@socketsecurity/lib 6.0.8 → 6.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (396) hide show
  1. package/CHANGELOG.md +28 -0
  2. package/README.md +8 -9
  3. package/dist/abort/signal.d.ts +1 -1
  4. package/dist/abort/signal.js +1 -1
  5. package/dist/ai/agent-context.d.mts +1 -1
  6. package/dist/ai/agent-context.js +3 -2
  7. package/dist/ai/backends.d.mts +3 -3
  8. package/dist/ai/backends.js +2 -2
  9. package/dist/ai/billing-context.d.mts +74 -0
  10. package/dist/ai/billing-context.js +129 -0
  11. package/dist/ai/credentials.d.mts +39 -5
  12. package/dist/ai/credentials.js +61 -6
  13. package/dist/ai/discover.d.mts +4 -0
  14. package/dist/ai/discover.js +4 -0
  15. package/dist/ai/exec.d.mts +1 -1
  16. package/dist/ai/exec.js +1 -1
  17. package/dist/ai/http.d.mts +8 -8
  18. package/dist/ai/http.js +6 -6
  19. package/dist/ai/profiles.d.mts +9 -10
  20. package/dist/ai/profiles.js +0 -5
  21. package/dist/ai/role.d.mts +58 -0
  22. package/dist/ai/role.js +96 -0
  23. package/dist/ai/route-heuristic.d.mts +177 -0
  24. package/dist/ai/route-heuristic.js +194 -0
  25. package/dist/ai/route.d.mts +31 -17
  26. package/dist/ai/route.js +35 -19
  27. package/dist/ai/spawn.d.mts +34 -1
  28. package/dist/ai/spawn.js +115 -3
  29. package/dist/ai/subagent-status.d.mts +2 -0
  30. package/dist/ai/subagent-status.js +2 -0
  31. package/dist/ai/tier.d.mts +1 -1
  32. package/dist/ai/types.d.mts +19 -2
  33. package/dist/ai/worktree.d.mts +1 -1
  34. package/dist/ai/worktree.js +3 -2
  35. package/dist/argv/parse.d.ts +2 -0
  36. package/dist/argv/parse.js +2 -0
  37. package/dist/bin/_internal.d.ts +1 -1
  38. package/dist/bin/_internal.js +1 -1
  39. package/dist/bin/prim.cjs +19253 -13937
  40. package/dist/bin/resolve.js +1 -1
  41. package/dist/bin/shadow.js +2 -1
  42. package/dist/bin/which.d.ts +28 -3
  43. package/dist/bin/which.js +45 -3
  44. package/dist/cacache/_internal.d.ts +10 -2
  45. package/dist/cacache/_internal.js +6 -10
  46. package/dist/cache/ttl/_internal.d.ts +33 -0
  47. package/dist/cache/ttl/_internal.js +68 -0
  48. package/dist/cache/ttl/browser.d.ts +56 -0
  49. package/dist/cache/ttl/browser.js +257 -0
  50. package/dist/cache/ttl/store.js +11 -34
  51. package/dist/cache/ttl/types.d.ts +46 -3
  52. package/dist/checks/primordials-defaults.d.ts +5 -5
  53. package/dist/checks/primordials-defaults.js +5 -5
  54. package/dist/checks/primordials.d.ts +1 -1
  55. package/dist/checks/primordials.js +25 -17
  56. package/dist/cli/check-primordials.d.ts +6 -1
  57. package/dist/cli/check-primordials.js +14 -5
  58. package/dist/cli/check.js +1 -1
  59. package/dist/cli/socket-lib.d.ts +1 -1
  60. package/dist/cli/socket-lib.js +3 -3
  61. package/dist/colors/socket-palette.d.ts +1 -1
  62. package/dist/compression/brotli.d.ts +6 -2
  63. package/dist/compression/brotli.js +5 -1
  64. package/dist/compression/gzip.d.ts +6 -2
  65. package/dist/compression/gzip.js +7 -2
  66. package/dist/config/layers.d.ts +53 -0
  67. package/dist/config/layers.js +83 -0
  68. package/dist/constants/agents.d.ts +3 -0
  69. package/dist/constants/agents.js +3 -0
  70. package/dist/constants/node.d.ts +14 -0
  71. package/dist/constants/node.js +14 -0
  72. package/dist/constants/package-default-node-range.js +1 -5
  73. package/dist/constants/packages.d.ts +5 -0
  74. package/dist/constants/packages.js +5 -0
  75. package/dist/constants/platform.d.ts +1 -1
  76. package/dist/constants/platform.js +1 -1
  77. package/dist/constants/socket.js +1 -1
  78. package/dist/constants/typescript.d.ts +5 -0
  79. package/dist/constants/typescript.js +5 -0
  80. package/dist/debug/_internal.d.ts +22 -7
  81. package/dist/debug/_internal.js +33 -15
  82. package/dist/debug/caller-info.js +1 -1
  83. package/dist/debug/namespace.js +11 -8
  84. package/dist/debug/output.d.ts +12 -1
  85. package/dist/debug/output.js +33 -16
  86. package/dist/dlx/binary-cache.js +1 -1
  87. package/dist/dlx/binary-resolution.js +8 -5
  88. package/dist/dlx/firewall.js +1 -1
  89. package/dist/dlx/lockfile.js +1 -1
  90. package/dist/eco/npm/npm/parse-lockfile.js +3 -2
  91. package/dist/eco/npm/vlt/exec.d.ts +1 -1
  92. package/dist/eco/npm/vlt/exec.js +1 -1
  93. package/dist/eco/npm/yarnpkg/yarn/parse-lockfile.js +1 -1
  94. package/dist/env/agents.d.ts +6 -0
  95. package/dist/env/agents.js +29 -0
  96. package/dist/env/flags.d.ts +12 -0
  97. package/dist/env/flags.js +23 -0
  98. package/dist/env/github-status.js +2 -2
  99. package/dist/env/providers.d.ts +6 -0
  100. package/dist/env/providers.js +23 -0
  101. package/dist/env/proxy.js +1 -1
  102. package/dist/env/rewire.d.ts +37 -3
  103. package/dist/env/rewire.js +60 -29
  104. package/dist/env/runtimes.d.ts +9 -0
  105. package/dist/env/runtimes.js +53 -0
  106. package/dist/env/socket-cli.d.ts +5 -2
  107. package/dist/env/socket-cli.js +6 -3
  108. package/dist/env/xdg.d.ts +17 -0
  109. package/dist/env/xdg.js +21 -1
  110. package/dist/errors/predicates.d.ts +3 -2
  111. package/dist/errors/predicates.js +5 -3
  112. package/dist/events/exit/_internal.d.ts +1 -23
  113. package/dist/external/@npmcli/package-json.js +3570 -4905
  114. package/dist/external/@npmcli/promise-spawn.js +2 -2
  115. package/dist/external/@sinclair/typebox/value.js +5 -4
  116. package/dist/external/@socketregistry/yocto-spinner.js +3 -3
  117. package/dist/external/@yarnpkg/extensions.js +1 -1
  118. package/dist/external/adm-zip.d.ts +82 -0
  119. package/dist/external/adm-zip.js +2 -2
  120. package/dist/external/cacache.d.ts +87 -0
  121. package/dist/external/debug.d.ts +22 -0
  122. package/dist/external/debug.js +11 -4
  123. package/dist/external/del.d.ts +1 -0
  124. package/dist/external/external-pack.d.ts +12 -0
  125. package/dist/external/external-pack.js +42 -35
  126. package/dist/external/fast-glob.d.ts +8 -0
  127. package/dist/external/fast-sort.d.ts +1 -0
  128. package/dist/external/get-east-asian-width.d.ts +5 -0
  129. package/dist/external/get-east-asian-width.js +8 -1
  130. package/dist/external/has-flag.d.ts +1 -0
  131. package/dist/external/inquirer-pack.d.ts +18 -0
  132. package/dist/external/libnpmexec.d.ts +35 -0
  133. package/dist/external/libnpmpack.d.ts +1 -0
  134. package/dist/external/make-fetch-happen.d.ts +13 -0
  135. package/dist/external/normalize-package-data.d.ts +4 -0
  136. package/dist/external/npm-core.d.ts +14 -0
  137. package/dist/external/npm-pack.d.ts +24 -0
  138. package/dist/external/npm-pack.js +28934 -31885
  139. package/dist/external/npm-package-arg.d.ts +4 -0
  140. package/dist/external/p-map.js +8 -1
  141. package/dist/external/pacote.d.ts +15 -0
  142. package/dist/external/pico-pack.d.ts +16 -0
  143. package/dist/external/pico-pack.js +38 -23
  144. package/dist/external/picomatch.d.ts +96 -0
  145. package/dist/external/pony-cause.d.ts +14 -0
  146. package/dist/external/semver.d.ts +60 -0
  147. package/dist/external/semver.js +1459 -4
  148. package/dist/external/shell-quote.d.ts +51 -0
  149. package/dist/external/shell-quote.js +55 -15
  150. package/dist/external/signal-exit.d.ts +1 -0
  151. package/dist/external/spdx-correct.d.ts +4 -0
  152. package/dist/external/spdx-expression-parse.d.ts +4 -0
  153. package/dist/external/spdx-pack.d.ts +10 -0
  154. package/dist/external/std-env.d.ts +284 -0
  155. package/dist/external/std-env.js +323 -0
  156. package/dist/external/streaming-iterables.d.ts +11 -0
  157. package/dist/external/supports-color.d.ts +1 -0
  158. package/dist/external/tar-fs.d.ts +31 -0
  159. package/dist/external/tar-fs.js +63 -16
  160. package/dist/external/validate-npm-package-name.d.ts +4 -0
  161. package/dist/external/which.d.ts +25 -0
  162. package/dist/external/which.js +2 -2
  163. package/dist/external/yargs-parser.d.ts +2 -0
  164. package/dist/external/yargs-parser.js +11 -3
  165. package/dist/external/yoctocolors-cjs.d.ts +51 -0
  166. package/dist/external-tools/bazel/asset-names.d.ts +1 -1
  167. package/dist/external-tools/bazel/from-download.d.ts +1 -1
  168. package/dist/external-tools/bazel/resolve.d.ts +3 -0
  169. package/dist/external-tools/bazel/resolve.js +3 -0
  170. package/dist/external-tools/cdxgen/asset-names.d.ts +5 -5
  171. package/dist/external-tools/cdxgen/asset-names.js +3 -3
  172. package/dist/external-tools/cdxgen/from-download.d.ts +2 -2
  173. package/dist/external-tools/cdxgen/from-download.js +1 -1
  174. package/dist/external-tools/cdxgen/resolve.d.ts +4 -1
  175. package/dist/external-tools/cdxgen/resolve.js +4 -1
  176. package/dist/external-tools/cdxgen/types.d.ts +1 -1
  177. package/dist/external-tools/from-download.d.ts +2 -2
  178. package/dist/external-tools/from-download.js +1 -1
  179. package/dist/external-tools/janus/asset-names.d.ts +4 -1
  180. package/dist/external-tools/janus/asset-names.js +3 -0
  181. package/dist/external-tools/janus/from-download.d.ts +3 -3
  182. package/dist/external-tools/janus/from-download.js +2 -2
  183. package/dist/external-tools/janus/resolve.d.ts +3 -0
  184. package/dist/external-tools/janus/resolve.js +3 -0
  185. package/dist/external-tools/jre/asset-names.d.ts +3 -1
  186. package/dist/external-tools/jre/asset-names.js +2 -0
  187. package/dist/external-tools/jre/detect-platform-arch.js +1 -1
  188. package/dist/external-tools/jre/from-download.d.ts +1 -1
  189. package/dist/external-tools/manifest.d.ts +5 -3
  190. package/dist/external-tools/manifest.js +5 -3
  191. package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
  192. package/dist/external-tools/opengrep/resolve.d.ts +3 -0
  193. package/dist/external-tools/opengrep/resolve.js +3 -0
  194. package/dist/external-tools/python/asset-names.d.ts +3 -1
  195. package/dist/external-tools/python/asset-names.js +8 -4
  196. package/dist/external-tools/python/pin.js +3 -1
  197. package/dist/external-tools/python/resolve.d.ts +3 -0
  198. package/dist/external-tools/python/resolve.js +3 -0
  199. package/dist/external-tools/python/uv-install.d.ts +89 -0
  200. package/dist/external-tools/python/uv-install.js +165 -0
  201. package/dist/external-tools/sbt/resolve.d.ts +3 -0
  202. package/dist/external-tools/sbt/resolve.js +3 -0
  203. package/dist/external-tools/skillspector/from-uv.d.ts +30 -0
  204. package/dist/external-tools/skillspector/from-uv.js +56 -0
  205. package/dist/external-tools/skillspector/resolve.d.ts +18 -3
  206. package/dist/external-tools/skillspector/resolve.js +21 -8
  207. package/dist/external-tools/skillspector/types.d.ts +3 -1
  208. package/dist/external-tools/synp/resolve.d.ts +3 -0
  209. package/dist/external-tools/synp/resolve.js +3 -0
  210. package/dist/external-tools/trivy/asset-names.d.ts +1 -1
  211. package/dist/external-tools/trivy/resolve.d.ts +3 -0
  212. package/dist/external-tools/trivy/resolve.js +3 -0
  213. package/dist/external-tools/trufflehog/asset-names.d.ts +4 -1
  214. package/dist/external-tools/trufflehog/asset-names.js +3 -0
  215. package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
  216. package/dist/external-tools/trufflehog/resolve.d.ts +3 -0
  217. package/dist/external-tools/trufflehog/resolve.js +3 -0
  218. package/dist/external-tools/uv/asset-names.d.ts +36 -0
  219. package/dist/external-tools/uv/asset-names.js +73 -0
  220. package/dist/external-tools/uv/from-download.d.ts +17 -0
  221. package/dist/external-tools/uv/from-download.js +50 -0
  222. package/dist/external-tools/uv/from-path.d.ts +5 -0
  223. package/dist/external-tools/uv/from-path.js +22 -0
  224. package/dist/external-tools/uv/from-vfs.d.ts +7 -0
  225. package/dist/external-tools/uv/from-vfs.js +26 -0
  226. package/dist/external-tools/uv/resolve.d.ts +28 -0
  227. package/dist/external-tools/uv/resolve.js +64 -0
  228. package/dist/external-tools/uv/types.d.ts +24 -0
  229. package/dist/external-tools/uv/types.js +2 -0
  230. package/dist/fleet/repo-config.d.ts +55 -0
  231. package/dist/fleet/repo-config.js +81 -0
  232. package/dist/fs/_internal.d.ts +1 -1
  233. package/dist/fs/_internal.js +1 -1
  234. package/dist/fs/access.d.ts +2 -0
  235. package/dist/fs/access.js +2 -0
  236. package/dist/fs/copy.d.ts +88 -0
  237. package/dist/fs/copy.js +89 -0
  238. package/dist/fs/find.js +1 -2
  239. package/dist/fs/inspect.d.ts +2 -2
  240. package/dist/fs/read-file.js +3 -4
  241. package/dist/fs/safe.js +2 -2
  242. package/dist/git/_internal.js +7 -3
  243. package/dist/github/commit.d.ts +92 -0
  244. package/dist/github/commit.js +113 -0
  245. package/dist/github/ghsa.js +1 -1
  246. package/dist/github/refs-graphql.js +1 -1
  247. package/dist/github/refs.js +10 -15
  248. package/dist/github/request.js +1 -1
  249. package/dist/github/token.d.ts +5 -2
  250. package/dist/github/token.js +6 -4
  251. package/dist/github/workflow-runs.d.ts +107 -0
  252. package/dist/github/workflow-runs.js +98 -0
  253. package/dist/globs/_internal.js +1 -1
  254. package/dist/http-request/_internal.d.ts +1 -1
  255. package/dist/http-request/browser.d.ts +6 -0
  256. package/dist/http-request/browser.js +4 -3
  257. package/dist/http-request/checksum-file.js +1 -1
  258. package/dist/http-request/download.js +2 -0
  259. package/dist/http-request/headers.d.ts +1 -1
  260. package/dist/http-request/headers.js +2 -2
  261. package/dist/http-request/request-attempt.js +6 -3
  262. package/dist/http-request/request-types.d.ts +10 -1
  263. package/dist/http-request/request.js +2 -2
  264. package/dist/http-request/user-agent.d.ts +23 -2
  265. package/dist/http-request/user-agent.js +48 -6
  266. package/dist/integrity.d.ts +127 -78
  267. package/dist/integrity.js +170 -84
  268. package/dist/json/format.js +4 -1
  269. package/dist/logger/_internal.d.ts +13 -15
  270. package/dist/logger/_internal.js +21 -21
  271. package/dist/logger/colors.d.ts +10 -5
  272. package/dist/logger/colors.js +7 -14
  273. package/dist/logger/console-methods.js +2 -2
  274. package/dist/logger/console.d.ts +1 -0
  275. package/dist/logger/console.js +9 -9
  276. package/dist/logger/node.js +2 -1
  277. package/dist/logger/symbols-builder.js +7 -8
  278. package/dist/logger/symbols.js +8 -8
  279. package/dist/native-messaging/install.js +1 -1
  280. package/dist/native-messaging/rate-limit.d.ts +4 -1
  281. package/dist/native-messaging/rate-limit.js +4 -1
  282. package/dist/node/events.d.ts +3 -0
  283. package/dist/node/events.js +3 -0
  284. package/dist/node/fs.d.ts +1 -1
  285. package/dist/node/module.d.ts +73 -2
  286. package/dist/node/module.js +97 -12
  287. package/dist/node/timers-promises.d.ts +3 -0
  288. package/dist/node/timers-promises.js +3 -0
  289. package/dist/node/url.d.ts +3 -0
  290. package/dist/node/url.js +3 -0
  291. package/dist/npm/meta-cache.d.ts +183 -0
  292. package/dist/npm/meta-cache.js +318 -0
  293. package/dist/npm/meta-slice.d.ts +27 -0
  294. package/dist/npm/meta-slice.js +68 -0
  295. package/dist/npm/meta-types.d.ts +282 -0
  296. package/dist/npm/meta-types.js +2 -0
  297. package/dist/npm/meta.d.ts +125 -0
  298. package/dist/npm/meta.js +347 -0
  299. package/dist/npm/registry.d.ts +212 -0
  300. package/dist/npm/registry.js +284 -0
  301. package/dist/objects/getters.d.ts +1 -1
  302. package/dist/objects/getters.js +1 -1
  303. package/dist/objects/predicates.js +1 -1
  304. package/dist/packages/exports.js +2 -2
  305. package/dist/packages/isolation.js +1 -1
  306. package/dist/packages/manifest.d.ts +29 -0
  307. package/dist/packages/manifest.js +44 -9
  308. package/dist/packages/metadata-extensions.js +2 -4
  309. package/dist/packages/normalize.js +1 -1
  310. package/dist/packages/provenance.d.ts +8 -0
  311. package/dist/packages/provenance.js +10 -2
  312. package/dist/packages/specs.js +1 -1
  313. package/dist/packages/tarball.js +1 -2
  314. package/dist/packages/validation.d.ts +0 -10
  315. package/dist/packages/validation.js +0 -14
  316. package/dist/paths/_internal.d.ts +1 -7
  317. package/dist/paths/_internal.js +9 -15
  318. package/dist/paths/conversion.js +1 -1
  319. package/dist/paths/exts.d.ts +30 -0
  320. package/dist/paths/exts.js +30 -0
  321. package/dist/paths/filenames.d.ts +6 -0
  322. package/dist/paths/filenames.js +6 -0
  323. package/dist/paths/globs.d.ts +6 -0
  324. package/dist/paths/globs.js +6 -0
  325. package/dist/paths/normalize.js +1 -1
  326. package/dist/paths/predicates.js +2 -1
  327. package/dist/paths/resolve.js +19 -14
  328. package/dist/paths/socket.d.ts +81 -30
  329. package/dist/paths/socket.js +102 -28
  330. package/dist/perf/metrics.js +1 -1
  331. package/dist/perf/report.js +5 -3
  332. package/dist/pkg-ext/data.js +0 -2
  333. package/dist/primordials/globals.d.ts +1 -1
  334. package/dist/primordials/globals.js +1 -1
  335. package/dist/primordials/headers.d.ts +13 -1
  336. package/dist/primordials/headers.js +13 -1
  337. package/dist/primordials/process.d.ts +1 -1
  338. package/dist/primordials/process.js +1 -1
  339. package/dist/primordials/url.d.ts +18 -0
  340. package/dist/primordials/url.js +18 -0
  341. package/dist/process/spawn/child.js +3 -5
  342. package/dist/promises/_internal.d.ts +1 -1
  343. package/dist/promises/_internal.js +1 -2
  344. package/dist/promises/options.js +3 -3
  345. package/dist/regexps/spec.js +1 -1
  346. package/dist/releases/socket-btm-binary-naming.js +12 -1
  347. package/dist/schema/validate.js +1 -1
  348. package/dist/secrets/_internal.d.ts +1 -1
  349. package/dist/secrets/_internal.js +1 -1
  350. package/dist/secrets/broker.d.ts +35 -0
  351. package/dist/secrets/broker.js +72 -0
  352. package/dist/secrets/find.d.ts +8 -6
  353. package/dist/secrets/find.js +17 -3
  354. package/dist/secrets/keychain.d.ts +10 -1
  355. package/dist/secrets/keychain.js +10 -1
  356. package/dist/secrets/rc.js +1 -1
  357. package/dist/secrets/socket-api-token.d.ts +1 -1
  358. package/dist/secrets/socket-api-token.js +1 -1
  359. package/dist/secrets/types.d.ts +1 -1
  360. package/dist/smol/detect.js +1 -1
  361. package/dist/smol/http.d.ts +2 -0
  362. package/dist/smol/http.js +3 -1
  363. package/dist/smol/https.d.ts +2 -0
  364. package/dist/smol/https.js +3 -1
  365. package/dist/smol/manifest.js +1 -1
  366. package/dist/smol/path.js +1 -1
  367. package/dist/smol/primordial.js +1 -1
  368. package/dist/smol/purl.js +1 -1
  369. package/dist/smol/versions.js +1 -1
  370. package/dist/smol/vfs.js +1 -1
  371. package/dist/sorts/_internal.d.ts +2 -4
  372. package/dist/sorts/_internal.js +1 -7
  373. package/dist/sorts/semver.js +2 -2
  374. package/dist/spinner/create-spinner-class.js +1 -1
  375. package/dist/spinner/format.js +2 -4
  376. package/dist/stdio/footer.js +8 -7
  377. package/dist/stdio/progress.js +1 -1
  378. package/dist/stdio/prompts.d.ts +8 -23
  379. package/dist/stdio/prompts.js +28 -52
  380. package/dist/strings/format.js +1 -1
  381. package/dist/strings/predicates.d.ts +2 -2
  382. package/dist/strings/search.js +2 -2
  383. package/dist/strings/types.d.ts +4 -0
  384. package/dist/strings/width.d.ts +1 -0
  385. package/dist/strings/width.js +17 -8
  386. package/dist/themes/context.d.ts +18 -3
  387. package/dist/themes/context.js +28 -14
  388. package/dist/versions/_internal.d.ts +43 -13
  389. package/dist/versions/_internal.js +27 -15
  390. package/dist/versions/compare.d.ts +16 -10
  391. package/dist/versions/compare.js +36 -16
  392. package/dist/versions/parse.js +1 -1
  393. package/dist/versions/range.js +3 -2
  394. package/dist/words/pluralize.js +4 -1
  395. package/llms.txt +63 -0
  396. package/package.json +271 -40
package/dist/integrity.js CHANGED
@@ -5,100 +5,129 @@ const require_runtime = require('./_virtual/_rolldown/runtime.js');
5
5
  const require_crypto_hash = require('./crypto/hash.js');
6
6
  const require_primordials_buffer = require('./primordials/buffer.js');
7
7
  const require_primordials_error = require('./primordials/error.js');
8
+ const require_primordials_object = require('./primordials/object.js');
9
+ const require_primordials_string = require('./primordials/string.js');
8
10
  let node_crypto = require("node:crypto");
9
11
  node_crypto = require_runtime.__toESM(node_crypto);
10
12
 
11
13
  //#region src/integrity.ts
12
14
  /**
13
- * @file Integrity + checksum helpers. The fleet uses two named hash flavors:
14
- *
15
- * - **integrity** — W3C Subresource Integrity string:
16
- * `sha(256|384|512)-<base64>`. The same shape the npm registry returns and
17
- * the `<script integrity>` HTML attribute accepts. Algorithm is embedded.
18
- * - **checksum** sha256 hex digest, exactly 64 lowercase chars. The shape
19
- * produced by `shasum -a 256` and used in GitHub-release SHA256SUMS files.
20
- * Conversion is direction-specific so the names read in English:
21
- * `checksumToIntegrity(hex)` and `integrityToChecksum(sri)`. Both are
22
- * idempotent on the destination format (pass an SRI to
23
- * `checksumToIntegrity`, get the same SRI back) so callers can apply them
24
- * without first sniffing the input shape. "SSRI" is just another name for
25
- * Subresource Integrity this module is the only one that should mention
26
- * it, and only inside `parseIntegrity` to extract the embedded algorithm +
27
- * body.
15
+ * @file Integrity + checksum helpers. One concept a {@link Hash} (algorithm +
16
+ * digest) — in two encodings:
17
+ *
18
+ * - **hex** lowercase hex digest (`shasum -a 256` / GitHub `SHA256SUMS`).
19
+ * - **sri** W3C Subresource Integrity `sha(256|384|512)-<base64>` (npm
20
+ * `dist.integrity`, the `<script integrity>` attribute). Both are views of
21
+ * the same digest. The algorithm is EXPLICIT on every `Hash` — never
22
+ * inferred from which function produced it or sniffed from a string's
23
+ * shape. `verifyHash(bytes, expected)` honors whatever algorithm the
24
+ * expected hash declares, so a sha256 `SHA256SUMS` digest and a sha512 npm
25
+ * integrity both "just verify" with no manual conversion. Role split (see
26
+ * `docs/hash-algorithms.md`, unchanged): we PIN sha512 (`computeHash`
27
+ * default, `computeHashes().integrity`); sha256 is the upstream-interop
28
+ * shape (`fetchChecksumFile`, `computeHashes().checksum`). The two only
29
+ * meet at verify-upstream-256 → pin-512. Algorithms are never flipped —
30
+ * relabeling a 256-bit digest as sha512 would be a lie, and you can't
31
+ * re-hash without the bytes. "SSRI" is just another name for Subresource
32
+ * Integrity — only this module should mention it, inside `parseIntegrity`.
28
33
  */
29
34
  const INTEGRITY_RE = /^(sha(?:256|384|512))-([A-Za-z0-9+/]+=*)$/;
35
+ const HEX_RE = /^[a-f0-9]+$/i;
30
36
  const CHECKSUM_RE = /^[a-f0-9]{64}$/i;
37
+ const ALGORITHM_HEX_LENGTH = {
38
+ sha256: 64,
39
+ sha384: 96,
40
+ sha512: 128
41
+ };
42
+ const HEX_LENGTH_TO_ALGORITHM = {
43
+ 64: "sha256",
44
+ 96: "sha384",
45
+ 128: "sha512"
46
+ };
31
47
  /**
32
- * Convert a sha256 hex checksum to its SRI integrity form (`sha256-<base64>`).
33
- * Idempotent on integrity input — call this on user-supplied data without first
34
- * sniffing the format.
35
- *
36
- * The default algorithm is `'sha256'` because this converts a _checksum_, and
37
- * checksums are sha256 by fleet convention (the GitHub-SHA256SUMS interop shape
38
- * its only caller, `checksum-file.ts`, parses). Do NOT flip this default to
39
- * sha512: this function only relabels the hex bytes, it does not re-hash, so a
40
- * sha512 label on a 256-bit digest would be a lie. The canonical algorithm for
41
- * OUR-side integrity values is sha512 — emitted by `computeHashes` as the
42
- * `integrity` (`sha512-<base64>`) field; sha256 is reserved for
43
- * upstream-SHASUMS interop and content addressing. Pass an explicit algorithm
44
- * if you have a hex digest from `sha384` or `sha512` (the function does not
45
- * verify hex length against the algorithm — caller's responsibility).
46
- *
47
- * @example
48
- * ;```typescript
49
- * checksumToIntegrity(
50
- * '3620a0fcaf81ecd3aaeccd5965919d90dbc913f4d07a96e11e7cafc2c785054b',
51
- * )
52
- * // 'sha256-NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs='
48
+ * Convert a hex checksum to its SRI integrity form.
53
49
  *
54
- * checksumToIntegrity('sha256-NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs=')
55
- * // 'sha256-NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs=' (idempotent)
56
- * ```
50
+ * @deprecated Prefer `parseHash(x).sri`, which is total across all algorithms
51
+ * and infers the algorithm from a bare hex digest. This shim defaults to
52
+ * `'sha256'` because it only relabels the hex bytes — it does NOT re-hash, so
53
+ * a sha512 label on a 256-bit digest would be a lie. Idempotent on SRI input.
57
54
  *
58
55
  * @throws TypeError when the input is neither a recognized SRI nor a hex
59
56
  * digest.
60
57
  */
61
58
  function checksumToIntegrity(input, algorithm = "sha256") {
62
59
  if (isIntegrity(input)) return input;
63
- if (!/^[a-f0-9]+$/i.test(input)) throw new require_primordials_error.TypeErrorCtor(`checksumToIntegrity: expected a hex digest or SRI string, got: ${input}`);
64
- return `${algorithm}-${require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(input, "hex"), "base64")}`;
60
+ if (!HEX_RE.test(input)) throw new require_primordials_error.TypeErrorCtor(`checksumToIntegrity: expected a hex digest or SRI string, got: ${input}`);
61
+ return makeHash(algorithm, input).sri;
62
+ }
63
+ /**
64
+ * Compute a single {@link Hash} of `bytes`. Defaults to sha512 — the canonical
65
+ * trust string we pin against. Pass `'sha256'` for the upstream-interop digest.
66
+ *
67
+ * @example
68
+ * ;```typescript
69
+ * computeHash(bytes).sri // 'sha512-…' (pin this)
70
+ * computeHash(bytes, 'sha256').hex // '3620a0…' (compare to SHA256SUMS)
71
+ * ```
72
+ */
73
+ function computeHash(bytes, algorithm = "sha512") {
74
+ return makeHash(algorithm, require_crypto_hash.hash(algorithm, bytes, "hex"));
65
75
  }
66
76
  /**
67
- * Compute both integrity (sha512 SRI) and checksum (sha256 hex) for a buffer of
68
- * bytes.
77
+ * Compute both pinned formats for `bytes`: the sha512 SRI integrity and the
78
+ * sha256 hex checksum. Use when a config records both (e.g.
79
+ * `external-tools.json`, dlx lockfiles).
69
80
  */
70
81
  function computeHashes(bytes) {
71
82
  return {
72
- integrity: `sha512-${require_crypto_hash.hash("sha512", bytes, "base64")}`,
73
- checksum: require_crypto_hash.hash("sha256", bytes, "hex")
83
+ integrity: computeHash(bytes, "sha512").sri,
84
+ checksum: computeHash(bytes, "sha256").hex
74
85
  };
75
86
  }
76
87
  /**
77
- * Convert a sha256 SRI integrity string to its hex checksum form (64 lowercase
78
- * chars). Idempotent on checksum input.
88
+ * Compare two hashes for equality, ENCODING-agnostically. Parses both and
89
+ * only when they share an algorithm — timing-safe compares the digests.
90
+ *
91
+ * Returns false when the algorithms differ. A sha512 and a sha256 are different
92
+ * functions of the same bytes: their digests are unrelated values, so they can
93
+ * never be "equal", and you CANNOT derive or check one against the other
94
+ * without the original bytes. To confirm a sha256 and a sha512 describe the
95
+ * same content, hash the bytes both ways (`computeHashes`) or `verifyHash` the
96
+ * bytes against each — there is no hash-to-hash shortcut across algorithms.
79
97
  *
80
- * Throws on `sha384` and `sha512` SRI checksums are sha256-only by fleet
81
- * convention. Callers that need a hex digest for those algorithms can call
82
- * `parseIntegrity(sri)` and decode `.body` manually.
98
+ * What this DOES solve is the cross-ENCODING case that bites string `===`: a
99
+ * sha256 SRI and the same sha256 hex compare equal here.
83
100
  *
84
101
  * @example
85
102
  * ;```typescript
86
- * integrityToChecksum('sha256-NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs=')
87
- * // '3620a0fcaf81ecd3aaeccd5965919d90dbc913f4d07a96e11e7cafc2c785054b'
88
- *
89
- * integrityToChecksum(
90
- * '3620a0fcaf81ecd3aaeccd5965919d90dbc913f4d07a96e11e7cafc2c785054b',
91
- * )
92
- * // '3620a0fcaf81ecd3aaeccd5965919d90dbc913f4d07a96e11e7cafc2c785054b' (idempotent)
103
+ * equalHashes('sha256-NiCg', '3620a0fc…') // true (same digest, SRI vs hex)
104
+ * equalHashes('sha512-…', '3620a0fc…') // false (different algorithms)
93
105
  * ```
94
106
  *
107
+ * @throws TypeError when either input is not a recognized hash.
108
+ */
109
+ function equalHashes(a, b) {
110
+ const aHash = parseHash(a);
111
+ const bHash = parseHash(b);
112
+ if (aHash.algorithm !== bHash.algorithm) return false;
113
+ const aBuf = require_primordials_buffer.BufferFrom(aHash.hex, "hex");
114
+ const bBuf = require_primordials_buffer.BufferFrom(bHash.hex, "hex");
115
+ return aBuf.length === bBuf.length && node_crypto.default.timingSafeEqual(aBuf, bBuf);
116
+ }
117
+ /**
118
+ * Convert an SRI integrity string to its hex checksum form.
119
+ *
120
+ * @deprecated Prefer `parseHash(x).hex`, which is total across all algorithms.
121
+ * This shim is sha256-only (throws on sha384 / sha512) to preserve its
122
+ * historical "checksums are sha256" contract. Idempotent on hex input.
123
+ *
95
124
  * @throws TypeError when the input is neither a recognized SRI nor a hex
96
125
  * checksum, or when the input is a non-sha256 SRI.
97
126
  */
98
127
  function integrityToChecksum(input) {
99
128
  if (isChecksum(input)) return input;
100
129
  const parsed = parseIntegrity(input);
101
- if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by fleet convention.`);
130
+ if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by Socket convention. Use parseHash(x).hex for any algorithm.`);
102
131
  return require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(parsed.body, "base64"), "hex");
103
132
  }
104
133
  /**
@@ -108,18 +137,36 @@ function isChecksum(s) {
108
137
  return CHECKSUM_RE.test(s);
109
138
  }
110
139
  /**
140
+ * True when `s` is a bare hex digest of a recognized length (sha256 / sha384 /
141
+ * sha512).
142
+ */
143
+ function isHex(s) {
144
+ return HEX_RE.test(s) && HEX_LENGTH_TO_ALGORITHM[s.length] !== void 0;
145
+ }
146
+ /**
111
147
  * True when `s` is a W3C SRI integrity string: `sha(256|384|512)-<base64>`.
112
148
  */
113
149
  function isIntegrity(s) {
114
150
  return INTEGRITY_RE.test(s);
115
151
  }
116
152
  /**
153
+ * Build a frozen {@link Hash} from an algorithm and a hex digest. The internal
154
+ * constructor — trusts its inputs (lowercases the hex, computes the SRI view);
155
+ * use {@link parseHash} for untrusted strings, which validates first.
156
+ */
157
+ function makeHash(algorithm, hex) {
158
+ const lowerHex = require_primordials_string.StringPrototypeToLowerCase(hex);
159
+ return require_primordials_object.ObjectFreeze({
160
+ algorithm,
161
+ hex: lowerHex,
162
+ sri: `${algorithm}-${require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(lowerHex, "hex"), "base64")}`
163
+ });
164
+ }
165
+ /**
117
166
  * Normalize a {@link HashSpec} to its canonical `{ type, value }` form.
118
167
  *
119
- * - Object form is trusted (its `value` is validated for shape).
120
- * - Bare string matching SRI integrity.
121
- * - Bare string of 64 hex chars → checksum.
122
- * - Anything else throws TypeError.
168
+ * @deprecated Prefer {@link parseHash}, which returns an algorithm-tagged
169
+ * {@link Hash}. Kept for callers that branch on integrity-vs-checksum type.
123
170
  *
124
171
  * @throws TypeError if the string is not a recognized format, or if an explicit
125
172
  * object's value doesn't match its declared type.
@@ -154,14 +201,37 @@ function normalizeHash(spec) {
154
201
  throw new require_primordials_error.TypeErrorCtor(`normalizeHash: unrecognized hash format. Expected SRI integrity ("sha(256|384|512)-<base64>") or sha256 hex checksum (64 hex chars), got: ${spec}`);
155
202
  }
156
203
  /**
157
- * Split an integrity string into its `{ algorithm, body }` components. `body`
158
- * is the base64-encoded digest (everything after the algorithm + dash).
204
+ * Parse any {@link HashInput} into a canonical {@link Hash}. The one entry
205
+ * point for untrusted input validates shape + length, then freezes.
159
206
  *
160
- * @example
161
- * ;```typescript
162
- * parseIntegrity('sha256-NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs=')
163
- * // { algorithm: 'sha256', body: 'NiCg/K+B7NOq7M1ZZZGdkNvJE/TQepbhHnyvwseFBUs=' }
164
- * ```
207
+ * - A {@link Hash} object is re-canonicalized from its `algorithm` + `hex`.
208
+ * - An SRI string carries its algorithm in the prefix (the body length is checked
209
+ * against it).
210
+ * - A bare hex digest infers the algorithm from its length (64 / 96 / 128).
211
+ *
212
+ * @throws TypeError when the input is not a recognized SRI or hex digest, or
213
+ * when an SRI body's length doesn't match its declared algorithm.
214
+ */
215
+ function parseHash(input) {
216
+ if (typeof input === "object" && input !== null) return makeHash(input.algorithm, input.hex);
217
+ const sriMatch = INTEGRITY_RE.exec(input);
218
+ if (sriMatch) {
219
+ const algorithm = sriMatch[1];
220
+ const hex = require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(sriMatch[2], "base64"), "hex");
221
+ const expectedLength = ALGORITHM_HEX_LENGTH[algorithm];
222
+ if (hex.length !== expectedLength) throw new require_primordials_error.TypeErrorCtor(`parseHash: ${algorithm} SRI body decodes to ${hex.length} hex chars, expected ${expectedLength}: ${input}`);
223
+ return makeHash(algorithm, hex);
224
+ }
225
+ if (HEX_RE.test(input)) {
226
+ const algorithm = HEX_LENGTH_TO_ALGORITHM[input.length];
227
+ if (algorithm === void 0) throw new require_primordials_error.TypeErrorCtor(`parseHash: hex digest is ${input.length} chars; expected 64 (sha256), 96 (sha384), or 128 (sha512): ${input}`);
228
+ return makeHash(algorithm, input);
229
+ }
230
+ throw new require_primordials_error.TypeErrorCtor(`parseHash: expected an SRI string ("sha(256|384|512)-<base64>") or a hex digest, got: ${input}`);
231
+ }
232
+ /**
233
+ * Split an SRI integrity string into its `{ algorithm, body }` components.
234
+ * `body` is the base64-encoded digest.
165
235
  *
166
236
  * @throws Error when the input is not a valid SRI integrity string.
167
237
  */
@@ -174,41 +244,57 @@ function parseIntegrity(sri) {
174
244
  };
175
245
  }
176
246
  /**
177
- * Verify computed hashes against an expected {@link NormalizedHash}. Uses
178
- * `crypto.timingSafeEqual` for constant-time comparison.
247
+ * Verify `bytes` against an expected hash. Reads the algorithm the expected
248
+ * hash declares, computes only that digest, and compares with
249
+ * `crypto.timingSafeEqual` — so any encoding (hex / SRI / {@link Hash}) and any
250
+ * algorithm (sha256 / sha384 / sha512) verifies without the caller reconciling
251
+ * formats first.
179
252
  *
180
- * @throws DlxHashMismatchError when the hash of the matching type doesn't match
181
- * the expected value.
253
+ * @throws HashMismatchError when the recomputed digest doesn't match.
254
+ * @throws TypeError when `expected` is not a recognized hash.
182
255
  */
183
- function verifyHash(expected, computed) {
184
- const actual = expected.type === "integrity" ? computed.integrity : computed.checksum;
185
- const expectedBuf = require_primordials_buffer.BufferFrom(expected.value);
186
- const actualBuf = require_primordials_buffer.BufferFrom(actual);
187
- if (expectedBuf.length !== actualBuf.length || !node_crypto.default.timingSafeEqual(expectedBuf, actualBuf)) throw new DlxHashMismatchError(expected, computed);
256
+ function verifyHash(bytes, expected) {
257
+ const expectedHash = parseHash(expected);
258
+ const actualHash = computeHash(bytes, expectedHash.algorithm);
259
+ const expectedBuf = require_primordials_buffer.BufferFrom(expectedHash.hex, "hex");
260
+ const actualBuf = require_primordials_buffer.BufferFrom(actualHash.hex, "hex");
261
+ if (expectedBuf.length !== actualBuf.length || !node_crypto.default.timingSafeEqual(expectedBuf, actualBuf)) throw new HashMismatchError(expectedHash, actualHash);
188
262
  }
189
263
  /**
190
- * Thrown when an expected hash doesn't match the computed hash of the
191
- * downloaded bytes. Carries both sides for diagnostics.
264
+ * Thrown when an expected hash doesn't match the computed hash of the verified
265
+ * bytes. Carries both sides (as {@link Hash}) for diagnostics.
192
266
  */
193
- var DlxHashMismatchError = class extends Error {
267
+ var HashMismatchError = class extends Error {
194
268
  expected;
195
269
  actual;
196
270
  constructor(expected, actual) {
197
- const actualValue = expected.type === "integrity" ? actual.integrity : actual.checksum;
198
- super(`Hash mismatch (${expected.type}): expected ${expected.value}, got ${actualValue}`);
199
- this.name = "DlxHashMismatchError";
271
+ super(`Hash mismatch (${expected.algorithm}): expected ${expected.sri}, got ${actual.sri}`);
272
+ this.name = "HashMismatchError";
200
273
  this.expected = expected;
201
274
  this.actual = actual;
202
275
  }
203
276
  };
277
+ /**
278
+ * @deprecated Renamed to {@link HashMismatchError}. Alias kept for callers that
279
+ * catch the old name.
280
+ *
281
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
282
+ */
283
+ const DlxHashMismatchError = HashMismatchError;
204
284
 
205
285
  //#endregion
206
286
  exports.DlxHashMismatchError = DlxHashMismatchError;
287
+ exports.HashMismatchError = HashMismatchError;
207
288
  exports.checksumToIntegrity = checksumToIntegrity;
289
+ exports.computeHash = computeHash;
208
290
  exports.computeHashes = computeHashes;
291
+ exports.equalHashes = equalHashes;
209
292
  exports.integrityToChecksum = integrityToChecksum;
210
293
  exports.isChecksum = isChecksum;
294
+ exports.isHex = isHex;
211
295
  exports.isIntegrity = isIntegrity;
296
+ exports.makeHash = makeHash;
212
297
  exports.normalizeHash = normalizeHash;
298
+ exports.parseHash = parseHash;
213
299
  exports.parseIntegrity = parseIntegrity;
214
300
  exports.verifyHash = verifyHash;
@@ -166,7 +166,10 @@ function shouldSave(currentContent, originalContent, originalFileContent, option
166
166
  function sortKeys(obj) {
167
167
  const sorted = { __proto__: null };
168
168
  const keys = require_primordials_object.ObjectKeys(obj).toSorted();
169
- for (const key of keys) sorted[key] = obj[key];
169
+ for (let i = 0, { length } = keys; i < length; i += 1) {
170
+ const key = keys[i];
171
+ sorted[key] = obj[key];
172
+ }
170
173
  return sorted;
171
174
  }
172
175
  /**
@@ -3,7 +3,7 @@
3
3
  * public `Logger` surface) and `logger/console-init` (which mutates
4
4
  * `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
5
5
  * module out of the generated package.json `exports` map (the `dist/**\/_*`
6
- * ignore pattern in `scripts/post-build/make-package-exports.mts` filters it
6
+ * ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
7
7
  * out), so it is not part of the public surface — it exists only to give the
8
8
  * two leaves above a common owner for the WeakMap-backed lazy-init state. Why
9
9
  * two WeakMaps instead of `#privateField` slots:
@@ -43,22 +43,20 @@ export declare const consolePropAttributes: {
43
43
  export declare const maxIndentation = 1000;
44
44
  /**
45
45
  * Pre-bound copies of the console methods that need their original `this` to
46
- * function (e.g., `console.error.bind(globalConsole)`). Mapping `[name,
47
- * boundFn]` so `console-init.ts` can apply them onto the per-instance Console
48
- * without re-binding on every call.
46
+ * function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
47
+ * boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
48
+ * Console without re-binding on every call.
49
49
  *
50
- * Notes from the upstream Node implementation:
51
- *
52
- * - `_stderrErrorHandler` / `_stdoutErrorHandler` are `kBindProperties`
53
- * properties they live on the per-instance Console and need their `this`
54
- * set to `globalConsole`.
55
- * https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
56
- * - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
57
- * 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
58
- * the Logger's own group methods avoid by tracking indentation at the prefix
59
- * layer.
50
+ * Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
51
+ * of a native console method produces a bound function wrapping a native C++
52
+ * function pointer, which serializes as an unresolvable external reference and
53
+ * aborts V8 --build-snapshot. Deferring construction to first Console build
54
+ * keeps the bind-once/reuse win while leaving module import snapshot-safe.
60
55
  */
61
- export declare const boundConsoleEntries: [string, (...args: unknown[]) => unknown][];
56
+ export declare function getBoundConsoleEntries(): Array<[
57
+ string,
58
+ (...args: unknown[]) => unknown
59
+ ]>;
62
60
  /**
63
61
  * WeakMap storing the Console instance for each Logger.
64
62
  *
@@ -9,7 +9,7 @@ const require_primordials_map_set = require('../primordials/map-set.js');
9
9
  * public `Logger` surface) and `logger/console-init` (which mutates
10
10
  * `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
11
11
  * module out of the generated package.json `exports` map (the `dist/**\/_*`
12
- * ignore pattern in `scripts/post-build/make-package-exports.mts` filters it
12
+ * ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
13
13
  * out), so it is not part of the public surface — it exists only to give the
14
14
  * two leaves above a common owner for the WeakMap-backed lazy-init state. Why
15
15
  * two WeakMaps instead of `#privateField` slots:
@@ -47,24 +47,7 @@ const consolePropAttributes = {
47
47
  * huge `n` can't allocate a multi-megabyte string.
48
48
  */
49
49
  const maxIndentation = 1e3;
50
- /**
51
- * Pre-bound copies of the console methods that need their original `this` to
52
- * function (e.g., `console.error.bind(globalConsole)`). Mapping `[name,
53
- * boundFn]` so `console-init.ts` can apply them onto the per-instance Console
54
- * without re-binding on every call.
55
- *
56
- * Notes from the upstream Node implementation:
57
- *
58
- * - `_stderrErrorHandler` / `_stdoutErrorHandler` are `kBindProperties`
59
- * properties — they live on the per-instance Console and need their `this`
60
- * set to `globalConsole`.
61
- * https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
62
- * - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
63
- * 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
64
- * the Logger's own group methods avoid by tracking indentation at the prefix
65
- * layer.
66
- */
67
- const boundConsoleEntries = [
50
+ const boundConsoleMethodNames = [
68
51
  "_stderrErrorHandler",
69
52
  "_stdoutErrorHandler",
70
53
  "assert",
@@ -84,7 +67,24 @@ const boundConsoleEntries = [
84
67
  "timeLog",
85
68
  "trace",
86
69
  "warn"
87
- ].filter((n) => typeof globalConsole[n] === "function").map((n) => [n, globalConsole[n].bind(globalConsole)]);
70
+ ];
71
+ let boundConsoleEntries;
72
+ /**
73
+ * Pre-bound copies of the console methods that need their original `this` to
74
+ * function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
75
+ * boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
76
+ * Console without re-binding on every call.
77
+ *
78
+ * Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
79
+ * of a native console method produces a bound function wrapping a native C++
80
+ * function pointer, which serializes as an unresolvable external reference and
81
+ * aborts V8 --build-snapshot. Deferring construction to first Console build
82
+ * keeps the bind-once/reuse win while leaving module import snapshot-safe.
83
+ */
84
+ function getBoundConsoleEntries() {
85
+ if (boundConsoleEntries === void 0) boundConsoleEntries = boundConsoleMethodNames.filter((n) => typeof globalConsole[n] === "function").map((n) => [n, globalConsole[n].bind(globalConsole)]);
86
+ return boundConsoleEntries;
87
+ }
88
88
  /**
89
89
  * WeakMap storing the Console instance for each Logger.
90
90
  *
@@ -108,8 +108,8 @@ const privateConsole = new require_primordials_map_set.WeakMapCtor();
108
108
  const privateConstructorArgs = new require_primordials_map_set.WeakMapCtor();
109
109
 
110
110
  //#endregion
111
- exports.boundConsoleEntries = boundConsoleEntries;
112
111
  exports.consolePropAttributes = consolePropAttributes;
112
+ exports.getBoundConsoleEntries = getBoundConsoleEntries;
113
113
  exports.globalConsole = globalConsole;
114
114
  exports.maxIndentation = maxIndentation;
115
115
  exports.privateConsole = privateConsole;
@@ -3,16 +3,21 @@
3
3
  * `yoctocolors-cjs` palette so the logger can accept either a named color
4
4
  * (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
5
5
  * emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
6
- * doesn't ship an `rgb()` helper.
6
+ * doesn't ship an `rgb()` helper. The vendored palette re-exports from the
7
+ * external-pack mega-bundle, whose module top-level evaluates every packed
8
+ * package — so it is required lazily on first color application (Logger
9
+ * construction at the earliest), keeping `logger/*` importers
10
+ * browser-load-safe and cheap at module init.
7
11
  */
8
- import yoctocolorsCjs from '../external/yoctocolors-cjs';
12
+ import type yoctocolorsCjs from '../external/yoctocolors-cjs';
9
13
  import type { ColorValue } from '../colors/types';
10
14
  /**
11
15
  * Apply a color to text using yoctocolors. Handles both named colors and RGB
12
16
  * tuples.
13
17
  */
14
- export declare function applyColor(text: string, color: ColorValue, colors: typeof yoctocolorsCjs): string;
18
+ export declare function applyColor(text: string, color: ColorValue): string;
15
19
  /**
16
- * Get the yoctocolors module for terminal colors.
20
+ * Get the yoctocolors module for terminal colors. Required lazily on first
21
+ * call — see the @file note on the external-pack top-level.
17
22
  */
18
- export declare function getYoctocolors(): import("../external/yoctocolors-cjs").YoctoColors;
23
+ export declare function getYoctocolors(): typeof yoctocolorsCjs;
@@ -1,35 +1,28 @@
1
1
  "use strict";
2
2
  /* Socket Lib - Built with rolldown */
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
- const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
- let src_external_yoctocolors_cjs = require("../external/yoctocolors-cjs");
6
- src_external_yoctocolors_cjs = require_runtime.__toESM(src_external_yoctocolors_cjs);
7
4
 
8
5
  //#region src/logger/colors.ts
9
- /**
10
- * @file Color application helpers for `logger/*` modules. Wraps the vendored
11
- * `yoctocolors-cjs` palette so the logger can accept either a named color
12
- * (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
13
- * emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
14
- * doesn't ship an `rgb()` helper.
15
- */
6
+ let cachedYoctocolors;
16
7
  /**
17
8
  * Apply a color to text using yoctocolors. Handles both named colors and RGB
18
9
  * tuples.
19
10
  */
20
- function applyColor(text, color, colors) {
11
+ function applyColor(text, color) {
21
12
  if (typeof color === "string") {
22
- const formatter = colors[color];
13
+ const formatter = getYoctocolors()[color];
23
14
  return formatter ? formatter(text) : text;
24
15
  }
25
16
  const { 0: r, 1: g, 2: b } = color;
26
17
  return `\u001B[38;2;${r};${g};${b}m${text}\u001B[39m`;
27
18
  }
28
19
  /**
29
- * Get the yoctocolors module for terminal colors.
20
+ * Get the yoctocolors module for terminal colors. Required lazily on first
21
+ * call — see the @file note on the external-pack top-level.
30
22
  */
31
23
  function getYoctocolors() {
32
- return src_external_yoctocolors_cjs.default;
24
+ if (cachedYoctocolors === void 0) cachedYoctocolors = require("../external/yoctocolors-cjs");
25
+ return cachedYoctocolors;
33
26
  }
34
27
 
35
28
  //#endregion
@@ -29,7 +29,7 @@ const require_logger_symbols = require('./symbols.js');
29
29
  * @param message - Optional message and additional arguments to log.
30
30
  */
31
31
  function assertMethod(logger, con, value, message) {
32
- con.assert(value, message[0], ...message.slice(1));
32
+ con.assert(Boolean(value), message[0], ...message.slice(1));
33
33
  logger[require_logger_symbols.lastWasBlankSymbol](false);
34
34
  return value ? logger : logger[require_logger_symbols.incLogCallCountSymbol]();
35
35
  }
@@ -89,7 +89,7 @@ function dirxmlMethod(logger, con, data) {
89
89
  * @param properties - Optional array of property names to include.
90
90
  */
91
91
  function tableMethod(logger, con, tabularData, properties) {
92
- con.table(tabularData, properties);
92
+ con.table(tabularData, properties ? [...properties] : void 0);
93
93
  logger[require_logger_symbols.lastWasBlankSymbol](false);
94
94
  return logger[require_logger_symbols.incLogCallCountSymbol]();
95
95
  }
@@ -19,6 +19,7 @@
19
19
  * `ensurePrototypeInitialized` actually runs, both modules are fully
20
20
  * evaluated. Same pattern as `fs/path-cache` ↔ `fs/_internal`.
21
21
  */
22
+ import type { Console } from 'node:console';
22
23
  import { Logger } from './node';
23
24
  /**
24
25
  * Construct a new Console instance.
@@ -7,8 +7,8 @@ const require_primordials_reflect = require('../primordials/reflect.js');
7
7
  const require_logger__internal = require('./_internal.js');
8
8
  const require_logger_symbols = require('./symbols.js');
9
9
  const require_logger_node = require('./node.js');
10
- let node_process = require("node:process");
11
- node_process = require_runtime.__toESM(node_process);
10
+ let process = require("process");
11
+ process = require_runtime.__toESM(process);
12
12
 
13
13
  //#region src/logger/console.ts
14
14
  /**
@@ -39,7 +39,7 @@ let prototypeInitialized = false;
39
39
  */
40
40
  function constructConsole(...args) {
41
41
  /* c8 ignore next - Lazy-init second-call branch; module-singleton. */
42
- if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("node:console")).Console;
42
+ if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("console")).Console;
43
43
  return require_primordials_reflect.ReflectConstruct(cachedConsole, args);
44
44
  }
45
45
  /**
@@ -70,10 +70,10 @@ function ensurePrototypeInitialized() {
70
70
  if (ctorArgs.length) con = constructConsole(...ctorArgs);
71
71
  else {
72
72
  con = constructConsole({
73
- stdout: node_process.default.stdout,
74
- stderr: node_process.default.stderr
73
+ stdout: process.default.stdout,
74
+ stderr: process.default.stderr
75
75
  });
76
- for (const { 0: k, 1: method } of require_logger__internal.boundConsoleEntries) con[k] = method;
76
+ for (const { 0: k, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[k] = method;
77
77
  }
78
78
  require_logger__internal.privateConsole.set(this, con);
79
79
  }
@@ -109,10 +109,10 @@ function resolveConsole(logger) {
109
109
  if (ctorArgs.length) con = constructConsole(...ctorArgs);
110
110
  else {
111
111
  con = constructConsole({
112
- stdout: node_process.default.stdout,
113
- stderr: node_process.default.stderr
112
+ stdout: process.default.stdout,
113
+ stderr: process.default.stderr
114
114
  });
115
- for (const { 0: key, 1: method } of require_logger__internal.boundConsoleEntries) con[key] = method;
115
+ for (const { 0: key, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[key] = method;
116
116
  }
117
117
  require_logger__internal.privateConsole.set(logger, con);
118
118
  require_logger__internal.privateConstructorArgs.delete(logger);
@@ -106,7 +106,8 @@ var Logger = class Logger {
106
106
  else root.#stdoutLastWasBlank = value;
107
107
  }
108
108
  #streamChild(stream) {
109
- const instance = new Logger(...require_logger__internal.privateConstructorArgs.get(this) ?? []);
109
+ const ctorArgs = require_logger__internal.privateConstructorArgs.get(this) ?? [];
110
+ const instance = new Logger(...ctorArgs);
110
111
  instance.#parent = this;
111
112
  instance.#boundStream = stream;
112
113
  instance.#options = {