npm - @socketsecurity/lib - Versions diffs - 6.0.6 → 6.0.8 - Mend

@socketsecurity/lib 6.0.6 → 6.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/CHANGELOG.md +46 -1
package/README.md +1 -1
package/dist/ai/agent-context.d.mts +103 -0
package/dist/ai/agent-context.js +157 -0
package/dist/ai/backends.d.mts +83 -0
package/dist/ai/backends.js +173 -0
package/dist/ai/credentials.d.mts +49 -0
package/dist/ai/credentials.js +82 -0
package/dist/ai/discover.d.mts +6 -2
package/dist/ai/discover.js +4 -3
package/dist/ai/exec.d.mts +52 -0
package/dist/ai/exec.js +92 -0
package/dist/ai/http.d.mts +132 -0
package/dist/ai/http.js +130 -0
package/dist/ai/profiles.d.mts +41 -6
package/dist/ai/profiles.js +52 -10
package/dist/ai/route.d.mts +69 -0
package/dist/ai/route.js +156 -0
package/dist/ai/spawn.d.mts +10 -2
package/dist/ai/spawn.js +56 -31
package/dist/ai/subagent-status.d.mts +48 -0
package/dist/ai/subagent-status.js +57 -0
package/dist/ai/tier.d.mts +60 -0
package/dist/ai/tier.js +53 -0
package/dist/ai/types.d.mts +31 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +5 -1
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +7 -7
package/dist/archives/zip.js +5 -7
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +20 -3
package/dist/argv/parse.js +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +47 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +17 -17
package/dist/bin/prim.cjs +36175 -35861
package/dist/bin/resolve.js +13 -14
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +6 -6
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +18 -13
package/dist/{bin → cli}/check-primordials.js +58 -55
package/dist/{bin → cli}/check.js +3 -3
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +18 -18
package/dist/compression/brotli.d.ts +26 -27
package/dist/compression/brotli.js +39 -35
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +46 -42
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.d.ts +3 -0
package/dist/constants/packages.js +24 -29
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.d.ts +2 -6
package/dist/constants/socket.js +12 -14
package/dist/cover/code.js +10 -10
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +30 -2
package/dist/crypto/hash.js +47 -13
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +3 -4
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +18 -8
package/dist/dlx/binary-cache.js +15 -15
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +11 -11
package/dist/dlx/binary-resolution.js +17 -15
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +42 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +9 -1
package/dist/dlx/firewall.js +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +19 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +20 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +2 -3
package/dist/eco/cargo/parse-lockfile.js +5 -5
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +5 -5
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +17 -18
package/dist/eco/npm/npm/parse-lockfile.js +4 -4
package/dist/eco/npm/parse-package-json.d.ts +11 -0
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +6 -4
package/dist/eco/npm/pnpm/parse-lockfile.js +7 -7
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +4 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +3 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +9 -9
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/proxy.js +1 -1
package/dist/env/rewire.d.ts +8 -6
package/dist/env/rewire.js +16 -17
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +8 -109
package/dist/env/socket.js +22 -167
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/errors/predicates.js +1 -1
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@npmcli/promise-spawn.js +3 -1
package/dist/external/npm-pack.js +2 -2
package/dist/external/pico-pack.js +4 -2
package/dist/external/which.js +3 -1
package/dist/external-tools/bazel/asset-names.d.ts +1 -1
package/dist/external-tools/bazel/asset-names.js +5 -2
package/dist/external-tools/bazel/from-download.d.ts +1 -1
package/dist/external-tools/bazel/from-download.js +5 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve-bazel-version.js +4 -0
package/dist/external-tools/bazel/resolve.d.ts +3 -3
package/dist/external-tools/bazel/resolve.js +16 -8
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.js +5 -2
package/dist/external-tools/cdxgen/from-download.d.ts +1 -1
package/dist/external-tools/cdxgen/from-download.js +7 -4
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.d.ts +3 -3
package/dist/external-tools/cdxgen/resolve.js +16 -8
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +3 -3
package/dist/external-tools/from-download.js +12 -6
package/dist/external-tools/from-pip-venv.d.ts +1 -1
package/dist/external-tools/from-pip-venv.js +12 -5
package/dist/external-tools/janus/asset-names.d.ts +1 -1
package/dist/external-tools/janus/asset-names.js +5 -2
package/dist/external-tools/janus/from-download.d.ts +1 -1
package/dist/external-tools/janus/from-download.js +5 -2
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.d.ts +3 -3
package/dist/external-tools/janus/resolve.js +16 -8
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/asset-names.d.ts +1 -1
package/dist/external-tools/jre/asset-names.js +5 -2
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.d.ts +1 -1
package/dist/external-tools/jre/from-download.js +7 -4
package/dist/external-tools/jre/from-java-home.js +2 -2
package/dist/external-tools/jre/from-vfs.js +3 -3
package/dist/external-tools/jre/resolve.d.ts +3 -3
package/dist/external-tools/jre/resolve.js +16 -8
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +25 -7
package/dist/external-tools/manifest.js +13 -13
package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
package/dist/external-tools/opengrep/asset-names.js +5 -2
package/dist/external-tools/opengrep/from-download.d.ts +1 -1
package/dist/external-tools/opengrep/from-download.js +5 -2
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.d.ts +3 -3
package/dist/external-tools/opengrep/resolve.js +16 -8
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +111 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +98 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +75 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +176 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +142 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +66 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/asset-names.d.ts +1 -1
package/dist/external-tools/sbt/asset-names.js +5 -2
package/dist/external-tools/sbt/from-download.d.ts +1 -1
package/dist/external-tools/sbt/from-download.js +5 -2
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.d.ts +3 -3
package/dist/external-tools/sbt/resolve.js +16 -8
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.js +10 -3
package/dist/external-tools/skillspector/from-path.js +3 -5
package/dist/external-tools/skillspector/from-vfs.js +1 -1
package/dist/external-tools/skillspector/resolve.d.ts +2 -2
package/dist/external-tools/skillspector/resolve.js +14 -6
package/dist/external-tools/synp/asset-names.d.ts +1 -1
package/dist/external-tools/synp/asset-names.js +6 -2
package/dist/external-tools/synp/from-download.d.ts +1 -1
package/dist/external-tools/synp/from-download.js +7 -4
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.d.ts +3 -3
package/dist/external-tools/synp/resolve.js +16 -8
package/dist/external-tools/trivy/asset-names.d.ts +1 -1
package/dist/external-tools/trivy/asset-names.js +5 -2
package/dist/external-tools/trivy/from-download.d.ts +1 -1
package/dist/external-tools/trivy/from-download.js +7 -4
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.d.ts +3 -3
package/dist/external-tools/trivy/resolve.js +16 -8
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.js +5 -2
package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
package/dist/external-tools/trufflehog/from-download.js +7 -4
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.d.ts +3 -3
package/dist/external-tools/trufflehog/resolve.js +16 -8
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/allowed-dirs-cache.d.ts +47 -0
package/dist/fs/allowed-dirs-cache.js +69 -0
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +12 -14
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +13 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +7 -3
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +13 -14
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +11 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +5 -7
package/dist/git/staged.js +12 -4
package/dist/git/tracked.d.ts +84 -0
package/dist/git/tracked.js +163 -0
package/dist/git/unstaged.js +12 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-graphql.js +4 -0
package/dist/github/refs-rest.js +9 -5
package/dist/github/refs.js +15 -10
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +8 -10
package/dist/globs/match.js +13 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +16 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +10 -4
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +3 -3
package/dist/http-request/{browser-fetch.d.ts → fetch/browser.d.ts} +2 -2
package/dist/http-request/{browser-fetch.js → fetch/browser.js} +4 -4
package/dist/http-request/headers.js +1 -2
package/dist/http-request/request-attempt.js +38 -34
package/dist/http-request/request-types.d.ts +2 -2
package/dist/http-request/request.js +1 -1
package/dist/http-request/user-agent.js +4 -5
package/dist/integrity.d.ts +92 -18
package/dist/integrity.js +125 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +51 -44
package/dist/json/format.js +1 -1
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +144 -0
package/dist/native-messaging/rate-limit.d.ts +69 -0
package/dist/native-messaging/rate-limit.js +119 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.d.ts +22 -6
package/dist/node/fs.js +17 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.d.ts +10 -2
package/dist/node/os.js +12 -4
package/dist/node/path.d.ts +11 -2
package/dist/node/path.js +18 -4
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +6 -8
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +4 -5
package/dist/objects/predicates.js +1 -5
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.d.ts +2 -3
package/dist/packages/edit-class.js +53 -48
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +15 -21
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +18 -18
package/dist/packages/manifest.js +16 -19
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +6 -10
package/dist/packages/provenance.js +17 -19
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +75 -12
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +81 -0
package/dist/packages/types.d.ts +22 -22
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/dirnames.d.ts +1 -0
package/dist/paths/dirnames.js +2 -0
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +4 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +17 -25
package/dist/paths/rewire.d.ts +5 -0
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.d.ts +74 -111
package/dist/paths/socket.js +106 -139
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/process.d.ts +88 -0
package/dist/primordials/process.js +132 -0
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.d.ts +1 -2
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +20 -14
package/dist/process/spawn/errors.js +3 -5
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +11 -15
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/regexps/spec.js +1 -1
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +3 -3
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +12 -4
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +4 -5
package/dist/schema/validate.js +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +2 -2
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/find.d.ts +2 -2
package/dist/secrets/find.js +10 -4
package/dist/secrets/keychain.d.ts +1 -1
package/dist/secrets/keychain.js +6 -4
package/dist/secrets/linux.js +40 -52
package/dist/secrets/macos.d.ts +2 -3
package/dist/secrets/macos.js +24 -33
package/dist/secrets/rc.d.ts +4 -4
package/dist/secrets/rc.js +27 -17
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +26 -9
package/dist/secrets/windows.js +32 -37
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +32 -0
package/dist/shell/parse.js +60 -0
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +105 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +8 -5
package/dist/spinner/spinner.js +19 -706
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +10 -6
package/dist/stdio/prompts.d.ts +7 -5
package/dist/stdio/prompts.js +7 -8
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +1 -1
package/dist/temporal/slots.js +6 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/assert-safe.d.ts +29 -0
package/dist/url/assert-safe.js +54 -0
package/dist/url/parse.js +0 -2
package/dist/url/predicates.d.ts +31 -1
package/dist/url/predicates.js +43 -3
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +9 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.js +15 -5
package/package.json +419 -216
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -53
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/fs/path-cache.d.ts +0 -21
package/dist/fs/path-cache.js +0 -34
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/external-tools/manifest.js CHANGED Viewed

@@ -2,10 +2,10 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_error = require('../primordials/error.js');
-const require_primordials_string = require('../primordials/string.js');
 const require_integrity = require('../integrity.js');
-const require_primordials_array = require('../primordials/array.js');
 const require_primordials_object = require('../primordials/object.js');
+const require_primordials_string = require('../primordials/string.js');
+const require_primordials_array = require('../primordials/array.js');
 const require_fs_read_json = require('../fs/read-json.js');
 //#region src/external-tools/manifest.ts
@@ -20,10 +20,10 @@ const require_fs_read_json = require('../fs/read-json.js');
 *   integrity-string validation. Shape: { "<tool-name>": { "description":
 *   "human-readable summary", "version": "1.7.2", "release": "asset" |
 *   "tarball" | ..., "repository": "github:owner/repo", "notes": [...],
-*   "checksums": { "<platform-arch>": { "asset": "<asset-filename>",
+*   "platforms": { "<platform-arch>": { "asset": "<asset-filename>",
 *   "integrity": "sha256-base64=" } } } } Some tools have flavor variants (e.g.
 *   sfw's `free` / `enterprise`) that wrap the `{repository, binaryName,
-*   checksums}` triple under a flavor key. Use `getToolFlavor` for those. Some
+*   platforms}` triple under a flavor key. Use `getToolFlavor` for those. Some
 *   entries (e.g. `rust`) describe a system tool with a different shape —
 *   they're skipped by `getTool` and fully readable only via the raw
 *   `readManifest` returning unknown.
@@ -52,14 +52,14 @@ function parseChecksum(raw, toolName, platformKey) {
 	if (!isObject(raw)) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' checksum entry '${platformKey}' must be an object, got: ${typeof raw}`);
 	const r = raw;
 	if (typeof r.asset !== "string" || r.asset.length === 0) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' platform '${platformKey}' is missing a non-empty 'asset' string`);
-	if (typeof r.integrity !== "string" || !require_integrity.isIntegrityString(r.integrity)) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' platform '${platformKey}' has an invalid 'integrity' (expected SRI sha512 or sha256 form): ${r.integrity}`);
+	if (typeof r.integrity !== "string" || !require_integrity.isIntegrity(r.integrity)) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' platform '${platformKey}' has an invalid 'integrity' (expected SRI sha512 or sha256 form): ${r.integrity}`);
 	return {
 		asset: r.asset,
 		integrity: r.integrity
 	};
 }
-function parseChecksums(raw, toolName) {
-	if (!isObject(raw)) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' is missing a 'checksums' object`);
+function parsePlatforms(raw, toolName) {
+	if (!isObject(raw)) throw new require_primordials_error.ErrorCtor(`external-tools.json: tool '${toolName}' is missing a 'platforms' object`);
 	const out = {};
 	for (const platformKey of require_primordials_object.ObjectKeys(raw)) out[platformKey] = parseChecksum(raw[platformKey], toolName, platformKey);
 	return out;
@@ -70,7 +70,7 @@ function parseToolEntry(raw, toolName) {
 		raw
 	};
 	const r = raw;
-	if (isObject(r.checksums)) {
+	if (isObject(r.platforms)) {
 		if (typeof r.description !== "string" || typeof r.version !== "string" || typeof r.release !== "string" || typeof r.repository !== "string") return {
 			kind: "other",
 			raw
@@ -84,7 +84,7 @@ function parseToolEntry(raw, toolName) {
 				repository: r.repository,
 				binaryName: typeof r.binaryName === "string" ? r.binaryName : void 0,
 				notes: require_primordials_array.ArrayIsArray(r.notes) ? r.notes : void 0,
-				checksums: parseChecksums(r.checksums, toolName)
+				platforms: parsePlatforms(r.platforms, toolName)
 			}
 		};
 	}
@@ -105,7 +105,7 @@ function parseToolEntry(raw, toolName) {
 * callers can handle them out-of-band without blocking the manifest read.
 */
 async function readExternalToolsManifest(filepath) {
-	const raw = await /* @__PURE__ */ require_fs_read_json.readJson(filepath);
+	const raw = await require_fs_read_json.readJson(filepath);
 	if (!isObject(raw)) throw new require_primordials_error.ErrorCtor(`external-tools.json: expected top-level object, got: ${typeof raw}`);
 	const tools = {};
 	for (const toolName of require_primordials_object.ObjectKeys(raw)) {
@@ -120,12 +120,12 @@ function tryParseFlavored(raw, toolName) {
 		const value = raw[key];
 		if (!isObject(value)) continue;
 		const rf = value;
-		if (!isObject(rf.checksums)) continue;
+		if (!isObject(rf.platforms)) continue;
 		if (typeof rf.repository !== "string") continue;
 		flavors[key] = {
 			repository: rf.repository,
 			binaryName: typeof rf.binaryName === "string" ? rf.binaryName : void 0,
-			checksums: parseChecksums(rf.checksums, `${toolName}.${key}`)
+			platforms: parsePlatforms(rf.platforms, `${toolName}.${key}`)
 		};
 	}
 	if (require_primordials_object.ObjectKeys(flavors).length === 0) return;
@@ -143,7 +143,7 @@ exports.getTool = getTool;
 exports.getToolFlavor = getToolFlavor;
 exports.isObject = isObject;
 exports.parseChecksum = parseChecksum;
-exports.parseChecksums = parseChecksums;
+exports.parsePlatforms = parsePlatforms;
 exports.parseToolEntry = parseToolEntry;
 exports.readExternalToolsManifest = readExternalToolsManifest;
 exports.tryParseFlavored = tryParseFlavored;

package/dist/external-tools/opengrep/asset-names.d.ts CHANGED Viewed

@@ -41,4 +41,4 @@ export interface OpengrepDownloadOptions {
  *
  * Reference: https://github.com/opengrep/opengrep/releases.
  */
-export declare function getOpengrepDownloadUrl(opts: OpengrepDownloadOptions): string | undefined;
+export declare function getOpengrepDownloadUrl(options: OpengrepDownloadOptions): string | undefined;

package/dist/external-tools/opengrep/asset-names.js CHANGED Viewed

@@ -53,8 +53,11 @@ function getOpengrepAssetEntry(platformArch) {
 *
 * Reference: https://github.com/opengrep/opengrep/releases.
 */
-function getOpengrepDownloadUrl(opts) {
-	const { platformArch, version } = opts;
+function getOpengrepDownloadUrl(options) {
+	const { platformArch, version } = {
+		__proto__: null,
+		...options
+	};
 	const entry = OPENGREP_ASSET_MAP[platformArch];
 	if (!entry) return;
 	return `https://github.com/opengrep/opengrep/releases/download/v${version}/` + entry.asset;

package/dist/external-tools/opengrep/from-download.d.ts CHANGED Viewed

@@ -14,4 +14,4 @@ export interface OpengrepFromDownloadOptions {
     cacheDir?: string | undefined;
     downloader?: BinaryDownloader | undefined;
 }
-export declare function opengrepFromDownload(opts: OpengrepFromDownloadOptions): Promise<ResolvedOpengrep | undefined>;
+export declare function opengrepFromDownload(options: OpengrepFromDownloadOptions): Promise<ResolvedOpengrep | undefined>;

package/dist/external-tools/opengrep/from-download.js CHANGED Viewed

@@ -17,8 +17,11 @@ node_path = require_runtime.__toESM(node_path);
 *   bare binaries (no extraction); Windows ships a zip. The asset-map's
 *   `isArchive` flag drives extraction vs. copy.
 */
-async function opengrepFromDownload(opts) {
-	const { cacheDir, downloader, integrity, platformArch, version } = opts;
+async function opengrepFromDownload(options) {
+	const { cacheDir, downloader, integrity, platformArch, version } = {
+		__proto__: null,
+		...options
+	};
 	const url = require_external_tools_opengrep_asset_names.getOpengrepDownloadUrl({
 		version,
 		platformArch

package/dist/external-tools/opengrep/from-vfs.js CHANGED Viewed

@@ -11,7 +11,7 @@ const require_smol_vfs = require('../../smol/vfs.js');
 */
 const OPENGREP_VFS_KEY = "opengrep";
 async function opengrepFromVfs() {
-	const vfs = /* @__PURE__ */ require_smol_vfs.getSmolVfs();
+	const vfs = require_smol_vfs.getSmolVfs();
 	if (!vfs) return;
 	/* c8 ignore start - smol Node binary only. */
 	if (!vfs.has("opengrep")) return;

package/dist/external-tools/opengrep/resolve.d.ts CHANGED Viewed

@@ -20,7 +20,7 @@ export interface ResolveOpengrepOptions {
         downloader?: BinaryDownloader | undefined;
     } | undefined;
 }
-export declare function cacheKey(opts: ResolveOpengrepOptions | undefined): string;
-export declare function doResolveOpengrep(opts?: ResolveOpengrepOptions | undefined): Promise<ResolvedOpengrep | undefined>;
+export declare function cacheKey(options: ResolveOpengrepOptions | undefined): string;
+export declare function doResolveOpengrep(options?: ResolveOpengrepOptions | undefined): Promise<ResolvedOpengrep | undefined>;
 export declare function resetOpengrepResolution(): void;
-export declare function resolveOpengrep(opts?: ResolveOpengrepOptions | undefined): Promise<ResolvedOpengrep | undefined>;
+export declare function resolveOpengrep(options?: ResolveOpengrepOptions | undefined): Promise<ResolvedOpengrep | undefined>;

package/dist/external-tools/opengrep/resolve.js CHANGED Viewed

@@ -18,30 +18,38 @@ const require_external_tools_opengrep_from_vfs = require('./from-vfs.js');
 *      per option-shape.
 */
 const resolutionCache = new require_primordials_map_set.MapCtor();
-function cacheKey(opts) {
-	if (!opts?.downloadIfMissing) return "local-only";
-	const { cacheDir, integrity, platformArch, version } = opts.downloadIfMissing;
+function cacheKey(options) {
+	options = {
+		__proto__: null,
+		...options
+	};
+	if (!options?.downloadIfMissing) return "local-only";
+	const { cacheDir, integrity, platformArch, version } = options.downloadIfMissing;
 	return `dl:${version}:${platformArch}:${typeof integrity === "string" ? integrity : integrity ? `${integrity.type}:${integrity.value}` : ""}:${cacheDir ?? ""}`;
 }
-async function doResolveOpengrep(opts) {
+async function doResolveOpengrep(options) {
+	options = {
+		__proto__: null,
+		...options
+	};
 	const fromVfs = await require_external_tools_opengrep_from_vfs.opengrepFromVfs();
 	/* c8 ignore start - smol Node binary only. */
 	if (fromVfs) return fromVfs;
 	/* c8 ignore stop */
 	const fromPath = await require_external_tools_opengrep_from_path.opengrepFromPath();
 	if (fromPath) return fromPath;
-	if (opts?.downloadIfMissing) return require_external_tools_opengrep_from_download.opengrepFromDownload(opts.downloadIfMissing);
+	if (options?.downloadIfMissing) return require_external_tools_opengrep_from_download.opengrepFromDownload(options.downloadIfMissing);
 }
 /* c8 ignore start - test-only escape hatch. */
 function resetOpengrepResolution() {
 	resolutionCache.clear();
 }
 /* c8 ignore stop */
-function resolveOpengrep(opts) {
-	const key = cacheKey(opts);
+function resolveOpengrep(options) {
+	const key = cacheKey(options);
 	let cached = resolutionCache.get(key);
 	if (!cached) {
-		cached = doResolveOpengrep(opts);
+		cached = doResolveOpengrep(options);
 		resolutionCache.set(key, cached);
 	}
 	return cached;

package/dist/external-tools/opengrep/types.d.ts CHANGED Viewed

@@ -20,5 +20,5 @@ export interface ResolvedOpengrep {
     /**
      * See {@link ResolvedToolIntegrity}.
      */
-    readonly integrity?: ResolvedToolIntegrity;
+    readonly integrity?: ResolvedToolIntegrity | undefined;
 }

package/dist/external-tools/python/asset-names.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * @file Python-build-standalone release asset mapping. Astral publishes
+ *   per-platform CPython archives under
+ *   https://github.com/astral-sh/python-build-standalone/releases/download/<tag>/.
+ *   Asset name shape: `cpython-<version>+<tag>-<triple>-install_only.tar.gz`.
+ *   The `install_only` flavor is a relocatable runtime (no build artifacts),
+ *   extracted one directory deep (`python/bin/python3`).
+ */
+/**
+ * Python-build-standalone default pin — the fleet-canonical CPython build,
+ * matching socket-cli's `bundle-tools.json`. Consumers that don't pass their
+ * own pin resolve against this. Bump it like any dependency (soak-aware), in
+ * lockstep with socket-cli (drift-watch). The `checksums` map is keyed by asset
+ * filename so the download tier verifies the exact tarball per platform.
+ */
+export declare const DEFAULT_PYTHON_PIN: Readonly<{
+    __proto__: null;
+    version: "3.11.14";
+    tag: "20260203";
+    checksums: Readonly<{
+        __proto__: null;
+        'cpython-3.11.14+20260203-aarch64-apple-darwin-install_only.tar.gz': "63e3352fefd3b6494f73f46f51c6581c57a7e0d98775e6e00229d14a67ec3ce9";
+        'cpython-3.11.14+20260203-aarch64-pc-windows-msvc-install_only.tar.gz': "cb7828c131a005da367f7dba3a561bed91619452de870e531ee03344b2ac346f";
+        'cpython-3.11.14+20260203-aarch64-unknown-linux-gnu-install_only.tar.gz': "7341a5a0acd65f2c7c7a228d8bafa6561d220ffed26293d6a02c15ae2ee86af5";
+        'cpython-3.11.14+20260203-aarch64-unknown-linux-musl-install_only.tar.gz': "f0e5988c108187b12eb4d53cbac33a499a8e38e1693104432e1faabbab14c664";
+        'cpython-3.11.14+20260203-x86_64-apple-darwin-install_only.tar.gz': "f3b63051a9b1ffb4f663d928ebaec4311435cb67f3bdfa5634953df93397f25e";
+        'cpython-3.11.14+20260203-x86_64-pc-windows-msvc-install_only.tar.gz': "d220beff465bdc97bf5874be8ffbf07278e5bdf9a064cab932b5d93b542e3e86";
+        'cpython-3.11.14+20260203-x86_64-unknown-linux-gnu-install_only.tar.gz': "67abde21b6e074b58c0f738f0c4802b23827a7d49707dcaf3ed4dadf572f3f37";
+        'cpython-3.11.14+20260203-x86_64-unknown-linux-musl-install_only.tar.gz': "290de5199a9647d4de4adcf13a79a7c59f060357853bf41fd6d1a69b4b5fd00c";
+    }>;
+}>;
+/**
+ * Resolve the current host to a python-build-standalone `platform-arch` key (a
+ * `PLATFORM_TRIPLES` key, e.g. `darwin-arm64`, `linux-x64-musl`, `win-x64`).
+ * Owns the python-build-standalone vocabulary end to end: Node's `win32`
+ * becomes `win`, and an Alpine host gets a `-musl` suffix so it resolves to the
+ * real musl triple (upstream ships both gnu and musl Linux builds). Returns
+ * `undefined` when the host platform/arch has no upstream prebuilt.
+ *
+ * Separate from `getJreArch` (jre/Adoptium vocabulary) and from the shared
+ * `getPlatformArch` — neither matches python-build-standalone's key set.
+ */
+export declare function getPythonArch(): string | undefined;
+export interface PythonAssetOptions {
+    /**
+     * CPython version, e.g. `3.11.14`.
+     */
+    readonly version: string;
+    /**
+     * Python-build-standalone release tag, e.g. `20260203`.
+     */
+    readonly tag: string;
+    /**
+     * Target `platform-arch`, e.g. `darwin-arm64`. Omit to auto-detect the
+     * current host via {@link getPythonArch}; pass an explicit value to resolve
+     * the asset for a different target (e.g. cross-platform packaging).
+     */
+    readonly arch?: string | undefined;
+}
+export interface PythonAsset {
+    /**
+     * Full asset filename:
+     * `cpython-<version>+<tag>-<triple>-install_only.tar.gz`.
+     */
+    readonly assetName: string;
+    /**
+     * Absolute download URL for the asset (with `+` percent-encoded as `%2B`).
+     */
+    readonly url: string;
+}
+/**
+ * Resolve the python-build-standalone download for a version + tag + platform.
+ * Returns the asset filename and URL, or `undefined` when the platform-arch has
+ * no upstream prebuilt.
+ */
+export declare function pythonAsset(options: PythonAssetOptions): PythonAsset | undefined;

package/dist/external-tools/python/asset-names.js ADDED Viewed

@@ -0,0 +1,111 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../../_virtual/_rolldown/runtime.js');
+const require_constants_platform = require('../../constants/platform.js');
+const require_primordials_object = require('../../primordials/object.js');
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/external-tools/python/asset-names.ts
+/**
+* @file Python-build-standalone release asset mapping. Astral publishes
+*   per-platform CPython archives under
+*   https://github.com/astral-sh/python-build-standalone/releases/download/<tag>/.
+*   Asset name shape: `cpython-<version>+<tag>-<triple>-install_only.tar.gz`.
+*   The `install_only` flavor is a relocatable runtime (no build artifacts),
+*   extracted one directory deep (`python/bin/python3`).
+*/
+const PLATFORM_TRIPLES = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	"darwin-arm64": "aarch64-apple-darwin",
+	"darwin-x64": "x86_64-apple-darwin",
+	"linux-arm64": "aarch64-unknown-linux-gnu",
+	"linux-arm64-musl": "aarch64-unknown-linux-musl",
+	"linux-x64": "x86_64-unknown-linux-gnu",
+	"linux-x64-musl": "x86_64-unknown-linux-musl",
+	"win-arm64": "aarch64-pc-windows-msvc",
+	"win-x64": "x86_64-pc-windows-msvc"
+});
+const NODE_PLATFORM_TO_PY = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	darwin: "darwin",
+	linux: "linux",
+	win32: "win"
+});
+const NODE_ARCH_TO_PY = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	arm64: "arm64",
+	x64: "x64"
+});
+const RELEASE_BASE = "https://github.com/astral-sh/python-build-standalone/releases/download";
+/**
+* Python-build-standalone default pin — the fleet-canonical CPython build,
+* matching socket-cli's `bundle-tools.json`. Consumers that don't pass their
+* own pin resolve against this. Bump it like any dependency (soak-aware), in
+* lockstep with socket-cli (drift-watch). The `checksums` map is keyed by asset
+* filename so the download tier verifies the exact tarball per platform.
+*/
+const DEFAULT_PYTHON_PIN = require_primordials_object.ObjectFreeze({
+	__proto__: null,
+	version: "3.11.14",
+	tag: "20260203",
+	checksums: require_primordials_object.ObjectFreeze({
+		__proto__: null,
+		"cpython-3.11.14+20260203-aarch64-apple-darwin-install_only.tar.gz": "63e3352fefd3b6494f73f46f51c6581c57a7e0d98775e6e00229d14a67ec3ce9",
+		"cpython-3.11.14+20260203-aarch64-pc-windows-msvc-install_only.tar.gz": "cb7828c131a005da367f7dba3a561bed91619452de870e531ee03344b2ac346f",
+		"cpython-3.11.14+20260203-aarch64-unknown-linux-gnu-install_only.tar.gz": "7341a5a0acd65f2c7c7a228d8bafa6561d220ffed26293d6a02c15ae2ee86af5",
+		"cpython-3.11.14+20260203-aarch64-unknown-linux-musl-install_only.tar.gz": "f0e5988c108187b12eb4d53cbac33a499a8e38e1693104432e1faabbab14c664",
+		"cpython-3.11.14+20260203-x86_64-apple-darwin-install_only.tar.gz": "f3b63051a9b1ffb4f663d928ebaec4311435cb67f3bdfa5634953df93397f25e",
+		"cpython-3.11.14+20260203-x86_64-pc-windows-msvc-install_only.tar.gz": "d220beff465bdc97bf5874be8ffbf07278e5bdf9a064cab932b5d93b542e3e86",
+		"cpython-3.11.14+20260203-x86_64-unknown-linux-gnu-install_only.tar.gz": "67abde21b6e074b58c0f738f0c4802b23827a7d49707dcaf3ed4dadf572f3f37",
+		"cpython-3.11.14+20260203-x86_64-unknown-linux-musl-install_only.tar.gz": "290de5199a9647d4de4adcf13a79a7c59f060357853bf41fd6d1a69b4b5fd00c"
+	})
+});
+/**
+* Resolve the current host to a python-build-standalone `platform-arch` key (a
+* `PLATFORM_TRIPLES` key, e.g. `darwin-arm64`, `linux-x64-musl`, `win-x64`).
+* Owns the python-build-standalone vocabulary end to end: Node's `win32`
+* becomes `win`, and an Alpine host gets a `-musl` suffix so it resolves to the
+* real musl triple (upstream ships both gnu and musl Linux builds). Returns
+* `undefined` when the host platform/arch has no upstream prebuilt.
+*
+* Separate from `getJreArch` (jre/Adoptium vocabulary) and from the shared
+* `getPlatformArch` — neither matches python-build-standalone's key set.
+*/
+function getPythonArch() {
+	/* c8 ignore start - depends on process.platform/arch + libc probe. */
+	const platform = NODE_PLATFORM_TO_PY[node_process.default.platform];
+	const arch = NODE_ARCH_TO_PY[node_process.default.arch];
+	if (!platform || !arch) return;
+	const key = `${platform}-${arch}${platform === "linux" && require_constants_platform.getLibc() === "musl" ? "-musl" : ""}`;
+	return PLATFORM_TRIPLES[key] ? key : void 0;
+	/* c8 ignore stop */
+}
+/**
+* Resolve the python-build-standalone download for a version + tag + platform.
+* Returns the asset filename and URL, or `undefined` when the platform-arch has
+* no upstream prebuilt.
+*/
+function pythonAsset(options) {
+	options = {
+		__proto__: null,
+		...options
+	};
+	const { tag, version } = {
+		__proto__: null,
+		...options
+	};
+	const arch = options.arch ?? getPythonArch();
+	const triple = arch ? PLATFORM_TRIPLES[arch] : void 0;
+	if (!triple) return;
+	return {
+		assetName: `cpython-${version}+${tag}-${triple}-install_only.tar.gz`,
+		url: `${RELEASE_BASE}/${tag}/cpython-${`${version}%2B${tag}`}-${triple}-install_only.tar.gz`
+	};
+}
+//#endregion
+exports.DEFAULT_PYTHON_PIN = DEFAULT_PYTHON_PIN;
+exports.getPythonArch = getPythonArch;
+exports.pythonAsset = pythonAsset;

package/dist/external-tools/python/dlx.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * @file One-call dlx convenience wrappers for python: resolve (or download) a
+ *   CPython into the known dlx location, then run a pip primitive against it —
+ *   so callers don't thread `pythonBin` by hand. Mirrors how `dlx/package.ts`'s
+ *   `dlxPackage` wraps `downloadNpmPackage`. The dlx Python path is
+ *   deterministic given the pin (`pythonCacheDir(version, tag, arch)` →
+ *   `~/.socket/_dlx/python/...`), so the wrapper resolves to that known
+ *   location and hands the interpreter path to the pip fn itself:
+ *
+ *   - `dlxPipInstall({ python, spec })` → `resolvePython` + `downloadPipPackage`
+ *   - `dlxPipPin({ python, spec })` → `resolvePython` + `resolvePipPackagePin`
+ *     The lower-level primitives (`downloadPipPackage`, `resolvePipPackagePin`)
+ *     keep `pythonBin` required — they're the interpreter-agnostic layer. Use
+ *     them directly when you already hold an interpreter path; use these
+ *     wrappers when you have a pin and want one call.
+ */
+import type { DownloadPipPackageResult } from './pip-install';
+import type { PipPackagePin } from './pin';
+import type { PythonBuildPin } from './types';
+export interface DlxPipOptions {
+    /**
+     * Python-build-standalone pin (version + tag + optional integrity). The dlx
+     * interpreter location is derived from this — that's why no `pythonBin` is
+     * needed. Omit `arch` to auto-detect the host.
+     */
+    readonly python: PythonBuildPin & {
+        readonly arch?: string | undefined;
+    };
+    /**
+     * Prefer the downloaded dlx CPython over any PATH interpreter. Default false:
+     * a PATH `python3` wins when present, the dlx build is the fallback. Pass
+     * `true` for an exact, reproducible interpreter regardless of host Python.
+     */
+    readonly preferDownload?: boolean | undefined;
+}
+export interface DlxPipInstallOptions extends DlxPipOptions {
+    /**
+     * Optional sha256 hash of the top-level artifact, forwarded to
+     * `downloadPipPackage` (pip `--require-hashes`).
+     */
+    readonly hash?: string | undefined;
+    /**
+     * Pip install spec: `<pkg>==<version>` or `git+https://<url>@<sha>`.
+     */
+    readonly spec: string;
+}
+export interface DlxPipPinOptions extends DlxPipOptions {
+    /**
+     * Pip spec to pin: `<pkg>==<version>` or `git+https://<url>@<sha>`.
+     */
+    readonly spec: string;
+}
+/**
+ * Thrown when the python pin can't be resolved to an interpreter (no PATH
+ * Python and the download tier missed — e.g. unsupported host arch).
+ */
+export declare class DlxPythonUnavailableError extends Error {
+    constructor(message: string, options?: {
+        cause?: unknown | undefined;
+    } | undefined);
+}
+/**
+ * Resolve (or download) the dlx CPython for `python`, then pip-install `spec`
+ * into a content-addressed dlx dir. One-call form of `resolvePython` +
+ * `downloadPipPackage`. The returned result includes the interpreter path used,
+ * so callers can run the tool: `spawn(pythonBin, ['-m', '<module>'], { env: {
+ * PYTHONPATH: packageDir } })`.
+ */
+export declare function dlxPipInstall(options: DlxPipInstallOptions): Promise<DownloadPipPackageResult & {
+    pythonBin: string;
+}>;
+/**
+ * Resolve (or download) the dlx CPython for `python`, then generate a
+ * hash-pinned closure for `spec`. One-call form of `resolvePython` +
+ * `resolvePipPackagePin`.
+ */
+export declare function dlxPipPin(options: DlxPipPinOptions): Promise<PipPackagePin & {
+    pythonBin: string;
+}>;
+export declare function resolveOrThrow(options: DlxPipOptions): Promise<string>;

package/dist/external-tools/python/dlx.js ADDED Viewed

@@ -0,0 +1,98 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_external_tools_python_pip_install = require('./pip-install.js');
+const require_external_tools_python_pin = require('./pin.js');
+const require_external_tools_python_resolve = require('./resolve.js');
+//#region src/external-tools/python/dlx.ts
+/**
+* @file One-call dlx convenience wrappers for python: resolve (or download) a
+*   CPython into the known dlx location, then run a pip primitive against it —
+*   so callers don't thread `pythonBin` by hand. Mirrors how `dlx/package.ts`'s
+*   `dlxPackage` wraps `downloadNpmPackage`. The dlx Python path is
+*   deterministic given the pin (`pythonCacheDir(version, tag, arch)` →
+*   `~/.socket/_dlx/python/...`), so the wrapper resolves to that known
+*   location and hands the interpreter path to the pip fn itself:
+*
+*   - `dlxPipInstall({ python, spec })` → `resolvePython` + `downloadPipPackage`
+*   - `dlxPipPin({ python, spec })` → `resolvePython` + `resolvePipPackagePin`
+*     The lower-level primitives (`downloadPipPackage`, `resolvePipPackagePin`)
+*     keep `pythonBin` required — they're the interpreter-agnostic layer. Use
+*     them directly when you already hold an interpreter path; use these
+*     wrappers when you have a pin and want one call.
+*/
+/**
+* Thrown when the python pin can't be resolved to an interpreter (no PATH
+* Python and the download tier missed — e.g. unsupported host arch).
+*/
+var DlxPythonUnavailableError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = "DlxPythonUnavailableError";
+	}
+};
+/**
+* Resolve (or download) the dlx CPython for `python`, then pip-install `spec`
+* into a content-addressed dlx dir. One-call form of `resolvePython` +
+* `downloadPipPackage`. The returned result includes the interpreter path used,
+* so callers can run the tool: `spawn(pythonBin, ['-m', '<module>'], { env: {
+* PYTHONPATH: packageDir } })`.
+*/
+async function dlxPipInstall(options) {
+	options = {
+		__proto__: null,
+		...options
+	};
+	const pythonBin = await resolveOrThrow(options);
+	return {
+		...await require_external_tools_python_pip_install.downloadPipPackage({
+			hash: options.hash,
+			pythonBin,
+			spec: options.spec
+		}),
+		pythonBin
+	};
+}
+/**
+* Resolve (or download) the dlx CPython for `python`, then generate a
+* hash-pinned closure for `spec`. One-call form of `resolvePython` +
+* `resolvePipPackagePin`.
+*/
+async function dlxPipPin(options) {
+	options = {
+		__proto__: null,
+		...options
+	};
+	const pythonBin = await resolveOrThrow(options);
+	return {
+		...await require_external_tools_python_pin.resolvePipPackagePin({
+			pythonBin,
+			spec: options.spec
+		}),
+		pythonBin
+	};
+}
+async function resolveOrThrow(options) {
+	const { preferDownload, python } = {
+		__proto__: null,
+		...options
+	};
+	const resolved = await require_external_tools_python_resolve.resolvePython({
+		preferDownload,
+		downloadIfMissing: {
+			arch: python.arch,
+			integrity: python.integrity,
+			tag: python.tag,
+			version: python.version
+		}
+	});
+	if (!resolved) throw new DlxPythonUnavailableError(`dlx python: could not resolve a CPython interpreter for ${python.version}+${python.tag} — no host python3 and the python-build-standalone download tier missed (unsupported host arch?)`);
+	return resolved.path;
+}
+//#endregion
+exports.DlxPythonUnavailableError = DlxPythonUnavailableError;
+exports.dlxPipInstall = dlxPipInstall;
+exports.dlxPipPin = dlxPipPin;
+exports.resolveOrThrow = resolveOrThrow;

package/dist/external-tools/python/from-download.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * @file `pythonFromDownload()` — fetches a python-build-standalone CPython into
+ *   the DLX cache and returns a `ResolvedPython` pointing at the interpreter.
+ *   The `install_only` tarball extracts to a `python/` subdirectory, so the
+ *   interpreter lands at `<extractedDir>/python/bin/python3` (or
+ *   `python/python.exe` on Windows) — no strip.
+ */
+import type { BinaryDownloader } from '../from-download';
+import type { HashSpec } from '../../integrity';
+import type { ResolvedPython } from './types';
+export interface PythonFromDownloadOptions {
+    /**
+     * CPython version, e.g. `3.11.14`.
+     */
+    version: string;
+    /**
+     * Python-build-standalone release tag, e.g. `20260203`.
+     */
+    tag: string;
+    /**
+     * Target `platform-arch`, e.g. `darwin-arm64`. Omit to auto-detect the
+     * current host via {@link getPythonArch}.
+     */
+    arch?: string | undefined;
+    /**
+     * Optional pinned integrity (hex SHA-256 or SRI) for the tarball.
+     */
+    integrity?: HashSpec | undefined;
+    /**
+     * Override the extraction directory. Defaults to
+     * `~/.socket/_dlx/python/<version>-<tag>-<arch>`.
+     */
+    cacheDir?: string | undefined;
+    /**
+     * Inject a custom downloader (tests / alternate cache). Defaults to dlx.
+     */
+    downloader?: BinaryDownloader | undefined;
+}
+/**
+ * Return the absolute path to the interpreter inside an extracted
+ * python-build-standalone tree. The layout follows the TARGET arch, not the
+ * host: a Windows target nests the interpreter at `python/python.exe`, every
+ * other target at `python/bin/python3`. Keying off `process.platform` would be
+ * wrong when cross-resolving (e.g. a Windows host downloading a linux-x64
+ * build). `arch` is a platform-arch key like `win-x64` / `linux-x64`; omit it
+ * to fall back to the host platform.
+ */
+export declare function pythonBinPath(extractedDir: string, arch?: string | undefined): string;
+/**
+ * Default DLX cache directory for a python build pin.
+ */
+export declare function pythonCacheDir(version: string, tag: string, arch: string): string;
+export declare function pythonFromDownload(options: PythonFromDownloadOptions): Promise<ResolvedPython | undefined>;