@socketsecurity/lib 6.0.6 → 6.0.8

package/dist/globs/types.d.ts

@@ -6,30 +6,30 @@
  */
 export type Pattern = string;
 export interface FastGlobOptions {
-    absolute?: boolean;
-    baseNameMatch?: boolean;
-    braceExpansion?: boolean;
-    caseSensitiveMatch?: boolean;
-    concurrency?: number;
-    cwd?: string;
-    deep?: number;
-    dot?: boolean;
-    extglob?: boolean;
-    followSymbolicLinks?: boolean;
-    fs?: unknown;
-    globstar?: boolean;
-    ignore?: string[];
-    ignoreFiles?: string[];
-    markDirectories?: boolean;
-    objectMode?: boolean;
-    onlyDirectories?: boolean;
-    onlyFiles?: boolean;
-    stats?: boolean;
-    suppressErrors?: boolean;
-    throwErrorOnBrokenSymbolicLink?: boolean;
-    unique?: boolean;
+    absolute?: boolean | undefined;
+    baseNameMatch?: boolean | undefined;
+    braceExpansion?: boolean | undefined;
+    caseSensitiveMatch?: boolean | undefined;
+    concurrency?: number | undefined;
+    cwd?: string | undefined;
+    deep?: number | undefined;
+    dot?: boolean | undefined;
+    extglob?: boolean | undefined;
+    followSymbolicLinks?: boolean | undefined;
+    fs?: unknown | undefined;
+    globstar?: boolean | undefined;
+    ignore?: string[] | undefined;
+    ignoreFiles?: string[] | undefined;
+    markDirectories?: boolean | undefined;
+    objectMode?: boolean | undefined;
+    onlyDirectories?: boolean | undefined;
+    onlyFiles?: boolean | undefined;
+    stats?: boolean | undefined;
+    suppressErrors?: boolean | undefined;
+    throwErrorOnBrokenSymbolicLink?: boolean | undefined;
+    unique?: boolean | undefined;
 }
 export interface GlobOptions extends FastGlobOptions {
-    ignoreOriginals?: boolean;
-    recursive?: boolean;
+    ignoreOriginals?: boolean | undefined;
+    recursive?: boolean | undefined;
 }

package/dist/http-request/_internal.d.ts

@@ -2,7 +2,7 @@
  * @file Private lazy loaders for the Node.js modules used by the
  *   `http-request/*` leaves. The `_` prefix keeps this module out of the
  *   generated package.json `exports` map (the `dist/**\/_*` ignore pattern in
- *   `scripts/fix/generate-package-exports.mts` filters it out), so it is not
+ *   `scripts/post-build/make-package-exports.mts` filters it out), so it is not
  *   part of the public surface — it exists only as a re-export shim so existing
  *   siblings keep working unchanged. New code should import the canonical
  *   helpers directly:

package/dist/http-request/browser.js

@@ -3,11 +3,13 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_error = require('../primordials/error.js');
 const require_primordials_math = require('../primordials/math.js');
+const require_primordials_string = require('../primordials/string.js');
 const require_primordials_array = require('../primordials/array.js');
 const require_primordials_date = require('../primordials/date.js');
 const require_primordials_json = require('../primordials/json.js');
 const require_primordials_promise = require('../primordials/promise.js');
-const require_http_request_browser_fetch = require('./browser-fetch.js');
+const require_http_request_fetch_browser = require('./fetch/browser.js');
+const require_primordials_headers = require('../primordials/headers.js');
 
 //#region src/http-request/browser.ts
 /**
@@ -74,6 +76,10 @@ function combineSignals(external, timeoutMs) {
 	};
 }
 async function attempt(url, options) {
+	options = {
+		__proto__: null,
+		...options
+	};
 	const method = options.method ?? "GET";
 	const init = { method };
 	if (options.headers) init.headers = options.headers;
@@ -89,7 +95,7 @@ async function attempt(url, options) {
 		timeout: options.timeout
 	});
 	try {
-		const response = await require_http_request_browser_fetch.doFetch(url, init);
+		const response = await require_http_request_fetch_browser.fetchResponse(url, init);
 		const buffer = await response.arrayBuffer();
 		if (options.maxResponseSize !== void 0 && buffer.byteLength > options.maxResponseSize) throw new require_primordials_error.ErrorCtor(`Response body (${buffer.byteLength} bytes) exceeds maxResponseSize (${options.maxResponseSize})`);
 		const body = new require_primordials_array.Uint8ArrayCtor(buffer);
@@ -136,8 +142,8 @@ function decodeText(bytes) {
 }
 function headersToRecord(headers) {
 	const out = {};
-	headers.forEach((value, key) => {
-		out[key.toLowerCase()] = value;
+	require_primordials_headers.HeadersPrototypeForEach(headers, (value, key) => {
+		out[require_primordials_string.StringPrototypeToLowerCase(key)] = value;
 	});
 	return out;
 }

package/dist/http-request/checksum-file.d.ts

@@ -0,0 +1,55 @@
+/**
+ * @file Checksum file fetching + parsing for download verification.
+ *   `parseChecksumFile` understands the three common text-file shapes:
+ *
+ *   - BSD style: `SHA256 (filename) = hash`
+ *   - GNU style: `hash filename` (two spaces)
+ *   - Simple: `hash filename` (single space) Comment lines (`#…`) and blank lines
+ *     are skipped. Each hex digest is converted to an SRI integrity string
+ *     (`sha256-<base64>=`) so callers always work in the same format as
+ *     `external-tools.json` and other integrity-string consumers.
+ *     `fetchChecksumFile` is the URL helper — fetches via `httpRequest` and
+ *     runs the body through `parseChecksumFile`.
+ */
+import type { ChecksumFile, FetchChecksumFileOptions } from './download-types';
+/**
+ * Fetch and parse a checksums file from a URL.
+ *
+ * Returns a map of filenames to SRI integrity strings (`sha256-<base64>=`).
+ * Feed `httpDownload({ sha256 })` by converting back to hex via
+ * `integrityToChecksum()`; pass the SRI string through verbatim to consumers
+ * that accept SRI directly.
+ *
+ * @example
+ *   ;```ts
+ *   import { integrityToChecksum } from '@socketsecurity/lib/integrity'
+ *
+ *   const sums = await fetchChecksumFile(
+ *     'https://github.com/org/repo/releases/download/v1.0.0/checksums.txt',
+ *   )
+ *   await httpDownload(url, '/tmp/tool.tar.gz', {
+ *     sha256: integrityToChecksum(sums['tool_linux.tar.gz']!),
+ *   })
+ *   ```
+ */
+export declare function fetchChecksumFile(url: string, options?: FetchChecksumFileOptions | undefined): Promise<ChecksumFile>;
+/**
+ * Parse a checksums file text into a filename-to-integrity map.
+ *
+ * Supports standard checksums file formats: - BSD style: `SHA256 (filename) =
+ * hash` - GNU style: `hash filename` (two spaces) - Simple style: `hash
+ * filename` (single space)
+ *
+ * Lines starting with `#` are treated as comments and ignored. Empty lines are
+ * ignored. Each 64-char hex digest is converted to an SRI integrity string so
+ * the result is uniform regardless of source format.
+ *
+ * @example
+ *   ;```ts
+ *   const sums = parseChecksumFile(
+ *     'e3b0c44...  file.zip\nSHA256 (other.tar.gz) = abc123...\n',
+ *   )
+ *   // sums['file.zip'] === 'sha256-47DEQpj8HBSa+/...'
+ *   ```
+ */
+export declare function parseChecksumFile(text: string): ChecksumFile;

package/dist/http-request/checksum-file.js

@@ -0,0 +1,95 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_error = require('../primordials/error.js');
+const require_integrity = require('../integrity.js');
+const require_primordials_string = require('../primordials/string.js');
+const require_http_request_request = require('./request.js');
+
+//#region src/http-request/checksum-file.ts
+/**
+* @file Checksum file fetching + parsing for download verification.
+*   `parseChecksumFile` understands the three common text-file shapes:
+*
+*   - BSD style: `SHA256 (filename) = hash`
+*   - GNU style: `hash filename` (two spaces)
+*   - Simple: `hash filename` (single space) Comment lines (`#…`) and blank lines
+*     are skipped. Each hex digest is converted to an SRI integrity string
+*     (`sha256-<base64>=`) so callers always work in the same format as
+*     `external-tools.json` and other integrity-string consumers.
+*     `fetchChecksumFile` is the URL helper — fetches via `httpRequest` and
+*     runs the body through `parseChecksumFile`.
+*/
+const CHECKSUM_BSD_RE = /^SHA256\s+\((.+)\)\s+=\s+([a-fA-F0-9]{64})$/;
+const CHECKSUM_GNU_RE = /^([a-fA-F0-9]{64})\s+(.+)$/;
+/**
+* Fetch and parse a checksums file from a URL.
+*
+* Returns a map of filenames to SRI integrity strings (`sha256-<base64>=`).
+* Feed `httpDownload({ sha256 })` by converting back to hex via
+* `integrityToChecksum()`; pass the SRI string through verbatim to consumers
+* that accept SRI directly.
+*
+* @example
+*   ;```ts
+*   import { integrityToChecksum } from '@socketsecurity/lib/integrity'
+*
+*   const sums = await fetchChecksumFile(
+*     'https://github.com/org/repo/releases/download/v1.0.0/checksums.txt',
+*   )
+*   await httpDownload(url, '/tmp/tool.tar.gz', {
+*     sha256: integrityToChecksum(sums['tool_linux.tar.gz']!),
+*   })
+*   ```
+*/
+async function fetchChecksumFile(url, options) {
+	const { ca, headers = {}, timeout = 3e4 } = {
+		__proto__: null,
+		...options
+	};
+	const response = await require_http_request_request.httpRequest(url, {
+		ca,
+		headers,
+		timeout
+	});
+	if (!response.ok) throw new require_primordials_error.ErrorCtor(`Failed to fetch checksums from ${url}: ${response.status} ${response.statusText}`);
+	return parseChecksumFile(response.body.toString("utf8"));
+}
+/**
+* Parse a checksums file text into a filename-to-integrity map.
+*
+* Supports standard checksums file formats: - BSD style: `SHA256 (filename) =
+* hash` - GNU style: `hash filename` (two spaces) - Simple style: `hash
+* filename` (single space)
+*
+* Lines starting with `#` are treated as comments and ignored. Empty lines are
+* ignored. Each 64-char hex digest is converted to an SRI integrity string so
+* the result is uniform regardless of source format.
+*
+* @example
+*   ;```ts
+*   const sums = parseChecksumFile(
+*     'e3b0c44...  file.zip\nSHA256 (other.tar.gz) = abc123...\n',
+*   )
+*   // sums['file.zip'] === 'sha256-47DEQpj8HBSa+/...'
+*   ```
+*/
+function parseChecksumFile(text) {
+	const result = { __proto__: null };
+	for (const line of require_primordials_string.StringPrototypeSplit(text, "\n")) {
+		const trimmed = line.trim();
+		if (!trimmed || require_primordials_string.StringPrototypeStartsWith(trimmed, "#")) continue;
+		const bsdMatch = CHECKSUM_BSD_RE.exec(trimmed);
+		if (bsdMatch) {
+			result[bsdMatch[1]] = require_integrity.checksumToIntegrity(bsdMatch[2].toLowerCase());
+			continue;
+		}
+		const gnuMatch = CHECKSUM_GNU_RE.exec(trimmed);
+		if (gnuMatch) result[gnuMatch[2]] = require_integrity.checksumToIntegrity(gnuMatch[1].toLowerCase());
+	}
+	return result;
+}
+
+//#endregion
+exports.fetchChecksumFile = fetchChecksumFile;
+exports.parseChecksumFile = parseChecksumFile;

package/dist/http-request/download-types.d.ts

@@ -3,7 +3,7 @@
  *   `http-request/types.ts` for size hygiene.
  *
  *   - `HttpDownloadOptions` / `HttpDownloadResult` — file-download surface
- *   - `Checksums` / `FetchChecksumsOptions` — checksum-file helpers
+ *   - `ChecksumFile` / `FetchChecksumFileOptions` — checksum-file helpers
  */
 import type { IncomingHttpHeaders } from 'node:http';
 import type { Logger } from '../logger/node';
@@ -136,23 +136,14 @@ export interface HttpDownloadOptions {
      * fail if the computed hash doesn't match. The hash should be a lowercase hex
      * string (64 characters).
      *
-     * Use `fetchChecksums()` to fetch hashes from a checksums URL, then pass the
-     * specific hash here.
+     * Pair with `fetchChecksumFile()` + `integrityToChecksum()` when working from
+     * a checksums URL, since `fetchChecksumFile()` returns SRI strings.
      *
      * @example
      *   ;```ts
-     *   // Verify download integrity with direct hash
+     *   // Verify download with a sha256 hex digest
      *   await httpDownload('https://example.com/file.zip', '/tmp/file.zip', {
-     *     sha256:
-     *       'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
-     *   })
-     *
-     *   // Verify using checksums from a URL
-     *   const checksums = await fetchChecksums(
-     *     'https://example.com/checksums.txt',
-     *   )
-     *   await httpDownload('https://example.com/file.zip', '/tmp/file.zip', {
-     *     sha256: checksums['file.zip'],
+     *     sha256: 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
      *   })
      *   ```
      */
@@ -189,23 +180,24 @@ export interface HttpDownloadResult {
     statusText: string;
 }
 /**
- * Map of filenames to their SHA256 hashes. Keys are filenames (not paths),
- * values are lowercase hex-encoded SHA256 hashes.
+ * Map of filenames to SRI integrity strings (`sha256-<base64>=`). Returned by
+ * `parseChecksumFile` / `fetchChecksumFile`. Pass through
+ * `integrityToChecksum()` to feed `httpDownload({ sha256 })`, or pass the SRI
+ * string directly to consumers that accept SRI.
  *
  * @example
  *   ;```ts
- *   const checksums: Checksums = {
- *     'file.zip':
- *       'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
- *     'other.tar.gz': 'abc123...',
+ *   const sums: ChecksumFile = {
+ *     'file.zip': 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+ *     'other.tar.gz': 'sha256-...',
  *   }
  *   ```
  */
-export type Checksums = Record<string, string>;
+export type ChecksumFile = Record<string, string>;
 /**
- * Options for fetching checksums from a URL.
+ * Options for fetching a checksum file from a URL.
  */
-export interface FetchChecksumsOptions {
+export interface FetchChecksumFileOptions {
     /**
      * Custom CA certificates for TLS connections. See `HttpRequestOptions.ca` for
      * details.

package/dist/http-request/download.js

@@ -98,8 +98,8 @@ async function httpDownload(url, destPath, options) {
 		};
 	}
 	/* c8 ignore stop */
-	const crypto = /* @__PURE__ */ require_node_crypto.getNodeCrypto();
-	const fs = /* @__PURE__ */ require_node_fs.getNodeFs();
+	const crypto = require_node_crypto.getNodeCrypto();
+	const fs = require_node_fs.getNodeFs();
 	const tempPath = `${destPath}.${crypto.randomBytes(6).toString("hex")}.download`;
 	if (fs.existsSync(tempPath)) await require_fs_safe.safeDelete(tempPath);
 	let lastError;
@@ -155,7 +155,7 @@ async function httpDownloadAttempt(url, destPath, options) {
 	const res = response.rawResponse;
 	/* c8 ignore next 3 */
 	if (!res) throw new require_primordials_error.ErrorCtor("Stream response missing rawResponse");
-	const { createWriteStream } = /* @__PURE__ */ require_node_fs.getNodeFs();
+	const { createWriteStream } = require_node_fs.getNodeFs();
 	const totalSize = require_primordials_number.NumberParseInt(response.headers["content-length"] || "0", 10);
 	return await new require_primordials_promise.PromiseCtor((resolve, reject) => {
 		let downloadedSize = 0;

package/dist/http-request/{browser-fetch.d.ts → fetch/browser.d.ts}

@@ -1,10 +1,10 @@
 /**
  * @file Thin wrapper over the global `fetch()` so tests can mock the network
- *   layer via `vi.mock('@socketsecurity/lib/http-request/browser-fetch')`
+ *   layer via `vi.mock('@socketsecurity/lib/http-request/fetch/browser')`
  *   without monkey-patching `globalThis.fetch` (which conflicts with the
  *   project's nock-based test setup). The wrapper itself is `c8 ignore`-marked
  *   because the body is a single uncoverable fetch call; coverage credit is
  *   preserved by the wider test suite that mocks this module and asserts the
  *   call shape.
  */
-export declare function doFetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
+export declare function fetchResponse(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;

package/dist/http-request/{browser-fetch.js → fetch/browser.js}

@@ -2,10 +2,10 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-//#region src/http-request/browser-fetch.ts
+//#region src/http-request/fetch/browser.ts
 /**
 * @file Thin wrapper over the global `fetch()` so tests can mock the network
-*   layer via `vi.mock('@socketsecurity/lib/http-request/browser-fetch')`
+*   layer via `vi.mock('@socketsecurity/lib/http-request/fetch/browser')`
 *   without monkey-patching `globalThis.fetch` (which conflicts with the
 *   project's nock-based test setup). The wrapper itself is `c8 ignore`-marked
 *   because the body is a single uncoverable fetch call; coverage credit is
@@ -13,10 +13,10 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 *   call shape.
 */
 /* c8 ignore start - native fetch call; tests mock this module wholesale */
-function doFetch(input, init) {
+function fetchResponse(input, init) {
 	return fetch(input, init);
 }
 /* c8 ignore stop */
 
 //#endregion
-exports.doFetch = doFetch;
+exports.fetchResponse = fetchResponse;

package/dist/http-request/headers.js

@@ -2,9 +2,9 @@
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_number = require('../primordials/number.js');
+const require_primordials_object = require('../primordials/object.js');
 const require_primordials_array = require('../primordials/array.js');
 const require_primordials_date = require('../primordials/date.js');
-const require_primordials_object = require('../primordials/object.js');
 const require_primordials_globals = require('../primordials/globals.js');
 
 //#region src/http-request/headers.ts
@@ -37,7 +37,6 @@ const RETRY_AFTER_INT_RE = /^\d+$/;
 *
 * @returns The `Authorization` header value, e.g. `Basic <base64>`.
 */
-/*@__NO_SIDE_EFFECTS__*/
 function basicAuthHeader(token) {
 	return `Basic ${require_primordials_globals.btoa(`${token}:`)}`;
 }

package/dist/http-request/request-attempt.js

@@ -1,15 +1,17 @@
 "use strict";
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_buffer = require('../primordials/buffer.js');
 const require_primordials_error = require('../primordials/error.js');
-const require_primordials_date = require('../primordials/date.js');
 const require_primordials_object = require('../primordials/object.js');
+const require_primordials_date = require('../primordials/date.js');
 const require_primordials_json = require('../primordials/json.js');
 const require_primordials_promise = require('../primordials/promise.js');
+const require_primordials_url = require('../primordials/url.js');
 const require_node_http = require('../node/http.js');
 const require_node_https = require('../node/https.js');
-const require_primordials_url = require('../primordials/url.js');
 const require_http_request_errors = require('./errors.js');
+const require_http_request_response_reader = require('./response-reader.js');
 const require_http_request_user_agent = require('./user-agent.js');
 
 //#region src/http-request/request-attempt.ts
@@ -70,7 +72,7 @@ async function httpRequestAttempt(url, options) {
 		};
 		const parsedUrl = new require_primordials_url.URLCtor(url);
 		const isHttps = parsedUrl.protocol === "https:";
-		const httpModule = isHttps ? /* @__PURE__ */ require_node_https.getNodeHttps() : /* @__PURE__ */ require_node_http.getNodeHttp();
+		const httpModule = isHttps ? require_node_https.getNodeHttps() : require_node_http.getNodeHttp();
 		const requestOptions = {
 			headers: mergedHeaders,
 			hostname: parsedUrl.hostname,
@@ -106,15 +108,15 @@ async function httpRequestAttempt(url, options) {
 					reject(new require_primordials_error.ErrorCtor(`Too many redirects (exceeded maximum: ${maxRedirects})`));
 					return;
 				}
-				const redirectUrl = res.headers.location.startsWith("http") ? res.headers.location : new URL(res.headers.location, url).toString();
-				const redirectParsed = new URL(redirectUrl);
+				const redirectUrl = res.headers.location.startsWith("http") ? res.headers.location : new require_primordials_url.URLCtor(res.headers.location, url).toString();
+				const redirectParsed = new require_primordials_url.URLCtor(redirectUrl);
 				if (isHttps && redirectParsed.protocol !== "https:") {
 					settled = true;
 					reject(new require_primordials_error.ErrorCtor(`Redirect from HTTPS to HTTP is not allowed: ${redirectUrl}`));
 					return;
 				}
 				let redirectHeaders = headers;
-				if (new URL(url).origin !== redirectParsed.origin) {
+				if (new require_primordials_url.URLCtor(url).origin !== redirectParsed.origin) {
 					redirectHeaders = { __proto__: null };
 					const stripped = new Set([
 						"authorization",
@@ -148,7 +150,7 @@ async function httpRequestAttempt(url, options) {
 					status,
 					statusText
 				});
-				const emptyBody = Buffer.alloc(0);
+				const emptyBody = require_primordials_buffer.BufferAlloc(0);
 				resolveOnce({
 					arrayBuffer: () => emptyBody.buffer,
 					body: emptyBody,
@@ -178,31 +180,33 @@ async function httpRequestAttempt(url, options) {
 			});
 			res.on("end", () => {
 				if (settled) return;
-				const responseBody = Buffer.concat(chunks);
-				const ok = res.statusCode !== void 0 && res.statusCode >= 200 && res.statusCode < 300;
-				const response = {
-					arrayBuffer() {
-						return responseBody.buffer.slice(responseBody.byteOffset, responseBody.byteOffset + responseBody.byteLength);
-					},
-					body: responseBody,
-					headers: res.headers,
-					json() {
-						return require_primordials_json.JSONParse(responseBody.toString("utf8"));
-					},
-					ok,
-					rawResponse: res,
-					status: res.statusCode || 0,
-					statusText: res.statusMessage || "",
-					text() {
-						return responseBody.toString("utf8");
-					}
-				};
-				emitResponse({
-					headers: res.headers,
-					status: res.statusCode,
-					statusText: res.statusMessage
+				const rawBody = require_primordials_buffer.BufferConcat(chunks);
+				require_http_request_response_reader.decodeBody(rawBody, res.headers["content-encoding"]).catch(() => rawBody).then((responseBody) => {
+					const ok = res.statusCode !== void 0 && res.statusCode >= 200 && res.statusCode < 300;
+					const response = {
+						arrayBuffer() {
+							return responseBody.buffer.slice(responseBody.byteOffset, responseBody.byteOffset + responseBody.byteLength);
+						},
+						body: responseBody,
+						headers: res.headers,
+						json() {
+							return require_primordials_json.JSONParse(responseBody.toString("utf8"));
+						},
+						ok,
+						rawResponse: res,
+						status: res.statusCode || 0,
+						statusText: res.statusMessage || "",
+						text() {
+							return responseBody.toString("utf8");
+						}
+					};
+					emitResponse({
+						headers: res.headers,
+						status: res.statusCode,
+						statusText: res.statusMessage
+					});
+					resolveOnce(response);
 				});
-				resolveOnce(response);
 			});
 			res.on("error", (error) => {
 				rejectOnce(error);
@@ -217,12 +221,12 @@ async function httpRequestAttempt(url, options) {
 		});
 		if (body) {
 			if (typeof body === "object" && typeof body.pipe === "function") {
-				const stream = body;
-				stream.on("error", (err) => {
+				const bodyStream = body;
+				bodyStream.on("error", (err) => {
 					request.destroy();
 					rejectOnce(err);
 				});
-				stream.pipe(request);
+				bodyStream.pipe(request);
 				return;
 			}
 			request.write(body);

package/dist/http-request/request-types.d.ts

@@ -8,7 +8,7 @@
  *     observability
  *   - `HttpRequestOptions` — the main request configuration interface
  */
-import type { IncomingMessage } from 'node:http';
+import type { IncomingHttpHeaders, IncomingMessage } from 'node:http';
 import type { Readable } from 'node:stream';
 /**
  * IncomingMessage received as a response to a client request (http.request
@@ -35,7 +35,7 @@ export interface HttpHookRequestInfo {
 export interface HttpHookResponseInfo {
     duration: number;
     error?: Error | undefined;
-    headers?: import('node:http').IncomingHttpHeaders | undefined;
+    headers?: IncomingHttpHeaders | undefined;
     method: string;
     status?: number | undefined;
     statusText?: string | undefined;

package/dist/http-request/request.js

@@ -4,9 +4,9 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_primordials_error = require('../primordials/error.js');
 const require_primordials_math = require('../primordials/math.js');
 const require_primordials_number = require('../primordials/number.js');
+const require_http_request_response_reader = require('./response-reader.js');
 const require_http_request_request_attempt = require('./request-attempt.js');
 const require_http_request_response_types = require('./response-types.js');
-const require_http_request_response_reader = require('./response-reader.js');
 let node_timers_promises = require("node:timers/promises");
 
 //#region src/http-request/request.ts

package/dist/http-request/user-agent.js

@@ -4,7 +4,7 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const require_runtime = require('../_virtual/_rolldown/runtime.js');
 const require_env_rewire = require('../env/rewire.js');
 const require_constants_socket = require('../constants/socket.js');
-const require_packages_operations = require('../packages/operations.js');
+const require_packages_specs = require('../packages/specs.js');
 let node_process = require("node:process");
 node_process = require_runtime.__toESM(node_process);
 
@@ -38,9 +38,8 @@ node_process = require_runtime.__toESM(node_process);
 *   // 'sdxgen/0.5.0 node/v22.10.0 darwin/arm64 embedded-by-foo/1'
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function buildUserAgent(pkg, caller) {
-	const base = `${/* @__PURE__ */ require_packages_operations.pkgNameToSlug(pkg.name)}/${pkg.version} node/${node_process.default.version} ${node_process.default.platform}/${node_process.default.arch}`;
+	const base = `${require_packages_specs.pkgNameToSlug(pkg.name)}/${pkg.version} node/${node_process.default.version} ${node_process.default.platform}/${node_process.default.arch}`;
 	return caller ? `${base} ${caller}` : base;
 }
 let cachedBaseUserAgent;
@@ -66,12 +65,12 @@ let cachedBaseUserAgent;
 *   ```
 */
 function getSocketCallerUserAgent() {
-	if (cachedBaseUserAgent === void 0) cachedBaseUserAgent = /* @__PURE__ */ buildUserAgent({
+	if (cachedBaseUserAgent === void 0) cachedBaseUserAgent = buildUserAgent({
 		name: require_constants_socket.SOCKET_LIB_NAME,
 		version: require_constants_socket.SOCKET_LIB_VERSION
 	});
 	const caller = require_env_rewire.getEnvValue("SOCKET_CALLER_USER_AGENT");
-	return caller && caller.trim() ? `${cachedBaseUserAgent} ${caller}` : cachedBaseUserAgent;
+	return caller?.trim() ? `${cachedBaseUserAgent} ${caller}` : cachedBaseUserAgent;
 }
 
 //#endregion