 },
-		downloader
-	});
-	const binary = node_process.default.platform === "win32" ? "uv.exe" : "uv";
-	return {
-		path: node_path.default.join(extractedDir, binary),
-		source: "download",
-		integrity: archive.integrity
-	};
-}
-
-//#endregion
-exports.uvFromDownload = uvFromDownload;

package/dist/external-tools/uv/from-path.d.ts

@@ -1,5 +0,0 @@
-/**
- * @file `uvFromPath()` — looks for `uv` on the system PATH.
- */
-import type { ResolvedUv } from './types';
-export declare function uvFromPath(): Promise<ResolvedUv | undefined>;

package/dist/external-tools/uv/from-path.js

@@ -1,22 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_bin_which = require('../../bin/which.js');
-
-//#region src/external-tools/uv/from-path.ts
-/**
-* @file `uvFromPath()` — looks for `uv` on the system PATH.
-*/
-async function uvFromPath() {
-	const onPath = await require_bin_which.which("uv", { nothrow: true });
-	/* c8 ignore start - reached only when uv is NOT on PATH. */
-	if (typeof onPath !== "string") return;
-	/* c8 ignore stop */
-	return {
-		path: onPath,
-		source: "path"
-	};
-}
-
-//#endregion
-exports.uvFromPath = uvFromPath;

package/dist/external-tools/uv/from-vfs.d.ts

@@ -1,7 +0,0 @@
-/**
- * @file `uvFromVfs()` — extracts the uv binary from the smol binary's VFS.
- *   Returns `undefined` when the binary doesn't have uv bundled.
- */
-import type { ResolvedUv } from './types';
-export declare const UV_VFS_KEY = "uv";
-export declare function uvFromVfs(): Promise<ResolvedUv | undefined>;

package/dist/external-tools/uv/from-vfs.js

@@ -1,26 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_smol_vfs = require('../../smol/vfs.js');
-
-//#region src/external-tools/uv/from-vfs.ts
-/**
-* @file `uvFromVfs()` — extracts the uv binary from the smol binary's VFS.
-*   Returns `undefined` when the binary doesn't have uv bundled.
-*/
-const UV_VFS_KEY = "uv";
-async function uvFromVfs() {
-	const vfs = /* @__PURE__ */ require_smol_vfs.getSmolVfs();
-	if (!vfs) return;
-	/* c8 ignore start - smol Node binary only. */
-	if (!vfs.has("uv")) return;
-	return {
-		path: await vfs.extract("uv"),
-		source: "vfs"
-	};
-	/* c8 ignore stop */
-}
-
-//#endregion
-exports.UV_VFS_KEY = UV_VFS_KEY;
-exports.uvFromVfs = uvFromVfs;

package/dist/external-tools/uv/resolve.d.ts

@@ -1,25 +0,0 @@
-/**
- * @file `resolveUv()` — uv resolution entry point. Tries each source in order:
- *
- *   1. VFS — smol binary's embedded uv (if packed)
- *   2. PATH — `uv` on the system PATH
- *   3. download — upstream GitHub release archive (only when `downloadIfMissing`
- *      is passed) Returns `undefined` if all of the enabled sources miss.
- *      Memoized per option-shape.
- */
-import type { BinaryDownloader } from '../from-download';
-import type { HashSpec } from '../../integrity';
-import type { ResolvedUv } from './types';
-export interface ResolveUvOptions {
-    downloadIfMissing?: {
-        version: string;
-        platformArch: string;
-        integrity?: HashSpec | undefined;
-        cacheDir?: string | undefined;
-        downloader?: BinaryDownloader | undefined;
-    } | undefined;
-}
-export declare function cacheKey(opts: ResolveUvOptions | undefined): string;
-export declare function doResolveUv(opts?: ResolveUvOptions | undefined): Promise<ResolvedUv | undefined>;
-export declare function resetUvResolution(): void;
-export declare function resolveUv(opts?: ResolveUvOptions | undefined): Promise<ResolvedUv | undefined>;

package/dist/external-tools/uv/resolve.js

@@ -1,52 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_external_tools_uv_from_download = require('./from-download.js');
-const require_external_tools_uv_from_path = require('./from-path.js');
-const require_external_tools_uv_from_vfs = require('./from-vfs.js');
-
-//#region src/external-tools/uv/resolve.ts
-/**
-* @file `resolveUv()` — uv resolution entry point. Tries each source in order:
-*
-*   1. VFS — smol binary's embedded uv (if packed)
-*   2. PATH — `uv` on the system PATH
-*   3. download — upstream GitHub release archive (only when `downloadIfMissing`
-*      is passed) Returns `undefined` if all of the enabled sources miss.
-*      Memoized per option-shape.
-*/
-const resolutionCache = /* @__PURE__ */ new Map();
-function cacheKey(opts) {
-	if (!opts?.downloadIfMissing) return "local-only";
-	const { cacheDir, integrity, platformArch, version } = opts.downloadIfMissing;
-	return `dl:${version}:${platformArch}:${typeof integrity === "string" ? integrity : integrity ? `${integrity.type}:${integrity.value}` : ""}:${cacheDir ?? ""}`;
-}
-async function doResolveUv(opts) {
-	const fromVfs = await require_external_tools_uv_from_vfs.uvFromVfs();
-	/* c8 ignore start - smol Node binary only. */
-	if (fromVfs) return fromVfs;
-	/* c8 ignore stop */
-	const fromPath = await require_external_tools_uv_from_path.uvFromPath();
-	if (fromPath) return fromPath;
-	if (opts?.downloadIfMissing) return require_external_tools_uv_from_download.uvFromDownload(opts.downloadIfMissing);
-}
-/* c8 ignore start - test-only escape hatch. */
-function resetUvResolution() {
-	resolutionCache.clear();
-}
-/* c8 ignore stop */
-function resolveUv(opts) {
-	const key = cacheKey(opts);
-	let cached = resolutionCache.get(key);
-	if (!cached) {
-		cached = doResolveUv(opts);
-		resolutionCache.set(key, cached);
-	}
-	return cached;
-}
-
-//#endregion
-exports.cacheKey = cacheKey;
-exports.doResolveUv = doResolveUv;
-exports.resetUvResolution = resetUvResolution;
-exports.resolveUv = resolveUv;

package/dist/external-tools/uv/types.d.ts

@@ -1,24 +0,0 @@
-/**
- * @file Shared types for uv resolution. uv is Astral's Python package manager
- *   used by socket-basics for Python project bootstrap. Ships per-platform
- *   archives that wrap the `uv` binary one level deep.
- */
-import type { ResolvedToolIntegrity } from '../from-download';
-export type UvSource = 'download' | 'path' | 'vfs';
-/**
- * A resolved uv installation.
- */
-export interface ResolvedUv {
-    /**
-     * Absolute path to the `uv` executable.
-     */
-    readonly path: string;
-    /**
-     * Which resolver tier found this.
-     */
-    readonly source: UvSource;
-    /**
-     * See {@link ResolvedToolIntegrity}.
-     */
-    readonly integrity?: ResolvedToolIntegrity;
-}

package/dist/http-request/checksums.d.ts

@@ -1,69 +0,0 @@
-/**
- * @file Checksum file fetching + parsing for download verification.
- *   `parseChecksums` understands the three common file shapes:
- *
- *   - BSD style: `SHA256 (filename) = hash`
- *   - GNU style: `hash filename` (two spaces)
- *   - Simple: `hash filename` (single space) Comment lines (`#…`) and blank lines
- *     are skipped. Hashes are lowercased. `fetchChecksums` is the URL helper —
- *     it fetches a checksums file via `httpRequest` and runs the body through
- *     `parseChecksums`. The pair lets `httpDownload({ sha256:
- *     checksums['file.zip'] })` keep the verification logic close to the
- *     manifest source.
- */
-import type { Checksums, FetchChecksumsOptions } from './download-types';
-/**
- * Fetch and parse a checksums file from a URL.
- *
- * This is useful for verifying downloads from GitHub releases which typically
- * publish a checksums.txt file alongside release assets.
- *
- * @example
- *   ;```ts
- *   // Fetch checksums from GitHub release
- *   const checksums = await fetchChecksums(
- *     'https://github.com/org/repo/releases/download/v1.0.0/checksums.txt',
- *   )
- *
- *   // Use with httpDownload
- *   await httpDownload(
- *     'https://github.com/org/repo/releases/download/v1.0.0/tool_linux.tar.gz',
- *     '/tmp/tool.tar.gz',
- *     { sha256: checksums['tool_linux.tar.gz'] },
- *   )
- *   ```
- *
- * @param url - URL to the checksums file.
- * @param options - Request options.
- *
- * @returns Map of filenames to lowercase SHA256 hashes
- *
- * @throws {Error} When the checksums file cannot be fetched
- */
-export declare function fetchChecksums(url: string, options?: FetchChecksumsOptions | undefined): Promise<Checksums>;
-/**
- * Parse a checksums file text into a filename-to-hash map.
- *
- * Supports standard checksums file formats: - BSD style: "SHA256 (filename) =
- * hash" - GNU style: "hash filename" (two spaces) - Simple style: "hash
- * filename" (single space)
- *
- * Lines starting with '#' are treated as comments and ignored. Empty lines are
- * ignored.
- *
- * @example
- *   ```ts
- *   const text = `
- *   # SHA256 checksums
- *   e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  file.zip
- *   abc123def456...  other.tar.gz
- *   `
- *   const checksums = parseChecksums(text)
- *   console.log(checksums['file.zip']) // 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
- *   ```
- *
- * @param text - Raw text content of a checksums file.
- *
- * @returns Map of filenames to lowercase SHA256 hashes
- */
-export declare function parseChecksums(text: string): Checksums;

package/dist/http-request/checksums.js

@@ -1,108 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_primordials_error = require('../primordials/error.js');
-const require_primordials_string = require('../primordials/string.js');
-const require_http_request_request = require('./request.js');
-
-//#region src/http-request/checksums.ts
-/**
-* @file Checksum file fetching + parsing for download verification.
-*   `parseChecksums` understands the three common file shapes:
-*
-*   - BSD style: `SHA256 (filename) = hash`
-*   - GNU style: `hash filename` (two spaces)
-*   - Simple: `hash filename` (single space) Comment lines (`#…`) and blank lines
-*     are skipped. Hashes are lowercased. `fetchChecksums` is the URL helper —
-*     it fetches a checksums file via `httpRequest` and runs the body through
-*     `parseChecksums`. The pair lets `httpDownload({ sha256:
-*     checksums['file.zip'] })` keep the verification logic close to the
-*     manifest source.
-*/
-const CHECKSUM_BSD_RE = /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/;
-const CHECKSUM_GNU_RE = /^([a-fA-F0-9]{64})\s+(.+)$/;
-/**
-* Fetch and parse a checksums file from a URL.
-*
-* This is useful for verifying downloads from GitHub releases which typically
-* publish a checksums.txt file alongside release assets.
-*
-* @example
-*   ;```ts
-*   // Fetch checksums from GitHub release
-*   const checksums = await fetchChecksums(
-*     'https://github.com/org/repo/releases/download/v1.0.0/checksums.txt',
-*   )
-*
-*   // Use with httpDownload
-*   await httpDownload(
-*     'https://github.com/org/repo/releases/download/v1.0.0/tool_linux.tar.gz',
-*     '/tmp/tool.tar.gz',
-*     { sha256: checksums['tool_linux.tar.gz'] },
-*   )
-*   ```
-*
-* @param url - URL to the checksums file.
-* @param options - Request options.
-*
-* @returns Map of filenames to lowercase SHA256 hashes
-*
-* @throws {Error} When the checksums file cannot be fetched
-*/
-async function fetchChecksums(url, options) {
-	const { ca, headers = {}, timeout = 3e4 } = {
-		__proto__: null,
-		...options
-	};
-	const response = await require_http_request_request.httpRequest(url, {
-		ca,
-		headers,
-		timeout
-	});
-	if (!response.ok) throw new require_primordials_error.ErrorCtor(`Failed to fetch checksums from ${url}: ${response.status} ${response.statusText}`);
-	return parseChecksums(response.body.toString("utf8"));
-}
-/**
-* Parse a checksums file text into a filename-to-hash map.
-*
-* Supports standard checksums file formats: - BSD style: "SHA256 (filename) =
-* hash" - GNU style: "hash filename" (two spaces) - Simple style: "hash
-* filename" (single space)
-*
-* Lines starting with '#' are treated as comments and ignored. Empty lines are
-* ignored.
-*
-* @example
-*   ```ts
-*   const text = `
-*   # SHA256 checksums
-*   e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  file.zip
-*   abc123def456...  other.tar.gz
-*   `
-*   const checksums = parseChecksums(text)
-*   console.log(checksums['file.zip']) // 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
-*   ```
-*
-* @param text - Raw text content of a checksums file.
-*
-* @returns Map of filenames to lowercase SHA256 hashes
-*/
-function parseChecksums(text) {
-	const checksums = { __proto__: null };
-	for (const line of require_primordials_string.StringPrototypeSplit(text, "\n")) {
-		const trimmed = line.trim();
-		if (!trimmed || require_primordials_string.StringPrototypeStartsWith(trimmed, "#")) continue;
-		const bsdMatch = CHECKSUM_BSD_RE.exec(trimmed);
-		if (bsdMatch) {
-			checksums[bsdMatch[1]] = bsdMatch[2].toLowerCase();
-			continue;
-		}
-		const gnuMatch = CHECKSUM_GNU_RE.exec(trimmed);
-		if (gnuMatch) checksums[gnuMatch[2]] = gnuMatch[1].toLowerCase();
-	}
-	return checksums;
-}
-
-//#endregion
-exports.fetchChecksums = fetchChecksums;
-exports.parseChecksums = parseChecksums;

package/dist/http-request/http-request.d.ts

@@ -1,12 +0,0 @@
-/**
- * @file Public HTTP-request entry — re-exports the platform-correct
- *   implementation. Bundlers that honor the package.json `'browser'` condition
- *   (rolldown, vite, esbuild on browser platform) swap this entry to
- *   `./browser`; Node consumers get `./node`. Same named exports (`httpJson`,
- *   `httpText`, `httpRequest`, `HttpResponseError`) on both platforms so
- *   callers can write `import { httpJson } from
- *   '@socketsecurity/lib/http-request/http-request'` without caring about
- *   platform.
- */
-export { httpJson, httpRequest, httpText, HttpResponseError } from './node';
-export type { HttpResponse, HttpRequestOptions } from './node';

package/dist/http-request/http-request.js

@@ -1,11 +0,0 @@
-"use strict";
-/* Socket Lib - Built with rolldown */
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_http_request_response_types = require('./response-types.js');
-const require_http_request_request = require('./request.js');
-const require_http_request_node = require('./node.js');
-
-exports.HttpResponseError = require_http_request_response_types.HttpResponseError;
-exports.httpJson = require_http_request_node.httpJson;
-exports.httpRequest = require_http_request_request.httpRequest;
-exports.httpText = require_http_request_node.httpText;

package/dist/packages/operations.d.ts

@@ -1,113 +0,0 @@
-/**
- * @file Package operations including extraction, packing, and I/O.
- */
-import makeFetchHappen from '../external/make-fetch-happen';
-import type { ExtractOptions, NormalizeOptions, PackageJson, PacoteOptions, ReadPackageJsonOptions } from './types';
-/**
- * Extract a package to a destination directory.
- *
- * @example
- *   ;```typescript
- *   await extractPackage('lodash@4.17.21', { dest: '/tmp/lodash' })
- *   ```
- */
-export declare function extractPackage(pkgNameOrId: string, options?: ExtractOptions, callback?: (destPath: string) => Promise<unknown>): Promise<void>;
-/**
- * Find package extensions for a given package.
- *
- * @example
- *   ;```typescript
- *   const extensions = findPackageExtensions('my-pkg', '1.0.0')
- *   ```
- */
-export declare function findPackageExtensions(pkgName: string, pkgVer: string): unknown;
-export declare function getFetcher(): ReturnType<typeof makeFetchHappen.defaults>;
-/**
- * Get the release tag for a version.
- *
- * @example
- *   ;```typescript
- *   getReleaseTag('lodash@latest') // 'latest'
- *   getReleaseTag('@scope/pkg@beta') // 'beta'
- *   getReleaseTag('lodash') // ''
- *   ```
- */
-export declare function getReleaseTag(spec: string): string;
-/**
- * Pack a package tarball using pacote.
- *
- * @example
- *   ;```typescript
- *   const tarball = await packPackage('lodash@4.17.21')
- *   ```
- */
-export declare function packPackage(spec: string, options?: PacoteOptions): Promise<unknown>;
-/**
- * Slugify an npm package name into a hyphenated identifier suitable for
- * User-Agent tokens, log namespaces, file paths, and other contexts where `@`
- * and `/` are not welcome.
- *
- * @example
- *   ;```typescript
- *   pkgNameToSlug('@socketsecurity/lib') // 'socketsecurity-lib'
- *   pkgNameToSlug('@cyclonedx/cdxgen') // 'cyclonedx-cdxgen'
- *   pkgNameToSlug('lodash') // 'lodash'
- *   ```
- */
-export declare function pkgNameToSlug(pkgName: string): string;
-/**
- * Read and parse a package.json file asynchronously.
- *
- * @example
- *   ;```typescript
- *   const pkgJson = await readPackageJson('/tmp/my-project')
- *   console.log(pkgJson?.name)
- *   ```
- */
-export declare function readPackageJson(filepath: string, options?: ReadPackageJsonOptions): Promise<PackageJson | undefined>;
-/**
- * Read and parse package.json from a file path synchronously.
- *
- * @example
- *   ;```typescript
- *   const pkgJson = readPackageJsonSync('/tmp/my-project')
- *   console.log(pkgJson?.name)
- *   ```
- */
-export declare function readPackageJsonSync(filepath: string, options?: NormalizeOptions & {
-    editable?: boolean;
-    throws?: boolean;
-}): PackageJson | undefined;
-/**
- * Resolve GitHub tarball URL for a package specifier.
- *
- * @example
- *   ;```typescript
- *   const url = await resolveGitHubTgzUrl('my-pkg@1.0.0', '/tmp/my-project')
- *   ```
- */
-export declare function resolveGitHubTgzUrl(pkgNameOrId: string, where?: unknown): Promise<string>;
-/**
- * Resolve full package name from a PURL object with custom delimiter.
- *
- * @example
- *   ;```typescript
- *   resolvePackageName({ name: 'core', namespace: '@babel' }) // '@babel/core'
- *   resolvePackageName({ name: 'lodash' }) // 'lodash'
- *   ```
- */
-export declare function resolvePackageName(purlObj: {
-    name: string;
-    namespace?: string;
-}, delimiter?: string): string;
-/**
- * Convert npm package name to Socket registry format with delimiter.
- *
- * @example
- *   ;```typescript
- *   resolveRegistryPackageName('@babel/core') // 'babel__core'
- *   resolveRegistryPackageName('lodash') // 'lodash'
- *   ```
- */
-export declare function resolveRegistryPackageName(pkgName: string): string;
-export type { PackageJson } from './types';