@socketsecurity/lib 6.0.6 → 6.0.7

package/dist/dlx/paths.js

@@ -19,7 +19,7 @@ const require_paths_socket = require('../paths/socket.js');
 *   ```
 */
 function getDlxInstalledPackageDir(packageName) {
-	return /* @__PURE__ */ require_paths_normalize.normalizePath((/* @__PURE__ */ require_node_path.getNodePath()).join(getDlxPackageNodeModulesDir(packageName), packageName));
+	return require_paths_normalize.normalizePath(require_node_path.getNodePath().join(getDlxPackageNodeModulesDir(packageName), packageName));
 }
 /**
 * Get the DLX installation directory for a specific package.
@@ -30,7 +30,7 @@ function getDlxInstalledPackageDir(packageName) {
 *   ```
 */
 function getDlxPackageDir(packageName) {
-	return /* @__PURE__ */ require_paths_normalize.normalizePath((/* @__PURE__ */ require_node_path.getNodePath()).join(require_paths_socket.getSocketDlxDir(), packageName));
+	return require_paths_normalize.normalizePath(require_node_path.getNodePath().join(require_paths_socket.getSocketDlxDir(), packageName));
 }
 /**
 * Get the package.json path for a DLX installed package.
@@ -41,7 +41,7 @@ function getDlxPackageDir(packageName) {
 *   ```
 */
 function getDlxPackageJsonPath(packageName) {
-	return /* @__PURE__ */ require_paths_normalize.normalizePath((/* @__PURE__ */ require_node_path.getNodePath()).join(getDlxInstalledPackageDir(packageName), "package.json"));
+	return require_paths_normalize.normalizePath(require_node_path.getNodePath().join(getDlxInstalledPackageDir(packageName), "package.json"));
 }
 /**
 * Get the node_modules directory for a DLX package installation.
@@ -52,7 +52,7 @@ function getDlxPackageJsonPath(packageName) {
 *   ```
 */
 function getDlxPackageNodeModulesDir(packageName) {
-	return /* @__PURE__ */ require_paths_normalize.normalizePath((/* @__PURE__ */ require_node_path.getNodePath()).join(getDlxPackageDir(packageName), "node_modules"));
+	return require_paths_normalize.normalizePath(require_node_path.getNodePath().join(getDlxPackageDir(packageName), "node_modules"));
 }
 /**
 * Check if a file path is within the Socket DLX directory. This is useful for
@@ -71,9 +71,9 @@ function getDlxPackageNodeModulesDir(packageName) {
 */
 function isInSocketDlx(filePath) {
 	if (!filePath) return false;
-	const path = /* @__PURE__ */ require_node_path.getNodePath();
-	const dlxDir = /* @__PURE__ */ require_paths_normalize.normalizePath(require_paths_socket.getSocketDlxDir());
-	return require_primordials_string.StringPrototypeStartsWith(/* @__PURE__ */ require_paths_normalize.normalizePath(path.resolve(filePath)), `${dlxDir}/`);
+	const path = require_node_path.getNodePath();
+	const dlxDir = require_paths_normalize.normalizePath(require_paths_socket.getSocketDlxDir());
+	return require_primordials_string.StringPrototypeStartsWith(require_paths_normalize.normalizePath(path.resolve(filePath)), `${dlxDir}/`);
 }
 
 //#endregion

package/dist/dlx/spec.js

@@ -32,7 +32,7 @@ function parsePackageSpec(spec) {
 	try {
 		/* c8 ignore next - External npm-package-arg call */
 		const parsed = (0, src_external_npm_package_arg.default)(spec);
-		const version = parsed.type === "tag" ? parsed.fetchSpec : parsed.type === "version" || parsed.type === "range" ? parsed.fetchSpec : void 0;
+		const version = parsed.type === "tag" ? parsed.fetchSpec : parsed.type === "range" || parsed.type === "version" ? parsed.fetchSpec : void 0;
 		return {
 			name: parsed.name || spec,
 			version

package/dist/dlx/types.d.ts

@@ -3,20 +3,16 @@
  *   of `dlx/package.ts` so consumers can import these types without pulling in
  *   the implementation.
  *
- *   - `DownloadPackageResult` — what `downloadPackage` returns
+ *   - `DownloadNpmPackageResult` — what `downloadNpmPackage` returns
  *   - `EnsurePackageInstallOptions` — shared install-pinning options
- *   - `DlxPackageOptions` — full options for `dlxPackage` / `downloadPackage`
+ *   - `DlxPackageOptions` — full options for `dlxPackage` / `downloadNpmPackage`
  *   - `DlxPackageResult` — what `dlxPackage` returns
  */
 import type { HashSpec } from '../integrity';
 import type { LockfileSpec } from './lockfile';
 import type { spawn } from '../process/spawn/child';
 import type { SpawnOptions } from '../process/spawn/types';
-export interface DownloadPackageResult {
-    /**
-     * Path to the installed package directory.
-     */
-    packageDir: string;
+export interface DownloadNpmPackageResult {
     /**
      * Path to the binary.
      */
@@ -25,6 +21,10 @@ export interface DownloadPackageResult {
      * Whether the package was newly installed.
      */
     installed: boolean;
+    /**
+     * Path to the installed package directory.
+     */
+    packageDir: string;
 }
 /**
  * Shared install-pinning options used by both {@link DlxPackageOptions} and the
@@ -80,38 +80,30 @@ export interface EnsurePackageInstallOptions {
     lockfile?: LockfileSpec | undefined;
 }
 export interface DlxPackageOptions extends EnsurePackageInstallOptions {
-    /**
-     * Package to install (e.g., '@cyclonedx/cdxgen@10.0.0'). Aligns with npx
-     * --package flag.
-     */
-    package: string;
     /**
      * Binary name to execute (optional - auto-detected in most cases).
      *
-     * Auto-detection logic: 1. If package has only one binary, uses it
+     * Auto-detection logic: 1. If the package has only one binary, uses it
      * automatically 2. Tries user-provided binaryName 3. Tries last segment of
-     * package name (e.g., 'cli' from '@socketsecurity/cli') 4. Falls back to
+     * the package name (e.g., 'cli' from '@socketsecurity/cli') 4. Falls back to
      * first binary.
      *
-     * Only needed when package has multiple binaries and auto-detection fails.
+     * Only needed when the package has multiple binaries and auto-detection
+     * fails.
      *
      * @example
      *   // Auto-detected (single binary)
-     *   { package: '@socketsecurity/cli' }  // Finds 'socket' binary automatically
+     *   { spec: '@socketsecurity/cli' }  // Finds 'socket' binary automatically
      *
      *   // Explicit (multiple binaries)
-     *   { package: 'some-tool', binaryName: 'specific-tool' }
+     *   { spec: 'some-tool', binaryName: 'specific-tool' }
      */
     binaryName?: string | undefined;
     /**
-     * Force reinstallation even if package exists. Aligns with npx --yes/-y flag
-     * behavior.
+     * Force reinstallation even if the package exists. Aligns with npx --yes/-y
+     * flag behavior.
      */
     force?: boolean | undefined;
-    /**
-     * Skip confirmation prompts (auto-approve). Aligns with npx --yes/-y flag.
-     */
-    yes?: boolean | undefined;
     /**
      * Suppress output (quiet mode). Aligns with npx --quiet/-q and pnpm
      * --silent/-s flags.
@@ -121,12 +113,17 @@ export interface DlxPackageOptions extends EnsurePackageInstallOptions {
      * Additional spawn options for the execution.
      */
     spawnOptions?: SpawnOptions | undefined;
-}
-export interface DlxPackageResult {
     /**
-     * Path to the installed package directory.
+     * Package spec to install (e.g., '@cyclonedx/cdxgen@10.0.0'). Aligns with npx
+     * --package flag. Named `spec` to match `downloadPipPackage({ spec })`.
      */
-    packageDir: string;
+    spec: string;
+    /**
+     * Skip confirmation prompts (auto-approve). Aligns with npx --yes/-y flag.
+     */
+    yes?: boolean | undefined;
+}
+export interface DlxPackageResult {
     /**
      * Path to the binary that was executed.
      */
@@ -135,6 +132,10 @@ export interface DlxPackageResult {
      * Whether the package was newly installed.
      */
     installed: boolean;
+    /**
+     * Path to the installed package directory.
+     */
+    packageDir: string;
     /**
      * The spawn promise for the running process.
      */

package/dist/eco/cargo/parse-lockfile.d.ts

@@ -27,7 +27,7 @@
  *      (parseCargoLock)
  *   4. **Cargo's own lockfile encoder** — the source of truth for the format we're
  *      parsing:
- *      https://github.com/rust-lang/cargo/blob/master/src/cargo/core/resolver/encode.rs
+ *      https://github.com/rust-lang/cargo/blob/0.86.0/src/cargo/core/resolver/encode.rs
  *      Lockfile format docs:
  *      https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
  *      https://doc.rust-lang.org/cargo/reference/resolver.html#lockfile-format

package/dist/eco/cargo/parse-lockfile.js

@@ -35,7 +35,7 @@ const require_primordials_object = require('../../primordials/object.js');
 *      (parseCargoLock)
 *   4. **Cargo's own lockfile encoder** — the source of truth for the format we're
 *      parsing:
-*      https://github.com/rust-lang/cargo/blob/master/src/cargo/core/resolver/encode.rs
+*      https://github.com/rust-lang/cargo/blob/0.86.0/src/cargo/core/resolver/encode.rs
 *      Lockfile format docs:
 *      https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
 *      https://doc.rust-lang.org/cargo/reference/resolver.html#lockfile-format
@@ -180,7 +180,7 @@ function parseInlineArray(value) {
 	const result = [];
 	let i = 0;
 	while (i < inner.length) {
-		while (i < inner.length && (inner[i] === " " || inner[i] === "	" || inner[i] === ",")) i++;
+		while (i < inner.length && (inner[i] === "	" || inner[i] === " " || inner[i] === ",")) i++;
 		if (i >= inner.length) break;
 		if (require_primordials_string.StringPrototypeCharCodeAt(inner, i) === 34) {
 			const closeIdx = require_primordials_string.StringPrototypeIndexOf(inner, "\"", i + 1);

package/dist/eco/manifest/analyze-lockfile.js

@@ -42,8 +42,8 @@ function jsAnalyzeLockfile(lockfile) {
 		avgDepth: 0
 	});
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const analyzeLockfile = _smol ? _smol.analyzeLockfile : jsAnalyzeLockfile;
+const smol = require_smol_manifest.getSmolManifest();
+const analyzeLockfile = smol ? smol.analyzeLockfile : jsAnalyzeLockfile;
 
 //#endregion
 exports.analyzeLockfile = analyzeLockfile;

package/dist/eco/manifest/detect-format.js

@@ -34,7 +34,7 @@ const COMPOSER_LOCK_FORMAT = require_primordials_object.ObjectFreeze({
 	format: "composer",
 	type: "lockfile"
 });
-const _jsSupportedFiles = require_primordials_object.ObjectFreeze({
+const jsSupportedFiles = require_primordials_object.ObjectFreeze({
 	__proto__: null,
 	manifests: require_primordials_object.ObjectFreeze([
 		require_eco_npm_manifest_format.PACKAGE_JSON_FILENAME,
@@ -64,9 +64,9 @@ function jsDetectFormat(filename) {
 		default: return;
 	}
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const detectFormat = _smol?.detectFormat ?? jsDetectFormat;
-const supportedFiles = _smol?.supportedFiles ?? _jsSupportedFiles;
+const smol = require_smol_manifest.getSmolManifest();
+const detectFormat = smol?.detectFormat ?? jsDetectFormat;
+const supportedFiles = smol?.supportedFiles ?? jsSupportedFiles;
 
 //#endregion
 exports.detectFormat = detectFormat;

package/dist/eco/manifest/find-packages.js

@@ -35,8 +35,8 @@ function jsFindPackages(lockfile, pattern) {
 	}
 	return result;
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const findPackages = _smol ? _smol.findPackages : jsFindPackages;
+const smol = require_smol_manifest.getSmolManifest();
+const findPackages = smol ? smol.findPackages : jsFindPackages;
 
 //#endregion
 exports.FIND_PACKAGES_PATTERN_MAX_LEN = FIND_PACKAGES_PATTERN_MAX_LEN;

package/dist/eco/manifest/get-package-versions.js

@@ -23,8 +23,8 @@ function jsGetPackageVersions(lockfile, name) {
 	}
 	return result;
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const getPackageVersions = _smol ? _smol.getPackageVersions : jsGetPackageVersions;
+const smol = require_smol_manifest.getSmolManifest();
+const getPackageVersions = smol ? smol.getPackageVersions : jsGetPackageVersions;
 
 //#endregion
 exports.getPackageVersions = getPackageVersions;

package/dist/eco/manifest/get-package.js

@@ -17,8 +17,8 @@ function jsGetPackage(lockfile, name) {
 	if (typeof idx === "number") return lockfile.packages[idx];
 	return lockfile.packages[idx[0]];
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const getPackage = _smol ? _smol.getPackage : jsGetPackage;
+const smol = require_smol_manifest.getSmolManifest();
+const getPackage = smol ? smol.getPackage : jsGetPackage;
 
 //#endregion
 exports.getPackage = getPackage;

package/dist/eco/manifest/parse-lockfile.js

@@ -36,8 +36,8 @@ function sniffLockfileFormat(content) {
 	if (require_primordials_string.StringPrototypeIndexOf(content, "yarn lockfile") !== -1 || require_primordials_string.StringPrototypeIndexOf(content, "__metadata:") !== -1) return "yarn";
 	if (require_primordials_string.StringPrototypeIndexOf(content, "lockfileVersion:") !== -1) return "pnpm";
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const parseLockfile = _smol ? (content, ecosystem, format) => _smol.parseLockfile(content, ecosystem, format) : jsParseLockfile;
+const smol = require_smol_manifest.getSmolManifest();
+const parseLockfile = smol ? (content, ecosystem, format) => smol.parseLockfile(content, ecosystem, format) : jsParseLockfile;
 
 //#endregion
 exports.jsParseLockfile = jsParseLockfile;

package/dist/eco/manifest/parse-manifest.js

@@ -20,9 +20,9 @@ function jsParseManifest(content, ecosystem) {
 		default: throw new require_eco_manifest_manifest_error.ManifestError(`Unsupported ecosystem: ${ecosystem}`, "ERR_UNSUPPORTED");
 	}
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
+const smol = require_smol_manifest.getSmolManifest();
 /* c8 ignore start - smol-fallback branch is smol Node binary only. */
-const smolParseManifest = _smol ? (content, ecosystem) => _smol.parseManifest(content, ecosystem) : void 0;
+const smolParseManifest = smol ? (content, ecosystem) => smol.parseManifest(content, ecosystem) : void 0;
 /* c8 ignore stop */
 const parseManifest = smolParseManifest ?? jsParseManifest;
 

package/dist/eco/manifest/parse.js

@@ -20,9 +20,9 @@ function jsParse(filename, content) {
 	if (format.type === "manifest") return require_eco_manifest_parse_manifest.parseManifest(content, format.ecosystem);
 	return require_eco_manifest_parse_lockfile.parseLockfile(content, format.ecosystem, format.format);
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
+const smol = require_smol_manifest.getSmolManifest();
 /* c8 ignore start - smol-fallback branch is smol Node binary only. */
-const smolParse = _smol ? (filename, content) => _smol.parse(filename, content) : void 0;
+const smolParse = smol ? (filename, content) => smol.parse(filename, content) : void 0;
 /* c8 ignore stop */
 const parse = smolParse ?? jsParse;
 

package/dist/eco/npm/npm/exec.js

@@ -32,9 +32,9 @@ const require_eco_npm_npm_flags = require('./flags.js');
 *   ```
 */
 function execNpm(args, options) {
-	const useDebug = /* @__PURE__ */ require_debug_namespace.isDebug();
+	const useDebug = require_debug_namespace.isDebug();
 	const terminatorPos = require_primordials_array.ArrayPrototypeIndexOf(args, "--");
-	const npmArgs = (terminatorPos === -1 ? args : require_primordials_array.ArrayPrototypeSlice(args, 0, terminatorPos)).filter((a) => !/* @__PURE__ */ require_eco_npm_npm_flags.isNpmAuditFlag(a) && !/* @__PURE__ */ require_eco_npm_npm_flags.isNpmFundFlag(a) && !/* @__PURE__ */ require_eco_npm_npm_flags.isNpmProgressFlag(a));
+	const npmArgs = (terminatorPos === -1 ? args : require_primordials_array.ArrayPrototypeSlice(args, 0, terminatorPos)).filter((a) => !require_eco_npm_npm_flags.isNpmAuditFlag(a) && !require_eco_npm_npm_flags.isNpmFundFlag(a) && !require_eco_npm_npm_flags.isNpmProgressFlag(a));
 	const otherArgs = terminatorPos === -1 ? [] : require_primordials_array.ArrayPrototypeSlice(args, terminatorPos);
 	return require_process_spawn_child.spawn(require_constants_agents.NPM_BIN_PATH, [
 		"--no-audit",

package/dist/eco/npm/npm/flags.js

@@ -19,9 +19,8 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 *   isNpmAuditFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isNpmAuditFlag(cmdArg) {
-	return /^--(no-)?audit(=.*)?$/.test(cmdArg);
+	return /^--(?:no-)?audit(?:=.*)?$/.test(cmdArg);
 }
 /**
 * Check if a command argument is an npm fund flag.
@@ -33,9 +32,8 @@ function isNpmAuditFlag(cmdArg) {
 *   isNpmFundFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isNpmFundFlag(cmdArg) {
-	return /^--(no-)?fund(=.*)?$/.test(cmdArg);
+	return /^--(?:no-)?fund(?:=.*)?$/.test(cmdArg);
 }
 /**
 * Check if a command argument is an npm loglevel flag.
@@ -48,11 +46,10 @@ function isNpmFundFlag(cmdArg) {
 *   isNpmLoglevelFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isNpmLoglevelFlag(cmdArg) {
-	if (/^--loglevel(=.*)?$/.test(cmdArg)) return true;
-	if (/^--(silent|verbose|info|warn|error|quiet)$/.test(cmdArg)) return true;
-	return /^-(s|q|d|dd|ddd|v)$/.test(cmdArg);
+	if (/^--loglevel(?:=.*)?$/.test(cmdArg)) return true;
+	if (/^--(?:error|info|quiet|silent|verbose|warn)$/.test(cmdArg)) return true;
+	return /^-(?:d|dd|ddd|q|s|v)$/.test(cmdArg);
 }
 /**
 * Check if a command argument is an npm node-options flag.
@@ -64,9 +61,8 @@ function isNpmLoglevelFlag(cmdArg) {
 *   isNpmNodeOptionsFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isNpmNodeOptionsFlag(cmdArg) {
-	return /^--node-options(=.*)?$/.test(cmdArg);
+	return /^--node-options(?:=.*)?$/.test(cmdArg);
 }
 /**
 * Check if a command argument is an npm progress flag.
@@ -78,9 +74,8 @@ function isNpmNodeOptionsFlag(cmdArg) {
 *   isNpmProgressFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isNpmProgressFlag(cmdArg) {
-	return /^--(no-)?progress(=.*)?$/.test(cmdArg);
+	return /^--(?:no-)?progress(?:=.*)?$/.test(cmdArg);
 }
 
 //#endregion

package/dist/eco/npm/npm/parse-lockfile.d.ts

@@ -42,22 +42,22 @@
  */
 import type { DepType, PackageRef, ParsedLockfile } from '../../manifest/types';
 interface RawPackage {
-    readonly name?: unknown;
-    readonly version?: unknown;
-    readonly resolved?: unknown;
-    readonly integrity?: unknown;
-    readonly dev?: unknown;
-    readonly optional?: unknown;
-    readonly peer?: unknown;
-    readonly inBundle?: unknown;
-    readonly license?: unknown;
-    readonly dependencies?: unknown;
-    readonly requires?: unknown;
+    readonly name?: unknown | undefined;
+    readonly version?: unknown | undefined;
+    readonly resolved?: unknown | undefined;
+    readonly integrity?: unknown | undefined;
+    readonly dev?: unknown | undefined;
+    readonly optional?: unknown | undefined;
+    readonly peer?: unknown | undefined;
+    readonly inBundle?: unknown | undefined;
+    readonly license?: unknown | undefined;
+    readonly dependencies?: unknown | undefined;
+    readonly requires?: unknown | undefined;
 }
 interface RawLockfile {
-    readonly lockfileVersion?: unknown;
-    readonly packages?: Record<string, RawPackage>;
-    readonly dependencies?: Record<string, RawPackage>;
+    readonly lockfileVersion?: unknown | undefined;
+    readonly packages?: Record<string, RawPackage> | undefined;
+    readonly dependencies?: Record<string, RawPackage> | undefined;
 }
 type PackageIndex = Record<string, number | number[]>;
 export declare function addToIndex(packageIndex: PackageIndex, name: string, idx: number): void;

package/dist/eco/npm/npm/parse-lockfile.js

@@ -5,8 +5,8 @@ const require_primordials_error = require('../../../primordials/error.js');
 const require_primordials_string = require('../../../primordials/string.js');
 const require_primordials_array = require('../../../primordials/array.js');
 const require_primordials_map_set = require('../../../primordials/map-set.js');
-const require_primordials_object = require('../../../primordials/object.js');
 const require_primordials_json = require('../../../primordials/json.js');
+const require_primordials_object = require('../../../primordials/object.js');
 const require_errors_message = require('../../../errors/message.js');
 const require_smol_manifest = require('../../../smol/manifest.js');
 const require_eco_manifest_manifest_error = require('../../manifest/manifest-error.js');
@@ -185,8 +185,8 @@ function resolveDepType(pkg) {
 	if (pkg.peer) return "peer";
 	return "prod";
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const parsePackageLock = _smol ? (content) => _smol.parseLockfile(content, "npm", "npm") : jsParsePackageLock;
+const smol = require_smol_manifest.getSmolManifest();
+const parsePackageLock = smol ? (content) => smol.parseLockfile(content, "npm", "npm") : jsParsePackageLock;
 
 //#endregion
 exports.addToIndex = addToIndex;

package/dist/eco/npm/parse-package-json.js

@@ -2,8 +2,8 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_array = require('../../primordials/array.js');
-const require_primordials_object = require('../../primordials/object.js');
 const require_primordials_json = require('../../primordials/json.js');
+const require_primordials_object = require('../../primordials/object.js');
 const require_errors_message = require('../../errors/message.js');
 const require_smol_manifest = require('../../smol/manifest.js');
 const require_eco_manifest_manifest_error = require('../manifest/manifest-error.js');
@@ -73,8 +73,8 @@ function resolveRepository(value) {
 		if (typeof url === "string" && url.length > 0) return url;
 	}
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const parsePackageJson = _smol ? (content) => _smol.parseManifest(content, "npm") : jsParsePackageJson;
+const smol = require_smol_manifest.getSmolManifest();
+const parsePackageJson = smol ? (content) => smol.parseManifest(content, "npm") : jsParsePackageJson;
 
 //#endregion
 exports.addDeps = addDeps;

package/dist/eco/npm/pnpm/exec.d.ts

@@ -5,7 +5,7 @@
  */
 import type { SpawnOptions } from '../../../process/spawn/types';
 export interface PnpmOptions extends SpawnOptions {
-    allowLockfileUpdate?: boolean;
+    allowLockfileUpdate?: boolean | undefined;
 }
 /**
  * Execute pnpm commands with optimized flags and settings.

package/dist/eco/npm/pnpm/exec.js

@@ -2,8 +2,8 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_array = require('../../../primordials/array.js');
-const require_debug_namespace = require('../../../debug/namespace.js');
 const require_env_ci = require('../../../env/ci.js');
+const require_debug_namespace = require('../../../debug/namespace.js');
 const require_bin_exec = require('../../../bin/exec.js');
 const require_eco_npm_npm_flags = require('../npm/flags.js');
 const require_eco_npm_pnpm_flags = require('./flags.js');
@@ -28,9 +28,9 @@ function execPnpm(args, options) {
 		__proto__: null,
 		...options
 	};
-	const useDebug = /* @__PURE__ */ require_debug_namespace.isDebug();
+	const useDebug = require_debug_namespace.isDebug();
 	const terminatorPos = require_primordials_array.ArrayPrototypeIndexOf(args, "--");
-	const pnpmArgs = (terminatorPos === -1 ? args : require_primordials_array.ArrayPrototypeSlice(args, 0, terminatorPos)).filter((a) => !/* @__PURE__ */ require_eco_npm_npm_flags.isNpmProgressFlag(a));
+	const pnpmArgs = (terminatorPos === -1 ? args : require_primordials_array.ArrayPrototypeSlice(args, 0, terminatorPos)).filter((a) => !require_eco_npm_npm_flags.isNpmProgressFlag(a));
 	const otherArgs = terminatorPos === -1 ? [] : require_primordials_array.ArrayPrototypeSlice(args, terminatorPos);
 	const firstArg = pnpmArgs[0];
 	const supportsIgnoreScripts = firstArg ? require_eco_npm_pnpm_flags.PNPM_INSTALL_LIKE_COMMANDS.has(firstArg) : false;
@@ -39,9 +39,9 @@ function execPnpm(args, options) {
 	const ignoreScriptsArgs = !supportsIgnoreScripts || hasIgnoreScriptsFlag ? [] : ["--ignore-scripts"];
 	/* c8 ignore start */
 	const frozenLockfileArgs = [];
-	if (/* @__PURE__ */ require_env_ci.getCI() && allowLockfileUpdate && firstArg && /* @__PURE__ */ require_eco_npm_pnpm_flags.isPnpmInstallCommand(firstArg) && !pnpmArgs.some(require_eco_npm_pnpm_flags.isPnpmFrozenLockfileFlag)) frozenLockfileArgs.push("--no-frozen-lockfile");
+	if (require_env_ci.getCI() && allowLockfileUpdate && firstArg && require_eco_npm_pnpm_flags.isPnpmInstallCommand(firstArg) && !pnpmArgs.some(require_eco_npm_pnpm_flags.isPnpmFrozenLockfileFlag)) frozenLockfileArgs.push("--no-frozen-lockfile");
 	/* c8 ignore stop */
-	return /* @__PURE__ */ require_bin_exec.execBin("pnpm", [
+	return require_bin_exec.execBin("pnpm", [
 		...logLevelArgs,
 		...ignoreScriptsArgs,
 		...frozenLockfileArgs,

package/dist/eco/npm/pnpm/flags.js

@@ -23,7 +23,6 @@ const pnpmInstallCommands = new require_primordials_map_set.SetCtor(["install",
 *   isPnpmFrozenLockfileFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isPnpmFrozenLockfileFlag(cmdArg) {
 	return pnpmFrozenLockfileFlags.has(cmdArg);
 }
@@ -37,7 +36,6 @@ function isPnpmFrozenLockfileFlag(cmdArg) {
 *   isPnpmIgnoreScriptsFlag('--save') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isPnpmIgnoreScriptsFlag(cmdArg) {
 	return pnpmIgnoreScriptsFlags.has(cmdArg);
 }
@@ -51,7 +49,6 @@ function isPnpmIgnoreScriptsFlag(cmdArg) {
 *   isPnpmInstallCommand('run') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isPnpmInstallCommand(cmdArg) {
 	return pnpmInstallCommands.has(cmdArg);
 }

package/dist/eco/npm/pnpm/parse-lockfile.d.ts

@@ -24,7 +24,7 @@
  *      https://github.com/CycloneDX/cdxgen/blob/v11.11.0/lib/parsers/js.js
  *      (parsePnpmLock)
  *   4. **pnpm lockfile spec** + reference implementation:
- *      https://github.com/pnpm/spec/blob/master/lockfile/9.0.md
+ *      https://github.com/pnpm/spec/blob/834f2815cc61917fa133e10869a2d4e9391c36bf/lockfile/9.0.md
  *      https://github.com/pnpm/pnpm/blob/main/packages/lockfile-file/ Bug fixes
  *      implemented here (and in the native parser):
  *

package/dist/eco/npm/pnpm/parse-lockfile.js

@@ -37,7 +37,7 @@ const require_eco_npm_pnpm_parse_pnpm_package_id_v6_v9 = require('./parse-pnpm-p
 *      https://github.com/CycloneDX/cdxgen/blob/v11.11.0/lib/parsers/js.js
 *      (parsePnpmLock)
 *   4. **pnpm lockfile spec** + reference implementation:
-*      https://github.com/pnpm/spec/blob/master/lockfile/9.0.md
+*      https://github.com/pnpm/spec/blob/834f2815cc61917fa133e10869a2d4e9391c36bf/lockfile/9.0.md
 *      https://github.com/pnpm/pnpm/blob/main/packages/lockfile-file/ Bug fixes
 *      implemented here (and in the native parser):
 *
@@ -71,7 +71,7 @@ function freezeEntry(entry) {
 }
 function indentOf(line) {
 	let indent = 0;
-	while (indent < line.length && (line[indent] === " " || line[indent] === "	")) indent++;
+	while (indent < line.length && (line[indent] === "	" || line[indent] === " ")) indent++;
 	return indent;
 }
 function jsParsePnpmLock(content) {
@@ -237,8 +237,8 @@ function stripPeerSuffix(version) {
 	const parenIdx = require_primordials_string.StringPrototypeIndexOf(noUnderscore, "(");
 	return parenIdx !== -1 ? require_primordials_string.StringPrototypeSlice(noUnderscore, 0, parenIdx) : noUnderscore;
 }
-const _smol = /* @__PURE__ */ require_smol_manifest.getSmolManifest();
-const parsePnpmLock = _smol ? (content) => _smol.parseLockfile(content, "npm", "pnpm") : jsParsePnpmLock;
+const smol = require_smol_manifest.getSmolManifest();
+const parsePnpmLock = smol ? (content) => smol.parseLockfile(content, "npm", "pnpm") : jsParsePnpmLock;
 
 //#endregion
 exports.addToPnpmIndex = addToPnpmIndex;

package/dist/eco/npm/script.js

@@ -2,12 +2,13 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_primordials_error = require('../../primordials/error.js');
 const require_primordials_array = require('../../primordials/array.js');
 const require_objects_inspect = require('../../objects/inspect.js');
 const require_process_spawn_child = require('../../process/spawn/child.js');
 const require_constants_agents = require('../../constants/agents.js');
 const require_constants_node = require('../../constants/node.js');
-const require_fs_find_up = require('../../fs/find-up.js');
+const require_fs_find = require('../../fs/find.js');
 const require_eco_npm_npm_exec = require('./npm/exec.js');
 const require_eco_npm_pnpm_exec = require('./pnpm/exec.js');
 const require_eco_npm_yarnpkg_yarn_exec = require('./yarnpkg/yarn/exec.js');
@@ -54,27 +55,29 @@ function execScript(scriptName, args, options) {
 	};
 	if (spawnOptions.shell === true) return require_process_spawn_child.spawn(scriptName, resolvedArgs, spawnOptions);
 	const useNodeRun = !prepost && require_constants_node.supportsNodeRun();
-	const cwd = /* @__PURE__ */ require_objects_inspect.getOwn(spawnOptions, "cwd") ?? node_process.default.cwd();
-	if (/* @__PURE__ */ require_fs_find_up.findUpSync("pnpm-lock.yaml", { cwd })) return require_eco_npm_pnpm_exec.execPnpm([
+	const cwd = require_objects_inspect.getOwn(spawnOptions, "cwd") ?? node_process.default.cwd();
+	if (require_fs_find.findUpSync("pnpm-lock.yaml", { cwd })) return require_eco_npm_pnpm_exec.execPnpm([
 		"run",
 		scriptName,
 		...resolvedArgs
 	], spawnOptions);
-	if (/* @__PURE__ */ require_fs_find_up.findUpSync("package-lock.json", { cwd })) return require_eco_npm_npm_exec.execNpm([
+	if (require_fs_find.findUpSync("package-lock.json", { cwd })) return require_eco_npm_npm_exec.execNpm([
 		"run",
 		scriptName,
 		...resolvedArgs
 	], spawnOptions);
-	if (/* @__PURE__ */ require_fs_find_up.findUpSync("yarn.lock", { cwd })) return require_eco_npm_yarnpkg_yarn_exec.execYarn([
+	if (require_fs_find.findUpSync("yarn.lock", { cwd })) return require_eco_npm_yarnpkg_yarn_exec.execYarn([
 		"run",
 		scriptName,
 		...resolvedArgs
 	], spawnOptions);
 	/* c8 ignore stop */
 	/* c8 ignore start */
+	if (!useNodeRun && !require_constants_agents.NPM_REAL_EXEC_PATH) throw new require_primordials_error.ErrorCtor(`Cannot run script "${scriptName}": no npm executable found and this Node.js lacks \`node --run\`. Install npm or upgrade to Node 22.5+ for \`--run\` support.`);
+	const runnerArgs = useNodeRun ? ["--run"] : [require_constants_agents.NPM_REAL_EXEC_PATH, "run"];
 	return require_process_spawn_child.spawn(require_constants_node.getExecPath(), [
 		...require_constants_node.getNodeNoWarningsFlags(),
-		...useNodeRun ? ["--run"] : [require_constants_agents.NPM_REAL_EXEC_PATH, "run"],
+		...runnerArgs,
 		scriptName,
 		...resolvedArgs
 	], { ...spawnOptions });