npm - @socketsecurity/lib - Versions diffs - 6.0.6 → 6.0.7 - Mend

@socketsecurity/lib 6.0.6 → 6.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (499) hide show

package/CHANGELOG.md +26 -1
package/dist/ai/discover.d.mts +2 -2
package/dist/ai/discover.js +3 -2
package/dist/ai/spawn.js +2 -1
package/dist/ai/types.d.mts +18 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +1 -1
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +6 -6
package/dist/archives/zip.js +3 -5
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +43 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +13 -13
package/dist/bin/prim.cjs +22736 -22556
package/dist/bin/resolve.js +12 -13
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +5 -5
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +11 -11
package/dist/{bin → cli}/check-primordials.js +55 -52
package/dist/{bin → cli}/check.js +3 -3
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +17 -17
package/dist/compression/brotli.d.ts +25 -25
package/dist/compression/brotli.js +33 -33
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +40 -40
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.js +22 -28
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.js +1 -1
package/dist/cover/code.js +8 -8
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +26 -1
package/dist/crypto/hash.js +43 -12
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +2 -3
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +6 -6
package/dist/dlx/binary-cache.js +14 -14
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +11 -11
package/dist/dlx/binary-resolution.js +16 -14
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +34 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +16 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +16 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +1 -1
package/dist/eco/cargo/parse-lockfile.js +2 -2
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +4 -4
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +14 -14
package/dist/eco/npm/npm/parse-lockfile.js +3 -3
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +1 -1
package/dist/eco/npm/pnpm/parse-lockfile.js +4 -4
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +3 -3
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +2 -2
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +8 -8
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/rewire.d.ts +7 -6
package/dist/env/rewire.js +15 -16
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +1 -109
package/dist/env/socket.js +12 -167
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/npm-pack.js +2 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +1 -1
package/dist/external-tools/from-download.js +1 -1
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-vfs.js +1 -1
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +7 -7
package/dist/external-tools/manifest.js +12 -12
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +104 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +87 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +68 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +173 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +139 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +58 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-path.js +3 -5
package/dist/external-tools/skillspector/from-vfs.js +1 -1
package/dist/external-tools/synp/from-download.js +2 -2
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/{path-cache.js → allowed-dirs-cache.js} +1 -1
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +11 -13
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +6 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +1 -1
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +12 -13
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +10 -10
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +3 -3
package/dist/git/staged.js +4 -4
package/dist/git/unstaged.js +4 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-rest.js +5 -5
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +7 -9
package/dist/globs/match.js +4 -6
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +12 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +4 -2
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +3 -3
package/dist/http-request/headers.js +0 -1
package/dist/http-request/request-attempt.js +37 -33
package/dist/http-request/request-types.d.ts +2 -2
package/dist/http-request/request.js +1 -1
package/dist/http-request/user-agent.js +3 -4
package/dist/integrity.d.ts +86 -18
package/dist/integrity.js +119 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +13 -14
package/dist/json/format.js +2 -2
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +141 -0
package/dist/native-messaging/rate-limit.d.ts +62 -0
package/dist/native-messaging/rate-limit.js +115 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.js +4 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.js +4 -3
package/dist/node/path.js +4 -3
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +5 -7
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +2 -3
package/dist/objects/predicates.js +0 -4
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.js +15 -16
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +11 -17
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +16 -16
package/dist/packages/manifest.js +12 -15
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +5 -9
package/dist/packages/provenance.js +16 -18
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +74 -11
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +79 -0
package/dist/packages/types.d.ts +21 -20
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +4 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +11 -14
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.js +16 -16
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +14 -14
package/dist/process/spawn/errors.js +2 -4
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +11 -15
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +2 -2
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +11 -2
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +2 -2
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/keychain.js +6 -4
package/dist/secrets/linux.js +19 -19
package/dist/secrets/macos.d.ts +1 -1
package/dist/secrets/macos.js +13 -13
package/dist/secrets/rc.d.ts +2 -2
package/dist/secrets/rc.js +6 -4
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +18 -9
package/dist/secrets/windows.js +14 -13
package/dist/shadow/skip.js +2 -2
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +101 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +4 -5
package/dist/spinner/spinner.js +18 -705
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +5 -5
package/dist/stdio/prompts.d.ts +5 -3
package/dist/stdio/prompts.js +6 -7
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +1 -1
package/dist/temporal/slots.js +6 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/parse.js +0 -2
package/dist/url/predicates.js +1 -2
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +5 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.js +15 -5
package/package.json +247 -106
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -53
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{path-cache.d.ts → allowed-dirs-cache.d.ts} +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/external-tools/python/asset-names.js ADDED Viewed

@@ -0,0 +1,104 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_constants_platform = require('../../constants/platform.js');
+const require_primordials_object = require('../../primordials/object.js');
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/external-tools/python/asset-names.ts
+/**
+* @file Python-build-standalone release asset mapping. Astral publishes
+*   per-platform CPython archives under
+*   https://github.com/astral-sh/python-build-standalone/releases/download/<tag>/.
+*   Asset name shape: `cpython-<version>+<tag>-<triple>-install_only.tar.gz`.
+*   The `install_only` flavor is a relocatable runtime (no build artifacts),
+*   extracted one directory deep (`python/bin/python3`).
+*/
+const PLATFORM_TRIPLES = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	"darwin-arm64": "aarch64-apple-darwin",
+	"darwin-x64": "x86_64-apple-darwin",
+	"linux-arm64": "aarch64-unknown-linux-gnu",
+	"linux-arm64-musl": "aarch64-unknown-linux-musl",
+	"linux-x64": "x86_64-unknown-linux-gnu",
+	"linux-x64-musl": "x86_64-unknown-linux-musl",
+	"win-arm64": "aarch64-pc-windows-msvc",
+	"win-x64": "x86_64-pc-windows-msvc"
+});
+const NODE_PLATFORM_TO_PY = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	darwin: "darwin",
+	linux: "linux",
+	win32: "win"
+});
+const NODE_ARCH_TO_PY = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	arm64: "arm64",
+	x64: "x64"
+});
+const RELEASE_BASE = "https://github.com/astral-sh/python-build-standalone/releases/download";
+/**
+* Python-build-standalone default pin — the fleet-canonical CPython build,
+* matching socket-cli's `bundle-tools.json`. Consumers that don't pass their
+* own pin resolve against this. Bump it like any dependency (soak-aware), in
+* lockstep with socket-cli (drift-watch). The `checksums` map is keyed by asset
+* filename so the download tier verifies the exact tarball per platform.
+*/
+const DEFAULT_PYTHON_PIN = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	version: "3.11.14",
+	tag: "20260203",
+	checksums: require_primordials_object.ObjectFreeze({
+		__proto__: null,
+		"cpython-3.11.14+20260203-aarch64-apple-darwin-install_only.tar.gz": "63e3352fefd3b6494f73f46f51c6581c57a7e0d98775e6e00229d14a67ec3ce9",
+		"cpython-3.11.14+20260203-aarch64-pc-windows-msvc-install_only.tar.gz": "cb7828c131a005da367f7dba3a561bed91619452de870e531ee03344b2ac346f",
+		"cpython-3.11.14+20260203-aarch64-unknown-linux-gnu-install_only.tar.gz": "7341a5a0acd65f2c7c7a228d8bafa6561d220ffed26293d6a02c15ae2ee86af5",
+		"cpython-3.11.14+20260203-aarch64-unknown-linux-musl-install_only.tar.gz": "f0e5988c108187b12eb4d53cbac33a499a8e38e1693104432e1faabbab14c664",
+		"cpython-3.11.14+20260203-x86_64-apple-darwin-install_only.tar.gz": "f3b63051a9b1ffb4f663d928ebaec4311435cb67f3bdfa5634953df93397f25e",
+		"cpython-3.11.14+20260203-x86_64-pc-windows-msvc-install_only.tar.gz": "d220beff465bdc97bf5874be8ffbf07278e5bdf9a064cab932b5d93b542e3e86",
+		"cpython-3.11.14+20260203-x86_64-unknown-linux-gnu-install_only.tar.gz": "67abde21b6e074b58c0f738f0c4802b23827a7d49707dcaf3ed4dadf572f3f37",
+		"cpython-3.11.14+20260203-x86_64-unknown-linux-musl-install_only.tar.gz": "290de5199a9647d4de4adcf13a79a7c59f060357853bf41fd6d1a69b4b5fd00c"
+	})
+});
+/**
+* Resolve the current host to a python-build-standalone `platform-arch` key (a
+* `PLATFORM_TRIPLES` key, e.g. `darwin-arm64`, `linux-x64-musl`, `win-x64`).
+* Owns the python-build-standalone vocabulary end to end: Node's `win32`
+* becomes `win`, and an Alpine host gets a `-musl` suffix so it resolves to the
+* real musl triple (upstream ships both gnu and musl Linux builds). Returns
+* `undefined` when the host platform/arch has no upstream prebuilt.
+*
+* Separate from `getJreArch` (jre/Adoptium vocabulary) and from the shared
+* `getPlatformArch` — neither matches python-build-standalone's key set.
+*/
+function getPythonArch() {
+	/* c8 ignore start - depends on process.platform/arch + libc probe. */
+	const platform = NODE_PLATFORM_TO_PY[node_process.default.platform];
+	const arch = NODE_ARCH_TO_PY[node_process.default.arch];
+	if (!platform || !arch) return;
+	const key = `${platform}-${arch}${platform === "linux" && require_constants_platform.getLibc() === "musl" ? "-musl" : ""}`;
+	return PLATFORM_TRIPLES[key] ? key : void 0;
+	/* c8 ignore stop */
+}
+/**
+* Resolve the python-build-standalone download for a version + tag + platform.
+* Returns the asset filename and URL, or `undefined` when the platform-arch has
+* no upstream prebuilt.
+*/
+function pythonAsset(opts) {
+	const { tag, version } = opts;
+	const arch = opts.arch ?? getPythonArch();
+	const triple = arch ? PLATFORM_TRIPLES[arch] : void 0;
+	if (!triple) return;
+	return {
+		assetName: `cpython-${version}+${tag}-${triple}-install_only.tar.gz`,
+		url: `${RELEASE_BASE}/${tag}/cpython-${`${version}%2B${tag}`}-${triple}-install_only.tar.gz`
+	};
+}
+//#endregion
+exports.DEFAULT_PYTHON_PIN = DEFAULT_PYTHON_PIN;
+exports.getPythonArch = getPythonArch;
+exports.pythonAsset = pythonAsset;

package/dist/external-tools/python/dlx.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * @file One-call dlx convenience wrappers for python: resolve (or download) a
+ *   CPython into the known dlx location, then run a pip primitive against it —
+ *   so callers don't thread `pythonBin` by hand. Mirrors how `dlx/package.ts`'s
+ *   `dlxPackage` wraps `downloadNpmPackage`. The dlx Python path is
+ *   deterministic given the pin (`pythonCacheDir(version, tag, arch)` →
+ *   `~/.socket/_dlx/python/...`), so the wrapper resolves to that known
+ *   location and hands the interpreter path to the pip fn itself:
+ *
+ *   - `dlxPipInstall({ python, spec })` → `resolvePython` + `downloadPipPackage`
+ *   - `dlxPipPin({ python, spec })` → `resolvePython` + `resolvePipPackagePin`
+ *     The lower-level primitives (`downloadPipPackage`, `resolvePipPackagePin`)
+ *     keep `pythonBin` required — they're the interpreter-agnostic layer. Use
+ *     them directly when you already hold an interpreter path; use these
+ *     wrappers when you have a pin and want one call.
+ */
+import type { DownloadPipPackageResult } from './pip-install';
+import type { PipPackagePin } from './pin';
+import type { PythonBuildPin } from './types';
+export interface DlxPipOptions {
+    /**
+     * Python-build-standalone pin (version + tag + optional integrity). The dlx
+     * interpreter location is derived from this — that's why no `pythonBin` is
+     * needed. Omit `arch` to auto-detect the host.
+     */
+    readonly python: PythonBuildPin & {
+        readonly arch?: string | undefined;
+    };
+    /**
+     * Prefer the downloaded dlx CPython over any PATH interpreter. Default false:
+     * a PATH `python3` wins when present, the dlx build is the fallback. Pass
+     * `true` for an exact, reproducible interpreter regardless of host Python.
+     */
+    readonly preferDownload?: boolean | undefined;
+}
+export interface DlxPipInstallOptions extends DlxPipOptions {
+    /**
+     * Optional sha256 hash of the top-level artifact, forwarded to
+     * `downloadPipPackage` (pip `--require-hashes`).
+     */
+    readonly hash?: string | undefined;
+    /**
+     * Pip install spec: `<pkg>==<version>` or `git+https://<url>@<sha>`.
+     */
+    readonly spec: string;
+}
+export interface DlxPipPinOptions extends DlxPipOptions {
+    /**
+     * Pip spec to pin: `<pkg>==<version>` or `git+https://<url>@<sha>`.
+     */
+    readonly spec: string;
+}
+/**
+ * Thrown when the python pin can't be resolved to an interpreter (no PATH
+ * Python and the download tier missed — e.g. unsupported host arch).
+ */
+export declare class DlxPythonUnavailableError extends Error {
+    constructor(message: string, options?: {
+        cause?: unknown | undefined;
+    } | undefined);
+}
+/**
+ * Resolve (or download) the dlx CPython for `python`, then pip-install `spec`
+ * into a content-addressed dlx dir. One-call form of `resolvePython` +
+ * `downloadPipPackage`. The returned result includes the interpreter path used,
+ * so callers can run the tool: `spawn(pythonBin, ['-m', '<module>'], { env: {
+ * PYTHONPATH: packageDir } })`.
+ */
+export declare function dlxPipInstall(opts: DlxPipInstallOptions): Promise<DownloadPipPackageResult & {
+    pythonBin: string;
+}>;
+/**
+ * Resolve (or download) the dlx CPython for `python`, then generate a
+ * hash-pinned closure for `spec`. One-call form of `resolvePython` +
+ * `resolvePipPackagePin`.
+ */
+export declare function dlxPipPin(opts: DlxPipPinOptions): Promise<PipPackagePin & {
+    pythonBin: string;
+}>;
+export declare function resolveOrThrow(opts: DlxPipOptions): Promise<string>;

package/dist/external-tools/python/dlx.js ADDED Viewed

@@ -0,0 +1,87 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_external_tools_python_pip_install = require('./pip-install.js');
+const require_external_tools_python_pin = require('./pin.js');
+const require_external_tools_python_resolve = require('./resolve.js');
+//#region src/external-tools/python/dlx.ts
+/**
+* @file One-call dlx convenience wrappers for python: resolve (or download) a
+*   CPython into the known dlx location, then run a pip primitive against it —
+*   so callers don't thread `pythonBin` by hand. Mirrors how `dlx/package.ts`'s
+*   `dlxPackage` wraps `downloadNpmPackage`. The dlx Python path is
+*   deterministic given the pin (`pythonCacheDir(version, tag, arch)` →
+*   `~/.socket/_dlx/python/...`), so the wrapper resolves to that known
+*   location and hands the interpreter path to the pip fn itself:
+*
+*   - `dlxPipInstall({ python, spec })` → `resolvePython` + `downloadPipPackage`
+*   - `dlxPipPin({ python, spec })` → `resolvePython` + `resolvePipPackagePin`
+*     The lower-level primitives (`downloadPipPackage`, `resolvePipPackagePin`)
+*     keep `pythonBin` required — they're the interpreter-agnostic layer. Use
+*     them directly when you already hold an interpreter path; use these
+*     wrappers when you have a pin and want one call.
+*/
+/**
+* Thrown when the python pin can't be resolved to an interpreter (no PATH
+* Python and the download tier missed — e.g. unsupported host arch).
+*/
+var DlxPythonUnavailableError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = "DlxPythonUnavailableError";
+	}
+};
+/**
+* Resolve (or download) the dlx CPython for `python`, then pip-install `spec`
+* into a content-addressed dlx dir. One-call form of `resolvePython` +
+* `downloadPipPackage`. The returned result includes the interpreter path used,
+* so callers can run the tool: `spawn(pythonBin, ['-m', '<module>'], { env: {
+* PYTHONPATH: packageDir } })`.
+*/
+async function dlxPipInstall(opts) {
+	const pythonBin = await resolveOrThrow(opts);
+	return {
+		...await require_external_tools_python_pip_install.downloadPipPackage({
+			hash: opts.hash,
+			pythonBin,
+			spec: opts.spec
+		}),
+		pythonBin
+	};
+}
+/**
+* Resolve (or download) the dlx CPython for `python`, then generate a
+* hash-pinned closure for `spec`. One-call form of `resolvePython` +
+* `resolvePipPackagePin`.
+*/
+async function dlxPipPin(opts) {
+	const pythonBin = await resolveOrThrow(opts);
+	return {
+		...await require_external_tools_python_pin.resolvePipPackagePin({
+			pythonBin,
+			spec: opts.spec
+		}),
+		pythonBin
+	};
+}
+async function resolveOrThrow(opts) {
+	const { preferDownload, python } = opts;
+	const resolved = await require_external_tools_python_resolve.resolvePython({
+		preferDownload,
+		downloadIfMissing: {
+			arch: python.arch,
+			integrity: python.integrity,
+			tag: python.tag,
+			version: python.version
+		}
+	});
+	if (!resolved) throw new DlxPythonUnavailableError(`dlx python: could not resolve a CPython interpreter for ${python.version}+${python.tag} — no host python3 and the python-build-standalone download tier missed (unsupported host arch?)`);
+	return resolved.path;
+}
+//#endregion
+exports.DlxPythonUnavailableError = DlxPythonUnavailableError;
+exports.dlxPipInstall = dlxPipInstall;
+exports.dlxPipPin = dlxPipPin;
+exports.resolveOrThrow = resolveOrThrow;

package/dist/external-tools/python/from-download.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * @file `pythonFromDownload()` — fetches a python-build-standalone CPython into
+ *   the DLX cache and returns a `ResolvedPython` pointing at the interpreter.
+ *   The `install_only` tarball extracts to a `python/` subdirectory, so the
+ *   interpreter lands at `<extractedDir>/python/bin/python3` (or
+ *   `python/python.exe` on Windows) — no strip.
+ */
+import type { BinaryDownloader } from '../from-download';
+import type { HashSpec } from '../../integrity';
+import type { ResolvedPython } from './types';
+export interface PythonFromDownloadOptions {
+    /**
+     * CPython version, e.g. `3.11.14`.
+     */
+    version: string;
+    /**
+     * Python-build-standalone release tag, e.g. `20260203`.
+     */
+    tag: string;
+    /**
+     * Target `platform-arch`, e.g. `darwin-arm64`. Omit to auto-detect the
+     * current host via {@link getPythonArch}.
+     */
+    arch?: string | undefined;
+    /**
+     * Optional pinned integrity (hex SHA-256 or SRI) for the tarball.
+     */
+    integrity?: HashSpec | undefined;
+    /**
+     * Override the extraction directory. Defaults to
+     * `~/.socket/_dlx/python/<version>-<tag>-<arch>`.
+     */
+    cacheDir?: string | undefined;
+    /**
+     * Inject a custom downloader (tests / alternate cache). Defaults to dlx.
+     */
+    downloader?: BinaryDownloader | undefined;
+}
+/**
+ * Return the absolute path to the interpreter inside an extracted
+ * python-build-standalone tree. The layout follows the TARGET arch, not the
+ * host: a Windows target nests the interpreter at `python/python.exe`, every
+ * other target at `python/bin/python3`. Keying off `process.platform` would be
+ * wrong when cross-resolving (e.g. a Windows host downloading a linux-x64
+ * build). `arch` is a platform-arch key like `win-x64` / `linux-x64`; omit it
+ * to fall back to the host platform.
+ */
+export declare function pythonBinPath(extractedDir: string, arch?: string | undefined): string;
+/**
+ * Default DLX cache directory for a python build pin.
+ */
+export declare function pythonCacheDir(version: string, tag: string, arch: string): string;
+export declare function pythonFromDownload(opts: PythonFromDownloadOptions): Promise<ResolvedPython | undefined>;

package/dist/external-tools/python/from-download.js ADDED Viewed

@@ -0,0 +1,68 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_paths_socket = require('../../paths/socket.js');
+const require_external_tools_from_download = require('../from-download.js');
+const require_external_tools_python_asset_names = require('./asset-names.js');
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path);
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/external-tools/python/from-download.ts
+/**
+* @file `pythonFromDownload()` — fetches a python-build-standalone CPython into
+*   the DLX cache and returns a `ResolvedPython` pointing at the interpreter.
+*   The `install_only` tarball extracts to a `python/` subdirectory, so the
+*   interpreter lands at `<extractedDir>/python/bin/python3` (or
+*   `python/python.exe` on Windows) — no strip.
+*/
+/**
+* Return the absolute path to the interpreter inside an extracted
+* python-build-standalone tree. The layout follows the TARGET arch, not the
+* host: a Windows target nests the interpreter at `python/python.exe`, every
+* other target at `python/bin/python3`. Keying off `process.platform` would be
+* wrong when cross-resolving (e.g. a Windows host downloading a linux-x64
+* build). `arch` is a platform-arch key like `win-x64` / `linux-x64`; omit it
+* to fall back to the host platform.
+*/
+function pythonBinPath(extractedDir, arch) {
+	if (arch ? arch.startsWith("win-") : node_process.default.platform === "win32") return node_path.default.join(extractedDir, "python", "python.exe");
+	return node_path.default.join(extractedDir, "python", "bin", "python3");
+}
+/**
+* Default DLX cache directory for a python build pin.
+*/
+function pythonCacheDir(version, tag, arch) {
+	return node_path.default.join(require_paths_socket.getSocketDlxDir(), "python", `${version}-${tag}-${arch}`);
+}
+async function pythonFromDownload(opts) {
+	const { cacheDir, downloader, integrity, tag, version } = opts;
+	const arch = opts.arch ?? require_external_tools_python_asset_names.getPythonArch();
+	if (!arch) return;
+	const asset = require_external_tools_python_asset_names.pythonAsset({
+		version,
+		tag,
+		arch
+	});
+	if (!asset) return;
+	const extractedDir = cacheDir ?? pythonCacheDir(version, tag, arch);
+	const archive = await require_external_tools_from_download.downloadAndExtractTool({
+		url: asset.url,
+		name: `python-${version}-${tag}-${arch}.tar.gz`,
+		integrity,
+		extractedDir,
+		downloader
+	});
+	return {
+		path: pythonBinPath(extractedDir, arch),
+		source: "download",
+		integrity: archive.integrity
+	};
+}
+//#endregion
+exports.pythonBinPath = pythonBinPath;
+exports.pythonCacheDir = pythonCacheDir;
+exports.pythonFromDownload = pythonFromDownload;

package/dist/external-tools/python/from-path.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * @file `pythonFromPath()` — looks for a CPython interpreter on the system
+ *   PATH. Tries `python3` first (the POSIX convention), then `python` (the
+ *   Windows convention / some minimal images). Returns the first hit.
+ */
+import type { ResolvedPython } from './types';
+export declare function pythonFromPath(): Promise<ResolvedPython | undefined>;

package/dist/external-tools/python/from-path.js ADDED Viewed

@@ -0,0 +1,23 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_bin_which = require('../../bin/which.js');
+//#region src/external-tools/python/from-path.ts
+/**
+* @file `pythonFromPath()` — looks for a CPython interpreter on the system
+*   PATH. Tries `python3` first (the POSIX convention), then `python` (the
+*   Windows convention / some minimal images). Returns the first hit.
+*/
+async function pythonFromPath() {
+	for (const bin of ["python3", "python"]) {
+		const onPath = await require_bin_which.which(bin, { nothrow: true });
+		if (typeof onPath === "string") return {
+			path: onPath,
+			source: "path"
+		};
+	}
+}
+//#endregion
+exports.pythonFromPath = pythonFromPath;

package/dist/external-tools/python/pin.d.ts ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * @file `resolvePipPackagePin()` — the Python mirror of
+ *   `resolveNpmPackagePin()` (dlx/lockfile). Resolves a pip spec and its full
+ *   dependency closure WITHOUT installing into the interpreter, then returns
+ *   everything needed to pin a reproducible, hash-verified install:
+ *
+ *   - the resolved top-level name + version,
+ *   - the top-level artifact's hashes (sha512 SRI + sha256 hex), and
+ *   - a fully-hashed `requirements.txt` body (`name==version --hash=sha256:<hex>`
+ *     for every artifact in the closure) ready to feed back to
+ *     `downloadPipPackage` / `pip install --require-hashes`. Engine: `pip
+ *     download --dest <scratch> <spec>` downloads the spec + its resolved
+ *     closure as wheels/sdists into a scratch dir (no install, no venv), each
+ *     file is hashed, then the scratch dir is torn down. This is pip's own
+ *     recipe for producing hashed requirements — `pip-tools` is NOT required.
+ *     Contrast `resolveNpmPackagePin` (dlx/lockfile): same contract, npm engine
+ *     (Arborist lockfile-only + pacote), emits a `package-lock.json`. The pip
+ *     side emits a hashed `requirements.txt` because that — not a lockfile — is
+ *     what `pip install --require-hashes` consumes. NOTE on the soak window:
+ *     `resolveNpmPackagePin` applies a min-release-age cutoff via Arborist's
+ *     `before` date. pip has no native release-age gate, so this generator does
+ *     NOT enforce one — callers that need a soak must vet the resolved versions
+ *     out of band. The spec itself remains the primary pin: `==<version>` (PyPI
+ *     is immutable per version) or `@<full-sha>` (git is content-addressed).
+ */
+import type { ComputedHashes } from '../../integrity';
+export interface ResolvePipPackagePinOptions {
+    /**
+     * Absolute path to the Python interpreter used to run `pip download`,
+     * typically from `resolvePython()`. The interpreter is NOT modified.
+     */
+    readonly pythonBin: string;
+    /**
+     * Directory `pip download` resolves the closure into. Defaults to a unique
+     * scratch dir under the OS temp dir, removed before returning.
+     */
+    readonly scratchDir?: string | undefined;
+    /**
+     * Pip spec to pin: `<pkg>==<version>` (PyPI exact pin) or
+     * `git+https://<url>@<sha>` (git-SHA pin).
+     */
+    readonly spec: string;
+}
+export interface PipArtifactPin {
+    /**
+     * Sha256 hex of the artifact, the `--hash=sha256:<hex>` value pip expects.
+     */
+    readonly checksum: string;
+    /**
+     * Downloaded artifact filename, e.g. `is_odd-3.0.1-py3-none-any.whl`.
+     */
+    readonly file: string;
+    /**
+     * Distribution name parsed from the filename, e.g. `is-odd`.
+     */
+    readonly name: string;
+    /**
+     * Distribution version parsed from the filename, e.g. `3.0.1`.
+     */
+    readonly version: string;
+}
+export interface PipPackagePin {
+    /**
+     * Per-artifact pins for the full resolved closure (top-level + transitive).
+     */
+    readonly artifacts: readonly PipArtifactPin[];
+    /**
+     * Hashes of the top-level artifact (sha512 SRI + sha256 hex). The Python
+     * analog of `NpmPackagePin.hash`.
+     */
+    readonly hash: ComputedHashes;
+    /**
+     * Resolved top-level distribution name.
+     */
+    readonly name: string;
+    /**
+     * Fully-hashed `requirements.txt` content, ready to write to disk and feed to
+     * `pip install --require-hashes -r <file>`. The Python analog of
+     * `NpmPackagePin.lockfile`.
+     */
+    readonly requirements: string;
+    /**
+     * Resolved top-level distribution version.
+     */
+    readonly version: string;
+}
+/**
+ * Thrown when `pip download` produces no artifacts or a filename can't be
+ * parsed into a name + version.
+ */
+export declare class PipPackagePinError extends Error {
+    constructor(message: string, options?: {
+        cause?: unknown | undefined;
+    } | undefined);
+}
+/**
+ * Normalize a PEP 503 distribution name: lowercase, runs of `_ . -` collapse to
+ * a single `-`. Wheel filenames use `_`; requirements/PyPI use `-`.
+ */
+export declare function normalizeDistName(name: string): string;
+/**
+ * Parse `<name>-<version>` out of a wheel (`name-ver-...whl`) or sdist
+ * (`name-ver.tar.gz` / `name-ver.zip`) filename. Returns undefined when the
+ * shape isn't recognized.
+ */
+export declare function parseArtifactFilename(file: string): {
+    name: string;
+    version: string;
+} | undefined;
+/**
+ * Generate a vendorable, hash-pinned closure for a pip spec without installing
+ * it. Mirrors `resolveNpmPackagePin`. Throws `PipPackagePinError` on an empty
+ * download or an unparseable artifact filename.
+ */
+export declare function resolvePipPackagePin(options: ResolvePipPackagePinOptions): Promise<PipPackagePin>;
+/**
+ * Best-effort distribution name from a pip spec for matching the top-level
+ * artifact: strips a `==`/`>=`/etc. version and a `git+...#egg=<name>`
+ * fragment. Falls back to the raw spec when neither is present.
+ */
+export declare function specDistName(spec: string): string;