npm - @socketsecurity/lib - Versions diffs - 6.0.6 → 6.0.8 - Mend

@socketsecurity/lib 6.0.6 → 6.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/CHANGELOG.md +46 -1
package/README.md +1 -1
package/dist/ai/agent-context.d.mts +103 -0
package/dist/ai/agent-context.js +157 -0
package/dist/ai/backends.d.mts +83 -0
package/dist/ai/backends.js +173 -0
package/dist/ai/credentials.d.mts +49 -0
package/dist/ai/credentials.js +82 -0
package/dist/ai/discover.d.mts +6 -2
package/dist/ai/discover.js +4 -3
package/dist/ai/exec.d.mts +52 -0
package/dist/ai/exec.js +92 -0
package/dist/ai/http.d.mts +132 -0
package/dist/ai/http.js +130 -0
package/dist/ai/profiles.d.mts +41 -6
package/dist/ai/profiles.js +52 -10
package/dist/ai/route.d.mts +69 -0
package/dist/ai/route.js +156 -0
package/dist/ai/spawn.d.mts +10 -2
package/dist/ai/spawn.js +56 -31
package/dist/ai/subagent-status.d.mts +48 -0
package/dist/ai/subagent-status.js +57 -0
package/dist/ai/tier.d.mts +60 -0
package/dist/ai/tier.js +53 -0
package/dist/ai/types.d.mts +31 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +5 -1
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +7 -7
package/dist/archives/zip.js +5 -7
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +20 -3
package/dist/argv/parse.js +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +47 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +17 -17
package/dist/bin/prim.cjs +36175 -35861
package/dist/bin/resolve.js +13 -14
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +6 -6
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +18 -13
package/dist/{bin → cli}/check-primordials.js +58 -55
package/dist/{bin → cli}/check.js +3 -3
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +18 -18
package/dist/compression/brotli.d.ts +26 -27
package/dist/compression/brotli.js +39 -35
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +46 -42
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.d.ts +3 -0
package/dist/constants/packages.js +24 -29
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.d.ts +2 -6
package/dist/constants/socket.js +12 -14
package/dist/cover/code.js +10 -10
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +30 -2
package/dist/crypto/hash.js +47 -13
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +3 -4
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +18 -8
package/dist/dlx/binary-cache.js +15 -15
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +11 -11
package/dist/dlx/binary-resolution.js +17 -15
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +42 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +9 -1
package/dist/dlx/firewall.js +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +19 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +20 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +2 -3
package/dist/eco/cargo/parse-lockfile.js +5 -5
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +5 -5
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +17 -18
package/dist/eco/npm/npm/parse-lockfile.js +4 -4
package/dist/eco/npm/parse-package-json.d.ts +11 -0
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +6 -4
package/dist/eco/npm/pnpm/parse-lockfile.js +7 -7
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +4 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +3 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +9 -9
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/proxy.js +1 -1
package/dist/env/rewire.d.ts +8 -6
package/dist/env/rewire.js +16 -17
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +8 -109
package/dist/env/socket.js +22 -167
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/errors/predicates.js +1 -1
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@npmcli/promise-spawn.js +3 -1
package/dist/external/npm-pack.js +2 -2
package/dist/external/pico-pack.js +4 -2
package/dist/external/which.js +3 -1
package/dist/external-tools/bazel/asset-names.d.ts +1 -1
package/dist/external-tools/bazel/asset-names.js +5 -2
package/dist/external-tools/bazel/from-download.d.ts +1 -1
package/dist/external-tools/bazel/from-download.js +5 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve-bazel-version.js +4 -0
package/dist/external-tools/bazel/resolve.d.ts +3 -3
package/dist/external-tools/bazel/resolve.js +16 -8
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.js +5 -2
package/dist/external-tools/cdxgen/from-download.d.ts +1 -1
package/dist/external-tools/cdxgen/from-download.js +7 -4
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.d.ts +3 -3
package/dist/external-tools/cdxgen/resolve.js +16 -8
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +3 -3
package/dist/external-tools/from-download.js +12 -6
package/dist/external-tools/from-pip-venv.d.ts +1 -1
package/dist/external-tools/from-pip-venv.js +12 -5
package/dist/external-tools/janus/asset-names.d.ts +1 -1
package/dist/external-tools/janus/asset-names.js +5 -2
package/dist/external-tools/janus/from-download.d.ts +1 -1
package/dist/external-tools/janus/from-download.js +5 -2
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.d.ts +3 -3
package/dist/external-tools/janus/resolve.js +16 -8
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/asset-names.d.ts +1 -1
package/dist/external-tools/jre/asset-names.js +5 -2
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.d.ts +1 -1
package/dist/external-tools/jre/from-download.js +7 -4
package/dist/external-tools/jre/from-java-home.js +2 -2
package/dist/external-tools/jre/from-vfs.js +3 -3
package/dist/external-tools/jre/resolve.d.ts +3 -3
package/dist/external-tools/jre/resolve.js +16 -8
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +25 -7
package/dist/external-tools/manifest.js +13 -13
package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
package/dist/external-tools/opengrep/asset-names.js +5 -2
package/dist/external-tools/opengrep/from-download.d.ts +1 -1
package/dist/external-tools/opengrep/from-download.js +5 -2
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.d.ts +3 -3
package/dist/external-tools/opengrep/resolve.js +16 -8
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +111 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +98 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +75 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +176 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +142 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +66 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/asset-names.d.ts +1 -1
package/dist/external-tools/sbt/asset-names.js +5 -2
package/dist/external-tools/sbt/from-download.d.ts +1 -1
package/dist/external-tools/sbt/from-download.js +5 -2
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.d.ts +3 -3
package/dist/external-tools/sbt/resolve.js +16 -8
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.js +10 -3
package/dist/external-tools/skillspector/from-path.js +3 -5
package/dist/external-tools/skillspector/from-vfs.js +1 -1
package/dist/external-tools/skillspector/resolve.d.ts +2 -2
package/dist/external-tools/skillspector/resolve.js +14 -6
package/dist/external-tools/synp/asset-names.d.ts +1 -1
package/dist/external-tools/synp/asset-names.js +6 -2
package/dist/external-tools/synp/from-download.d.ts +1 -1
package/dist/external-tools/synp/from-download.js +7 -4
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.d.ts +3 -3
package/dist/external-tools/synp/resolve.js +16 -8
package/dist/external-tools/trivy/asset-names.d.ts +1 -1
package/dist/external-tools/trivy/asset-names.js +5 -2
package/dist/external-tools/trivy/from-download.d.ts +1 -1
package/dist/external-tools/trivy/from-download.js +7 -4
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.d.ts +3 -3
package/dist/external-tools/trivy/resolve.js +16 -8
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.js +5 -2
package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
package/dist/external-tools/trufflehog/from-download.js +7 -4
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.d.ts +3 -3
package/dist/external-tools/trufflehog/resolve.js +16 -8
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/allowed-dirs-cache.d.ts +47 -0
package/dist/fs/allowed-dirs-cache.js +69 -0
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +12 -14
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +13 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +7 -3
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +13 -14
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +11 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +5 -7
package/dist/git/staged.js +12 -4
package/dist/git/tracked.d.ts +84 -0
package/dist/git/tracked.js +163 -0
package/dist/git/unstaged.js +12 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-graphql.js +4 -0
package/dist/github/refs-rest.js +9 -5
package/dist/github/refs.js +15 -10
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +8 -10
package/dist/globs/match.js +13 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +16 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +10 -4
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +3 -3
package/dist/http-request/{browser-fetch.d.ts → fetch/browser.d.ts} +2 -2
package/dist/http-request/{browser-fetch.js → fetch/browser.js} +4 -4
package/dist/http-request/headers.js +1 -2
package/dist/http-request/request-attempt.js +38 -34
package/dist/http-request/request-types.d.ts +2 -2
package/dist/http-request/request.js +1 -1
package/dist/http-request/user-agent.js +4 -5
package/dist/integrity.d.ts +92 -18
package/dist/integrity.js +125 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +51 -44
package/dist/json/format.js +1 -1
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +144 -0
package/dist/native-messaging/rate-limit.d.ts +69 -0
package/dist/native-messaging/rate-limit.js +119 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.d.ts +22 -6
package/dist/node/fs.js +17 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.d.ts +10 -2
package/dist/node/os.js +12 -4
package/dist/node/path.d.ts +11 -2
package/dist/node/path.js +18 -4
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +6 -8
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +4 -5
package/dist/objects/predicates.js +1 -5
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.d.ts +2 -3
package/dist/packages/edit-class.js +53 -48
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +15 -21
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +18 -18
package/dist/packages/manifest.js +16 -19
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +6 -10
package/dist/packages/provenance.js +17 -19
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +75 -12
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +81 -0
package/dist/packages/types.d.ts +22 -22
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/dirnames.d.ts +1 -0
package/dist/paths/dirnames.js +2 -0
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +4 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +17 -25
package/dist/paths/rewire.d.ts +5 -0
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.d.ts +74 -111
package/dist/paths/socket.js +106 -139
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/process.d.ts +88 -0
package/dist/primordials/process.js +132 -0
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.d.ts +1 -2
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +20 -14
package/dist/process/spawn/errors.js +3 -5
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +11 -15
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/regexps/spec.js +1 -1
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +3 -3
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +12 -4
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +4 -5
package/dist/schema/validate.js +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +2 -2
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/find.d.ts +2 -2
package/dist/secrets/find.js +10 -4
package/dist/secrets/keychain.d.ts +1 -1
package/dist/secrets/keychain.js +6 -4
package/dist/secrets/linux.js +40 -52
package/dist/secrets/macos.d.ts +2 -3
package/dist/secrets/macos.js +24 -33
package/dist/secrets/rc.d.ts +4 -4
package/dist/secrets/rc.js +27 -17
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +26 -9
package/dist/secrets/windows.js +32 -37
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +32 -0
package/dist/shell/parse.js +60 -0
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +105 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +8 -5
package/dist/spinner/spinner.js +19 -706
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +10 -6
package/dist/stdio/prompts.d.ts +7 -5
package/dist/stdio/prompts.js +7 -8
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +1 -1
package/dist/temporal/slots.js +6 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/assert-safe.d.ts +29 -0
package/dist/url/assert-safe.js +54 -0
package/dist/url/parse.js +0 -2
package/dist/url/predicates.d.ts +31 -1
package/dist/url/predicates.js +43 -3
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +9 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.js +15 -5
package/package.json +419 -216
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -53
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/fs/path-cache.d.ts +0 -21
package/dist/fs/path-cache.js +0 -34
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/logger/symbols.js CHANGED Viewed

@@ -22,74 +22,15 @@ src_external__socketregistry_is_unicode_supported = require_runtime.__toESM(src_
 *   are configured) and re-renders whenever `setTheme()` fires
 *   `onThemeChange`.
 */
-let _consoleSymbols;
-let _kGroupIndentationWidthSymbol;
-/**
-* Lazily get console symbols on first access.
-*
-* Deferred to avoid accessing global console during early Node.js bootstrap
-* before stdout is ready.
-*/
-function getConsoleSymbols() {
-	/* c8 ignore start */
-	if (_consoleSymbols === void 0) _consoleSymbols = require_primordials_object.ObjectGetOwnPropertySymbols(require_logger__internal.globalConsole);
-	/* c8 ignore stop */
-	return _consoleSymbols;
-}
-/**
-* Lazily get kGroupIndentationWidth symbol on first access.
-*/
-function getKGroupIndentationWidthSymbol() {
-	/* c8 ignore next - Lazy-init second-call branch; module-singleton. */
-	if (_kGroupIndentationWidthSymbol === void 0) _kGroupIndentationWidthSymbol = getConsoleSymbols().find((s) => s.label === "kGroupIndentWidth") ?? Symbol("kGroupIndentWidth");
-	return _kGroupIndentationWidthSymbol;
-}
-/**
-* Symbol for incrementing the internal log call counter.
-*
-* This is an internal symbol used to track the number of times logging methods
-* have been called on a logger instance.
-*/
-const incLogCallCountSymbol = Symbol.for("logger.logCallCount++");
-/**
-* Symbol for tracking whether the last logged line was blank.
-*
-* This is used internally to prevent multiple consecutive blank lines and to
-* determine whether to add spacing before certain messages.
-*/
-const lastWasBlankSymbol = Symbol.for("logger.lastWasBlank");
-/**
-* Log symbols for terminal output with colored indicators.
-*
-* Provides colored Unicode symbols (✖, ℹ, ∴, →, ✔, ⚠) with ASCII fallbacks (×,
-* i, :., >, √, ‼) for terminals that don't support Unicode. Symbols are colored
-* according to the active theme's color palette (error, info, reason, step,
-* success, warning).
-*
-* The symbols are lazily initialized on first access and automatically update
-* when the fallback theme changes (via setTheme()). Note that LOG_SYMBOLS
-* reflect the global fallback theme, not async-local theme contexts from
-* withTheme().
-*
-* @example
-*   ```typescript
-*   import { LOG_SYMBOLS } from '@socketsecurity/lib/logger/symbols'
-*
-*   console.log(`${LOG_SYMBOLS.fail} Build failed`) // Theme error color ✖
-*   console.log(`${LOG_SYMBOLS.info} Starting process`) // Theme info color ℹ
-*   console.log(`${LOG_SYMBOLS.progress} Working on task`) // Theme step color ∴
-*   console.log(`${LOG_SYMBOLS.step} Processing files`) // Theme step color →
-*   console.log(`${LOG_SYMBOLS.success} Build completed`) // Theme success color ✔
-*   console.log(`${LOG_SYMBOLS.warn} Deprecated API used`) // Theme warning color ⚠
-*   ```
-*/
-const LOG_SYMBOLS = /*@__PURE__*/ (() => {
+let consoleSymbols;
+let kGroupIndentationWidthSymbol;
+function createLogSymbols() {
 	const target = { __proto__: null };
 	let initialized = false;
 	const handler = { __proto__: null };
 	const updateSymbols = () => {
 		const supported = (0, src_external__socketregistry_is_unicode_supported.default)();
-		const colors = /* @__PURE__ */ require_logger_colors.getYoctocolors();
+		const colors = require_logger_colors.getYoctocolors();
 		const theme = require_themes_context.getTheme();
 		const successColor = theme.colors.success;
 		const errorColor = theme.colors.error;
@@ -98,18 +39,18 @@ const LOG_SYMBOLS = /*@__PURE__*/ (() => {
 		const stepColor = theme.colors.step;
 		/* c8 ignore start - ASCII-fallback symbol arms only fire on
 		terminals without unicode support; tests run on unicode TTYs. */
-		target["fail"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "✖" : "×", errorColor, colors);
-		target["info"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "ℹ" : "i", infoColor, colors);
-		target["progress"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "∴" : ":.", stepColor, colors);
-		target["reason"] = colors.dim(/* @__PURE__ */ require_logger_colors.applyColor(supported ? "∴" : ":.", warningColor, colors));
-		target["skip"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "↻" : "@", stepColor, colors);
-		target["step"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "→" : ">", stepColor, colors);
-		target["success"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "✔" : "√", successColor, colors);
-		target["warn"] = /* @__PURE__ */ require_logger_colors.applyColor(supported ? "⚠" : "‼", warningColor, colors);
+		target["fail"] = require_logger_colors.applyColor(supported ? "✖" : "×", errorColor, colors);
+		target["info"] = require_logger_colors.applyColor(supported ? "ℹ" : "i", infoColor, colors);
+		target["progress"] = require_logger_colors.applyColor(supported ? "∴" : ":.", stepColor, colors);
+		target["reason"] = colors.dim(require_logger_colors.applyColor(supported ? "∴" : ":.", warningColor, colors));
+		target["skip"] = require_logger_colors.applyColor(supported ? "↻" : "@", stepColor, colors);
+		target["step"] = require_logger_colors.applyColor(supported ? "→" : ">", stepColor, colors);
+		target["success"] = require_logger_colors.applyColor(supported ? "✔" : "√", successColor, colors);
+		target["warn"] = require_logger_colors.applyColor(supported ? "⚠" : "‼", warningColor, colors);
 		/* c8 ignore stop */
 	};
 	const init = () => {
-		/* c8 ignore start */
+		/* c8 ignore start - Idempotent guard; init runs once, second-call branch never re-enters. */
 		if (initialized) return;
 		/* c8 ignore stop */
 		updateSymbols();
@@ -117,7 +58,7 @@ const LOG_SYMBOLS = /*@__PURE__*/ (() => {
 		for (const trapName in handler) delete handler[trapName];
 	};
 	const reset = () => {
-		/* c8 ignore start */
+		/* c8 ignore start - Defensive guard; reset only runs after init, so the un-init branch is unreachable in tests. */
 		if (!initialized) return;
 		/* c8 ignore stop */
 		updateSymbols();
@@ -136,10 +77,48 @@ const LOG_SYMBOLS = /*@__PURE__*/ (() => {
 		reset();
 	});
 	return new require_primordials_globals.ProxyCtor(target, handler);
-})();
+}
+function createLogSymbolsProxyPlaceholder() {}
+/**
+* Lazily get console symbols on first access.
+*
+* Deferred to avoid accessing global console during early Node.js bootstrap
+* before stdout is ready.
+*/
+function getConsoleSymbols() {
+	/* c8 ignore start - Lazy-init second-call branch; module-singleton, the re-init guard never re-enters in tests. */
+	if (consoleSymbols === void 0) consoleSymbols = require_primordials_object.ObjectGetOwnPropertySymbols(require_logger__internal.globalConsole);
+	/* c8 ignore stop */
+	return consoleSymbols;
+}
+/**
+* Lazily get kGroupIndentationWidth symbol on first access.
+*/
+function getKGroupIndentationWidthSymbol() {
+	/* c8 ignore next - Lazy-init second-call branch; module-singleton. */
+	if (kGroupIndentationWidthSymbol === void 0) kGroupIndentationWidthSymbol = getConsoleSymbols().find((s) => s.label === "kGroupIndentWidth") ?? Symbol("kGroupIndentWidth");
+	return kGroupIndentationWidthSymbol;
+}
+/**
+* Symbol for incrementing the internal log call counter.
+*
+* This is an internal symbol used to track the number of times logging methods
+* have been called on a logger instance.
+*/
+const incLogCallCountSymbol = Symbol.for("logger.logCallCount++");
+/**
+* Symbol for tracking whether the last logged line was blank.
+*
+* This is used internally to prevent multiple consecutive blank lines and to
+* determine whether to add spacing before certain messages.
+*/
+const lastWasBlankSymbol = Symbol.for("logger.lastWasBlank");
+const LOG_SYMBOLS = /*@__PURE__*/ createLogSymbols();
 //#endregion
 exports.LOG_SYMBOLS = LOG_SYMBOLS;
+exports.createLogSymbols = createLogSymbols;
+exports.createLogSymbolsProxyPlaceholder = createLogSymbolsProxyPlaceholder;
 exports.getConsoleSymbols = getConsoleSymbols;
 exports.getKGroupIndentationWidthSymbol = getKGroupIndentationWidthSymbol;
 exports.incLogCallCountSymbol = incLogCallCountSymbol;

package/dist/logger/types.d.ts CHANGED Viewed

@@ -59,7 +59,7 @@ export type LogSymbols = {
  * All methods return the logger instance for method chaining.
  */
 export type LoggerMethods = {
-    [K in keyof typeof console]: (typeof console)[K] extends (...args: infer A) => any ? (...args: A) => Logger : (typeof console)[K];
+    [K in keyof typeof console]: (typeof console)[K] extends (...args: infer A) => unknown ? (...args: A) => Logger : (typeof console)[K];
 };
 /**
  * A task that can be executed with automatic start/complete logging.

package/dist/memo/types.d.ts CHANGED Viewed

@@ -11,27 +11,27 @@ export type MemoizeOptions<Args extends unknown[]> = {
     /**
      * Custom cache key generator (defaults to JSON.stringify)
      */
-    keyGen?: (...args: Args) => string;
+    keyGen?: ((...args: Args) => string) | undefined;
     /**
      * Maximum cache size (LRU eviction when exceeded)
      */
-    maxSize?: number;
+    maxSize?: number | undefined;
     /**
      * TTL in milliseconds (cache entries expire after this time)
      */
-    ttl?: number;
+    ttl?: number | undefined;
     /**
      * Cache name for debugging.
      */
-    name?: string;
+    name?: string | undefined;
     /**
      * Weak cache for object keys (enables GC)
      */
-    weak?: boolean;
+    weak?: boolean | undefined;
     /**
      * Custom equality check for cache hits.
      */
-    equals?: (a: Args, b: Args) => boolean;
+    equals?: ((a: Args, b: Args) => boolean) | undefined;
 };
 /**
  * Cache entry with metadata.

package/dist/native-messaging/host.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * @file Chrome native messaging host entry point. Chrome launches this script
+ *   as a subprocess when the extension calls
+ *   `chrome.runtime.connectNative('dev.socket.trusted-publisher-host')`. The
+ *   protocol is length-prefixed binary over stdin/stdout: incoming: [4-byte LE
+ *   uint32 length][UTF-8 JSON message] outgoing: [4-byte LE uint32
+ *   length][UTF-8 JSON response] The host handles one request type: { type:
+ *   'get-api-token' } → { token: string } | { error: string } The host NEVER
+ *   logs to stdout (Chrome treats any stdout byte outside the length-prefixed
+ *   protocol as a message boundary error). All diagnostics go to stderr only.
+ *   Detection: Chrome passes the extension origin as `process.argv[2]`
+ *   (`chrome-extension://<id>/`). The `NATIVE_MESSAGING_HOST` constant in
+ *   `src/constants/platform.ts` captures this check so other modules can skip
+ *   TTY-only paths when running in this context.
+ */
+import type { Readable, Writable } from 'node:stream';
+export declare function handleOne(stdin?: Readable, stdout?: Writable): Promise<void>;
+export declare function readExact(length: number, stream?: Readable): Promise<Buffer>;
+export declare function runHost(): Promise<void>;
+export declare function writeMessage(obj: unknown, stream?: Writable): void;

package/dist/native-messaging/host.js ADDED Viewed

@@ -0,0 +1,120 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_primordials_error = require('../primordials/error.js');
+const require_errors_message = require('../errors/message.js');
+const require_logger_default = require('../logger/default.js');
+const require_secrets_socket_api_token = require('../secrets/socket-api-token.js');
+const require_native_messaging_install = require('./install.js');
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+//#region src/native-messaging/host.ts
+/**
+* @file Chrome native messaging host entry point. Chrome launches this script
+*   as a subprocess when the extension calls
+*   `chrome.runtime.connectNative('dev.socket.trusted-publisher-host')`. The
+*   protocol is length-prefixed binary over stdin/stdout: incoming: [4-byte LE
+*   uint32 length][UTF-8 JSON message] outgoing: [4-byte LE uint32
+*   length][UTF-8 JSON response] The host handles one request type: { type:
+*   'get-api-token' } → { token: string } | { error: string } The host NEVER
+*   logs to stdout (Chrome treats any stdout byte outside the length-prefixed
+*   protocol as a message boundary error). All diagnostics go to stderr only.
+*   Detection: Chrome passes the extension origin as `process.argv[2]`
+*   (`chrome-extension://<id>/`). The `NATIVE_MESSAGING_HOST` constant in
+*   `src/constants/platform.ts` captures this check so other modules can skip
+*   TTY-only paths when running in this context.
+*/
+const logger = require_logger_default.getDefaultLogger();
+async function handleOne(stdin, stdout) {
+	const inStream = stdin ?? node_process.default.stdin;
+	const outStream = stdout ?? node_process.default.stdout;
+	const length = (await readExact(4, inStream)).readUInt32LE(0);
+	if (length === 0 || length > 1048576) {
+		writeMessage({ error: `invalid message length: ${length}` }, outStream);
+		return;
+	}
+	const body = await readExact(length, inStream);
+	let msg;
+	try {
+		msg = JSON.parse(body.toString("utf8"));
+	} catch {
+		writeMessage({ error: "message is not valid JSON" }, outStream);
+		return;
+	}
+	const type = msg["type"];
+	if (type === "get-api-token") {
+		const token = await require_secrets_socket_api_token.readSocketApiToken();
+		if (token) writeMessage({ token }, outStream);
+		else writeMessage({ error: "Socket API token not found. Set SOCKET_API_TOKEN in your environment." }, outStream);
+		return;
+	}
+	writeMessage({ error: `unknown message type: ${String(type)}` }, outStream);
+}
+function readExact(length, stream) {
+	const src = stream ?? node_process.default.stdin;
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		let received = 0;
+		function cleanup() {
+			src.off("readable", onReadable);
+			src.off("error", onError);
+			src.off("end", onEnd);
+		}
+		function tryRead() {
+			let needed = length - received;
+			while (needed > 0) {
+				const chunk = src.read(needed) ?? src.read();
+				if (chunk === null) return;
+				chunks.push(chunk);
+				received += chunk.length;
+				needed = length - received;
+			}
+			cleanup();
+			const full = Buffer.concat(chunks);
+			if (received > length) src.unshift(full.subarray(length));
+			resolve(full.subarray(0, length));
+		}
+		function onReadable() {
+			tryRead();
+		}
+		function onError(err) {
+			cleanup();
+			reject(err);
+		}
+		function onEnd() {
+			cleanup();
+			reject(new require_primordials_error.ErrorCtor("stdin closed before message was complete"));
+		}
+		src.on("readable", onReadable);
+		src.on("error", onError);
+		src.once("end", onEnd);
+		tryRead();
+	});
+}
+async function runHost() {
+	try {
+		require_native_messaging_install.assertNodeStripTypesSupported();
+	} catch (e) {
+		logger.error(require_errors_message.errorMessage(e));
+		node_process.default.exit(1);
+	}
+	while (true) try {
+		await handleOne();
+	} catch {
+		node_process.default.exit(0);
+	}
+}
+function writeMessage(obj, stream) {
+	const payload = Buffer.from(JSON.stringify(obj), "utf8");
+	const header = Buffer.allocUnsafe(4);
+	header.writeUInt32LE(payload.length, 0);
+	(stream ?? node_process.default.stdout).write(Buffer.concat([header, payload]));
+}
+//#endregion
+exports.handleOne = handleOne;
+exports.readExact = readExact;
+exports.runHost = runHost;
+exports.writeMessage = writeMessage;

package/dist/native-messaging/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { handleOne, readExact, runHost, writeMessage } from './host';
+export { HOST_NAME, MIN_NODE_VERSION_FOR_STRIP_TYPES, assertNodeStripTypesSupported, buildManifest, chromeManifestDirs, installNativeHost, registerWindows, stripTypesFlag, writeWrapperPosix, writeWrapperWindows, } from './install';
+export type { InstallOptions, InstallResult } from './install';
+export { TokenBucketLimiter } from './rate-limit';
+export type { TokenBucketOptions } from './rate-limit';

package/dist/native-messaging/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_native_messaging_install = require('./install.js');
+const require_native_messaging_host = require('./host.js');
+const require_native_messaging_rate_limit = require('./rate-limit.js');
+exports.HOST_NAME = require_native_messaging_install.HOST_NAME;
+exports.MIN_NODE_VERSION_FOR_STRIP_TYPES = require_native_messaging_install.MIN_NODE_VERSION_FOR_STRIP_TYPES;
+exports.TokenBucketLimiter = require_native_messaging_rate_limit.TokenBucketLimiter;
+exports.assertNodeStripTypesSupported = require_native_messaging_install.assertNodeStripTypesSupported;
+exports.buildManifest = require_native_messaging_install.buildManifest;
+exports.chromeManifestDirs = require_native_messaging_install.chromeManifestDirs;
+exports.handleOne = require_native_messaging_host.handleOne;
+exports.installNativeHost = require_native_messaging_install.installNativeHost;
+exports.readExact = require_native_messaging_host.readExact;
+exports.registerWindows = require_native_messaging_install.registerWindows;
+exports.runHost = require_native_messaging_host.runHost;
+exports.stripTypesFlag = require_native_messaging_install.stripTypesFlag;
+exports.writeMessage = require_native_messaging_host.writeMessage;
+exports.writeWrapperPosix = require_native_messaging_install.writeWrapperPosix;
+exports.writeWrapperWindows = require_native_messaging_install.writeWrapperWindows;

package/dist/native-messaging/install.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * @file Install the Socket native messaging host manifest so Chrome can find
+ *   and launch the host when the extension calls connectNative(). Native host
+ *   manifest paths (Chrome): macOS ~/Library/Application
+ *   Support/Google/Chrome/NativeMessagingHosts/<name>.json
+ *   ~/Library/Application Support/Chromium/NativeMessagingHosts/<name>.json
+ *   Linux ~/.config/google-chrome/NativeMessagingHosts/<name>.json
+ *   ~/.config/chromium/NativeMessagingHosts/<name>.json Windows
+ *   HKCU\Software\Google\Chrome\NativeMessagingHosts<name> → path to .json The
+ *   manifest points to a small wrapper shell script (POSIX) or .cmd (Windows)
+ *   that invokes `node /path/to/socket-lib/src/native-messaging/run.ts` with
+ *   the `--native-messaging` flag so the host can detect its context even when
+ *   the extension origin arg is absent (e.g. during local testing). Strip-types
+ *   flag policy: Node 24+ no flag needed (default-on). Node 22.6–23 pass
+ *   `--strip-types` (stable since 22.6). Node < 22.6 refuse to install;
+ *   assertNodeStripTypesSupported throws. The flag decision is baked into the
+ *   wrapper at install time. If the user later switches Node versions (e.g. via
+ *   nvm) the host enforces the same floor at runtime via
+ *   assertNodeStripTypesSupported.
+ */
+export declare const HOST_NAME = "dev.socket.trusted_publisher_host";
+export declare const MIN_NODE_VERSION_FOR_STRIP_TYPES = "22.6.0";
+export interface InstallOptions {
+    /**
+     * List of Chrome extension origin URLs that are allowed to connect to this
+     * host. Each entry is `chrome-extension://<extension-id>/`. Pass `['*']`
+     * during development to allow any extension (not for production).
+     */
+    allowedOrigins: string[];
+    /**
+     * When `true`, reject wildcard origins (`['*']`) — production installs must
+     * pin to specific extension IDs.
+     */
+    production?: boolean | undefined;
+    /**
+     * Directory to write the wrapper script. Defaults to the same directory as
+     * this file (`src/native-messaging/`).
+     */
+    wrapperDir?: string | undefined;
+}
+export interface InstallResult {
+    manifestPaths: string[];
+    wrapperPath: string;
+}
+/**
+ * Throw a clear, actionable error if the current Node runtime is too old to
+ * strip TypeScript types (i.e. < 22.6). Use at install time + host startup.
+ *
+ * The error message names the active Node version manager (nvm / fnm / volta /
+ * asdf / n / corepack / system) and gives the exact one-liner to upgrade — so
+ * the user can copy-paste the fix rather than searching docs.
+ */
+export declare function assertNodeStripTypesSupported(): void;
+export declare function buildManifest(wrapperPath: string, allowedOrigins: string[]): object;
+export declare function chromeManifestDirs(): string[];
+export declare function installNativeHost(options: InstallOptions): InstallResult;
+export declare function registerWindows(manifestPath: string): void;
+export declare function stripTypesFlag(): string;
+export declare function writeWrapperPosix(wrapperPath: string): void;
+export declare function writeWrapperWindows(wrapperPath: string): void;

package/dist/native-messaging/install.js ADDED Viewed

@@ -0,0 +1,144 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_primordials_error = require('../primordials/error.js');
+const require_constants_platform = require('../constants/platform.js');
+const require_env_home = require('../env/home.js');
+const require_env_windows = require('../env/windows.js');
+const require_constants_node = require('../constants/node.js');
+const require_env_node_version_managers = require('../env/node-version-managers.js');
+let node_fs = require("node:fs");
+let node_process = require("node:process");
+node_process = require_runtime.__toESM(node_process);
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path);
+let node_url = require("node:url");
+let _socketsecurity_lib_stable_process_spawn_child = require("@socketsecurity/lib-stable/process/spawn/child");
+//#region src/native-messaging/install.ts
+/**
+* @file Install the Socket native messaging host manifest so Chrome can find
+*   and launch the host when the extension calls connectNative(). Native host
+*   manifest paths (Chrome): macOS ~/Library/Application
+*   Support/Google/Chrome/NativeMessagingHosts/<name>.json
+*   ~/Library/Application Support/Chromium/NativeMessagingHosts/<name>.json
+*   Linux ~/.config/google-chrome/NativeMessagingHosts/<name>.json
+*   ~/.config/chromium/NativeMessagingHosts/<name>.json Windows
+*   HKCU\Software\Google\Chrome\NativeMessagingHosts<name> → path to .json The
+*   manifest points to a small wrapper shell script (POSIX) or .cmd (Windows)
+*   that invokes `node /path/to/socket-lib/src/native-messaging/run.ts` with
+*   the `--native-messaging` flag so the host can detect its context even when
+*   the extension origin arg is absent (e.g. during local testing). Strip-types
+*   flag policy: Node 24+ no flag needed (default-on). Node 22.6–23 pass
+*   `--strip-types` (stable since 22.6). Node < 22.6 refuse to install;
+*   assertNodeStripTypesSupported throws. The flag decision is baked into the
+*   wrapper at install time. If the user later switches Node versions (e.g. via
+*   nvm) the host enforces the same floor at runtime via
+*   assertNodeStripTypesSupported.
+*/
+const HOST_NAME = "dev.socket.trusted_publisher_host";
+const MIN_NODE_VERSION_FOR_STRIP_TYPES = "22.6.0";
+const __dirname$1 = node_path.default.dirname((0, node_url.fileURLToPath)(require("url").pathToFileURL(__filename).href));
+const HOST_SCRIPT = node_path.default.resolve(__dirname$1, "run.ts");
+/**
+* Throw a clear, actionable error if the current Node runtime is too old to
+* strip TypeScript types (i.e. < 22.6). Use at install time + host startup.
+*
+* The error message names the active Node version manager (nvm / fnm / volta /
+* asdf / n / corepack / system) and gives the exact one-liner to upgrade — so
+* the user can copy-paste the fix rather than searching docs.
+*/
+function assertNodeStripTypesSupported() {
+	if (require_constants_node.supportsNodeStripTypes()) return;
+	const manager = require_env_node_version_managers.detectActiveNodeManager();
+	const hint = require_env_node_version_managers.nodeManagerUpgradeHint(manager, MIN_NODE_VERSION_FOR_STRIP_TYPES);
+	throw new require_primordials_error.ErrorCtor(`Node ${require_constants_node.getNodeVersion()} cannot run TypeScript directly. The Socket native-messaging host needs Node ${MIN_NODE_VERSION_FOR_STRIP_TYPES}+ (type-stripping is stable in Node 22.6 and default-on in Node 24).\nDetected Node manager: ${manager}\nTo upgrade: ${hint}`);
+}
+function buildManifest(wrapperPath, allowedOrigins) {
+	return {
+		name: HOST_NAME,
+		description: "Socket Security — API token bridge for the Trusted Publisher extension",
+		path: wrapperPath,
+		type: "stdio",
+		allowed_origins: allowedOrigins
+	};
+}
+function chromeManifestDirs() {
+	const home = require_env_home.getHome();
+	if (!home) throw new require_primordials_error.ErrorCtor("Cannot determine home directory.");
+	if (require_constants_platform.DARWIN) {
+		const lib = node_path.default.join(home, "Library", "Application Support");
+		return [node_path.default.join(lib, "Google", "Chrome", "NativeMessagingHosts"), node_path.default.join(lib, "Chromium", "NativeMessagingHosts")];
+	}
+	if (require_constants_platform.WIN32) {
+		const appData = require_env_windows.getAppdata() ?? node_path.default.join(home, "AppData", "Roaming");
+		return [node_path.default.join(appData, "Google", "Chrome", "User Data", "NativeMessagingHosts")];
+	}
+	const config = node_process.default.env["XDG_CONFIG_HOME"] ?? node_path.default.join(home, ".config");
+	return [node_path.default.join(config, "google-chrome", "NativeMessagingHosts"), node_path.default.join(config, "chromium", "NativeMessagingHosts")];
+}
+function installNativeHost(options) {
+	assertNodeStripTypesSupported();
+	const { allowedOrigins, production = false, wrapperDir = __dirname$1 } = {
+		__proto__: null,
+		...options
+	};
+	if (production && allowedOrigins.includes("*")) throw new require_primordials_error.ErrorCtor("production mode rejects allowedOrigins '*' — pin to specific chrome-extension://<id>/ origins");
+	if (allowedOrigins.length === 0) throw new require_primordials_error.ErrorCtor("allowedOrigins must contain at least one origin; pass ['*'] for development");
+	const wrapperName = require_constants_platform.WIN32 ? `${HOST_NAME}.cmd` : `${HOST_NAME}.sh`;
+	const wrapperPath = node_path.default.join(wrapperDir, wrapperName);
+	if (require_constants_platform.WIN32) writeWrapperWindows(wrapperPath);
+	else writeWrapperPosix(wrapperPath);
+	const manifest = buildManifest(wrapperPath, allowedOrigins);
+	const dirs = chromeManifestDirs();
+	const written = [];
+	for (const dir of dirs) {
+		(0, node_fs.mkdirSync)(dir, { recursive: true });
+		const manifestPath = node_path.default.join(dir, `${HOST_NAME}.json`);
+		(0, node_fs.writeFileSync)(manifestPath, JSON.stringify(manifest, null, 2) + "\n", "utf8");
+		written.push(manifestPath);
+	}
+	if (require_constants_platform.WIN32 && written[0]) registerWindows(written[0]);
+	return {
+		manifestPaths: written,
+		wrapperPath
+	};
+}
+function registerWindows(manifestPath) {
+	(0, _socketsecurity_lib_stable_process_spawn_child.spawnSync)("reg", [
+		"add",
+		`HKCU\\Software\\Google\\Chrome\\NativeMessagingHosts\\${HOST_NAME}`,
+		"/ve",
+		"/t",
+		"REG_SZ",
+		"/d",
+		manifestPath,
+		"/f"
+	], {
+		stdio: "ignore",
+		shell: require_constants_platform.WIN32
+	});
+}
+function stripTypesFlag() {
+	return require_constants_node.supportsNodeStripTypesDefault() ? "" : "--strip-types ";
+}
+function writeWrapperPosix(wrapperPath) {
+	(0, node_fs.writeFileSync)(wrapperPath, ["#!/bin/sh", `exec "${node_process.default.execPath}" ${stripTypesFlag()}"${HOST_SCRIPT}" "$@"`].join("\n") + "\n", { encoding: "utf8" });
+	(0, node_fs.chmodSync)(wrapperPath, 493);
+}
+function writeWrapperWindows(wrapperPath) {
+	(0, node_fs.writeFileSync)(wrapperPath, `@echo off\r\n"${node_process.default.execPath}" ${stripTypesFlag()}"${HOST_SCRIPT}" %*\r\n`, { encoding: "utf8" });
+}
+//#endregion
+exports.HOST_NAME = HOST_NAME;
+exports.MIN_NODE_VERSION_FOR_STRIP_TYPES = MIN_NODE_VERSION_FOR_STRIP_TYPES;
+exports.assertNodeStripTypesSupported = assertNodeStripTypesSupported;
+exports.buildManifest = buildManifest;
+exports.chromeManifestDirs = chromeManifestDirs;
+exports.installNativeHost = installNativeHost;
+exports.registerWindows = registerWindows;
+exports.stripTypesFlag = stripTypesFlag;
+exports.writeWrapperPosix = writeWrapperPosix;
+exports.writeWrapperWindows = writeWrapperWindows;

package/dist/native-messaging/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * @file Token-bucket rate limit for the Chrome native-messaging host. Why this
+ *   exists: A Chrome extension that has been hijacked (XSS in a content script,
+ *   a compromised CDN dependency) can call `chrome.runtime.connectNative()` in
+ *   a tight loop. Without a rate limit, the attacker can request our
+ *   `get-api-token` message thousands of times a second — useful for scraping
+ *   tokens from a multi-account user, or for keeping the bearer "fresh" in the
+ *   page's memory after the user navigates away. The bucket gives each origin
+ *   (`chrome-extension://<id>/`, passed by Chrome as `process.argv[2]`) a
+ *   budget. Burst is allowed; sustained hammering is denied with `{ error:
+ *   'rate limited' }`. A typing-fast human never sees the limit; a botted
+ *   extension hits it on its second line of attack. Why in-memory: The NM host
+ *   is a per-Chrome-launch subprocess — restarting Chrome restarts the bucket.
+ *   That's exactly what we want: an attacker who can force Chrome to relaunch
+ *   has bigger problems than rate-limiting. Shape patterned after pilcrow's
+ *   `ratelimit/limit.go` — minimal, in-memory, LRU-evicts at `maxKeys`. The
+ *   fleet's `socket-lib` already has a TTL-cache module but it's overkill for
+ *   this one use case; a 50-line bucket is easier to audit.
+ */
+export interface TokenBucketOptions {
+    /**
+     * How many tokens fit in a single bucket. The first `capacity` requests from
+     * an origin pass without blocking; the (capacity + 1)th request only passes
+     * if at least one refill interval has elapsed since the last refill
+     * checkpoint.
+     */
+    capacity: number;
+    /**
+     * How many milliseconds it takes for one token to refill. With `capacity: 60`
+     * and `refillIntervalMs: 1000`, an origin gets up to 60 requests of burst
+     * plus a steady-state 1 req/s.
+     */
+    refillIntervalMs: number;
+    /**
+     * Maximum number of distinct keys (origins) to track at once. When the map
+     * fills, the least-recently-touched key is evicted. Caps memory against an
+     * attacker that varies the key on every request.
+     */
+    maxKeys: number;
+}
+export interface BucketEntry {
+    tokens: number;
+    lastRefillAt: number;
+    newer: BucketEntry | undefined;
+    older: BucketEntry | undefined;
+    key: string;
+}
+export declare class TokenBucketLimiter {
+    #private;
+    constructor(options: TokenBucketOptions);
+    /**
+     * Try to consume one token for `key`. Returns `true` when the request is
+     * allowed; `false` when the bucket is empty and not enough time has elapsed
+     * to refill.
+     *
+     * `now` is injectable so tests can advance the virtual clock without
+     * sleeping. In production callers pass `Date.now()` (the default).
+     */
+    consume(key: string, now?: number): boolean;
+    /**
+     * Test-only inspector. Returns the current token count for `key`, or
+     * `undefined` if `key` has never been seen.
+     */
+    peek(key: string): number | undefined;
+    /**
+     * Test-only inspector. Returns the current number of tracked keys.
+     */
+    size(): number;
+}