npm - @socketsecurity/lib - Versions diffs - 6.0.6 → 6.0.8 - Mend

@socketsecurity/lib 6.0.6 → 6.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (619) hide show

package/CHANGELOG.md +46 -1
package/README.md +1 -1
package/dist/ai/agent-context.d.mts +103 -0
package/dist/ai/agent-context.js +157 -0
package/dist/ai/backends.d.mts +83 -0
package/dist/ai/backends.js +173 -0
package/dist/ai/credentials.d.mts +49 -0
package/dist/ai/credentials.js +82 -0
package/dist/ai/discover.d.mts +6 -2
package/dist/ai/discover.js +4 -3
package/dist/ai/exec.d.mts +52 -0
package/dist/ai/exec.js +92 -0
package/dist/ai/http.d.mts +132 -0
package/dist/ai/http.js +130 -0
package/dist/ai/profiles.d.mts +41 -6
package/dist/ai/profiles.js +52 -10
package/dist/ai/route.d.mts +69 -0
package/dist/ai/route.js +156 -0
package/dist/ai/spawn.d.mts +10 -2
package/dist/ai/spawn.js +56 -31
package/dist/ai/subagent-status.d.mts +48 -0
package/dist/ai/subagent-status.js +57 -0
package/dist/ai/tier.d.mts +60 -0
package/dist/ai/tier.js +53 -0
package/dist/ai/types.d.mts +31 -6
package/dist/ai/worktree.d.mts +6 -6
package/dist/ai/worktree.js +5 -1
package/dist/ansi/strip.d.ts +1 -1
package/dist/ansi/strip.js +0 -2
package/dist/archives/_internal.js +7 -9
package/dist/archives/extract.js +1 -1
package/dist/archives/tar.js +7 -7
package/dist/archives/zip.js +5 -7
package/dist/argv/flag-predicates.d.ts +12 -12
package/dist/argv/flag-predicates.js +17 -17
package/dist/argv/flag-types.d.ts +18 -18
package/dist/argv/flag-types.js +4 -4
package/dist/argv/parse.d.ts +20 -3
package/dist/argv/parse.js +1 -1
package/dist/arrays/_internal.js +11 -12
package/dist/arrays/chunk.js +0 -1
package/dist/arrays/join.d.ts +37 -3
package/dist/arrays/join.js +47 -7
package/dist/arrays/unique.js +0 -1
package/dist/bin/_internal.d.ts +1 -1
package/dist/bin/_internal.js +1 -1
package/dist/bin/exec.js +2 -3
package/dist/bin/find.js +17 -17
package/dist/bin/prim.cjs +36175 -35861
package/dist/bin/resolve.js +13 -14
package/dist/bin/which.js +8 -8
package/dist/cache/ttl/store.js +6 -6
package/dist/checks/primordials-defaults.d.ts +3 -3
package/dist/checks/primordials-defaults.js +3 -3
package/dist/checks/primordials.js +4 -3
package/dist/{bin → cli}/check-primordials.d.ts +18 -13
package/dist/{bin → cli}/check-primordials.js +58 -55
package/dist/{bin → cli}/check.js +3 -3
package/dist/{bin → cli}/socket-lib.d.ts +1 -1
package/dist/{bin → cli}/socket-lib.js +4 -4
package/dist/colors/socket-palette.js +7 -9
package/dist/compression/_internal.d.ts +12 -12
package/dist/compression/_internal.js +18 -18
package/dist/compression/brotli.d.ts +26 -27
package/dist/compression/brotli.js +39 -35
package/dist/compression/gzip.d.ts +23 -23
package/dist/compression/gzip.js +46 -42
package/dist/constants/agents.d.ts +3 -1
package/dist/constants/agents.js +15 -11
package/dist/constants/licenses.js +3 -3
package/dist/constants/node.d.ts +23 -0
package/dist/constants/node.js +47 -15
package/dist/constants/packages.d.ts +3 -0
package/dist/constants/packages.js +24 -29
package/dist/constants/platform.d.ts +30 -3
package/dist/constants/platform.js +72 -12
package/dist/constants/runtime.d.ts +22 -0
package/dist/constants/runtime.js +32 -0
package/dist/constants/socket.d.ts +2 -6
package/dist/constants/socket.js +12 -14
package/dist/cover/code.js +10 -10
package/dist/cover/formatters.js +5 -5
package/dist/crypto/hash.d.ts +30 -2
package/dist/crypto/hash.js +47 -13
package/dist/debug/_internal.js +4 -6
package/dist/debug/caller-info.js +3 -4
package/dist/debug/namespace.d.ts +7 -0
package/dist/debug/namespace.js +21 -12
package/dist/debug/output.js +21 -24
package/dist/debug/types.d.ts +4 -4
package/dist/dlx/arborist.js +18 -8
package/dist/dlx/binary-cache.js +15 -15
package/dist/dlx/binary-download.d.ts +1 -1
package/dist/dlx/binary-download.js +11 -11
package/dist/dlx/binary-resolution.js +17 -15
package/dist/dlx/binary-types.d.ts +5 -5
package/dist/dlx/binary.js +5 -5
package/dist/dlx/cache.js +1 -1
package/dist/dlx/detect.d.ts +42 -25
package/dist/dlx/detect.js +86 -77
package/dist/dlx/dir.js +2 -2
package/dist/dlx/firewall.d.ts +9 -1
package/dist/dlx/firewall.js +1 -1
package/dist/dlx/lockfile.d.ts +19 -18
package/dist/dlx/lockfile.js +19 -16
package/dist/dlx/manifest.d.ts +6 -6
package/dist/dlx/manifest.js +5 -5
package/dist/dlx/package.d.ts +10 -10
package/dist/dlx/package.js +20 -16
package/dist/dlx/packages.js +4 -4
package/dist/dlx/paths.js +7 -7
package/dist/dlx/spec.js +1 -1
package/dist/dlx/types.d.ts +28 -27
package/dist/eco/cargo/parse-lockfile.d.ts +2 -3
package/dist/eco/cargo/parse-lockfile.js +5 -5
package/dist/eco/manifest/analyze-lockfile.js +2 -2
package/dist/eco/manifest/detect-format.js +5 -5
package/dist/eco/manifest/find-packages.js +2 -2
package/dist/eco/manifest/get-package-versions.js +2 -2
package/dist/eco/manifest/get-package.js +2 -2
package/dist/eco/manifest/parse-lockfile.js +2 -2
package/dist/eco/manifest/parse-manifest.js +2 -2
package/dist/eco/manifest/parse.js +2 -2
package/dist/eco/npm/npm/exec.js +2 -2
package/dist/eco/npm/npm/flags.js +7 -12
package/dist/eco/npm/npm/parse-lockfile.d.ts +17 -18
package/dist/eco/npm/npm/parse-lockfile.js +4 -4
package/dist/eco/npm/parse-package-json.d.ts +11 -0
package/dist/eco/npm/parse-package-json.js +3 -3
package/dist/eco/npm/pnpm/exec.d.ts +1 -1
package/dist/eco/npm/pnpm/exec.js +5 -5
package/dist/eco/npm/pnpm/flags.js +0 -3
package/dist/eco/npm/pnpm/parse-lockfile.d.ts +6 -4
package/dist/eco/npm/pnpm/parse-lockfile.js +7 -7
package/dist/eco/npm/script.js +9 -6
package/dist/eco/npm/yarnpkg/yarn/exec.js +4 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.d.ts +3 -4
package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +9 -9
package/dist/effects/pulse-frames.d.ts +3 -1
package/dist/effects/shimmer-keyframes.d.ts +1 -1
package/dist/effects/shimmer-terminal.d.ts +1 -1
package/dist/env/boolean.js +0 -1
package/dist/env/ci.js +0 -1
package/dist/env/debug.js +0 -1
package/dist/env/github-status.d.ts +51 -0
package/dist/env/github-status.js +90 -0
package/dist/env/github.js +0 -8
package/dist/env/home.js +0 -1
package/dist/env/locale.js +0 -3
package/dist/env/node-auth-token.js +0 -1
package/dist/env/node-env.js +0 -1
package/dist/env/node-version-managers.d.ts +53 -0
package/dist/env/node-version-managers.js +90 -0
package/dist/env/npm.js +0 -5
package/dist/env/number.js +0 -1
package/dist/env/package-manager.js +3 -6
package/dist/env/path.js +0 -1
package/dist/env/pre-commit.js +1 -2
package/dist/env/proxy.js +1 -1
package/dist/env/rewire.d.ts +8 -6
package/dist/env/rewire.js +16 -17
package/dist/env/shell.js +0 -1
package/dist/env/socket-cli.js +5 -18
package/dist/env/socket-mcp.d.ts +114 -0
package/dist/env/socket-mcp.js +146 -0
package/dist/env/socket.d.ts +8 -109
package/dist/env/socket.js +22 -167
package/dist/env/string.js +0 -1
package/dist/env/temp-dir.js +0 -3
package/dist/env/term.js +0 -1
package/dist/env/test.js +3 -6
package/dist/env/windows.js +0 -4
package/dist/env/xdg.js +0 -3
package/dist/errors/predicates.js +1 -1
package/dist/events/exit/_internal.d.ts +11 -9
package/dist/events/exit/_internal.js +31 -35
package/dist/events/exit/handler.js +3 -4
package/dist/events/exit/intercept.js +4 -6
package/dist/events/exit/lifecycle.js +16 -18
package/dist/events/exit/signals.js +1 -2
package/dist/events/exit/types.d.ts +6 -5
package/dist/external/@npmcli/package-json.js +2 -2
package/dist/external/@npmcli/promise-spawn.js +3 -1
package/dist/external/npm-pack.js +2 -2
package/dist/external/pico-pack.js +4 -2
package/dist/external/which.js +3 -1
package/dist/external-tools/bazel/asset-names.d.ts +1 -1
package/dist/external-tools/bazel/asset-names.js +5 -2
package/dist/external-tools/bazel/from-download.d.ts +1 -1
package/dist/external-tools/bazel/from-download.js +5 -2
package/dist/external-tools/bazel/read-bazel-version-file.js +1 -1
package/dist/external-tools/bazel/resolve-bazel-version.js +4 -0
package/dist/external-tools/bazel/resolve.d.ts +3 -3
package/dist/external-tools/bazel/resolve.js +16 -8
package/dist/external-tools/bazel/types.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.d.ts +1 -1
package/dist/external-tools/cdxgen/asset-names.js +5 -2
package/dist/external-tools/cdxgen/from-download.d.ts +1 -1
package/dist/external-tools/cdxgen/from-download.js +7 -4
package/dist/external-tools/cdxgen/from-vfs.js +1 -1
package/dist/external-tools/cdxgen/resolve.d.ts +3 -3
package/dist/external-tools/cdxgen/resolve.js +16 -8
package/dist/external-tools/cdxgen/types.d.ts +1 -1
package/dist/external-tools/from-download.d.ts +3 -3
package/dist/external-tools/from-download.js +12 -6
package/dist/external-tools/from-pip-venv.d.ts +1 -1
package/dist/external-tools/from-pip-venv.js +12 -5
package/dist/external-tools/janus/asset-names.d.ts +1 -1
package/dist/external-tools/janus/asset-names.js +5 -2
package/dist/external-tools/janus/from-download.d.ts +1 -1
package/dist/external-tools/janus/from-download.js +5 -2
package/dist/external-tools/janus/from-vfs.js +1 -1
package/dist/external-tools/janus/resolve.d.ts +3 -3
package/dist/external-tools/janus/resolve.js +16 -8
package/dist/external-tools/janus/types.d.ts +1 -1
package/dist/external-tools/jre/asset-names.d.ts +1 -1
package/dist/external-tools/jre/asset-names.js +5 -2
package/dist/external-tools/jre/detect-platform-arch.d.ts +10 -6
package/dist/external-tools/jre/detect-platform-arch.js +29 -14
package/dist/external-tools/jre/from-download.d.ts +1 -1
package/dist/external-tools/jre/from-download.js +7 -4
package/dist/external-tools/jre/from-java-home.js +2 -2
package/dist/external-tools/jre/from-vfs.js +3 -3
package/dist/external-tools/jre/resolve.d.ts +3 -3
package/dist/external-tools/jre/resolve.js +16 -8
package/dist/external-tools/jre/types.d.ts +1 -1
package/dist/external-tools/manifest.d.ts +25 -7
package/dist/external-tools/manifest.js +13 -13
package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
package/dist/external-tools/opengrep/asset-names.js +5 -2
package/dist/external-tools/opengrep/from-download.d.ts +1 -1
package/dist/external-tools/opengrep/from-download.js +5 -2
package/dist/external-tools/opengrep/from-vfs.js +1 -1
package/dist/external-tools/opengrep/resolve.d.ts +3 -3
package/dist/external-tools/opengrep/resolve.js +16 -8
package/dist/external-tools/opengrep/types.d.ts +1 -1
package/dist/external-tools/python/asset-names.d.ts +76 -0
package/dist/external-tools/python/asset-names.js +111 -0
package/dist/external-tools/python/dlx.d.ts +80 -0
package/dist/external-tools/python/dlx.js +98 -0
package/dist/external-tools/python/from-download.d.ts +53 -0
package/dist/external-tools/python/from-download.js +75 -0
package/dist/external-tools/python/from-path.d.ts +7 -0
package/dist/external-tools/python/from-path.js +23 -0
package/dist/external-tools/python/pin.d.ts +121 -0
package/dist/external-tools/python/pin.js +176 -0
package/dist/external-tools/python/pip-install.d.ts +75 -0
package/dist/external-tools/python/pip-install.js +142 -0
package/dist/external-tools/python/resolve.d.ts +42 -0
package/dist/external-tools/python/resolve.js +66 -0
package/dist/external-tools/python/types.d.ts +49 -0
package/dist/external-tools/sbt/asset-names.d.ts +1 -1
package/dist/external-tools/sbt/asset-names.js +5 -2
package/dist/external-tools/sbt/from-download.d.ts +1 -1
package/dist/external-tools/sbt/from-download.js +5 -2
package/dist/external-tools/sbt/from-vfs.js +1 -1
package/dist/external-tools/sbt/resolve.d.ts +3 -3
package/dist/external-tools/sbt/resolve.js +16 -8
package/dist/external-tools/sbt/types.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.d.ts +1 -1
package/dist/external-tools/skillspector/from-dlx.js +10 -3
package/dist/external-tools/skillspector/from-path.js +3 -5
package/dist/external-tools/skillspector/from-vfs.js +1 -1
package/dist/external-tools/skillspector/resolve.d.ts +2 -2
package/dist/external-tools/skillspector/resolve.js +14 -6
package/dist/external-tools/synp/asset-names.d.ts +1 -1
package/dist/external-tools/synp/asset-names.js +6 -2
package/dist/external-tools/synp/from-download.d.ts +1 -1
package/dist/external-tools/synp/from-download.js +7 -4
package/dist/external-tools/synp/from-vfs.js +1 -1
package/dist/external-tools/synp/resolve.d.ts +3 -3
package/dist/external-tools/synp/resolve.js +16 -8
package/dist/external-tools/trivy/asset-names.d.ts +1 -1
package/dist/external-tools/trivy/asset-names.js +5 -2
package/dist/external-tools/trivy/from-download.d.ts +1 -1
package/dist/external-tools/trivy/from-download.js +7 -4
package/dist/external-tools/trivy/from-vfs.js +1 -1
package/dist/external-tools/trivy/resolve.d.ts +3 -3
package/dist/external-tools/trivy/resolve.js +16 -8
package/dist/external-tools/trivy/types.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.d.ts +1 -1
package/dist/external-tools/trufflehog/asset-names.js +5 -2
package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
package/dist/external-tools/trufflehog/from-download.js +7 -4
package/dist/external-tools/trufflehog/from-vfs.js +1 -1
package/dist/external-tools/trufflehog/resolve.d.ts +3 -3
package/dist/external-tools/trufflehog/resolve.js +16 -8
package/dist/external-tools/trufflehog/types.d.ts +1 -1
package/dist/fs/_internal.d.ts +1 -1
package/dist/fs/_internal.js +7 -7
package/dist/fs/access.js +5 -9
package/dist/fs/allowed-dirs-cache.d.ts +47 -0
package/dist/fs/allowed-dirs-cache.js +69 -0
package/dist/fs/encoding.js +5 -7
package/dist/fs/{find-up.js → find.js} +12 -14
package/dist/fs/inspect.js +7 -13
package/dist/fs/read-dir.js +7 -10
package/dist/fs/read-file.js +8 -14
package/dist/fs/read-json-cache.d.ts +13 -4
package/dist/fs/read-json-cache.js +9 -6
package/dist/fs/read-json.js +4 -6
package/dist/fs/resolve-module.js +7 -3
package/dist/fs/safe.d.ts +1 -1
package/dist/fs/safe.js +13 -14
package/dist/fs/unique.js +4 -5
package/dist/fs/validate.js +1 -2
package/dist/fs/write-json.js +4 -5
package/dist/git/_internal.js +11 -11
package/dist/git/changed.js +4 -4
package/dist/git/repo.js +5 -7
package/dist/git/staged.js +12 -4
package/dist/git/tracked.d.ts +84 -0
package/dist/git/tracked.js +163 -0
package/dist/git/unstaged.js +12 -4
package/dist/github/ghsa.js +2 -2
package/dist/github/refs-cache.d.ts +1 -1
package/dist/github/refs-cache.js +5 -5
package/dist/github/refs-graphql.js +4 -0
package/dist/github/refs-rest.js +9 -5
package/dist/github/refs.js +15 -10
package/dist/github/{fetch.js → request.js} +13 -2
package/dist/github/token.js +1 -1
package/dist/github/types.d.ts +1 -1
package/dist/globs/_internal.js +8 -10
package/dist/globs/match.js +13 -7
package/dist/globs/matcher.d.ts +3 -3
package/dist/globs/matcher.js +16 -14
package/dist/globs/stream.js +1 -2
package/dist/globs/types.d.ts +24 -24
package/dist/http-request/_internal.d.ts +1 -1
package/dist/http-request/browser.js +10 -4
package/dist/http-request/checksum-file.d.ts +55 -0
package/dist/http-request/checksum-file.js +95 -0
package/dist/http-request/download-types.d.ts +15 -23
package/dist/http-request/download.js +3 -3
package/dist/http-request/{browser-fetch.d.ts → fetch/browser.d.ts} +2 -2
package/dist/http-request/{browser-fetch.js → fetch/browser.js} +4 -4
package/dist/http-request/headers.js +1 -2
package/dist/http-request/request-attempt.js +38 -34
package/dist/http-request/request-types.d.ts +2 -2
package/dist/http-request/request.js +1 -1
package/dist/http-request/user-agent.js +4 -5
package/dist/integrity.d.ts +92 -18
package/dist/integrity.js +125 -30
package/dist/ipc/directory.js +2 -2
package/dist/ipc/paths.js +1 -1
package/dist/ipc/write.js +1 -1
package/dist/ipc-cli/get.js +12 -12
package/dist/json/edit.js +51 -44
package/dist/json/format.js +1 -1
package/dist/json/parse.d.ts +1 -1
package/dist/json/parse.js +3 -7
package/dist/logger/_internal.d.ts +4 -4
package/dist/logger/_internal.js +3 -3
package/dist/logger/colors.js +4 -3
package/dist/logger/console-methods.d.ts +132 -0
package/dist/logger/console-methods.js +169 -0
package/dist/logger/console.d.ts +12 -0
package/dist/logger/console.js +42 -11
package/dist/logger/indentation-methods.d.ts +81 -0
package/dist/logger/indentation-methods.js +121 -0
package/dist/logger/node.d.ts +16 -338
package/dist/logger/node.js +75 -608
package/dist/logger/options.d.ts +39 -0
package/dist/logger/options.js +47 -0
package/dist/logger/semantic-methods.d.ts +63 -0
package/dist/logger/semantic-methods.js +108 -0
package/dist/logger/stream-methods.d.ts +63 -0
package/dist/logger/stream-methods.js +101 -0
package/dist/logger/stream.d.ts +37 -0
package/dist/logger/stream.js +42 -0
package/dist/logger/symbols-builder.js +9 -9
package/dist/logger/symbols.d.ts +2 -25
package/dist/logger/symbols.js +53 -74
package/dist/logger/types.d.ts +1 -1
package/dist/memo/types.d.ts +6 -6
package/dist/native-messaging/host.d.ts +20 -0
package/dist/native-messaging/host.js +120 -0
package/dist/native-messaging/index.d.ts +5 -0
package/dist/native-messaging/index.js +22 -0
package/dist/native-messaging/install.d.ts +60 -0
package/dist/native-messaging/install.js +144 -0
package/dist/native-messaging/rate-limit.d.ts +69 -0
package/dist/native-messaging/rate-limit.js +119 -0
package/dist/native-messaging/run.d.ts +10 -0
package/dist/native-messaging/run.js +17 -0
package/dist/node/async-hooks.js +4 -3
package/dist/node/child-process.js +4 -3
package/dist/node/crypto.js +4 -3
package/dist/node/events.js +4 -3
package/dist/node/fs-promises.js +4 -3
package/dist/node/fs.d.ts +22 -6
package/dist/node/fs.js +17 -3
package/dist/node/http.js +4 -3
package/dist/node/https.js +4 -3
package/dist/node/module.js +10 -6
package/dist/node/os.d.ts +10 -2
package/dist/node/os.js +12 -4
package/dist/node/path.d.ts +11 -2
package/dist/node/path.js +18 -4
package/dist/node/timers-promises.js +4 -3
package/dist/node/url.js +4 -3
package/dist/node/util.js +4 -3
package/dist/objects/getters.js +6 -8
package/dist/objects/inspect.js +1 -4
package/dist/objects/mutate.js +4 -5
package/dist/objects/predicates.js +1 -5
package/dist/objects/sort.js +3 -7
package/dist/packages/edit-class.d.ts +2 -3
package/dist/packages/edit-class.js +53 -48
package/dist/packages/edit.js +12 -14
package/dist/packages/exports.js +15 -21
package/dist/packages/fetch.d.ts +16 -0
package/dist/packages/fetch.js +81 -0
package/dist/packages/find.d.ts +55 -0
package/dist/packages/find.js +65 -0
package/dist/packages/isolation.js +14 -14
package/dist/packages/licenses.js +18 -18
package/dist/packages/manifest.js +16 -19
package/dist/packages/metadata-extensions.d.ts +14 -0
package/dist/packages/metadata-extensions.js +43 -0
package/dist/packages/normalize.js +6 -10
package/dist/packages/provenance.js +17 -19
package/dist/packages/read.d.ts +29 -0
package/dist/packages/read.js +66 -0
package/dist/packages/specs.d.ts +48 -1
package/dist/packages/specs.js +75 -12
package/dist/packages/tarball.d.ts +24 -0
package/dist/packages/tarball.js +81 -0
package/dist/packages/types.d.ts +22 -22
package/dist/packages/validation.js +0 -3
package/dist/paths/_internal.d.ts +2 -1
package/dist/paths/_internal.js +7 -19
package/dist/paths/conversion.js +5 -9
package/dist/paths/dirnames.d.ts +1 -0
package/dist/paths/dirnames.js +2 -0
package/dist/paths/filenames.d.ts +0 -1
package/dist/paths/filenames.js +0 -2
package/dist/paths/normalize.js +4 -5
package/dist/paths/packages.js +4 -7
package/dist/paths/predicates.js +9 -16
package/dist/paths/resolve.js +17 -25
package/dist/paths/rewire.d.ts +5 -0
package/dist/paths/rewire.js +3 -3
package/dist/paths/socket.d.ts +74 -111
package/dist/paths/socket.js +106 -139
package/dist/paths/walk.d.ts +1 -1
package/dist/paths/walk.js +4 -4
package/dist/perf/report.js +2 -2
package/dist/perf/types.d.ts +1 -1
package/dist/pkg-ext/data.js +1 -1
package/dist/primordials/array.js +9 -9
package/dist/primordials/date.js +2 -2
package/dist/primordials/error.js +3 -3
package/dist/primordials/headers.d.ts +10 -0
package/dist/primordials/headers.js +23 -0
package/dist/primordials/intl.d.ts +13 -0
package/dist/primordials/intl.js +26 -0
package/dist/primordials/math.js +33 -33
package/dist/primordials/number.js +9 -9
package/dist/primordials/object.js +5 -5
package/dist/primordials/process.d.ts +88 -0
package/dist/primordials/process.js +132 -0
package/dist/primordials/string.d.ts +2 -2
package/dist/primordials/string.js +6 -6
package/dist/primordials/symbol.js +3 -3
package/dist/primordials/uncurry.d.ts +1 -2
package/dist/primordials/uncurry.js +9 -9
package/dist/process/abort.js +3 -3
package/dist/process/lock-manager.js +8 -8
package/dist/process/spawn/_internal.js +6 -8
package/dist/process/spawn/child.js +20 -14
package/dist/process/spawn/errors.js +3 -5
package/dist/process/spawn/kill-tree.d.ts +53 -0
package/dist/process/spawn/kill-tree.js +85 -0
package/dist/process/spawn/stdio.js +0 -1
package/dist/process/spawn/types.d.ts +5 -5
package/dist/process/transient.js +2 -2
package/dist/promises/_internal.d.ts +2 -1
package/dist/promises/_internal.js +2 -6
package/dist/promises/iterate.js +11 -15
package/dist/promises/options.js +3 -6
package/dist/promises/retry.js +4 -5
package/dist/promises/timers.d.ts +30 -0
package/dist/promises/timers.js +48 -0
package/dist/regexps/spec.js +1 -1
package/dist/releases/github-archives.d.ts +6 -6
package/dist/releases/github-archives.js +3 -3
package/dist/releases/github-asset-url.d.ts +1 -1
package/dist/releases/github-asset-url.js +5 -5
package/dist/releases/github-downloads.d.ts +1 -1
package/dist/releases/github-downloads.js +3 -3
package/dist/releases/github-listing.d.ts +12 -4
package/dist/releases/github-listing.js +20 -7
package/dist/releases/github-retry-config.js +1 -1
package/dist/releases/github-types.d.ts +6 -6
package/dist/releases/socket-btm-binary-naming.d.ts +107 -0
package/dist/releases/socket-btm-binary-naming.js +155 -0
package/dist/releases/socket-btm.d.ts +8 -115
package/dist/releases/socket-btm.js +16 -159
package/dist/schema/types.d.ts +4 -5
package/dist/schema/validate.js +1 -1
package/dist/sea/detect.js +6 -6
package/dist/secrets/_internal.d.ts +2 -2
package/dist/secrets/_internal.js +2 -2
package/dist/secrets/compare.d.ts +45 -0
package/dist/secrets/compare.js +61 -0
package/dist/secrets/find.d.ts +2 -2
package/dist/secrets/find.js +10 -4
package/dist/secrets/keychain.d.ts +1 -1
package/dist/secrets/keychain.js +6 -4
package/dist/secrets/linux.js +40 -52
package/dist/secrets/macos.d.ts +2 -3
package/dist/secrets/macos.js +24 -33
package/dist/secrets/rc.d.ts +4 -4
package/dist/secrets/rc.js +27 -17
package/dist/secrets/socket-api-token.d.ts +4 -4
package/dist/secrets/socket-api-token.js +26 -9
package/dist/secrets/windows.js +32 -37
package/dist/shadow/skip.js +2 -2
package/dist/shell/parse.d.ts +32 -0
package/dist/shell/parse.js +60 -0
package/dist/smol/detect.js +9 -10
package/dist/smol/http.js +6 -7
package/dist/smol/https.js +6 -7
package/dist/smol/manifest.d.ts +1 -1
package/dist/smol/manifest.js +6 -7
package/dist/smol/path.d.ts +1 -1
package/dist/smol/path.js +7 -8
package/dist/smol/primordial.d.ts +4 -0
package/dist/smol/primordial.js +6 -7
package/dist/smol/purl.d.ts +1 -1
package/dist/smol/purl.js +7 -8
package/dist/smol/versions.js +6 -7
package/dist/smol/vfs.js +6 -7
package/dist/sorts/_internal.js +6 -8
package/dist/sorts/natural.js +10 -12
package/dist/sorts/semver.js +1 -2
package/dist/sorts/strings.js +0 -1
package/dist/sorts/types.d.ts +1 -1
package/dist/spinner/create-spinner-class.d.ts +38 -0
package/dist/spinner/create-spinner-class.js +302 -0
package/dist/spinner/default.js +8 -9
package/dist/spinner/spinner-internals.d.ts +36 -0
package/dist/spinner/spinner-internals.js +105 -0
package/dist/spinner/spinner-shimmer-methods.d.ts +54 -0
package/dist/spinner/spinner-shimmer-methods.js +143 -0
package/dist/spinner/spinner-status-methods.d.ts +40 -0
package/dist/spinner/spinner-status-methods.js +133 -0
package/dist/spinner/spinner.d.ts +8 -5
package/dist/spinner/spinner.js +19 -706
package/dist/spinner/types.d.ts +3 -1
package/dist/spinner/with.d.ts +10 -0
package/dist/spinner/with.js +16 -2
package/dist/stdio/divider.js +1 -1
package/dist/stdio/footer.js +3 -3
package/dist/stdio/header.js +4 -4
package/dist/stdio/progress.js +10 -6
package/dist/stdio/prompts.d.ts +7 -5
package/dist/stdio/prompts.js +7 -8
package/dist/stdio/stdout.js +3 -3
package/dist/streams/parallel.js +3 -5
package/dist/streams/transform.js +2 -3
package/dist/strings/format.js +2 -6
package/dist/strings/predicates.js +0 -2
package/dist/strings/search.js +1 -2
package/dist/strings/transform.js +0 -3
package/dist/strings/width.js +9 -10
package/dist/tables/bordered.js +4 -3
package/dist/tables/padding.js +1 -1
package/dist/tables/simple.js +8 -5
package/dist/temporal/instant.js +1 -1
package/dist/temporal/slots.js +6 -6
package/dist/temporal/system.js +9 -9
package/dist/themes/context.d.ts +3 -2
package/dist/themes/context.js +4 -5
package/dist/themes/themes.js +15 -15
package/dist/themes/types.d.ts +3 -3
package/dist/url/assert-safe.d.ts +29 -0
package/dist/url/assert-safe.js +54 -0
package/dist/url/parse.js +0 -2
package/dist/url/predicates.d.ts +31 -1
package/dist/url/predicates.js +43 -3
package/dist/url/search-params.js +3 -9
package/dist/url/types.d.ts +9 -5
package/dist/versions/_internal.js +3 -3
package/dist/words/article.js +0 -1
package/dist/words/capitalize.js +0 -1
package/dist/words/pluralize.js +15 -5
package/package.json +419 -216
package/dist/external-tools/uv/asset-names.d.ts +0 -36
package/dist/external-tools/uv/asset-names.js +0 -70
package/dist/external-tools/uv/from-download.d.ts +0 -17
package/dist/external-tools/uv/from-download.js +0 -47
package/dist/external-tools/uv/from-path.d.ts +0 -5
package/dist/external-tools/uv/from-path.js +0 -22
package/dist/external-tools/uv/from-vfs.d.ts +0 -7
package/dist/external-tools/uv/from-vfs.js +0 -26
package/dist/external-tools/uv/resolve.d.ts +0 -25
package/dist/external-tools/uv/resolve.js +0 -53
package/dist/external-tools/uv/types.d.ts +0 -24
package/dist/fs/path-cache.d.ts +0 -21
package/dist/fs/path-cache.js +0 -34
package/dist/http-request/checksums.d.ts +0 -69
package/dist/http-request/checksums.js +0 -108
package/dist/http-request/http-request.d.ts +0 -12
package/dist/http-request/http-request.js +0 -11
package/dist/packages/operations.d.ts +0 -113
package/dist/packages/operations.js +0 -304
package/dist/ssri/convert.d.ts +0 -48
package/dist/ssri/convert.js +0 -69
package/dist/ssri/parse.d.ts +0 -27
package/dist/ssri/parse.js +0 -41
package/dist/ssri/validate.d.ts +0 -41
package/dist/ssri/validate.js +0 -56
/package/dist/{bin → cli}/check.d.ts +0 -0
/package/dist/external-tools/{uv → python}/types.js +0 -0
/package/dist/fs/{find-up.d.ts → find.d.ts} +0 -0
/package/dist/github/{fetch.d.ts → request.d.ts} +0 -0

package/dist/temporal/system.js CHANGED Viewed

@@ -18,10 +18,10 @@ const require_primordials_globals = require('../primordials/globals.js');
 *   polyfill makes for browser hosts. Spec:
 *   https://tc39.es/proposal-temporal/#sec-temporal-systemutcepochnanoseconds.
 */
-const _hrtimeBigint = globalThis.process?.hrtime?.bigint;
-const _anchorWallMs = require_primordials_globals.BigIntCtor(require_primordials_date.DateNow());
-const _anchorHrns = _hrtimeBigint ? _hrtimeBigint() : 0n;
-const _NS_PER_MS = 1000000n;
+const hrtimeBigint = globalThis.process?.hrtime?.bigint;
+const anchorWallMs = require_primordials_globals.BigIntCtor(require_primordials_date.DateNow());
+const anchorHrns = hrtimeBigint ? hrtimeBigint() : 0n;
+const NS_PER_MS = 1000000n;
 /**
 * Returns the current UTC time as nanoseconds since 1970-01-01T00:00:00Z.
 *
@@ -29,13 +29,13 @@ const _NS_PER_MS = 1000000n;
 * module load), millisecond elsewhere.
 */
 function systemUTCEpochNanoseconds() {
-	if (_hrtimeBigint) {
-		const elapsedNs = _hrtimeBigint() - _anchorHrns;
-		return _anchorWallMs * _NS_PER_MS + elapsedNs;
+	if (hrtimeBigint) {
+		const elapsedNs = hrtimeBigint() - anchorHrns;
+		return anchorWallMs * NS_PER_MS + elapsedNs;
 	}
 	/* c8 ignore next - Non-Node runtime fallback; tests always run under Node
-	where _hrtimeBigint is bound from process.hrtime.bigint. */
-	return require_primordials_globals.BigIntCtor(require_primordials_date.DateNow()) * _NS_PER_MS;
+	where hrtimeBigint is bound from process.hrtime.bigint. */
+	return require_primordials_globals.BigIntCtor(require_primordials_date.DateNow()) * NS_PER_MS;
 }
 //#endregion

package/dist/themes/context.d.ts CHANGED Viewed

@@ -3,7 +3,8 @@
  *   context isolation via AsyncLocalStorage.
  */
 import type { Theme } from './types';
-import { type ThemeName } from './themes';
+import type { ThemeName } from './themes';
+import type * as AsyncHooks from 'node:async_hooks';
 /**
  * Theme change event listener signature.
  */
@@ -19,7 +20,7 @@ export declare function emitThemeChange(theme: Theme): void;
  *
  * @private
  */
-export declare function getAsyncHooks(): typeof import('node:async_hooks');
+export declare function getAsyncHooks(): typeof AsyncHooks;
 /**
  * Get the active theme from context.
  *

package/dist/themes/context.js CHANGED Viewed

@@ -5,7 +5,7 @@ const require_primordials_map_set = require('../primordials/map-set.js');
 const require_themes_themes = require('./themes.js');
 //#region src/themes/context.ts
-let _async_hooks;
+let asyncHooks;
 /**
 * Emit theme change event to listeners.
 *
@@ -19,15 +19,14 @@ function emitThemeChange(theme) {
 *
 * @private
 */
-/*@__NO_SIDE_EFFECTS__*/
 function getAsyncHooks() {
-	if (_async_hooks === void 0) _async_hooks = /*@__PURE__*/ require("node:async_hooks");
-	return _async_hooks;
+	if (asyncHooks === void 0) asyncHooks = /*@__PURE__*/ require("node:async_hooks");
+	return asyncHooks;
 }
 /**
 * AsyncLocalStorage for theme context isolation.
 */
-const { AsyncLocalStorage } = /* @__PURE__ */ getAsyncHooks();
+const { AsyncLocalStorage } = getAsyncHooks();
 const themeStorage = new AsyncLocalStorage();
 /**
 * Fallback theme for global context.

package/dist/themes/themes.js CHANGED Viewed

@@ -8,8 +8,6 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 * designed for focus and elegance.
 */
 const SOCKET_THEME = {
-	name: "socket",
-	displayName: "Socket Security",
 	colors: {
 		primary: [
 			140,
@@ -26,6 +24,7 @@ const SOCKET_THEME = {
 		link: "cyanBright",
 		prompt: "primary"
 	},
+	displayName: "Socket Security",
 	effects: {
 		spinner: {
 			color: "primary",
@@ -41,15 +40,14 @@ const SOCKET_THEME = {
 	meta: {
 		description: "Signature theme with refined violet and subtle shimmer",
 		version: "1.0.0"
-	}
+	},
+	name: "socket"
 };
 /**
 * Sunset — Vibrant twilight gradient. Warm sunset palette with orange and
 * purple/pink tones.
 */
 const SUNSET_THEME = {
-	name: "sunset",
-	displayName: "Sunset",
 	colors: {
 		primary: [
 			255,
@@ -71,6 +69,7 @@ const SUNSET_THEME = {
 		link: "primary",
 		prompt: "primary"
 	},
+	displayName: "Sunset",
 	effects: {
 		spinner: {
 			color: "primary",
@@ -94,15 +93,14 @@ const SUNSET_THEME = {
 	meta: {
 		description: "Warm sunset theme with purple-to-orange gradient",
 		version: "2.0.0"
-	}
+	},
+	name: "sunset"
 };
 /**
 * Terracotta — Solid warmth. Rich terracotta and ember tones for grounded
 * confidence.
 */
 const TERRACOTTA_THEME = {
-	name: "terracotta",
-	displayName: "Terracotta",
 	colors: {
 		primary: [
 			255,
@@ -124,6 +122,7 @@ const TERRACOTTA_THEME = {
 		link: "secondary",
 		prompt: "primary"
 	},
+	displayName: "Terracotta",
 	effects: {
 		spinner: {
 			color: "primary",
@@ -139,14 +138,13 @@ const TERRACOTTA_THEME = {
 	meta: {
 		description: "Solid theme with rich terracotta and ember warmth",
 		version: "1.0.0"
-	}
+	},
+	name: "terracotta"
 };
 /**
 * Lush — Steel elegance. Python-inspired steel blue with golden accents.
 */
 const LUSH_THEME = {
-	name: "lush",
-	displayName: "Lush",
 	colors: {
 		primary: [
 			70,
@@ -168,6 +166,7 @@ const LUSH_THEME = {
 		link: "cyanBright",
 		prompt: "primary"
 	},
+	displayName: "Lush",
 	effects: { spinner: {
 		color: "primary",
 		style: "dots"
@@ -175,15 +174,14 @@ const LUSH_THEME = {
 	meta: {
 		description: "Elegant theme with steel blue and golden harmony",
 		version: "1.0.0"
-	}
+	},
+	name: "lush"
 };
 /**
 * Ultra — Premium intensity. Prismatic shimmer for deep analysis, where
 * complexity meets elegance.
 */
 const ULTRA_THEME = {
-	name: "ultra",
-	displayName: "Ultra",
 	colors: {
 		primary: [
 			140,
@@ -200,6 +198,7 @@ const ULTRA_THEME = {
 		link: "cyanBright",
 		prompt: "primary"
 	},
+	displayName: "Ultra",
 	effects: {
 		spinner: {
 			color: "inherit",
@@ -215,7 +214,8 @@ const ULTRA_THEME = {
 	meta: {
 		description: "Premium theme with prismatic shimmer for deep analysis",
 		version: "1.0.0"
-	}
+	},
+	name: "ultra"
 };
 /**
 * Theme registry — Curated palette collection.

package/dist/themes/types.d.ts CHANGED Viewed

@@ -75,7 +75,7 @@ export type ThemeEffects = {
          * Animation style.
          */
         style?: SpinnerStyle | string | undefined;
-    };
+    } | undefined;
     /**
      * Shimmer configuration.
      */
@@ -96,7 +96,7 @@ export type ThemeEffects = {
          * Speed (steps per frame)
          */
         speed?: number | undefined;
-    };
+    } | undefined;
     /**
      * Pulse configuration.
      */
@@ -105,7 +105,7 @@ export type ThemeEffects = {
          * Speed (milliseconds)
          */
         speed?: number | undefined;
-    };
+    } | undefined;
 };
 /**
  * Theme metadata — descriptive information.

package/dist/url/assert-safe.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * @file SSRF guard for operator- or issuer-supplied URLs — `assertSafeHttpUrl`
+ *   parses a raw URL, rejects non-HTTP(S) schemes, and refuses hosts that
+ *   resolve to loopback / private / link-local ranges (cloud metadata, redis,
+ *   internal services). A server that fetches a URL it did not author (an OAuth
+ *   issuer, an introspection endpoint advertised in its metadata, a webhook
+ *   target) runs the candidate through this before the request leaves the box.
+ */
+import type { AssertSafeHttpUrlOptions } from './types';
+/**
+ * Parse `rawUrl` and assert it is safe to fetch server-side, returning the
+ * parsed `URL`. Throws when the value does not parse, uses a scheme other than
+ * `http:` / `https:`, or resolves to a loopback / private / link-local host.
+ * Set `allowLocalhost` to permit `localhost` / `127.0.0.1` / `::1` for
+ * local-stack development. `label` names the subject in the thrown message.
+ *
+ * @example
+ *   ;```typescript
+ *   assertSafeHttpUrl('https://api.example.com', { label: 'OAuth issuer' })
+ *   // → URL { href: 'https://api.example.com/' }
+ *
+ *   assertSafeHttpUrl('http://169.254.169.254/latest/meta-data')
+ *   // → throws: resolves to a private/loopback host
+ *
+ *   assertSafeHttpUrl('ftp://example.com')
+ *   // → throws: must use http(s)
+ *   ```
+ */
+export declare function assertSafeHttpUrl(rawUrl: string, options?: AssertSafeHttpUrlOptions | undefined): URL;

package/dist/url/assert-safe.js ADDED Viewed

@@ -0,0 +1,54 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_url_predicates = require('./predicates.js');
+//#region src/url/assert-safe.ts
+/**
+* @file SSRF guard for operator- or issuer-supplied URLs — `assertSafeHttpUrl`
+*   parses a raw URL, rejects non-HTTP(S) schemes, and refuses hosts that
+*   resolve to loopback / private / link-local ranges (cloud metadata, redis,
+*   internal services). A server that fetches a URL it did not author (an OAuth
+*   issuer, an introspection endpoint advertised in its metadata, a webhook
+*   target) runs the candidate through this before the request leaves the box.
+*/
+const UrlCtor = URL;
+/**
+* Parse `rawUrl` and assert it is safe to fetch server-side, returning the
+* parsed `URL`. Throws when the value does not parse, uses a scheme other than
+* `http:` / `https:`, or resolves to a loopback / private / link-local host.
+* Set `allowLocalhost` to permit `localhost` / `127.0.0.1` / `::1` for
+* local-stack development. `label` names the subject in the thrown message.
+*
+* @example
+*   ;```typescript
+*   assertSafeHttpUrl('https://api.example.com', { label: 'OAuth issuer' })
+*   // → URL { href: 'https://api.example.com/' }
+*
+*   assertSafeHttpUrl('http://169.254.169.254/latest/meta-data')
+*   // → throws: resolves to a private/loopback host
+*
+*   assertSafeHttpUrl('ftp://example.com')
+*   // → throws: must use http(s)
+*   ```
+*/
+function assertSafeHttpUrl(rawUrl, options) {
+	const { allowLocalhost = false, label = "URL" } = {
+		__proto__: null,
+		...options
+	};
+	let url;
+	try {
+		url = new UrlCtor(rawUrl);
+	} catch {
+		throw new Error(`${label} is not a valid URL: ${rawUrl}. Provide an absolute http(s) URL.`);
+	}
+	if (url.protocol !== "http:" && url.protocol !== "https:") throw new Error(`${label} must use http(s): ${rawUrl}. Got scheme "${url.protocol}"; use http: or https:.`);
+	const { hostname } = url;
+	if (allowLocalhost && require_url_predicates.isLoopbackHost(hostname)) return url;
+	if (require_url_predicates.isPrivateHost(hostname)) throw new Error(`${label} resolves to a private/loopback host and is refused: ${rawUrl}. Point it at a public host.`);
+	return url;
+}
+//#endregion
+exports.assertSafeHttpUrl = assertSafeHttpUrl;

package/dist/url/parse.js CHANGED Viewed

@@ -19,7 +19,6 @@ const UrlCtor = URL;
 *   createRelativeUrl('/api/test', { base: 'https://example.com' }) // 'https://example.com/api/test'
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function createRelativeUrl(path, options) {
 	const { base = "" } = {
 		__proto__: null,
@@ -42,7 +41,6 @@ function createRelativeUrl(path, options) {
 *   parseUrl('invalid') // undefined
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function parseUrl(value) {
 	try {
 		return new UrlCtor(value);

package/dist/url/predicates.d.ts CHANGED Viewed

@@ -1,7 +1,37 @@
 /**
  * @file URL type-guard predicates — `isUrl` answers whether a value parses as a
- *   valid URL via `parseUrl`.
+ *   valid URL via `parseUrl`. `isLoopbackHost` / `isPrivateHost` classify a
+ *   hostname for SSRF guards: a server that fetches an operator- or
+ *   issuer-supplied URL uses these to refuse hosts that resolve to the local
+ *   machine or an internal network (cloud metadata, redis, link-local).
  */
+/**
+ * Check whether a hostname is a loopback address — `localhost`, `127.0.0.1`, or
+ * IPv6 `::1`. Compares case-insensitively; pass a bare hostname, not a URL.
+ *
+ * @example
+ *   ;```typescript
+ *   isLoopbackHost('localhost') // true
+ *   isLoopbackHost('127.0.0.1') // true
+ *   isLoopbackHost('example.com') // false
+ *   ```
+ */
+export declare function isLoopbackHost(hostname: string): boolean;
+/**
+ * Check whether a hostname resolves to a private / loopback / link-local
+ * address an SSRF probe would target (the local machine, RFC 1918 ranges, IPv6
+ * loopback / ULA / link-local). Loopback hosts count as private. Compares
+ * case-insensitively; pass a bare hostname, not a URL.
+ *
+ * @example
+ *   ;```typescript
+ *   isPrivateHost('127.0.0.1') // true
+ *   isPrivateHost('10.0.0.5') // true
+ *   isPrivateHost('169.254.169.254') // true
+ *   isPrivateHost('example.com') // false
+ *   ```
+ */
+export declare function isPrivateHost(hostname: string): boolean;
 /**
  * Check if a value is a valid URL.
  *

package/dist/url/predicates.js CHANGED Viewed

@@ -1,13 +1,52 @@
 "use strict";
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_string = require('../primordials/string.js');
+const require_primordials_regexp = require('../primordials/regexp.js');
 const require_url_parse = require('./parse.js');
 //#region src/url/predicates.ts
 /**
 * @file URL type-guard predicates — `isUrl` answers whether a value parses as a
-*   valid URL via `parseUrl`.
+*   valid URL via `parseUrl`. `isLoopbackHost` / `isPrivateHost` classify a
+*   hostname for SSRF guards: a server that fetches an operator- or
+*   issuer-supplied URL uses these to refuse hosts that resolve to the local
+*   machine or an internal network (cloud metadata, redis, link-local).
 */
+const PRIVATE_HOST_REGEXP = /^(?:0\.0\.0\.0$|10\.|127\.|169\.254\.|172\.(?:1[6-9]|2\d|3[01])\.|192\.168\.|\[?::1\]?$|\[?fc00:|\[?fd|\[?fe80:)/u;
+/**
+* Check whether a hostname is a loopback address — `localhost`, `127.0.0.1`, or
+* IPv6 `::1`. Compares case-insensitively; pass a bare hostname, not a URL.
+*
+* @example
+*   ;```typescript
+*   isLoopbackHost('localhost') // true
+*   isLoopbackHost('127.0.0.1') // true
+*   isLoopbackHost('example.com') // false
+*   ```
+*/
+function isLoopbackHost(hostname) {
+	const host = require_primordials_string.StringPrototypeToLowerCase(hostname);
+	return host === "::1" || host === "127.0.0.1" || host === "localhost";
+}
+/**
+* Check whether a hostname resolves to a private / loopback / link-local
+* address an SSRF probe would target (the local machine, RFC 1918 ranges, IPv6
+* loopback / ULA / link-local). Loopback hosts count as private. Compares
+* case-insensitively; pass a bare hostname, not a URL.
+*
+* @example
+*   ;```typescript
+*   isPrivateHost('127.0.0.1') // true
+*   isPrivateHost('10.0.0.5') // true
+*   isPrivateHost('169.254.169.254') // true
+*   isPrivateHost('example.com') // false
+*   ```
+*/
+function isPrivateHost(hostname) {
+	const host = require_primordials_string.StringPrototypeToLowerCase(hostname);
+	return isLoopbackHost(host) || require_primordials_regexp.RegExpPrototypeTest(PRIVATE_HOST_REGEXP, host);
+}
 /**
 * Check if a value is a valid URL.
 *
@@ -18,10 +57,11 @@ const require_url_parse = require('./parse.js');
 *   isUrl(null) // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function isUrl(value) {
-	return (typeof value === "string" && value !== "" || value !== null && typeof value === "object") && !!/* @__PURE__ */ require_url_parse.parseUrl(value);
+	return (typeof value === "string" && value !== "" || value !== null && typeof value === "object") && !!require_url_parse.parseUrl(value);
 }
 //#endregion
+exports.isLoopbackHost = isLoopbackHost;
+exports.isPrivateHost = isPrivateHost;
 exports.isUrl = isUrl;

package/dist/url/search-params.js CHANGED Viewed

@@ -20,7 +20,6 @@ const BooleanCtor = Boolean;
 *   urlSearchParamsAsArray(null) // []
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsAsArray(value) {
 	return typeof value === "string" ? value.trim().split(/, */).map((v) => v.trim()).filter(BooleanCtor) : [];
 }
@@ -34,7 +33,6 @@ function urlSearchParamsAsArray(value) {
 *   urlSearchParamsAsBoolean(null) // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsAsBoolean(value, options) {
 	const { defaultValue = false } = {
 		__proto__: null,
@@ -44,7 +42,7 @@ function urlSearchParamsAsBoolean(value, options) {
 		const trimmed = value.trim();
 		if (trimmed === "") return !!defaultValue;
 		const lowered = trimmed.toLowerCase();
-		return lowered === "1" || lowered === "true" || lowered === "yes" || lowered === "on";
+		return lowered === "1" || lowered === "on" || lowered === "true" || lowered === "yes";
 	}
 	if (value === null || value === void 0) return !!defaultValue;
 	return !!value;
@@ -59,7 +57,6 @@ function urlSearchParamsAsBoolean(value, options) {
 *   urlSearchParamsAsNumber(params, 'other') // 0
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsAsNumber(params, key, options) {
 	const { defaultValue = 0 } = {
 		__proto__: null,
@@ -84,7 +81,6 @@ function urlSearchParamsAsNumber(params, key, options) {
 *   urlSearchParamsAsString(params, 'other') // ''
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsAsString(params, key, options) {
 	const { defaultValue = "" } = {
 		__proto__: null,
@@ -105,12 +101,11 @@ function urlSearchParamsAsString(params, key, options) {
 *   urlSearchParamsGetArray(params, 'tags') // ['a', 'b', 'c']
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsGetArray(params, key) {
 	if (params && typeof params.getAll === "function") {
 		const values = params.getAll(key);
 		const firstValue = values[0];
-		if (values.length === 1 && firstValue && firstValue.includes(",")) return /* @__PURE__ */ urlSearchParamsAsArray(firstValue);
+		if (values.length === 1 && firstValue && firstValue.includes(",")) return urlSearchParamsAsArray(firstValue);
 		return values;
 	}
 	return [];
@@ -125,7 +120,6 @@ function urlSearchParamsGetArray(params, key) {
 *   urlSearchParamsGetBoolean(params, 'other') // false
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function urlSearchParamsGetBoolean(params, key, options) {
 	const { defaultValue = false } = {
 		__proto__: null,
@@ -133,7 +127,7 @@ function urlSearchParamsGetBoolean(params, key, options) {
 	};
 	if (params && typeof params.get === "function") {
 		const value = params.get(key);
-		return value !== null ? /* @__PURE__ */ urlSearchParamsAsBoolean(value, { defaultValue }) : defaultValue;
+		return value !== null ? urlSearchParamsAsBoolean(value, { defaultValue }) : defaultValue;
 	}
 	return defaultValue;
 }

package/dist/url/types.d.ts CHANGED Viewed

@@ -3,18 +3,22 @@
  *   `createRelativeUrl`, `urlSearchParamsAs*`, and `urlSearchParamsGet*`. Pure
  *   types, no runtime side effects.
  */
+export interface AssertSafeHttpUrlOptions {
+    label?: string | undefined;
+    allowLocalhost?: boolean | undefined;
+}
 export interface CreateRelativeUrlOptions {
-    base?: string;
+    base?: string | undefined;
 }
 export interface UrlSearchParamsAsBooleanOptions {
-    defaultValue?: boolean;
+    defaultValue?: boolean | undefined;
 }
 export interface UrlSearchParamsAsNumberOptions {
-    defaultValue?: number;
+    defaultValue?: number | undefined;
 }
 export interface UrlSearchParamsAsStringOptions {
-    defaultValue?: string;
+    defaultValue?: string | undefined;
 }
 export interface UrlSearchParamsGetBooleanOptions {
-    defaultValue?: boolean;
+    defaultValue?: boolean | undefined;
 }

package/dist/versions/_internal.js CHANGED Viewed

@@ -15,20 +15,20 @@ const require_smol_versions = require('../smol/versions.js');
 *   shape (`{major, minor, patch}`) which only `semver.parse` exposes — those
 *   leaves use `getSemver()` directly instead of going through `impl`.
 */
-const _semver = require("../external/semver");
+const semver = require("../external/semver");
 /**
 * The vendored `semver` JS implementation. Always available — used directly by
 * the leaves that need the parsed `{major, minor, patch}` shape (which
 * smol-versions doesn't expose).
 */
 function getSemver() {
-	return _semver;
+	return semver;
 }
 /**
 * Resolved version implementation: smol-versions on the smol Node binary,
 * otherwise the vendored `semver`. Bound once at module load.
 */
-const impl = /* @__PURE__ */ require_smol_versions.getSmolVersions() ?? _semver;
+const impl = require_smol_versions.getSmolVersions() ?? semver;
 //#endregion
 exports.getSemver = getSemver;

package/dist/words/article.js CHANGED Viewed

@@ -16,7 +16,6 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 *   determineArticle('banana') // 'a'
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function determineArticle(word) {
 	return /^[aeiou]/i.test(word) ? "an" : "a";
 }

package/dist/words/capitalize.js CHANGED Viewed

@@ -17,7 +17,6 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 *   capitalize('') // ''
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function capitalize(word) {
 	if (word.length === 0) return word;
 	const [first, ...rest] = [...word];

package/dist/words/pluralize.js CHANGED Viewed

@@ -1,22 +1,33 @@
 "use strict";
 /* Socket Lib - Built with rolldown */
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_intl = require('../primordials/intl.js');
 //#region src/words/pluralize.ts
+/**
+* @file Count-based pluralization. Two modes:
+*
+*   - Default: appends a trailing `'s'` when the count is anything other than 1.
+*     Zero-cost; no Intl dependency on the hot path.
+*   - Dictionary: when `options.forms` is given, selects from a caller-supplied
+*     dictionary of forms keyed by plural category. Honors locale + cardinal /
+*     ordinal via `Intl.PluralRules`. Required `plural` acts as the fallback
+*     for any category not explicitly listed.
+*/
 const CLDR_TO_FIELD = {
+	few: "few",
+	many: "many",
 	one: "singular",
 	other: "plural",
-	zero: "zero",
 	two: "two",
-	few: "few",
-	many: "many"
+	zero: "zero"
 };
 const RULES_CACHE = /* @__PURE__ */ new Map();
 function getRules(locale, type) {
 	const key = `${locale}:${type}`;
 	let r = RULES_CACHE.get(key);
 	if (!r) {
-		r = new Intl.PluralRules(locale, { type });
+		r = new require_primordials_intl.IntlPluralRules(locale, { type });
 		RULES_CACHE.set(key, r);
 	}
 	return r;
@@ -46,7 +57,6 @@ function getRules(locale, type) {
 *   }) // 'nd'
 *   ```
 */
-/*@__NO_SIDE_EFFECTS__*/
 function pluralize(word, options) {
 	const { count = 1, forms, locale = "en-US", type = "cardinal" } = {
 		__proto__: null,